[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmuslg-prVvmck-_o2M9y680RqBzsdzur27RA_URY8h4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":162,"fingerprints":485},"sessions","Sessions","3.3.0","Pierre Lannoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpierrelannoy\u002F","\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is a powerful sessions manager for WordPress with a multi-criteria sessions limiter and full analytics reporting about logins, logouts and account creation. It relies on the standard WordPress sessions manager and add it extra features and controls.\u003C\u002Fp>\n\u003Cp>You can limit concurrent sessions, on a per role basis for the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>count per user;\u003C\u002Fli>\n\u003Cli>count per IP adresses;\u003C\u002Fli>\n\u003Cli>count per country (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-locator\u002F\" rel=\"ugc\">IP Locator\u003C\u002Fa> plugin);\u003C\u002Fli>\n\u003Cli>count per device classes and types, client types, browser or OS (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevice-detector\u002F\" rel=\"ugc\">Device Detector\u003C\u002Fa> plugin).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each roles defined on your site, you can also block login based on private\u002Fpublic IP ranges, and define idle times for sessions auto-termination.\u003C\u002Fp>\n\u003Cp>You can also set a maximum number of IPs used for each user – useful to limit credential sharing between many people.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> can report the following main items and metrics:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>KPIs: login success, active sessions, cleaned sessions, active users, turnover and spam sessions;\u003C\u002Fli>\n\u003Cli>active and cleaned sessions details;\u003C\u002Fli>\n\u003Cli>users and sessions variations;\u003C\u002Fli>\n\u003Cli>moves distribution;\u003C\u002Fli>\n\u003Cli>login\u002Flogout breakdowns;\u003C\u002Fli>\n\u003Cli>password resets;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> supports a set of WP-CLI commands to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>manage WordPress active sessions (list, kill) – see \u003Ccode>wp help sessions active\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>toggle on\u002Foff main settings – see \u003Ccode>wp help sessions settings\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>modify operations mode – see \u003Ccode>wp help sessions mode\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>display sessions and accounts statistics – see \u003Ccode>wp help sessions analytics\u003C\u002Fcode> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a full help on WP-CLI commands in Sessions, please \u003Ca href=\"https:\u002F\u002Fperfops.one\u002Fsessions-wpcli\" rel=\"nofollow ugc\">read this guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is part of \u003Ca href=\"https:\u002F\u002Fperfops.one\u002F\" rel=\"nofollow ugc\">PerfOps One\u003C\u002Fa>, a suite of free and open source WordPress plugins dedicated to observability and operations performance.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is a free and open source plugin for WordPress. It integrates many other free and open source works (as-is or modified). Please, see ‘about’ tab in the plugin settings to see the details.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>This plugin is free and provided without warranty of any kind. Use it at your own risk, I’m not responsible for any improper use of this plugin, nor for any damage it might cause to your site. Always backup all your data before installing a new plugin.\u003C\u002Fp>\n\u003Cp>Anyway, I’ll be glad to help you if you encounter issues when using this plugin. Just use the support section of this plugin page.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin, as any piece of software, is neither compliant nor non-compliant with privacy laws and regulations. It is your responsibility to use it – by activating the corresponding options or services – with respect for the personal data of your users and applicable laws.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t set any cookie in the user’s browser.\u003C\u002Fp>\n\u003Cp>This plugin may handle personally identifiable information (PII). If the GDPR or CCPA or similar regulation applies to your case, you must adapt your processes (consent management, security measure, treatment register, etc.).