[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyzCg8Lkn-AdsvVJDMcO0NOcrPKkXY82icHBwwrzLD7I":3,"$fMPbR0EW9XJPoSWSM9OgbzAqfBDVbEtBIMnQZBaxXRdg":494,"$fDTVURaDNTCt4LueAmRQYOCbxCyreZ_h3anxB1iGGU7s":498},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":144,"fingerprints":468},"secure-login-collector","Secure Login Collector","2.0.7","Mike Miler","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikemiler\u002F","\u003Cp>\u003Cstrong>Secure Login Collector\u003C\u002Fstrong> gives agencies and freelancers a safe hand-off point for client credentials. Clients fill in a branded form, everything is encrypted before it leaves their browser, and your team only unlocks it inside WordPress. No more password spreadsheets, chat messages, or liability-inducing emails.\u003C\u002Fp>\n\u003Ch4>How a login data submission flows\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Client opens your credential intake page and fills in the required fields (name, email, service, username, password, notes (optiona)).\u003C\u002Fli>\n\u003Cli>The data is locked on their device before it is sent anywhere [browser-based Web Crypto + RSA-2048 key exchange + AES-256-GCM payloads].\u003C\u002Fli>\n\u003Cli>The encrypted package lands in your WP database table together with metadata for auditing [Zero-knowledge encryption].\u003C\u002Fli>\n\u003Cli>Your team gets notified, signs in to WordPress, and decrypts items inside the admin dashboard.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Free version features (included)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Client-side sealing\u003C\u002Fstrong> – credentials are encrypted before they leave the browser, so email or transport leaks cannot expose them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-knowledge encryption\u003C\u002Fstrong> – the server never sees the unwrapped private key; secrets are only readable once an admin unlocks them locally inside WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP admin decryption\u003C\u002Fstrong> – only logged-in admins with the proper capability and the correct password can unlock submissions inside the dashboard, keeping everything in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission inbox & search\u003C\u002Fstrong> – view, sort, and filter all requests with name, service, timestamps, and notes, then copy credentials when you need them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant notifications\u003C\u002Fstrong> – each submission triggers an email so projects keep moving without checking the dashboard every hour.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessible client experience\u003C\u002Fstrong> – responsive form, password visibility toggle, optional help text, and field-level validation keep clients confident while still being secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro version extras (via Secure Login Collector Pro)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkey-first approvals\u003C\u002Fstrong> – require Touch ID, Windows Hello, YubiKey, or password-manager passkeys before every decrypt\u002Fexport event.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam and bot defense\u003C\u002Fstrong> – invisible honeypot fields, nonce verification, rate limiting, and IP-aware hooks block automated dumps without annoying clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retention & cleanup controls\u003C\u002Fstrong> – choose how long data stays accessible and let the plugin redact expired payloads automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk decrypt & export\u003C\u002Fstrong> – decrypt multiple entries at once and export directly to Bitwarden, 1Password, LastPass, Dashlane, CSV, or JSON for team password vaults.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Freemius & privacy\u003C\u002Fh4>\n\u003Cp>This plugin bundles the Freemius SDK for licensing, secure payments, and (optional) telemetry. Nothing is shared until you explicitly opt in. When you do, only environment details (site URL, WP\u002FPHP version, plugin version) plus contact email\u002Flocale are sent to Freemius so upgrades and receipts work. Client submissions, encrypted payloads, and decrypted credentials never leave your hosting environment.