[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9WM9bquk6mzxNZmi982Z02yYibnFCqAYqqq8mohxnsM":3,"$fr-WgSxWr_KE2lwysAf4KtQ70NDmdVuZ_8WY9T8M7i4c":559,"$f05xvot3YcvnEW44wZSAZI4W81k8MZg5N9b48G8baiPY":564},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":138,"fingerprints":537},"saaspass-two-factor-authentication-2fa","SAASPASS Two Factor Authentication – 2FA","1.0.4","SAASPASS","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaaspass\u002F","\u003Cp>Enable the most amazing security and passwordless access to your WordPress. Two-factor authentication (2FA)  has never been easier ever. The convenience of a passwordless login with the added security of multi-factor authentication (MFA) at the same time!\u003C\u002Fp>\n\u003Cp>If security was always this easy, well then the world would always have been flat!\u003C\u002Fp>\n\u003Cp>Here’s to 2 step verification being reimagined once again. Security sometimes should make the world go round and round as well.\u003C\u002Fp>\n","SAASPASS provides the easiest way to secure your Wordpress with two-factor authentication (2FA) and enable passwordless security. MFA made amazing!",10,1470,0,"2018-08-27T13:54:00.000Z","4.9.29","4.0.0","",[19,20,21,22,23],"password","passwords","phone","saaspass","secure","https:\u002F\u002Fwww.saaspass.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsaaspass-two-factor-authentication-2fa.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":22,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-05-20T02:07:24.420Z",[37,56,72,94,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":55},"wp-sheridan-password-generator","WP Sheridan Password Generator","1.02","sheridaninternet","https:\u002F\u002Fprofiles.wordpress.org\u002Fsheridaninternet\u002F","\u003Cp>This plugin allows you to embed a secure random password generator on any page using shortcodes. The\u003Cbr \u002F>\ngenerated passwords secure and difficult to guess.\u003C\u002Fp>\n","This plugin allows you to embed a secure random password generator on any page using shortcodes. The",1435,"2013-03-16T20:10:00.000Z","3.5.2","3.4",[50,19,51,20,52],"generator","password-generator","secure-random-password-generator","http:\u002F\u002Fwww.sheridaninternet.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sheridan-password-generator.zip","2026-04-06T09:54:40.288Z",{"slug":57,"name":58,"version":6,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":16,"requires_php":66,"tags":67,"homepage":17,"download_link":71,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":55},"kaboom-send-secrets","Send Secrets By Kaboom","Kaboom Website","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaboomwebsite\u002F","\u003Ch3>Send Secrets By Kaboom\u003C\u002Fh3>\n\u003Cp>This plugin makes it possible to send secrets to your clients. You use the shortcode [stand_alone_send_secret], there will appear an input field to send the information to your client.\u003C\u002Fp>\n\u003Ch3>What do you get\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Shortcode to display the sending field [stand_alone_send_secret]\u003C\u002Fli>\n\u003Cli>Once opend cannot be opend again\u003C\u002Fli>\n\u003Cli>Send unlimited secrets to unlimited clients\u003C\u002Fli>\n\u003Cli>Saves the information into your own database\u003C\u002Fli>\n\u003Cli>Secrets in the databsase for more than 4 weeks get deleted automaticly\u003C\u002Fli>\n\u003Cli>Translate every field your customer can potentional see\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Installation – From WordPress Admin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to ‘Plugins > Add new’\u003C\u002Fli>\n\u003Cli>Search for “Send Secrets By Kaboom”\u003C\u002Fli>\n\u003Cli>Hit Install Now, and Activate after that\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Manual\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Upload the \u003Ccode>send-secrets-by-kaboom\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate through the WordPress admin from ‘Plugins > Installed Plugins’\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>After Installation\u003C\u002Fh3>\n\u003Cp>Apply the [stand_alone_send_secret] shortcode on the page you would like to use.\u003Cbr \u002F>\nIn the dashboard you can translate the buttons.\u003C\u002Fp>\n","This plugin makes it possible to send secrets to your clients. You use the shortcode [stand_alone_send_secret], there will appear an input field to se &hellip;",1050,"2019-10-21T12:42:00.000Z","5.2.24","7.0.0",[68,23,69,70],"kaboom","send-passwords","send-secrets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaboom-send-secrets.1.0.4.