\u003C\u002Fp>\n\u003Ch4>Donation\u003C\u002Fh4>\n\u003Cp>If you like this plugin or find it useful and want to thank me for the work done, please consider making a donation to \u003Ca href=\"https:\u002F\u002Fwww.laquadrature.net\u002Fen\" rel=\"nofollow ugc\">La Quadrature Du Net\u003C\u002Fa> or the \u003Ca href=\"https:\u002F\u002Fwww.eff.org\u002F\" rel=\"nofollow ugc\">Electronic Frontier Foundation\u003C\u002Fa> which are advocacy groups defending the rights and freedoms of citizens on the Internet. By supporting them, you help the daily actions they perform to defend our fundamental freedoms!\u003C\u002Fp>\n","Powerful sessions manager for WordPress with sessions limiter and full analytics reporting capabilities.",900,23786,96,8,"2025-11-22T10:58:00.000Z","6.9.4","6.2","8.1",[20,21,22,23,24],"authentication","login","protection","role","session","https:\u002F\u002Fperfops.one\u002Fsessions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsessions.3.3.0.zip",99,1,0,"2025-08-22 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-57890","sessions-authenticated-administrator-stored-cross-site-scripting","Sessions \u003C= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Sessions plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.2.0","3.2.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-26 14:18:12",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F62d847f7-bd07-48c6-a083-06d7255ed7e2?source=api-prod",5,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":27,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"pierrelannoy",12,15110,65,87,"2026-04-04T00:34:04.217Z",[57,83,104,124,141],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":29,"last_vuln_date":82,"fetched_at":31},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","5.6","7.4",[73,74,75,76,77],"antispam","brute-force-protection","limit-login-attempts","security","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",98,3,"2024-07-11 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":91,"num_ratings":93,"last_updated":94,"tested_up_to":16,"requires_at_least":95,"requires_php":71,"tags":96,"homepage":102,"download_link":103,"security_score":91,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"memberstack","Memberstack – Member Management & Content Protection","1.3.1","Josh","https:\u002F\u002Fprofiles.wordpress.org\u002Fmsjoshlopez\u002F","\u003Cp>Since 2019, we’ve helped thousands of businesses to generate $125,000,000 in revenue through premium content and membership sites. Our customers range from high school seniors to teams at Slack, Reddit, American Airlines, Webflow, IDEO, etc.\u003C\u002Fp>\n\u003Cp>Whether you’re creating a custom SaaS application, online course, subscription service, premium content site, or member community, we’re ready to help!\u003C\u002Fp>\n\u003Cp>Our WordPress integration makes it simple to protect content, manage members, and process payments without any coding knowledge. Perfect for content creators, course developers, and businesses looking to monetize their WordPress sites through memberships.\u003C\u002Fp>\n\u003Ch4>Getting Started Guide\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Quick Start Video Tutorial\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Check out our installation and setup guide video: \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FN-S2CJjomK8?si=nGboxSIPbjHHbCoO\" rel=\"nofollow ugc\">Watch Getting Started with Memberstack + WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In this video, you’ll learn how you can add gated content, social auth, and more to your WordPress site using the Memberstack plugin with WordPress!\u003C\u002Fp>\n\u003Ch4>Why Choose Memberstack?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>No Coding Required\u003C\u002Fstrong> – Easy setup with visual builders and pre-built components for WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Features\u003C\u002Fstrong> – Enterprise-grade security and functionality at a fraction of the cost\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Pricing\u003C\u002Fstrong> – Start building in test mode for free with no credit card required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong> – Social login, passwordless options, and traditional email\u002Fpassword\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page Builder Ready\u003C\u002Fstrong> – Works seamlessly with popular builders like Bricks, Elementor, Gutenberg, and more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Online