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>Security is a shared responsibility. We ship the tools, but you control how and where they are used. Install SSL, keep WordPress updated, limit admin access, and review submissions promptly. We are not liable for any damage, data loss, or regulatory issues that arise from using this plugin—use it at your own risk.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin bundles the Freemius SDK to handle optional telemetry, licensing, and upgrade flows. Opt-in is required before any data is shared.\u003C\u002Fp>\n\u003Cp>What is sent (only after opt-in):\u003Cbr \u002F>\n* Site URL, WordPress version, PHP version, and plugin version – for compatibility checks.\u003Cbr \u002F>\n* Admin email and locale – so Freemius can send license receipts and support messages if you later purchase Pro.\u003C\u002Fp>\n\u003Cp>No client submissions, passwords, or encrypted payloads ever leave your server. All credential data stays inside your WordPress database.\u003C\u002Fp>\n\u003Cp>Freemius Terms: https:\u002F\u002Ffreemius.com\u002Fterms\u002F\u003Cbr \u002F>\nFreemius Privacy: https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\u003C\u002Fp>\n","Secure way for agencies to receive client login credentials. Stop asking clients to send passwords via email.",0,325,100,1,"2026-01-27T21:05:00.000Z","6.8.5","6.2","7.4",[20,21,22,23,24],"credential-management","data-security","login","password","password-collection","https:\u002F\u002Fwp-mike.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-collector.2.0.7.zip",null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":13,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"mikemiler",2,200,30,94,"2026-05-20T06:58:26.505Z",[39,62,86,104,125],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":13,"vuln_count":14,"unpatched_count":11,"last_vuln_date":61,"fetched_at":28},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1878755,1507,"2025-12-22T11:48:00.000Z","3.0.1","5.3",[54,55,56,57,58],"developer-access","magic-pin","passwordless-login","secure-login","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip","2021-11-15 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":16,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":11,"last_vuln_date":85,"fetched_at":28},"theme-my-login","Theme My Login","7.1.14","Jeff Farthing","https:\u002F\u002Fprofiles.wordpress.org\u002Fjfarthing84\u002F","\u003Cp>Ever wished that your WordPress login page matched the rest of your site? Your wish has come true! Theme My Login allows you to bypass the default WordPress-branded login page that looks nothing like the rest of your site. Instead, your users will be presented with the login, registration and password recovery pages right within your theme. The best part? It works right out of the box, with no configuration necessary! Take back your login page, WordPress users!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Have you users log in from the frontend of your site.\u003C\u002Fli>\n\u003Cli>Have your users register from the frontend of your site.\u003C\u002Fli>\n\u003Cli>Have your users recover their password from the frontend of your site.\u003C\u002Fli>\n\u003Cli>Customize the slugs used for login, registration, password recovery and other pages.\u003C\u002Fli>\n\u003Cli>Allow your users to register with only their email.\u003C\u002Fli>\n\u003Cli>Allow your users to set their own passwords upon registration.\u003C\u002Fli>\n\u003Cli>Allow your users to log in using either their email and password, username and password or a combination of the two.\u003C\u002Fli>\n\u003Cli>Allow your users to be logged in automatically after registration with auto-login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Do More With Extensions\u003C\u002Fh4>\n\u003Cp>Boost your user experience even more with add-on plugins from our \u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\" rel=\"nofollow ugc\">extensions catalog\u003C\u002Fa>. Some of our extensions include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Fredirection\" rel=\"nofollow ugc\">Redirection\u003C\u002Fa> allows you to redirect your users on login, logout and registration based on their role.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Frestrictions\" rel=\"nofollow ugc\">Restrictions\u003C\u002Fa> allows you to restrict posts\u002Fpages, widgets and nav menu items based on a users login status and\u002For role.