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":13,"downloaded":80,"rating":81,"num_ratings":32,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":17,"download_link":92,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":55},"safety-passwords","Safety Passwords","1.4.2","iTRON","https:\u002F\u002Fprofiles.wordpress.org\u002Fhokku\u002F","\u003Cp>This plugin enforces users to use strong passwords. It means that when a user changes his password, the password must contain at least:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>one uppercase letter;\u003C\u002Fli>\n\u003Cli>one lowercase letter;\u003C\u002Fli>\n\u003Cli>one number;\u003C\u002Fli>\n\u003Cli>\n\u003Cp>one special character\u003C\u002Fp>\n\u003Cp>and should be never used before.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The minimum length of the password is defined by the plugin’s settings.\u003C\u002Fp>\n\u003Cp>You can also define the period of time after which the user will be forced to change his password.\u003C\u002Fp>\n\u003Cp>The important feature of the plugin is settings defining by means of PHP constants.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_MIN_LENGTH\u003C\u002Fcode> – (int\u002Fstring, number of symbols) the minimum length of the password;\u003C\u002Fli>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_RESET_INTERVAL\u003C\u002Fcode> – (int\u002Fstring, days) the period of time after which the user will be forced to change his password;\u003C\u002Fli>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_RP_ON_REGISTRATION\u003C\u002Fcode> – (bool) whether enforce users to change their password after registration or not.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Integrations with other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin has integration with the Stream plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin development is on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhokoo\u002Fsafety-passwords\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Enforce users to use strong passwords.",2224,100,"2025-04-27T16:55:00.000Z","6.8.5","5.0","7.4",[87,88,89,90,91],"enforce-secure-passwords","force-secure-passwords","secure-password-validation","secure-passwords","user-passwords","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafety-passwords.1.4.2.zip",92,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":81,"num_ratings":104,"last_updated":105,"tested_up_to":83,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":114,"download_link":115,"security_score":81,"vuln_count":32,"unpatched_count":13,"last_vuln_date":116,"fetched_at":28},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1878755,1507,"2025-12-22T11:48:00.000Z","3.0.1","5.3",[109,110,111,112,113],"developer-access","magic-pin","passwordless-login","secure-login","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip","2021-11-15 00:00:00",{"slug":118,"name":119,"version":106,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":17,"tags":131,"homepage":136,"download_link":137,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wc-password-strength-settings","Password Strength Settings for WooCommerce","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,177306,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[132,20,133,134,135],"accounts","security","users","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",{"attackSurface":139,"codeSignals":160,"taintFlows":501,"riskAssessment":521,"analyzedAt":536},{"hooks":140,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":13,"unprotectedCount":13},[141,147,149,152],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","lost_password","disable_function","saaspass_samlauth.php",23,{"type":142,"name":148,"callback":144,"file":145,"line":127},"retrieve_password",{"type":142,"name":150,"callback":144,"file":145,"line":151},"password_reset",25,{"type":153,"name":154,"callback":154,"file":145,"line":155},"filter","show_password_fields",26,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":222,"outputEscaping":224,"fileOperations":189,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":500},[162,167,171,175,179,181,184,188,191,194,197,200,203,205,208,210,212,215,218],{"fn":163,"file":164,"line":165,"context":166},"system","saml\\bin\\translation.php",137,"system('open ' . $url);",{"fn":168,"file":164,"line":169,"context":170},"assert",170,"assert('is_string($indentation)');",{"fn":168,"file":172,"line":173,"context":174},"saml\\modules\\saml\\hooks\\hook_metadata_hosted.php",9,"assert('is_array($metadataHosted)');",{"fn":168,"file":176,"line":177,"context":178},"saml\\modules\\saml\\www\\sp\\saml2-acs.php",82,"assert('array_key_exists(\"saml:sp:AuthId\", $state)');",{"fn":168,"file":176,"line":126,"context":180},"assert('array_key_exists(\"ExpectedIssuer\", $state)');",{"fn":168,"file":176,"line":182,"context":183},228,"assert('FALSE');",{"fn":168,"file":185,"line":186,"context":187},"saml\\templates\\attributequery.php",5,"assert('is_string($dataId)');",{"fn":168,"file":185,"line":189,"context":190},8,"assert('is_string($url)');",{"fn":168,"file":185,"line":192,"context":193},11,"assert('is_string($nameIdFormat)');",{"fn":168,"file":185,"line":195,"context":196},14,"assert('is_string($nameIdValue)');",{"fn":168,"file":185,"line":198,"context":199},17,"assert('is_string($nameIdQualifier)');",{"fn":168,"file":185,"line":201,"context":202},20,"assert('is_string($nameIdSPQualifier)');",{"fn":168,"file":185,"line":127,"context":204},"assert('is_null($attributes) || is_array($attributes)');",{"fn":168,"file":206,"line":127,"context":207},"saml\\templates\\post.php","assert('array_key_exists(\"response\", $this->data)');",{"fn":168,"file":206,"line":151,"context":209},"assert('array_key_exists(\"RelayStateName\", $this->data)');",{"fn":168,"file":206,"line":155,"context":211},"assert('array_key_exists(\"RelayState\", $this->data)');",{"fn":168,"file":206,"line":213,"context":214},45,"assert('is_string($name)');",{"fn":168,"file":206,"line":216,"context":217},46,"assert('is_string($value) || is_array($value)');",{"fn":168,"file":219,"line":220,"context":221},"saml\\www\\module.php",47,"assert('substr($url, 0, 1) === \"\u002F\"');",{"prepared":13,"raw":13,"locations":223},[],{"escaped":13,"rawEcho":225,"locations":226},187,[227,231,233,236,238,240,242,244,246,248,249,251,253,255,257,260,262,263,264,266,268,270,272,273,275,277,279,281,282,284,286,287,290,291,293,295,296,298,300,302,303,305,307,309,310,311,312,313,315,316,318,320,322,323,324,325,327,329,331,333,336,337,340,341,344,346,348,349,351,353,354,355,357,358,359,361,362,364,366,368,370,372,374,376,378,379,380,382,383,384,385,387,388,389,390,391,393,395,397,399,401,402,403,404,405,406,407,408,409,411,412,413,415,416,418,419,420,422,423,424,425,427,428,429,430,431,432,433,434,435,436,438,439,440,441,442,443,444,445,446,447,448,449,451,452,453,454,455,456,458,459,460,461,462,464,465,466,467,468,470,471,472,473,474,475,476,477,478,479,480,481,483,484,485,486,488,489,490,491,492,493,494,495,496,497,498,499],{"file":228,"line":229,"context":230},"saml\\bin\\importPdoMetadata.php",19,"raw output",{"file":228,"line":232,"context":230},22,{"file":234,"line":235,"context":230},"saml\\bin\\memcacheSync.php",42,{"file":234,"line":237,"context":230},48,{"file":234,"line":239,"context":230},54,{"file":234,"line":241,"context":230},56,{"file":234,"line":243,"context":230},73,{"file":234,"line":245,"context":230},75,{"file":234,"line":247,"context":230},81,{"file":234,"line":26,"context":230},{"file":234,"line":250,"context":230},99,{"file":234,"line":252,"context":230},149,{"file":234,"line":254,"context":230},153,{"file":234,"line":256,"context":230},159,{"file":258,"line":259,"context":230},"saml\\bin\\pwgen.php",32,{"file":258,"line":261,"context":230},40,{"file":258,"line":220,"context":230},{"file":164,"line":192,"context":230},{"file":164,"line":265,"context":230},34,{"file":164,"line":267,"context":230},35,{"file":164,"line":269,"context":230},36,{"file":164,"line":271,"context":230},37,{"file":164,"line":239,"context":230},{"file":164,"line":274,"context":230},80,{"file":164,"line":276,"context":230},131,{"file":164,"line":278,"context":230},136,{"file":164,"line":280,"context":230},143,{"file":164,"line":252,"context":230},{"file":164,"line":283,"context":230},157,{"file":285,"line":11,"context":230},"saml\\modules\\saml\\templates\\sp\\wrong_authncontextclassref.tpl.php",{"file":285,"line":192,"context":230},{"file":288,"line":289,"context":230},"saml\\modules\\saml\\www\\sp\\metadata.php",252,{"file":185,"line":269,"context":230},{"file":185,"line":292,"context":230},39,{"file":185,"line":294,"context":230},43,{"file":185,"line":237,"context":230},{"file":185,"line":297,"context":230},53,{"file":185,"line":299,"context":230},58,{"file":185,"line":301,"context":230},71,{"file":185,"line":243,"context":230},{"file":304,"line":192,"context":230},"saml\\templates\\error.php",{"file":304,"line":306,"context":230},13,{"file":304,"line":308,"context":230},21,{"file":304,"line":146,"context":230},{"file":304,"line":151,"context":230},{"file":304,"line":265,"context":230},{"file":304,"line":267,"context":230},{"file":304,"line":314,"context":230},38,{"file":304,"line":261,"context":230},{"file":304,"line":317,"context":230},50,{"file":304,"line":319,"context":230},51,{"file":304,"line":321,"context":230},52,{"file":304,"line":297,"context":230},{"file":304,"line":239,"context":230},{"file":304,"line":299,"context":