Courses & Educational Content\u003C\u002Fli>\n\u003Cli>Premium News & Media Sites\u003C\u002Fli>\n\u003Cli>Subscription Services\u003C\u002Fli>\n\u003Cli>Member Communities\u003C\u002Fli>\n\u003Cli>Digital Downloads\u003C\u002Fli>\n\u003Cli>Professional Services\u003C\u002Fli>\n\u003Cli>Content Creators\u003C\u002Fli>\n\u003Cli>Online Coaches\u003C\u002Fli>\n\u003Cli>Digital Products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Essential Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Smart Content Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Protect entire pages or specific sections\u003C\u002Fli>\n\u003Cli>Create multiple membership plans, paid or free\u003C\u002Fli>\n\u003Cli>Set up trial periods for paid plans\u003C\u002Fli>\n\u003Cli>Custom access rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Social login (Google, GitHub, LinkedIn, etc.)\u003C\u002Fli>\n\u003Cli>Passwordless email login\u003C\u002Fli>\n\u003Cli>Traditional email\u002Fpassword\u003C\u002Fli>\n\u003Cli>Custom registration fields, we call them “custom fields”\u003C\u002Fli>\n\u003Cli>Profile management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Payment & Subscriptions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stripe integration – Memberstack exclusively uses Stripe\u003C\u002Fli>\n\u003Cli>Multiple pricing tiers\u003C\u002Fli>\n\u003Cli>Free and paid plans\u003C\u002Fli>\n\u003Cli>Trial periods\u003C\u002Fli>\n\u003Cli>Payment management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pricing\u003C\u002Fh4>\n\u003Cp>Start in test mode for free – no credit card required. When you’re ready to launch, choose the plan that fits your member count. As your business grows, unlock lower transaction fees. We added this section because we want to be transparent about our pricing and help you make an informed decision.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Basic – $29\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Perfect for up to 1,000 members\u003C\u002Fli>\n\u003Cli>4% transaction fee – great for testing the waters\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Professional – $49\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Scale up to 5,000 members\u003C\u002Fli>\n\u003Cli>Reduced 2% transaction fee\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Business – $99\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support up to 10,000 members\u003C\u002Fli>\n\u003Cli>Ultra-low 0.9% transaction fee\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Established – $499\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>10,000+ members\u003C\u002Fli>\n\u003Cli>ZERO transaction fees – maximize your revenue\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003Cli>Priority support included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Every Plan Includes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress integration\u003C\u002Fli>\n\u003Cli>Social login options\u003C\u002Fli>\n\u003Cli>Stripe payment processing\u003C\u002Fli>\n\u003Cli>Custom SSO\u003C\u002Fli>\n\u003Cli>Branded emails\u003C\u002Fli>\n\u003Cli>Member management dashboard\u003C\u002Fli>\n\u003Cli>Save 20% with annual billing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Start for free in test mode and upgrade when you’re ready to launch. No hidden fees or surprises – just straightforward pricing that scales with your success.\u003C\u002Fp>\n\u003Ch4>Page Builder Integration\u003C\u002Fh4>\n\u003Cp>Works seamlessly with your favorite page builders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bricks\u003C\u002Fstrong> – Native elements for forms and buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Elementor\u003C\u002Fstrong> – Custom widgets for membership features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Divi\u003C\u002Fstrong> – Built-in module support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg\u003C\u002Fstrong> – Dedicated blocks for content protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy Implementation\u003C\u002Fh4>\n\u003Cp>Add membership features anywhere with our shortcodes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[memberstack_login]\u003C\u002Fcode> – Display login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_signup]\u003C\u002Fcode> – Display signup form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_protected]\u003C\u002Fcode> – Protect content sections\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_member]\u003C\u002Fcode> – Display member information\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_modal]\u003C\u002Fcode> – Add modal triggers\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_logout]\u003C\u002Fcode> – Add logout buttons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Started\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install the Memberstack WordPress plugin\u003C\u002Fli>\n\u003Cli>Create your free Memberstack account at \u003Ca href=\"https:\u002F\u002Fmemberstack.com\" rel=\"nofollow ugc\">memberstack.