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Fprofiles\" rel=\"nofollow ugc\">Profiles\u003C\u002Fa> lets your users edit their profile from the frontend of your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Fmoderation\" rel=\"nofollow ugc\">Moderation\u003C\u002Fa> allows you to moderate your users by requiring them to confirm their email or by requiring admin approval.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Frecaptcha\" rel=\"nofollow ugc\">reCAPTCHA\u003C\u002Fa> enables Google reCAPTCHA support for your registration and login forms.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthememylogin.com\u002Fextensions\u002Fsocial\" rel=\"nofollow ugc\">Social\u003C\u002Fa> allows you to allow your users to log in to your site using their favorite social providers.\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate login branding solution! Theme My Login offers matchless customization of your WordPress user experience!",60000,4310780,74,460,"2025-09-30T14:04:00.000Z","5.4","",[78,79,22,23,80],"branding","customize","register","https:\u002F\u002Fthememylogin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-my-login.zip",95,4,"2025-09-26 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":84,"last_updated":97,"tested_up_to":98,"requires_at_least":17,"requires_php":18,"tags":99,"homepage":100,"download_link":101,"security_score":102,"vuln_count":14,"unpatched_count":11,"last_vuln_date":103,"fetched_at":28},"temporary-login","Temporary Login","1.3.0","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>Temporary Login creates a secure, temporary URL for easy access to your WP admin with no username and password. Share this URL with trusted support agents and colleagues in order to resolve issues quickly, and shut down access as soon as you’re done.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Grant access to your site with a single click; a temporary URL will be created that you can share for admin-level access to your site and it will automatically expire 7 days from creation.\u003C\u002Fli>\n\u003Cli>Extend access – need more time? No problem. Just click to extend access so that users don’t get locked out.\u003C\u002Fli>\n\u003Cli>All done? Revoke access and the link becomes inaccessible.\u003C\u002Fli>\n\u003Cli>Auto disable access – whether you forget to revoke access or lose track of the timing, there’s no need to worry. We will automatically disable the access URL at the expiration, within 7 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONTRIBUTION\u003C\u002Fh4>\n\u003Cp>Would you like to contribute to this plugin? You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Felementor\u002Ftemporary-login\u002F\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. Also, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","Create a secure, temporary URL for easy access to your WP admin.",40000,137366,80,"2024-11-26T16:13:00.000Z","6.7.5",[22,56,58,87],"https:\u002F\u002Felementor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login.1.3.0.zip",86,"2026-04-30 20:59:11",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":102,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":76,"tags":118,"homepage":122,"download_link":123,"security_score":13,"vuln_count":14,"unpatched_count":11,"last_vuln_date":124,"fetched_at":28},"google-authenticator","Google Authenticator","0.55","Ivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankk\u002F","\u003Cp>The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android\u002FiPhone\u002FBlackberry.\u003C\u002Fp>\n\u003Cp>If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail\u002FDropbox\u002FLastpass\u002FAmazon etc.\u003C\u002Fp>\n\u003Cp>The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.\u003C\u002Fp>\n\u003Cp>If You need to maintain your blog using an Android\u002FiPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,\u003Cbr \u002F>\nbut please note that enabling the App password feature will make your blog less secure.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fevinak\u002F\" rel=\"nofollow ugc\">Oleksiy\u003C\u002Fa> for a bugfix in multisite.