[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEeL0-S4D7S3VLrXqemmh-G1RjHzYtWL8T8CZ3BJ9-lw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":144,"fingerprints":427},"simple-account-system","Simple Account System","1.0.3","UlisesFreitas","https:\u002F\u002Fprofiles.wordpress.org\u002Fulisesfreitas\u002F","\u003Cp>A plugin to replace the default user flow, for login, logout, account(profile), with extra contact info fields, phone, address, country, city, zip code.\u003Cbr \u002F>\nThis is a replacement for bring users a better experience on their accounts settings.\u003Cbr \u002F>\nWhat the plugin do:\u003Cbr \u002F>\nIt will create various pages for you to adminize the user flow\u003Cbr \u002F>\n – Forgot Your Password?\u003Cbr \u002F>\n – Pick a New Password\u003Cbr \u002F>\n – Sign In\u003Cbr \u002F>\n – Sign Up\u003Cbr \u002F>\n – Your Account\u003Cbr \u002F>\nPlus it will create menu items, then you can configure at your site as you want placing them into a \\”Sign Up\u002FSign In\u002FSign Out\\” Menu.\u003Cbr \u002F>\n– Automatic replacement to Login\u002FLogout links on Menu when the user is logged in.\u003C\u002Fp>\n","A plugin to replace the default user flow, for login, logout, account(profile)",10,2514,0,"","5.3.21","4.4",[18,19,20,21],"accounts","custom-account-page","login","users","https:\u002F\u002Fgithub.com\u002FUlisesFreitas\u002Fsimple-account-system","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-account-system.1.0.3.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"ulisesfreitas",5,50,88,30,86,"2026-04-04T21:36:56.010Z",[37,60,83,104,127],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":14,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":59},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,176985,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[18,53,54,21,55],"passwords","security","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",85,"2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":24,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":79,"download_link":80,"security_score":24,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":59},"disable-user-login","Disable User Login","1.3.12","Saint Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaintsystems\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the user’s account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want freelance writers to still show up in the authors box, but you don’t want them to be able to login.\u003C\u002Fli>\n\u003Cli>You have former employees who have authored posts and you don’t want to delete them or reassign their posts to other users, but still need them to show up in the “Authors box.”\u003C\u002Fli>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsaintsystems\u002Fdisable-user-login\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","Provides the ability to disable user accounts and prevent them from logging in.",5000,60770,4,"2025-09-08T14:13:00.000Z","6.8.5","4.7.0","5.6",[76,77,20,78,21],"account","disable","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-login.1.3.12.zip",1,"2023-11-15 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":68,"downloaded":91,"rating":47,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":13,"last_vuln_date":103,"fetched_at":59},"simple-login-log","Simple Login Log","2.0.0","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>Simple log of user logins. Tracks user name, time of login, IP address and browser user agent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>ability to filter by user name, successful\u002Ffailed logins, month and year;\u003C\u002Fli>\n\u003Cli>export into CSV file;\u003C\u002Fli>\n\u003Cli>log auto-truncation;\u003C\u002Fli>\n\u003Cli>option to record failed login attempts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian [fa_IR] by \u003Ca href=\"http:\u002F\u002Ftaktaweb.ir\u002F\" rel=\"nofollow ugc\">MohammadHadi Nasiri\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German [de_DE] by Philipp Moore\u003C\u002Fli>\n\u003Cli>Russian [ru_RU]\u003C\u002Fli>\n\u003Cli>Ukrainian [ua_UA]\u003C\u002Fli>\n\u003Cli>Chinese [zh_CN] by \u003Ca href=\"http:\u002F\u002Fwww.mihuwa.com\u002F\" rel=\"nofollow ugc\">Mihuwa\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French [fr_FR] by Mehdi Hamida\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Author: Max Chirkov\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Author: Joris Le Blansch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, the POT file is available in the \u003Cem>languages\u003C\u002Fem> folder. Translation file name convention is \u003Cem>sll-{locale}.mo\u003C\u002Fem>, where {locale} is the locale of your language. Fore example, Russian file name would be \u003Cem>sll-ru_RU.po\u003C\u002Fem>.\u003C\u002Fp>\n","This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.",137544,27,"2025-12-31T17:24:00.000Z","6.9.4","6.5","8.2",[98,20,21],"log","https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-log.2.0.0.zip",89,3,"2025-08-17 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":72,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":125,"vuln_count":81,"unpatched_count":81,"last_vuln_date":126,"fetched_at":59},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","5.4","7.4",[120,20,121,122,21],"expire","password","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",75,"2026-03-20 14:37:35",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":30,"last_updated":138,"tested_up_to":94,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":14,"download_link":143,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":59},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,"2026-02-17T09:27:00.000Z","4.0","8.1",[20,142,53,54,21],"membership","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"attackSurface":145,"codeSignals":266,"taintFlows":320,"riskAssessment":416,"analyzedAt":426},{"hooks":146,"ajaxHandlers":242,"restRoutes":243,"shortcodes":244,"cronEvents":265,"entryPointCount":30,"unprotectedCount":13},[147,153,157,161,167,171,175,179,183,187,190,193,196,199,201,205,209,213,216,218,221,224,228,231,235,239],{"type":148,"name":149,"callback":150,"priority":11,"file":151,"line":152},"action","load_textdomain","load_sas_language_files","simple-account-system.php",16,{"type":148,"name":154,"callback":155,"file":151,"line":156},"plugins_loaded","sas_load_textdomain",28,{"type":148,"name":158,"callback":159,"file":151,"line":160},"login_form_login","sas_redirect_to_sas_login",46,{"type":162,"name":163,"callback":164,"priority":165,"file":151,"line":166},"filter","authenticate","sas_maybe_redirect_at_authenticate",101,47,{"type":162,"name":168,"callback":169,"priority":11,"file":151,"line":170},"login_redirect","sas_redirect_after_login",48,{"type":148,"name":172,"callback":173,"file":151,"line":174},"wp_logout","sas_redirect_after_logout",49,{"type":148,"name":176,"callback":177,"file":151,"line":178},"login_form_register","sas_redirect_to_sas_register",53,{"type":148,"name":180,"callback":181,"file":151,"line":182},"login_form_lostpassword","sas_redirect_to_sas_lostpassword",57,{"type":148,"name":184,"callback":185,"file":151,"line":186},"login_form_rp","sas_redirect_to_sas_password_reset",58,{"type":148,"name":188,"callback":185,"file":151,"line":189},"login_form_resetpass",59,{"type":148,"name":176,"callback":191,"file":151,"line":192},"sas_do_sas_register_user",62,{"type":148,"name":180,"callback":194,"file":151,"line":195},"sas_do_password_lost",63,{"type":148,"name":184,"callback":197,"file":151,"line":198},"sas_do_password_reset",64,{"type":148,"name":188,"callback":197,"file":151,"line":200},65,{"type":148,"name":202,"callback":203,"file":151,"line":204},"wp_loaded","sas_do_sas_account_user",68,{"type":162,"name":206,"callback":207,"priority":11,"file":151,"line":208},"retrieve_password_message","sas_replace_retrieve_password_message",71,{"type":148,"name":210,"callback":211,"file":151,"line":212},"wp_print_footer_scripts","sas_add_captcha_js_to_footer",74,{"type":148,"name":214,"callback":215,"file":151,"line":58},"admin_menu","sas_dashboard_menu",{"type":148,"name":202,"callback":217,"file":151,"line":34},"sas_add_menu",{"type":162,"name":219,"callback":220,"priority":11,"file":151,"line":101},"wp_get