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Copy your App ID from the Memberstack dashboard\u003C\u002Fli>\n\u003Cli>Paste the App ID in WordPress under Settings > Memberstack\u003C\u002Fli>\n\u003Cli>Start protecting content and adding membership features!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Extensive \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Support Team – \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community Forum – \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Fcommunity\u002Fposts\" rel=\"nofollow ugc\">Join the Discussion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>WordPress Slack Community – \u003Ca href=\"https:\u002F\u002Fwww.memberstack.com\u002Fwpslack\" rel=\"nofollow ugc\">Join the Slack Community\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Memberstack integrates with our cloud service to manage memberships and protect content. \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Farticles\u002F11419812024347-Privacy-Policy\" rel=\"nofollow ugc\">View our Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","Transform your WordPress site into a premium membership platform. Create members-only content and manage subscriptions with ease.",100,2767,24,"2026-03-03T09:43:00.000Z","6.7",[97,98,99,100,101],"content-protection","membership","social-login","subscription-management","user-authentication","https:\u002F\u002Fmemberstack.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberstack.1.3.1.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":91,"downloaded":112,"rating":91,"num_ratings":28,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":121,"download_link":122,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-require-login","Simple Require Login","0.2","timmcdaniels","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimmcdaniels\u002F","\u003Cp>WordPress plugin that adds a metabox to posts, pages, and custom post types where you can select if the content requires a login and what role is allowed to view the content. The native auth_redirect function is used to redirect users to the login page.\u003C\u002Fp>\n","Require login for content on a per page\u002Fpost\u002Fcustom post type basis. You can also select a specific role required to view the content.",3709,"2016-07-06T18:28:00.000Z","4.3.34","3.5","",[118,20,21,119,120],"admin","password","roles","http:\u002F\u002Fwww.weareconvoy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-require-login.zip",85,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":29,"num_ratings":29,"last_updated":116,"tested_up_to":134,"requires_at_least":135,"requires_php":116,"tags":136,"homepage":138,"download_link":139,"security_score":91,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":140},"phpmydirectory","phpMyDirectory","1.1","atdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fatdev\u002F","\u003Cp>The phpMyDirectory WordPress plugin allows wordpress users to log into phpMyDirectory.  The plugin is configured in the WordPress admin area.\u003C\u002Fp>\n\u003Cp>Users only need to log in once and they will be automatically logged into phpMyDirectory.  This allows phpMyDirectory to be used alongside WordPress and for a directory to be easily created for WordPress.\u003C\u002Fp>\n","Allows wordpress users to automatically log into phpMyDirectory.  The sessions are shared and accounts are created automatically if they do not exist.",10,1837,"4.4.34","3.5.2",[20,137,21,24],"directory","http:\u002F\u002Fwww.phpmydirectory.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphpmydirectory.zip","2026-03-15T10:48:56.248Z",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":132,"downloaded":149,"rating":29,"num_ratings":29,"last_updated":116,"tested_up_to":150,"requires_at_least":151,"requires_php":116,"tags":152,"homepage":160,"download_link":161,"security_score":91,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":140},"restrict-role-login","Restrict Role Login","1.0.0","konnektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonnektiv\u002F","\u003Cp>This Plugin allows administrators to restrict user login based on user roles. This is useful e.g. when you want anyone to register on your site but you do only want certain people (e.g. editors) to enter the logged in area.