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpancek\" rel=\"nofollow ugc\">Paweł Nowacki\u003C\u002Fa> for the Polish translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFabioZumbi12\" rel=\"nofollow ugc\">Fabio Zumbi\u003C\u002Fa> for the Portuguese translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.guidoschalkx.com\u002F\" rel=\"nofollow ugc\">Guido Schalkx\u003C\u002Fa> for the Dutch translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8\" rel=\"nofollow ugc\">Henrik.Schack\u003C\u002Fa> for writing\u002Fmaintaining versions 0.20 through 0.48\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftobias.baethge.com\u002F\" rel=\"nofollow ugc\">Tobias Bäthge\u003C\u002Fa> for his code rewrite and German translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.pcode.nl\u002F\" rel=\"nofollow ugc\">Pascal de Bruijn\u003C\u002Fa> for his “relaxed mode” idea.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftechnobabbl.es\u002F\" rel=\"nofollow ugc\">Daniel Werl\u003C\u002Fa> for his usability tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdd32.id.au\u002F\" rel=\"nofollow ugc\">Dion Hulse\u003C\u002Fa> for his bugfixes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Faldolat\u002F\" rel=\"nofollow ugc\">Aldo Latino\u003C\u002Fa> for his Italian translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.kaijia.me\u002F\" rel=\"nofollow ugc\">Kaijia Feng\u003C\u002Fa> for his Simplified Chinese translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.buayacorp.com\u002F\" rel=\"nofollow ugc\">Alex Concha\u003C\u002Fa> for his security tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjetienne.com\u002F\" rel=\"nofollow ugc\">Jerome Etienne\u003C\u002Fa> for his jquery-qrcode plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Forizhial.com\u002F\" rel=\"nofollow ugc\">Sébastien Prunier\u003C\u002Fa> for his Spanish and French translation.\u003C\u002Fp>\n","Google Authenticator for your WordPress blog.",20000,704950,135,"2026-04-07T14:57:00.000Z","7.0","4.5",[119,22,120,23,121],"authentication","otp","security","https:\u002F\u002Fgithub.com\u002Fivankruchkoff\u002Fgoogle-authenticator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-authenticator.0.55.zip","2016-04-28 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":76,"tags":140,"homepage":76,"download_link":143,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"frontend-reset-password","Frontend Reset Password","1.3.3","Wp Enhanced","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpenhanced\u002F","\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> lets your site users reset their lost or forgotten passwords in the frontend of your site. No more default WordPress reset form! Users fill in their username or email address and a reset password link is emailed to them. When they click this link they’ll be redirected to your site and asked for a new password. Everything is handled using default WordPress methods including security, so you don’t have to worry.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is perfect for sites that have disabled access to the WordPress dashboard, or if you want to include a lost\u002Freset password form on one of your custom site pages. It also works great with \u003Cstrong>Easy Digital Downloads\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Cp>Any error messages display right on the form, including whether the username or email address is invalid.\u003C\u002Fp>\n\u003Cp>The plugin works by hooking into the \u003Ccode>lostpassword_url\u003C\u002Fcode> WordPress filter, meaning compatibility with other plugins can be better maintained.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is also translation ready.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Modern settings framework for easy configuration & searching our documentation\u003Cbr \u002F>\n– Password requirements and eye icon toggle\u003Cbr \u002F>\n– Customizable reset link text and email templates\u003Cbr \u002F>\n– Full documentation at https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation and setup guide:\u003Cbr \u002F>\nhttps:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Cp>Find answers, usage examples, and troubleshooting tips on our official documentation site.\u003C\u002Fp>\n\u003Ch3>Setup Guide\u003C\u002Fh3>\n\u003Cp>Quick Start:\u003Cbr \u002F>\n1. Add the shortcode \u003Ccode>[reset_password]\u003C\u002Fcode> to any page.\u003Cbr \u002F>\n2. Visit \u003Cstrong>Settings > Frontend Reset Password\u003C\u002Fstrong> in your WordPress admin to select your reset page and configure options.