[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-dGOIlxrQIAQi0D8DblZ-V6ICIMEpKTxDy-HW6U0zaI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":39,"fingerprints":145},"safety-passwords","Safety Passwords","1.4.2","iTRON","https:\u002F\u002Fprofiles.wordpress.org\u002Fhokku\u002F","\u003Cp>This plugin enforces users to use strong passwords. It means that when a user changes his password, the password must contain at least:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>one uppercase letter;\u003C\u002Fli>\n\u003Cli>one lowercase letter;\u003C\u002Fli>\n\u003Cli>one number;\u003C\u002Fli>\n\u003Cli>\n\u003Cp>one special character\u003C\u002Fp>\n\u003Cp>and should be never used before.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The minimum length of the password is defined by the plugin’s settings.\u003C\u002Fp>\n\u003Cp>You can also define the period of time after which the user will be forced to change his password.\u003C\u002Fp>\n\u003Cp>The important feature of the plugin is settings defining by means of PHP constants.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_MIN_LENGTH\u003C\u002Fcode> – (int\u002Fstring, number of symbols) the minimum length of the password;\u003C\u002Fli>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_RESET_INTERVAL\u003C\u002Fcode> – (int\u002Fstring, days) the period of time after which the user will be forced to change his password;\u003C\u002Fli>\n\u003Cli>\u003Ccode>SAFETY_PASSWORDS_RP_ON_REGISTRATION\u003C\u002Fcode> – (bool) whether enforce users to change their password after registration or not.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Integrations with other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin has integration with the Stream plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin development is on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhokoo\u002Fsafety-passwords\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Enforce users to use strong passwords.",0,2168,100,1,"2025-04-27T16:55:00.000Z","6.8.5","5.0","7.4",[20,21,22,23,24],"enforce-secure-passwords","force-secure-passwords","secure-password-validation","secure-passwords","user-passwords","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafety-passwords.1.4.2.zip",null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"hokku",7,10850,93,4,95,"2026-04-05T02:50:21.278Z",[],{"attackSurface":40,"codeSignals":128,"taintFlows":136,"riskAssessment":137,"analyzedAt":144},{"hooks":41,"ajaxHandlers":122,"restRoutes":123,"shortcodes":124,"cronEvents":125,"entryPointCount":11,"unprotectedCount":11},[42,49,54,58,61,65,67,70,73,78,81,86,90,93,97,101,105,110,115,119],{"type":43,"name":44,"callback":45,"priority":46,"file":47,"line":48},"action","user_register","set_rp_pre_inited_on_registration",20,"src\\Controller.php",16,{"type":50,"name":51,"callback":51,"priority":52,"file":47,"line":53},"filter","login_redirect",10,17,{"type":43,"name":55,"callback":55,"priority":56,"file":47,"line":57},"user_profile_update_errors",99,18,{"type":43,"name":59,"callback":59,"priority":56,"file":47,"line":60},"validate_password_reset",19,{"type":50,"name":62,"callback":63,"file":47,"line":64},"wp_login_errors","closure",45,{"type":43,"name":66,"callback":63,"priority":46,"file":47,"line":56},"register_new_user",{"type":43,"name":68,"callback":63,"priority":52,"file":47,"line":69},"wp_update_user",131,{"type":50,"name":71,"callback":63,"priority":56,"file":47,"line":72},"retrieve_password_message",264,{"type":43,"name":74,"callback":75,"file":76,"line":77},"itron\u002Fsafety-passwords\u002Factivate","processSecondPhaseActivation","src\\General.php",41,{"type":43,"name":74,"callback":79,"priority":46,"file":76,"line":80},"putCurrentPasswordsToStopList",42,{"type":43,"name":82,"callback":83,"priority":84,"file":76,"line":85},"admin_bar_menu","addAdminBarMenu",60,43,{"type":43,"name":87,"callback":88,"priority":46,"file":76,"line":89},"personal_options","addUserProfileNotice",44,{"type":43,"name":91,"callback":92,"file":76,"line":64},"admin_enqueue_scripts","addAdminStyles",{"type":43,"name":94,"callback":95,"file":76,"line":96},"plugins_loaded","loadTranslations",46,{"type":43,"name":98,"callback":63,"priority":99,"file":76,"line":100},"init",5,47,{"type":50,"name":102,"callback":103,"file":76,"line":104},"wp_stream_connectors","addStreamConnector",86,{"type":43,"name":106,"callback":107,"file":108,"line":109},"wp_stream_after_connectors_registration","anonymous","src\\Loggers\\Stream.php",29,{"type":43,"name":111,"callback":112,"file":113,"line":114},"carbon_fields_register_fields","createOptions","src\\Settings.php",14,{"type":43,"name":116,"callback":117,"file":113,"line":118},"after_setup_theme","loadCarbon",15,{"type":43,"name":120,"callback":121,"file":113,"line":57},"toplevel_page_crb_carbon_fields_container_safety_passwords","ensureEvent",[],[],[],[126],{"hook":74,"callback":74,"file":76,"line":127},62,{"dangerousFunctions":129,"sqlUsage":130,"outputEscaping":132,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":135},[],{"prepared":11,"raw":11,"locations":131},[],{"escaped":133,"rawEcho":11,"locations":134},3,[],[],[],{"summary":138,"deductions":139},"The safety-passwords v1.4.2 plugin exhibits a strong security posture based on the provided static analysis.  The absence of dangerous functions, unsanitized paths in taint analysis, raw SQL queries, and unescaped output are highly positive indicators. The plugin also demonstrates good practices by avoiding external HTTP requests and file operations, which are common sources of vulnerabilities.  Furthermore, the lack of any recorded vulnerabilities in its history suggests a commitment to security by the developers.\n\nHowever, a significant concern arises from the complete absence of nonce checks and capability checks. While the current attack surface appears limited, this omission leaves the plugin vulnerable to CSRF attacks if new entry points are introduced or if existing ones are somehow exposed. The presence of a cron event, although not explicitly analyzed for security, also warrants attention as it can be an indirect entry point if not properly secured.\n\nIn conclusion, safety-passwords v1.4.2 is well-coded with a focus on preventing common vulnerabilities. Its historical security record is excellent. The primary weakness lies in the fundamental security mechanisms (nonces and capabilities) that are missing, which could become a critical issue if the plugin's functionality or attack surface expands.",[140,142],{"reason":141,"points":118},"Missing nonce checks",{"reason":143,"points":118},"Missing capability checks","2026-03-17T07:17:37.614Z",{"wat":146,"direct":153},{"assetPaths":147,"generatorPatterns":149,"scriptPaths":150,"versionParams":151},[148],"\u002Fwp-content\u002Fplugins\u002Fsafety-passwords\u002Fassets\u002Fcss\u002Fadmin\u002Fstyle.css",[],[],[152],"safety-passwords\u002Fassets\u002Fcss\u002Fadmin\u002Fstyle.css?ver=",{"cssClasses":154,"htmlComments":156,"htmlAttributes":157,"restEndpoints":158,"jsGlobals":159,"shortcodeOutput":160},[155],"safety-passwords-reminder",[],[],[],[],[]]