_nav_menu_items","sas_custom_menu",{"type":162,"name":222,"callback":223,"priority":31,"file":151,"line":47},"wp_nav_menu_items","sas_add_login_out_item_to_menu",{"type":162,"name":225,"callback":226,"priority":11,"file":151,"line":227},"user_contactmethods","sas_add_contact_methods",93,{"type":148,"name":229,"callback":230,"file":151,"line":114},"wp_enqueue_scripts","sas_stylesheet",{"type":162,"name":232,"callback":233,"priority":11,"file":151,"line":234},"plugin_action_links","sas_action_links",1146,{"type":148,"name":236,"callback":237,"file":151,"line":238},"init","remove_admin_bar",1163,{"type":148,"name":236,"callback":240,"file":151,"line":241},"sas_prevent_profile_access",1170,[],[],[245,249,253,257,261],{"tag":246,"callback":247,"file":151,"line":248},"sas-login-form","sas_render_login_form",78,{"tag":250,"callback":251,"file":151,"line":252},"sas-register-form","sas_render_register_form",79,{"tag":254,"callback":255,"file":151,"line":256},"sas-password-lost-form","sas_render_password_lost_form",80,{"tag":258,"callback":259,"file":151,"line":260},"sas-password-reset-form","sas_render_password_reset_form",81,{"tag":262,"callback":263,"file":151,"line":264},"sas-user-profile-form","sas_render_user_profile_form",82,[],{"dangerousFunctions":267,"sqlUsage":268,"outputEscaping":270,"fileOperations":13,"externalRequests":81,"nonceChecks":318,"capabilityChecks":318,"bundledLibraries":319},[],{"prepared":13,"raw":13,"locations":269},[],{"escaped":33,"rawEcho":92,"locations":271},[272,275,276,277,278,281,283,284,287,289,292,294,295,297,299,300,302,304,306,307,308,310,312,314,315,316,317],{"file":273,"line":30,"context":274},"admin\\settings.php","raw output",{"file":273,"line":11,"context":274},{"file":273,"line":31,"context":274},{"file":273,"line":200,"context":274},{"file":279,"line":280,"context":274},"templates\\login_form.php",11,{"file":279,"line":282,"context":274},56,{"file":279,"line":195,"context":274},{"file":285,"line":286,"context":274},"templates\\password_lost_form.php",9,{"file":285,"line":288,"context":274},23,{"file":290,"line":291,"context":274},"templates\\password_reset_form.php",6,{"file":290,"line":293,"context":274},13,{"file":290,"line":92,"context":274},{"file":296,"line":286,"context":274},"templates\\register_form.php",{"file":296,"line":298,"context":274},14,{"file":296,"line":200,"context":274},{"file":301,"line":293,"context":274},"templates\\user_profile_form.php",{"file":301,"line":303,"context":274},18,{"file":301,"line":305,"context":274},21,{"file":301,"line":115,"context":274},{"file":301,"line":33,"context":274},{"file":301,"line":309,"context":274},35,{"file":301,"line":311,"context":274},40,{"file":301,"line":313,"context":274},45,{"file":301,"line":174,"context":274},{"file":301,"line":178,"context":274},{"file":301,"line":186,"context":274},{"file":301,"line":198,"context":274},2,[],[321,340,350,361,372,404],{"entryPoint":322,"graph":323,"unsanitizedCount":81,"severity":339},"sas_redirect_to_sas_login (simple-account-system.php:195)",{"nodes":324,"edges":336},[325,330],{"id":326,"type":327,"label":328,"file":151,"line":329},"n0","source","$_REQUEST",209,{"id":331,"type":332,"label":333,"file":151,"line":334,"wp_function":335},"n1","sink","wp_redirect() [Open Redirect]",212,"wp_redirect",[337],{"from":326,"to":331,"sanitized":338},false,"medium",{"entryPoint":341,"graph":342,"unsanitizedCount":81,"severity":339},"sas_redirect_to_sas_password_reset (simple-account-system.php:336)",{"nodes":343,"edges":348},[344,346],{"id":326,"type":327,"label":328,"file":151,"line":345},351,{"id":331,"type":332,"label":333,"file":151,"line":347,"wp_function":335},353,[349],{"from":326,"to":331,"sanitized":338},{"entryPoint":351,"graph":352,"unsanitizedCount":81,"severity":339},"sas_do_sas_register_user (simple-account-system.php:643)",{"nodes":353,"edges":359},[354,357],{"id":326,"type":327,"label":355,"file":151,"line":356},"$_POST",656,{"id":331,"type":332,"label":333,"file":151,"line":358,"wp_function":335},687,[360],{"from":326,"to":331,"sanitized":338},{"entryPoint":362,"graph":363,"unsanitizedCount":318,"severity":339},"sas_do_password_reset (simple-account-system.php:767)",{"nodes":364,"edges":370},[365,368],{"id":326,"type":327,"label":366,"file":151,"line":367},"$_REQUEST (x2)",770,{"id":331,"type":332,"label":333,"file":151,"line":369,"wp_function":335},792,[371],{"from":326,"to":331,"sanitized":338},{"entryPoint":373,"graph":374,"unsanitizedCount":13,"severity":403},"\u003Csettings> (admin\\settings.php:0)",{"nodes":375,"edges":397},[376,378,381,385,387,390,392,395],{"id":326,"type":327,"label":377,"file":273,"line":280},"$_POST['simple_account_system_recaptcha']",{"id":331,"type":332,"label":379,"file":273,"line":280,"wp_function":380},"update_option() [Settings Manipulation]","update_option",{"id":382,"type":327,"label":383,"file":273,"line":384},"n2","$_POST['simple_account_system_recaptcha_site_key']",12,{"id":386,"type":332,"label":379,"file":273,"line":384,"wp_function":380},"n3",{"id":388,"type":327,"label":389,"file":273,"line":293},"n4","$_POST['simple_account_system_recaptcha_secret_key']",{"id":391,"type":332,"label":379,"file":273,"line":293,"wp_function":380},"n5",{"id":393,"type":327,"label":394,"file":273,"line":298},"n6","$_POST['simple_account_system_logout_links']",{"id":396,"type":332,"label":379,"file":273,"line":298,"wp_function":380},"n7",[398,400,401,402],{"from":326,"to":331,"sanitized":399},true,{"from":382,"to":386,"sanitized":399},{"from":388,"to":391,"sanitized":399},{"from":393,"to":396,"sanitized":399},"low",{"entryPoint":405,"graph":406,"unsanitizedCount":13,"severity":403},"\u003Csimple-account-system> (simple-account-system.php:0)",{"nodes":407,"edges":413},[408,410,411,412],{"id":326,"type":327,"label":409,"file":151,"line":329},"$_REQUEST (x6)",{"id":331,"type":332,"label":333,"file":151,"line":334,"wp_function":335},{"id":382,"type":327,"label":355,"file":151,"line":356},{"id":386,"type":332,"label":333,"file":151,"line":358,"wp_function":335},[414,415],{"from":326,"to":331,"sanitized":399},{"from":382,"to":386,"sanitized":399},{"summary":417,"deductions":418},"The 'simple-account-system' plugin version 1.0.3 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and the static analysis reveals a lack of dangerous functions and file operations, along with all SQL queries utilizing prepared statements.  The presence of nonce and capability checks, while minimal (2 each), is a good practice.\n\nHowever, several concerns warrant attention. The plugin has a moderate number of output operations (57 total), with a significant portion (47%) lacking proper escaping. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed. Additionally, the taint analysis indicates 4 flows with unsanitized paths, which, while not classified as critical or high severity in this scan, represent potential avenues for exploitation if data is not handled securely. The plugin also makes external HTTP requests, which, without proper validation, could be exploited for server-side request forgery (SSRF) or information disclosure.\n\nGiven the absence of historical vulnerabilities, the plugin's current state suggests a diligent development approach regarding known exploits. Nevertheless, the unescaped output and unsanitized path flows are concerning weaknesses that could be exploited by attackers. A balanced conclusion would be that the plugin has a foundation of good security practices, but critical attention is needed to address the identified output escaping and taint flow issues to improve its overall security.",[419,422,424],{"reason":420,"points":421},"Significant percentage of unescaped output",7,{"reason":423,"points":30},"Flows with unsanitized paths",{"reason":425,"points":102},"External HTTP requests without clear sanitization","2026-03-16T23:20:13.078Z",{"wat":428,"direct":434},{"assetPaths":429,"generatorPatterns":431,"scriptPaths":432,"versionParams":433},[430],"\u002Fwp-content\u002Fplugins\u002Fsimple-account-system\u002Fstyles.css",[],[],[],{"cssClasses":435,"htmlComments":436,"htmlAttributes":437,"restEndpoints":438,"jsGlobals":439,"shortcodeOutput":440},[],[],[],[],[],[441,442,443,444,445],"[sas-login-form]","[sas-register-form]","[sas-password-lost-form]","[sas-password-reset-form]","[sas-user-profile-form]"]