\u003Cbr \u002F>\n3. (Optional) Customize form text, password requirements, and email templates.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for screenshots and advanced usage.\u003C\u002Fp>\n\u003Ch3>Customisation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Customisation Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Change all form text and labels\u003Cbr \u002F>\n– Set password requirements (length, character types)\u003Cbr \u002F>\n– Show\u002Fhide eye icon for password fields\u003Cbr \u002F>\n– Customize email subject, sender, and template\u003Cbr \u002F>\n– Display login link after password reset\u003C\u002Fp>\n\u003Cp>Very little CSS styling is used, so the forms should style with your website theme beautifully.\u003C\u002Fp>\n\u003Cp>If you use a frontend login page you can set that in the plugin also. Users are told they can login and are shown the url when they successfully change their password.\u003C\u002Fp>\n\u003Cp>You can also set the minimum number of characters required for a password. Default is 0.\u003C\u002Fp>\n\u003Ch3>Support & Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">Full Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Quick start guide in plugin settings\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffrontend-reset-password\u002F\" rel=\"ugc\">WordPress.org Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Let your users reset their forgotten passwords from the frontend of your website.",10000,169465,88,38,"2026-01-30T10:23:00.000Z","6.9.4","4.4",[22,141,23,142],"lost-password","reset-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-reset-password.zip",{"attackSurface":145,"codeSignals":304,"taintFlows":336,"riskAssessment":457,"analyzedAt":467},{"hooks":146,"ajaxHandlers":237,"restRoutes":295,"shortcodes":296,"cronEvents":300,"entryPointCount":303,"unprotectedCount":33},[147,154,158,162,167,172,177,181,183,189,193,195,198,202,208,212,215,220,224,228,231,234],{"type":148,"name":149,"callback":150,"priority":151,"file":152,"line":153},"action","admin_menu","add_admin_menu",5,"includes\u002Fclass-admin-interface.php",70,{"type":148,"name":155,"callback":156,"file":152,"line":157},"admin_enqueue_scripts","enqueue_admin_scripts",71,{"type":148,"name":159,"callback":160,"file":152,"line":161},"load-toplevel_page_secure-login-collector","add_screen_options",83,{"type":148,"name":163,"callback":164,"file":165,"line":166},"seculoco_cleanup_cron","cleanup_old_data","includes\u002Fclass-database-manager.php",50,{"type":148,"name":168,"callback":169,"file":170,"line":171},"wp_enqueue_scripts","enqueue_frontend_scripts","includes\u002Fclass-frontend-handler.php",73,{"type":148,"name":149,"callback":173,"priority":174,"file":175,"line":176},"add_settings_menu",20,"includes\u002Fclass-settings-manager.php",39,{"type":148,"name":178,"callback":179,"file":175,"line":180},"admin_init","register_settings",40,{"type":148,"name":155,"callback":156,"file":175,"line":182},41,{"type":184,"name":185,"callback":186,"file":187,"line":188},"filter","redirect_on_activation","__return_false","includes\u002Ffreemius-config.php",64,{"type":184,"name":190,"callback":191,"file":187,"line":192},"plugin_strings","seculoco_fs_custom_strings",78,{"type":148,"name":155,"callback":194,"file":187,"line":83},"seculoco_fs_license_activation_message",{"type":184,"name":196,"callback":186,"file":187,"line":197},"show_admin_notices",101,{"type":148,"name":199,"callback":200,"file":187,"line":201},"init","seculoco_fs_hide_admin_notices",105,{"type":184,"name":203,"callback":204,"priority":205,"file":206,"line":207},"connect_message","seculoco_fs_custom_connect_message",10,"includes\u002Ffreemius-hooks.php",32,{"type":184,"name":209,"callback":210,"file":206,"line":211},"trial_promotion_message","seculoco_fs_trial_promotion_message",51,{"type":148,"name":213,"callback":214,"file":206,"line":161},"admin_notices","seculoco_fs_admin_notices",{"type":148,"name":216,"callback":217,"file":218,"line":219},"after_uninstall","seculoco_fs_uninstall_cleanup","includes\u002Ffreemius-uninstall.php",282,{"type":148,"name":221,"callback":222,"file":218,"line":223},"seculoco_fs_loaded","seculoco_register_freemius_uninstall",287,{"type":148,"name":213,"callback":225,"file":226,"line":227},"closure","secure-login-collector.php",27,{"type":148,"name":213,"callback":229,"file":226,"line":230},"show_upgrade_notices",165,