[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqU8nb9tosEMyheAw9mRgM2kZoE04cWYWhTS9swDDTMI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":53,"fingerprints":90},"show-user-ip","Show user IP","1.0","Benjamin Hagh Parast","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaghs\u002F","\u003Cp>If you want to display the current IP address of your website visitor, you can use the following shortcode [ip]\u003C\u002Fp>\n","Add the shortcode [ip] in the Header, footer ore on any post and page. With this plugin you can display the IP of your website visitor.",0,776,100,1,"","6.9.4","6.9","8.0",[4],"https:\u002F\u002Fwordtune.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-user-ip.1.0.zip",null,"2026-03-15T10:48:56.248Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":13,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"haghs",18,330,30,94,"2026-04-04T14:15:20.167Z",[33],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":35,"active_installs":40,"downloaded":41,"rating":13,"num_ratings":14,"last_updated":42,"tested_up_to":43,"requires_at_least":44,"requires_php":15,"tags":45,"homepage":49,"download_link":50,"security_score":51,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":52},"wp-real-ip-based-access-control","WP Real IP-based Access Control","1.3.1","hitoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fhitoy\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.hitoy.org\u002Fwp-real-ip-based-access-control.html\" rel=\"nofollow ugc\">WP Real IP-based Access Control\u003C\u002Fa> is a Plugin Specifically Designed for Website use CDN service, with this WP Real IP-based Access Control, all of your comments users’s ip address are their original IP address instead of your CDN notes IP.\u003C\u002Fp>\n\u003Cp>With This Plugin you can not only View your site visitors’s real IP, But also you can Control the access based on IP.\u003C\u002Fp>\n\u003Cp>You have three ways to control permissions:\u003Cbr \u002F>\n    1. Completely closed.\u003Cbr \u002F>\n    2. Prohibit Access.\u003Cbr \u002F>\n    3. Prohibit Comments.\u003C\u002Fp>\n\u003Cp>If you decide to open the access control feature, you need to fill the ip address to the Text field in the setting->WP Real IP-based ACL.\u003C\u002Fp>\n",10,1655,"2014-09-04T09:03:00.000Z","4.0.38","3.0.1",[46,47,48],"cdn-site-show-user-ip","comments-real-ip-display","ip-based-access-control","http:\u002F\u002Fwww.hitoy.org\u002Fwp-real-ip-based-access-control.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-real-ip-based-access-control.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":54,"codeSignals":64,"taintFlows":74,"riskAssessment":75,"analyzedAt":89},{"hooks":55,"ajaxHandlers":56,"restRoutes":57,"shortcodes":58,"cronEvents":63,"entryPointCount":14,"unprotectedCount":11},[],[],[],[59],{"tag":60,"callback":61,"file":62,"line":27},"ip","show_user_ip","Show user ip.php",[],{"dangerousFunctions":65,"sqlUsage":66,"outputEscaping":68,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":73},[],{"prepared":11,"raw":11,"locations":67},[],{"escaped":14,"rawEcho":14,"locations":69},[70],{"file":62,"line":71,"context":72},15,"raw output",[],[],{"summary":76,"deductions":77},"The \"show-user-ip\" plugin v1.0 presents a generally good security posture, with several positive indicators. The absence of known CVEs and a clean vulnerability history suggest responsible development and maintenance practices regarding past security issues.  Furthermore, the plugin does not utilize dangerous functions, performs all SQL queries using prepared statements, and avoids external HTTP requests or file operations, all of which are strong security practices.\n\nHowever, there are some areas of concern that warrant attention. The plugin lacks any nonce checks or capability checks, meaning that its single shortcode entry point is unprotected. While the static analysis did not identify any specific vulnerabilities in the current version, the absence of these security mechanisms leaves the plugin susceptible to potential exploits if its functionality were to be extended or if its shortcode were to handle user-supplied data in the future. Additionally, only 50% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped output contains user-controlled data.\n\nIn conclusion, while the \"show-user-ip\" plugin v1.0 has a solid foundation with no direct vulnerabilities detected in this analysis and a clean history, the lack of authorization and input validation on its shortcode, coupled with partial output escaping, represents a potential risk. Addressing these oversight areas would significantly improve its overall security.",[78,81,84,87],{"reason":79,"points":80},"Unprotected shortcode entry point",8,{"reason":82,"points":83},"Unescaped output in 50% of cases",5,{"reason":85,"points":86},"No nonce checks",7,{"reason":88,"points":86},"No capability checks","2026-03-17T05:44:09.279Z",{"wat":91,"direct":96},{"assetPaths":92,"generatorPatterns":93,"scriptPaths":94,"versionParams":95},[],[],[],[],{"cssClasses":97,"htmlComments":98,"htmlAttributes":99,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":102},[],[],[],[],[],[103],"User-IP: "]