\u003C\u002Fp>\n\u003Cp>Roles that are allowed to log in are set in a new menu entry in the Users menu.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed for the \u003Ca href=\"https:\u002F\u002Fquality4digitallearning.org\u002F\" rel=\"nofollow ugc\">globe – Community of Digital Learning\u003C\u002Fa> on behalf of \u003Ca href=\"https:\u002F\u002Fwww.giz.de\u002F\" rel=\"nofollow ugc\">GIZ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkonnektiv.de\u002F\" rel=\"nofollow ugc\">Konnektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkonnektiv\u002Frestrict-role-login\" rel=\"nofollow ugc\">Restrict Role Login on GitHub\u003C\u002Fa> – Report issues, contribute code\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows administrators to restrict user login based on user roles.",1523,"4.5.33","3.6.0",[153,20,21,154,155,23,156,157,158,159],"area","register","restrict","sign-in","sign-up","user","users","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestrict-role-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-role-login.1.0.0.zip",{"attackSurface":163,"codeSignals":371,"taintFlows":474,"riskAssessment":475,"analyzedAt":484},{"hooks":164,"ajaxHandlers":336,"restRoutes":350,"shortcodes":351,"cronEvents":368,"entryPointCount":369,"unprotectedCount":370},[165,170,175,178,181,184,187,190,193,196,199,202,205,208,211,217,222,225,229,234,237,239,242,244,245,247,249,251,254,257,260,263,265,268,271,275,279,283,287,291,296,299,302,306,310,313,318,321,323,325,329,331],{"type":166,"name":167,"callback":167,"file":168,"line":169},"filter","init_perfopsone_admin_menus","admin\\class-sessions-admin.php",165,{"type":171,"name":172,"callback":172,"priority":132,"file":173,"line":174},"action","sessions_after_idle_terminate","includes\\features\\class-capture.php",123,{"type":171,"name":176,"callback":176,"priority":132,"file":173,"line":177},"sessions_after_expired_terminate",124,{"type":171,"name":179,"callback":179,"priority":132,"file":173,"line":180},"auth_cookie_expired",125,{"type":171,"name":182,"callback":182,"priority":132,"file":173,"line":183},"sessions_force_terminate",126,{"type":171,"name":185,"callback":185,"priority":132,"file":173,"line":186},"sessions_force_admin_terminate",127,{"type":171,"name":188,"callback":188,"priority":132,"file":173,"line":189},"delete_user",128,{"type":171,"name":191,"callback":191,"priority":132,"file":173,"line":192},"user_register",129,{"type":171,"name":194,"callback":194,"priority":132,"file":173,"line":195},"password_reset",130,{"type":171,"name":197,"callback":197,"priority":132,"file":173,"line":198},"wp_logout",131,{"type":171,"name":200,"callback":200,"priority":132,"file":173,"line":201},"wp_login_failed",132,{"type":171,"name":203,"callback":203,"priority":132,"file":173,"line":204},"wp_login",133,{"type":171,"name":206,"callback":206,"priority":132,"file":173,"line":207},"jpp_kill_login",134,{"type":171,"name":209,"callback":209,"priority":132,"file":173,"line":210},"wordfence_security_event",143,{"type":171,"name":212,"callback":213,"priority":214,"file":215,"line":216},"shutdown","write",11,"includes\\features\\class-schema.php",56,{"type":171,"name":218,"callback":219,"priority":29,"file":220,"line":221},"show_user_profile","user_profile","includes\\features\\class-useradministration.php",32,{"type":171,"name":223,"callback":219,"priority":29,"file":220,"line":224},"edit_user_profile",33,{"type":171,"name":212,"callback":226,"priority":132,"file":227,"line":228},"execute_tasks","includes\\features\\class-zookeeper.php",37,{"type":166,"name":230,"callback":231,"file":232,"line":233},"perfopsone_plugin_info","anonymous","includes\\plugin\\class-core.php",79,{"type":171,"name":235,"callback":231,"file":232,"line":236},"init",80,{"type":171,"name":235,"callback":231,"file":232,"line":238},81,{"type":171,"name":240,"callback":231,"file":232,"line":241},"wp_head",82,{"type":171,"name":243,"callback":231,"file":232,"line":80},"admin_enqueue_scripts",{"type":171,"name":243,"callback":231,"file":232,"line":27},{"type":171,"name":246,"callback":231,"file":232,"line":91},"admin_menu",{"type":171,"name":246,"callback":231,"file":232,"line":248},101,{"type":171,"name":246,"callback":231,"file":232,"line":250},102,{"type":171,"name":252,"callback":231,"file":232,"line":253},"admin_init",103,{"type":166,"name":255,"callback":231,"file":232,"line":256},"plugin_row_meta",105,{"type":171,"name":258,"callback":231,"file":232,"line":259},"admin_notices",106,{"type":171,"name":261,"callback":231,"file":232,"line":262},"wp_enqueue_scripts",120,{"type":171,"name":261,"callback":231,"file":232,"line":264},121,{"type":166,"name":266,"callback":267,"priority":29,"file":232,"line":201},"sessions_blocked_message","closure",{"type":166,"name":269,"callback":267,"priority":29,"file":232,"line":270},"sessions_bad_ip_message",142,{"type":166,"name":272,"callback":273,"file":274,"line":53},"plugins_api","plugin_info","includes\\plugin\\class-updater.php",{"type":166,"name":276,"callback":277,"file":274,"line":278},"site_transient_update_plugins","info_update",66,{"type":171,"name":280,"callback":281,"priority":132,"file":274,"line":282},"upgrader_process_complete","info_reset",67,{"type":166,"name":284,"callback":285,"file":274,"line":286},"clean_url","filter_logo",68,{"type":166,"name":288,"callback":288,"file":289,"line":290},"perfopsone_apcu_info","includes\\system\\class-apcu.php",51,{"type":171,"name":292,"callback":293,"file":294,"line":295},"after_password_reset","reset","includes\\system\\class-session.php",1031,{"type":171,"name":235,"callback":297,"file":294,"line":298},"initialize",1033,{"type":171,"name":300,"callback":297,"file":294,"line":301},"set_current_user",1034,{"type":166,"name":303,"callback":304,"file":294,"line":305},"auth_cookie_expiration","cookie_expiration",1059,{"type":166,"name":307,"callback":308,"file":294,"line":309},"authenticate","limit_logins",1060,{"type":166,"name":311,"callback":311,"file":294,"line":312},"jetpack_sso_handle_login",1061,{"type":166,"name":314,"callback":315,"file":316,"line":317},"site_status_tests","perfopsone_test_objectcache","includes\\system\\class-sitehealth.php",77,{"type":166,"name":314,"callback":319,"file":316,"line":320},"perfopsone_test_opcache",78,{"type":166,"name":314,"callback":322,"file":316,"line":233},"perfopsone_test_shmop",{"type":166,"name":314,"callback":324,"file":316,"line":238},"perfopsone_test_i18n",{"type":166,"name":326,"callback":327,"file":316,"line":328},"debug_information","perfopsone_info",91,{"type":166,"name":326,"callback":273,"file":316,"line":330},109,{"type":171,"name":332,"callback":333,"file":334,"line":335},"admin_bar_menu","finalize","perfopsone\\class-adminbar.php",54,[337,341,345],{"action":338,"nopriv":339,"callback":231,"hasNonce":339,"hasCapCheck":339,"file":232,"line":340},"hide_pose_nag",false,107,{"action":342,"nopriv":339,"callback":343,"hasNonce":339,"hasCapCheck":339,"file":232,"line":344},"pose_get_stats","POSessions\\Plugin\\Feature\\AnalyticsFactory",108,{"action":346,"nopriv":339,"callback":347,"hasNonce":348,"hasCapCheck":348,"file":349,"line":221},"poo_switch_autoupdate","poo_switch_autoupdate_callback",true,"perfopsone\\functions.php",[],[352,357,361,365],{"tag":353,"callback":354,"file":355,"line":356},"pose-wpcli","sc_get_helpfile","includes\\features\\class-wpcli.php",744,{"tag":358,"callback":359,"file":232,"line":360},"pose-changelog","sc_get_changelog",83,{"tag":362,"callback":363,"file":232,"line":364},"pose-libraries","sc_get_list",84,{"tag":366,"callback":367,"file":232,"line":123},"pose-statistics","sc_get_raw",[],7,2,{"dangerousFunctions":372,"sqlUsage":373,"outputEscaping":392,"fileOperations":214,"externalRequests":48,"nonceChecks":472,"capabilityChecks":370,"bundledLibraries":473},[],{"prepared":374,"raw":48,"locations":375},23,[376,380,382,386,389],{"file":377,"line":378,"context":379},"includes\\system\\class-cache.php",347,"$wpdb->get_col() with variable interpolation",{"file":377,"line":381,"context":379},350,{"file":383,"line":384,"context":385},"includes\\system\\class-database.php",241,"$wpdb->get_var() with variable interpolation",{"file":387,"line":388,"context":379},"includes\\system\\class-option.php",238,{"file":294,"line":390,"context":391},1229,"$wpdb->query() with variable interpolation",{"escaped":393,"rawEcho":394,"locations":395},70,40,[396,399,400,402,404,406,408,410,411,414,417,418,420,421,422,423,424,426,427,429,431,433,435,437,439,440,442,444,447,449,452,453,455,457,459,461,463,465,467,470],{"file":397,"line":221,"context":398},"admin\\partials\\sessions-admin-settings-about.php","raw