{"type":148,"name":213,"callback":232,"priority":151,"file":226,"line":233},"maybe_show_encryption_notice",166,{"type":148,"name":235,"callback":225,"priority":174,"file":226,"line":236},"plugins_loaded",373,[238,244,248,252,255,259,262,267,268,272,276,279,280,282,283,287,291],{"action":239,"nopriv":240,"callback":241,"hasNonce":242,"hasCapCheck":242,"file":152,"line":243},"seculoco_get_encrypted_entry",false,"handle_get_encrypted_entry",true,75,{"action":245,"nopriv":240,"callback":246,"hasNonce":242,"hasCapCheck":242,"file":152,"line":247},"seculoco_get_encryption_info","handle_get_encryption_info",76,{"action":249,"nopriv":240,"callback":250,"hasNonce":242,"hasCapCheck":242,"file":152,"line":251},"seculoco_delete_entry","handle_delete_ajax",77,{"action":253,"nopriv":240,"callback":254,"hasNonce":242,"hasCapCheck":242,"file":152,"line":192},"seculoco_extend_entry","handle_extend_ajax",{"action":256,"nopriv":240,"callback":257,"hasNonce":242,"hasCapCheck":242,"file":152,"line":258},"seculoco_update_metadata","handle_update_metadata_ajax",79,{"action":260,"nopriv":240,"callback":261,"hasNonce":242,"hasCapCheck":242,"file":152,"line":96},"seculoco_bulk_export","handle_bulk_export_ajax",{"action":263,"nopriv":240,"callback":264,"hasNonce":240,"hasCapCheck":242,"file":265,"line":266},"seculoco_get_public_key","handle_get_public_key","includes\u002Fclass-encryption-handler-v2.php",87,{"action":263,"nopriv":242,"callback":264,"hasNonce":240,"hasCapCheck":242,"file":265,"line":135},{"action":269,"nopriv":240,"callback":270,"hasNonce":242,"hasCapCheck":242,"file":265,"line":271},"seculoco_get_wrapped_private_key","handle_get_wrapped_private_key",89,{"action":273,"nopriv":240,"callback":274,"hasNonce":242,"hasCapCheck":242,"file":265,"line":275},"seculoco_initialize_free_keys","handle_initialize_free_keys",90,{"action":277,"nopriv":240,"callback":278,"hasNonce":242,"hasCapCheck":240,"file":170,"line":192},"seculoco_save_entry_v2","handle_save_login_data_v2",{"action":277,"nopriv":242,"callback":278,"hasNonce":242,"hasCapCheck":240,"file":170,"line":258},{"action":263,"nopriv":240,"callback":264,"hasNonce":240,"hasCapCheck":240,"file":170,"line":281},82,{"action":263,"nopriv":242,"callback":264,"hasNonce":240,"hasCapCheck":240,"file":170,"line":161},{"action":284,"nopriv":240,"callback":285,"hasNonce":242,"hasCapCheck":242,"file":175,"line":286},"seculoco_setup_password_encryption","ajax_setup_password_encryption",44,{"action":288,"nopriv":240,"callback":289,"hasNonce":242,"hasCapCheck":242,"file":175,"line":290},"seculoco_reset_password_encryption","ajax_reset_password_encryption",45,{"action":292,"nopriv":240,"callback":293,"hasNonce":242,"hasCapCheck":242,"file":175,"line":294},"seculoco_check_password_status","ajax_check_password_status",46,[],[297],{"tag":298,"callback":299,"file":170,"line":72},"seculoco_form","frontend_form_shortcode",[301],{"hook":163,"callback":163,"file":165,"line":302},124,18,{"dangerousFunctions":305,"sqlUsage":306,"outputEscaping":309,"fileOperations":11,"externalRequests":11,"nonceChecks":329,"capabilityChecks":330,"bundledLibraries":331},[],{"prepared":307,"raw":11,"locations":308},35,[],{"escaped":310,"rawEcho":311,"locations":312},235,7,[313,316,319,321,323,325,327],{"file":170,"line":314,"context":315},283,"raw output",{"file":317,"line":318,"context":315},"includes\u002Fclass-seculoco-list-table.php",530,{"file":175,"line":320,"context":315},447,{"file":175,"line":322,"context":315},511,{"file":175,"line":324,"context":315},562,{"file":175,"line":326,"context":315},567,{"file":175,"line":328,"context":315},595,15,17,[332],{"name":333,"version":334,"knownCves":335},"Freemius","1.0",[],[337,367,378,392,410,421,432,443],{"entryPoint":338,"graph":339,"unsanitizedCount":33,"severity":366},"search_box (includes\u002Fclass-seculoco-list-table.php:493)",{"nodes":340,"edges":362},[341,346,351,355,357,360],{"id":342,"type":343,"label":344,"file":317,"line":345},"n0","source","$_GET['orderby']",503,{"id":347,"type":348,"label":349,"file":317,"line":345,"wp_function":350},"n1","sink","echo() [XSS]","echo",{"id":352,"type":343,"label":353,"file":317,"line":354},"n2","$_GET['order']",506,{"id":356,"type":348,"label":349,"file":317,"line":354,"wp_function":350},"n3",{"id":358,"type":343,"label":359,"file":317,"line":322},"n4","$_GET['s']",{"id":361,"type":348,"label":349,"file":317,"line":322,"wp_function":350},"n5",[363,364,365],{"from":342,"to":347,"sanitized":240},{"from":352,"to":356,"sanitized":240},{"from":358,"to":361,"sanitized":242},"medium",{"entryPoint":368,"graph":369,"unsanitizedCount":11,"severity":377},"admin_page (includes\u002Fclass-admin-interface.php:234)",{"nodes":370,"edges":375},[371,374],{"id":342,"type":343,"label":372,"file":152,"line":373},"$_GET['page']",266,{"id":347,"type":348,"label":349,"file":152,"line":373,"wp_function":350},[376],{"from":342,"to":347,"sanitized":242},"low",{"entryPoint":379,"graph":380,"unsanitizedCount":11,"severity":377},"\u003Cclass-seculoco-list-table> (includes\u002Fclass-seculoco-list-table.php:0)",{"nodes":381,"edges":388},[382,383,384,385,386,387],{"id":342,"type":343,"label":344,"file":317,"line":345},{"id":347,"type":348,"label":349,"file":317,"line":345,"wp_function":350},{"id":352,"type":343,"label":353,"file":317,"line":354},{"id":356,"type":348,"label":349,"file":317,"line":354,"wp_function":350},{"id":358,"type":343,"label":359,"file":317,"line":322},{"id":361,"type":348,"label":349,"file":317,"line":322,"wp_function":350},[389,390,391],{"from":342,"to":347,"sanitized":242},{"from":352,"to":356,"sanitized":242},{"from":358,"to":361,"sanitized":242},{"entryPoint":393,"graph":394,"unsanitizedCount":14,"severity":409},"handle_extend_ajax (includes\u002Fclass-admin-interface.php:381)",{"nodes":395,"edges":406},[396,399,402],{"id":342,"type":343,"label":397,"file":152,"line":398},"$_POST",400,{"id":347,"type":400,"label":401,"file":152,"line":398},"transform","→ get_entry()",{"id":352,"type":348,"label":403,"file":165,"line":404,"wp_function":405},"get_row() [SQLi]",198,"get_row",[407,408],{"from":342,"to":347,"sanitized":240},{"from":347,"to":352,"sanitized":240},"high",{"entryPoint":411,"graph":412,"unsanitizedCount":14,"severity":409},"handle_update_metadata_ajax (includes\u002Fclass-admin-interface.php:418)",{"nodes":413,"edges":418},[414,416,417],{"id":342,"type":343,"label":397,"file":152,"line":415},434,{"id":347,"type":400,"label":401,"file":152,"line":415},{"id":352,"type":348,"label":403,"file":165,"line":404,"wp_function":405},[419,420],{"from":342,"to":347,"sanitized":240},{"from":347,"to":352,"sanitized":240},{"entryPoint":422,"graph":423,"unsanitizedCount":14,"severity":409},"handle_get_encryption_info (includes\u002Fclass-admin-interface.php:465)",{"nodes":424,"edges":429},[425,427,428],{"id":342,"type":343,"label":397,"file":152,"line":426},482,{"id":347,"type":400,"label":401,"file":152,"line":426},{"id":352,"type":348,"label":403,"file":165,"line":404,"wp_function":405},[430,431],{"from":342,"to":347,"sanitized":240},{"from":347,"to":352,"sanitized":240},{"entryPoint":433,"graph":434,"unsanitizedCount":14,"severity":409},"handle_get_encrypted_entry (includes\u002Fclass-admin-interface.php:520)",{"nodes":435,"edges":440},[436,438,439],{"id":342,"type":343,"label":397,"file":152,"line":437},543,{"id":347,"type":400,"label":401,"file":152,"line":437},{"id":352,"type":348,"label":403,"file":165,"line":404,"wp_function":405},[441,442],{"from":342,"to":347,"sanitized":240},{"from":347,"to":352,"sanitized":240},{"entryPoint":444,"graph":445,"unsanitizedCount":84,"severity":409},"\u003Cclass-admin-interface> (includes\u002Fclass-admin-interface.php:0)",{"nodes":446,"edges":453},[447,448,449,451,452],{"id":342,"type":343,"label":372,"file":152,"line":373},{"id":347,"type":348,"label":349,"file":152,"line":373,"wp_function":350},{"id":352,"type":343,"label":450,"file":152,"line":398},"$_POST (x4)",{"id":356,"type":400,"label":401,"file":152,"line":398},{"id":358,"type":348,"label":403,"file":165,"line":404,"wp_function":405},[454,455,456],{"from":342,"to":347,"sanitized":242},{"from":352,"to":356,"sanitized":240},{"from":356,"to":358,"sanitized":240},{"summary":458,"deductions":459},"The secure-login-collector plugin v2.0.7 exhibits a generally good security posture with several strong practices observed. The complete absence of raw SQL queries and the high percentage of properly escaped output are positive indicators. The plugin also demonstrates a robust use of nonces and capability checks across most of its entry points, along with no recorded vulnerability history, suggesting a commitment to secure development.