230},{"file":304,"line":326,"context":230},61,{"file":304,"line":328,"context":230},62,{"file":304,"line":330,"context":230},68,{"file":304,"line":332,"context":230},69,{"file":334,"line":335,"context":230},"saml\\templates\\errorreport.php",7,{"file":334,"line":189,"context":230},{"file":338,"line":339,"context":230},"saml\\templates\\hostnames.php",6,{"file":338,"line":11,"context":230},{"file":342,"line":343,"context":230},"saml\\templates\\includes\\footer.php",4,{"file":342,"line":345,"context":230},12,{"file":347,"line":335,"context":230},"saml\\templates\\includes\\header-embed.php",{"file":347,"line":306,"context":230},{"file":347,"line":350,"context":230},18,{"file":352,"line":220,"context":230},"saml\\templates\\includes\\header.php",{"file":352,"line":317,"context":230},{"file":352,"line":241,"context":230},{"file":352,"line":356,"context":230},57,{"file":352,"line":330,"context":230},{"file":352,"line":301,"context":230},{"file":352,"line":360,"context":230},74,{"file":352,"line":274,"context":230},{"file":352,"line":363,"context":230},86,{"file":352,"line":365,"context":230},95,{"file":352,"line":367,"context":230},106,{"file":352,"line":369,"context":230},123,{"file":352,"line":371,"context":230},128,{"file":352,"line":373,"context":230},198,{"file":352,"line":375,"context":230},215,{"file":377,"line":189,"context":230},"saml\\templates\\login-ldapmulti.php",{"file":377,"line":173,"context":230},{"file":377,"line":192,"context":230},{"file":377,"line":381,"context":230},15,{"file":377,"line":350,"context":230},{"file":377,"line":151,"context":230},{"file":377,"line":155,"context":230},{"file":377,"line":386,"context":230},29,{"file":377,"line":265,"context":230},{"file":377,"line":267,"context":230},{"file":377,"line":261,"context":230},{"file":377,"line":213,"context":230},{"file":377,"line":392,"context":230},55,{"file":377,"line":394,"context":230},59,{"file":377,"line":396,"context":230},67,{"file":377,"line":398,"context":230},70,{"file":400,"line":11,"context":230},"saml\\templates\\login.php",{"file":400,"line":192,"context":230},{"file":400,"line":306,"context":230},{"file":400,"line":198,"context":230},{"file":400,"line":229,"context":230},{"file":400,"line":151,"context":230},{"file":400,"line":155,"context":230},{"file":400,"line":314,"context":230},{"file":400,"line":237,"context":230},{"file":400,"line":410,"context":230},49,{"file":400,"line":297,"context":230},{"file":400,"line":356,"context":230},{"file":400,"line":414,"context":230},65,{"file":400,"line":330,"context":230},{"file":417,"line":173,"context":230},"saml\\templates\\logout.php",{"file":417,"line":11,"context":230},{"file":417,"line":381,"context":230},{"file":421,"line":186,"context":230},"saml\\templates\\metadata-converter.php",{"file":421,"line":335,"context":230},{"file":421,"line":11,"context":230},{"file":421,"line":306,"context":230},{"file":421,"line":426,"context":230},16,{"file":421,"line":127,"context":230},{"file":421,"line":259,"context":230},{"file":421,"line":265,"context":230},{"file":421,"line":265,"context":230},{"file":421,"line":269,"context":230},{"file":421,"line":292,"context":230},{"file":421,"line":261,"context":230},{"file":421,"line":319,"context":230},{"file":421,"line":319,"context":230},{"file":437,"line":343,"context":230},"saml\\templates\\metadata.php",{"file":437,"line":186,"context":230},{"file":437,"line":335,"context":230},{"file":437,"line":173,"context":230},{"file":437,"line":192,"context":230},{"file":437,"line":426,"context":230},{"file":437,"line":198,"context":230},{"file":437,"line":201,"context":230},{"file":437,"line":146,"context":230},{"file":437,"line":155,"context":230},{"file":437,"line":386,"context":230},{"file":437,"line":259,"context":230},{"file":437,"line":450,"context":230},41,{"file":437,"line":235,"context":230},{"file":437,"line":216,"context":230},{"file":437,"line":321,"context":230},{"file":206,"line":195,"context":230},{"file":206,"line":410,"context":230},{"file":457,"line":308,"context":230},"saml\\templates\\selectidp-dropdown.php",{"file":457,"line":232,"context":230},{"file":457,"line":146,"context":230},{"file":457,"line":127,"context":230},{"file":457,"line":151,"context":230},{"file":457,"line":463,"context":230},27,{"file":457,"line":220,"context":230},{"file":457,"line":319,"context":230},{"file":457,"line":392,"context":230},{"file":457,"line":299,"context":230},{"file":469,"line":201,"context":230},"saml\\templates\\selectidp-links.php",{"file":469,"line":308,"context":230},{"file":469,"line":232,"context":230},{"file":469,"line":146,"context":230},{"file":469,"line":151,"context":230},{"file":469,"line":463,"context":230},{"file":469,"line":386,"context":230},{