output",{"file":397,"line":224,"context":398},{"file":397,"line":401,"context":398},34,{"file":397,"line":403,"context":398},39,{"file":397,"line":405,"context":398},42,{"file":407,"line":13,"context":398},"admin\\partials\\sessions-admin-settings-main.php",{"file":409,"line":224,"context":398},"admin\\partials\\sessions-admin-settings-options.php",{"file":409,"line":224,"context":398},{"file":412,"line":413,"context":398},"admin\\partials\\sessions-admin-settings-roles.php",30,{"file":415,"line":416,"context":398},"admin\\partials\\sessions-admin-tools-lines.php",18,{"file":415,"line":416,"context":398},{"file":415,"line":419,"context":398},20,{"file":415,"line":419,"context":398},{"file":415,"line":419,"context":398},{"file":415,"line":374,"context":398},{"file":415,"line":374,"context":398},{"file":415,"line":425,"context":398},27,{"file":415,"line":425,"context":398},{"file":428,"line":374,"context":398},"admin\\partials\\sessions-admin-tools.php",{"file":428,"line":430,"context":398},26,{"file":432,"line":228,"context":398},"admin\\partials\\sessions-admin-user-profile.php",{"file":432,"line":434,"context":398},41,{"file":436,"line":224,"context":398},"admin\\partials\\sessions-admin-view-analytics.php",{"file":436,"line":438,"context":398},36,{"file":436,"line":403,"context":398},{"file":436,"line":441,"context":398},43,{"file":436,"line":443,"context":398},44,{"file":445,"line":446,"context":398},"includes\\features\\class-sessions.php",816,{"file":445,"line":448,"context":398},866,{"file":450,"line":451,"context":398},"includes\\system\\class-form.php",73,{"file":450,"line":344,"context":398},{"file":450,"line":454,"context":398},138,{"file":450,"line":456,"context":398},172,{"file":450,"line":458,"context":398},211,{"file":450,"line":460,"context":398},253,{"file":450,"line":462,"context":398},296,{"file":450,"line":464,"context":398},318,{"file":466,"line":186,"context":398},"includes\\system\\class-nag.php",{"file":468,"line":469,"context":398},"perfopsone\\class-menus.php",471,{"file":468,"line":471,"context":398},524,15,[],[],{"summary":476,"deductions":477},"The 'sessions' v3.3.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices such as a low number of dangerous functions, a high percentage of SQL queries using prepared statements, and a significant number of nonce and capability checks.  However, there are notable areas of concern.  The presence of two AJAX handlers without authentication checks exposes a significant attack surface, making these endpoints vulnerable to unauthorized access and potential exploitation.\n\nThe plugin's vulnerability history, while currently showing no unpatched CVEs, does reveal a past medium-severity Cross-Site Scripting (XSS) vulnerability. The fact that this vulnerability was recorded relatively recently (2025-08-22) suggests that while patches may be applied, the codebase might be susceptible to similar input sanitization issues in the future. The lack of taint analysis results is a neutral observation, indicating no identified unsanitized flows during the analysis, but it's important to note that this is based on the specific analysis performed and may not cover all potential scenarios.\n\nIn conclusion, while the 'sessions' v3.3.0 plugin has strengths in its use of secure coding practices like prepared statements and nonce checks, the unprotected AJAX endpoints represent a clear and present risk. The past XSS vulnerability also warrants ongoing vigilance. Overall, the plugin is moderately secure but requires attention to its exposed entry points.",[478,480,482],{"reason":479,"points":132},"Unprotected AJAX handlers",{"reason":481,"points":132},"Past medium severity vulnerability",{"reason":483,"points":48},"Moderate output escaping effectiveness","2026-03-16T19:11:30.524Z",{"wat":486,"direct":495},{"assetPaths":487,"generatorPatterns":490,"scriptPaths":491,"versionParams":492},[488,489],"\u002Fwp-content\u002Fplugins\u002Fsessions\u002Fassets\u002Fcss\u002Fsessions.css","\u002Fwp-content\u002Fplugins\u002Fsessions\u002Fassets\u002Fjs\u002Fsessions.js",[],[489],[493,494],"sessions\u002Fassets\u002Fcss\u002Fsessions.css?ver=","sessions\u002Fassets\u002Fjs\u002Fsessions.js?ver=",{"cssClasses":496,"htmlComments":498,"htmlAttributes":499,"restEndpoints":501,"jsGlobals":502,"shortcodeOutput":507},[497],"pose-about-logo",[],[500],"data-pose-id",[],[503,504,505,506],"POSE_ASSETS_ID","POSE_PRODUCT_NAME","POSE_VERSION","POSE_SLUG",[508,509,510],"[pose-libraries]","[pose-changelog]","[pose-wpcli]"]