\n\nHowever, concerns arise from the static analysis. Specifically, the presence of 2 AJAX handlers without authentication checks exposes potential vulnerabilities. Furthermore, the taint analysis revealed 5 high-severity flows with unsanitized paths, indicating a significant risk of data being processed without proper validation or sanitization, which could lead to various attacks if these paths are reachable. The large number of AJAX handlers (17 total) further amplifies the risk associated with the unprotected ones.\n\nWhile the lack of historical CVEs is reassuring, the current taint analysis findings are a red flag. The plugin has strengths in its database interaction and output handling, but the identified unsanitized paths and unprotected AJAX endpoints represent significant weaknesses that require immediate attention.",[460,462,464],{"reason":461,"points":205},"AJAX handlers without auth checks",{"reason":463,"points":329},"High severity flows with unsanitized paths",{"reason":465,"points":466},"Bundled Freemius v1.0 library",3,"2026-04-16T13:46:19.963Z",{"wat":469,"direct":478},{"assetPaths":470,"generatorPatterns":473,"scriptPaths":474,"versionParams":475},[471,472],"\u002Fwp-content\u002Fplugins\u002Fsecure-login-collector\u002Fassets\u002Fjs\u002Fseculoco-frontend.js","\u002Fwp-content\u002Fplugins\u002Fsecure-login-collector\u002Fassets\u002Fcss\u002Fseculoco-frontend.css",[],[471],[476,477],"secure-login-collector\u002Fassets\u002Fjs\u002Fseculoco-frontend.js?ver=","secure-login-collector\u002Fassets\u002Fcss\u002Fseculoco-frontend.css?ver=",{"cssClasses":479,"htmlComments":481,"htmlAttributes":485,"restEndpoints":488,"jsGlobals":490,"shortcodeOutput":492},[480],"seculoco-login-form",[482,483,484],"\u003C!-- Secure Login Collector -->","\u003C!-- BEGIN SECURE LOGIN COLLECTOR FORM -->","\u003C!-- END SECURE LOGIN COLLECTOR FORM -->",[486,487],"data-seculoco-nonce","data-seculoco-ajax-url",[489],"\u002Fwp-json\u002Fseculoco\u002Fv1\u002Fcollect_login",[491],"seculocoFrontend",[493],"[secure_login_collector]",{"error":242,"url":495,"statusCode":496,"statusMessage":497,"message":497},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsecure-login-collector\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":151,"versions":499},[500,505,512,519,526],{"version":6,"download_url":26,"svn_tag_url":501,"released_at":27,"has_diff":240,"diff_files_changed":502,"diff_lines":27,"trac_diff_url":503,"vulnerabilities":504,"is_current":242},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-collector\u002Ftags\u002F2.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecure-login-collector%2Ftags%2F2.0.6&new_path=%2Fsecure-login-collector%2Ftags%2F2.0.7",[],{"version":506,"download_url":507,"svn_tag_url":508,"released_at":27,"has_diff":240,"diff_files_changed":509,"diff_lines":27,"trac_diff_url":510,"vulnerabilities":511,"is_current":240},"2.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-collector.2.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-collector\u002Ftags\u002F2.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecure-login-collector%2Ftags%2F2.0.5&new_path=%2Fsecure-login-collector%2Ftags%2F2.0.6",[],{"version":513,"download_url":514,"svn_tag_url":515,"released_at":27,"has_diff":240,"diff_files_changed":516,"diff_lines":27,"trac_diff_url":517,"vulnerabilities":518,"is_current":240},"2.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-collector.2.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-collector\u002Ftags\u002F2.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecure-login-collector%2Ftags%2F2.0.4&new_path=%2Fsecure-login-collector%2Ftags%2F2.0.5",[],{"version":520,"download_url":521,"svn_tag_url":522,"released_at":27,"has_diff":240,"diff_files_changed":523,"diff_lines":27,"trac_diff_url":524,"vulnerabilities":525,"is_current":240},"2.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-collector.2.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-collector\u002Ftags\u002F2.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecure-login-collector%2Ftags%2F2.0.3&new_path=%2Fsecure-login-collector%2Ftags%2F2.0.4",[],{"version":527,"download_url":528,"svn_tag_url":529,"released_at":27,"has_diff":240,"diff_files_changed":530,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":531,"is_current":240},"2.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-collector.2.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-collector\u002Ftags\u002F2.0.3\u002F",[],[]]