"file":469,"line":292,"context":230},{"file":469,"line":213,"context":230},{"file":469,"line":237,"context":230},{"file":469,"line":321,"context":230},{"file":469,"line":239,"context":230},{"file":469,"line":482,"context":230},64,{"file":469,"line":396,"context":230},{"file":469,"line":301,"context":230},{"file":469,"line":243,"context":230},{"file":487,"line":306,"context":230},"saml\\templates\\status.php",{"file":487,"line":381,"context":230},{"file":487,"line":350,"context":230},{"file":487,"line":232,"context":230},{"file":487,"line":155,"context":230},{"file":487,"line":386,"context":230},{"file":487,"line":265,"context":230},{"file":487,"line":314,"context":230},{"file":487,"line":450,"context":230},{"file":487,"line":237,"context":230},{"file":487,"line":321,"context":230},{"file":487,"line":297,"context":230},{"file":487,"line":356,"context":230},[],[502],{"entryPoint":503,"graph":504,"unsanitizedCount":519,"severity":520},"\u003Cmodule> (saml\\www\\module.php:0)",{"nodes":505,"edges":516},[506,510],{"id":507,"type":508,"label":509,"file":219,"line":216},"n0","source","$_SERVER (x3)",{"id":511,"type":512,"label":513,"file":219,"line":514,"wp_function":515},"n1","sink","header() [Header Injection]",166,"header",[517],{"from":507,"to":511,"sanitized":518},false,3,"medium",{"summary":522,"deductions":523},"The saaspass-two-factor-authentication-2fa plugin v1.0.4 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and demonstrates good practices regarding SQL queries, as 100% of them are prepared statements. Furthermore, the attack surface appears minimal, with no registered AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. The absence of external HTTP requests and reliance on bundled libraries also contribute to a more controlled environment.\n\nHowever, significant concerns arise from the static code analysis. The presence of 19 dangerous functions, including `system` and `assert`, without any apparent capability checks or nonce checks on any entry points is a major red flag. This suggests a high potential for arbitrary code execution or privilege escalation if these functions are called with user-controlled input. Additionally, a critical finding is a flow with unsanitized paths, indicating a potential for path traversal vulnerabilities. The fact that 0% of outputs are properly escaped is also a serious issue, opening the door to cross-site scripting (XSS) vulnerabilities.\n\nWhile the plugin has a clean vulnerability history, this does not negate the risks identified in the static analysis. The absence of historical CVEs might be due to the plugin's limited exposure, lack of rigorous auditing, or simply good luck so far. The identified code signals and taint analysis present substantial risks that require immediate attention. The plugin strengths lie in its lack of external dependencies and secure SQL handling, but these are overshadowed by the potential for severe vulnerabilities due to insecure function usage, unsanitized paths, and unescaped output.",[524,526,528,530,532,534],{"reason":525,"points":350},"Dangerous functions used without checks",{"reason":527,"points":381},"Unsanitized paths found in taint analysis",{"reason":529,"points":335},"No output escaping",{"reason":531,"points":186},"No capability checks",{"reason":533,"points":186},"No nonce checks",{"reason":535,"points":519},"File operations present","2026-03-17T01:16:29.451Z",{"wat":538,"direct":550},{"assetPaths":539,"generatorPatterns":545,"scriptPaths":546,"versionParams":549},[540,541,542,543,544],"\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fwww\u002Fmodule.php\u002Fcore\u002Fauthenticate.php","\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fwww\u002Fmodule.php\u002Fcore\u002Flogin.php","\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fwww\u002Fmodule.php\u002Fsaml\u002Fsp\u002Fmetadata.php\u002F1","\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fwww\u002Fmodule.php\u002Fsaml\u002Fsp\u002Fsaml2-acs.php","\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fwww\u002Fmodule.php\u002Fsaml\u002Fsp\u002Fsaml2-logout.php",[],[547,548],"\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fbin\u002FimportPdoMetadata.php","\u002Fwp-content\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fsaml\u002Fbin\u002FinitMDSPdo.php",[],{"cssClasses":551,"htmlComments":552,"htmlAttributes":553,"restEndpoints":554,"jsGlobals":555,"shortcodeOutput":558},[],[],[],[],[556,557],"SAML_Client","SAML_Admin",[],{"error":560,"url":561,"statusCode":562,"statusMessage":563,"message":563},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsaaspass-two-factor-authentication-2fa\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":565},[]]