[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnTqU_OTr7QTpDJITEgp72CgpxaZ8ehCh2AijWjkDk3c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":68,"crawl_stats":36,"alternatives":76,"analysis":178,"fingerprints":336},"simple-login-log","Simple Login Log","2.0.0","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>Simple log of user logins. Tracks user name, time of login, IP address and browser user agent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>ability to filter by user name, successful\u002Ffailed logins, month and year;\u003C\u002Fli>\n\u003Cli>export into CSV file;\u003C\u002Fli>\n\u003Cli>log auto-truncation;\u003C\u002Fli>\n\u003Cli>option to record failed login attempts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian [fa_IR] by \u003Ca href=\"http:\u002F\u002Ftaktaweb.ir\u002F\" rel=\"nofollow ugc\">MohammadHadi Nasiri\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German [de_DE] by Philipp Moore\u003C\u002Fli>\n\u003Cli>Russian [ru_RU]\u003C\u002Fli>\n\u003Cli>Ukrainian [ua_UA]\u003C\u002Fli>\n\u003Cli>Chinese [zh_CN] by \u003Ca href=\"http:\u002F\u002Fwww.mihuwa.com\u002F\" rel=\"nofollow ugc\">Mihuwa\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French [fr_FR] by Mehdi Hamida\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Author: Max Chirkov\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Author: Joris Le Blansch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, the POT file is available in the \u003Cem>languages\u003C\u002Fem> folder. Translation file name convention is \u003Cem>sll-{locale}.mo\u003C\u002Fem>, where {locale} is the locale of your language. Fore example, Russian file name would be \u003Cem>sll-ru_RU.po\u003C\u002Fem>.\u003C\u002Fp>\n","This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.",5000,137544,90,27,"2025-12-31T17:24:00.000Z","6.9.4","6.5","8.2",[20,21,22],"log","login","users","https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-log.2.0.0.zip",89,3,0,"2025-08-17 00:00:00","2026-03-15T15:16:48.613Z",[31,46,62],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-49438","simple-login-log-authenticated-administrator-php-object-injection","Simple Login Log \u003C= 1.1.3 - Authenticated (Administrator+) PHP Object Injection","The Simple Login Log plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=1.1.3","medium",6.6,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2026-01-06 19:53:19",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5851b3b0-c9da-4bab-8b15-c22563063f86?source=api-prod",143,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2017-18514","simple-login-log-sql-injection","Simple Login Log \u003C 1.1.2 - SQL Injection","The simple-login-log plugin before 1.1.2 for WordPress has SQL injection via the 'orderby' parameter in the get_results function.","\u003C1.1.2","1.1.2","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2017-10-10 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F33680429-8a52-412b-ab61-d261801319a0?source=api-prod",2296,{"id":63,"url_slug":64,"title":49,"description":65,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":66,"days_to_patch":61},"CVE-2017-18573","simple-login-log-sql-injection-2","The simple-login-log plugin before 1.1.2 for WordPress has SQL injection via the 'order' parameter in the get_results function.",[67],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc741350a-e083-499c-992d-727f46ca57f9?source=api-prod",{"slug":69,"display_name":7,"profile_url":8,"plugin_count":70,"total_installs":71,"avg_security_score":72,"avg_patch_time_days":73,"trust_score":74,"computed_at":75},"apiosys",2,5060,95,1578,76,"2026-04-04T08:29:14.237Z",[77,100,121,142,161],{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":86,"vuln_count":98,"unpatched_count":27,"last_vuln_date":99,"fetched_at":29},"disable-user-login","Disable User Login","1.3.12","Saint Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaintsystems\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the user’s account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want freelance writers to still show up in the authors box, but you don’t want them to be able to login.\u003C\u002Fli>\n\u003Cli>You have former employees who have authored posts and you don’t want to delete them or reassign their posts to other users, but still need them to show up in the “Authors box.”\u003C\u002Fli>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsaintsystems\u002Fdisable-user-login\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","Provides the ability to disable user accounts and prevent them from logging in.",60770,100,4,"2025-09-08T14:13:00.000Z","6.8.5","4.7.0","5.6",[93,94,21,95,22],"account","disable","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-login.1.3.12.zip",1,"2023-11-15 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":89,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","5.4","7.4",[116,21,117,118,22],"expire","password","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":16,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":140,"download_link":141,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,5,"2026-02-17T09:27:00.000Z","4.0","8.1",[21,137,138,139,22],"membership","passwords","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":140,"tags":157,"homepage":158,"download_link":159,"security_score":160,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"disable-users","Disable Users","1.0.5","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the users account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaredatch\u002FDisable-Users\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","This plugin gives you the ability to disable specific user accounts via a profile setting.",2000,40108,94,18,"2017-11-28T19:50:00.000Z","4.3.34","4.0.0",[94,21,22],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fdisable-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-users.zip",85,{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":169,"downloaded":170,"rating":86,"num_ratings":171,"last_updated":172,"tested_up_to":173,"requires_at_least":174,"requires_php":140,"tags":175,"homepage":140,"download_link":177,"security_score":160,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"prevent-concurrent-logins","Prevent Concurrent Logins","0.4.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fprevent-concurrent-logins\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Deters members\u002Fsubscribers from sharing their accounts with others\u003C\u002Fli>\n\u003Cli>Hardens security by destoying old sessions automatically\u003C\u002Fli>\n\u003Cli>Prompts old sessions to login again if they want to continue\u003C\u002Fli>\n\u003Cli>Ideal for membership sites and web applications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> If you plan to network-activate this plugin on a multisite network, please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproper-network-activation\u002F\" rel=\"ugc\">Proper Network Activation\u003C\u002Fa> plugin \u003Cem>beforehand\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Prevents users from staying logged into the same account from multiple places.",900,17293,17,"2016-08-16T22:21:00.000Z","4.6.30","4.1",[21,137,139,176,22],"sensei","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-concurrent-logins.0.4.0.zip",{"attackSurface":179,"codeSignals":234,"taintFlows":264,"riskAssessment":317,"analyzedAt":335},{"hooks":180,"ajaxHandlers":228,"restRoutes":229,"shortcodes":230,"cronEvents":231,"entryPointCount":27,"unprotectedCount":27},[181,187,191,195,199,203,206,209,213,217,221,225],{"type":182,"name":183,"callback":184,"file":185,"line":186},"action","admin_menu","sll_admin_menu","simple-login-log.php",53,{"type":182,"name":188,"callback":189,"file":185,"line":190},"admin_init","settings_api_init",54,{"type":182,"name":192,"callback":193,"file":185,"line":194},"admin_head","screen_options",55,{"type":182,"name":196,"callback":197,"file":185,"line":198},"plugins_loaded","update_db_check",57,{"type":182,"name":200,"callback":201,"file":185,"line":202},"init","init_login_actions",59,{"type":182,"name":188,"callback":204,"file":185,"line":205},"init_csv_export",61,{"type":182,"name":188,"callback":207,"file":185,"line":208},"delete_all",62,{"type":182,"name":210,"callback":211,"file":185,"line":212},"admin_enqueue_scripts","admin_enqueue_styles",64,{"type":182,"name":214,"callback":215,"file":185,"line":216},"wp","init_scheduled_events",66,{"type":182,"name":218,"callback":219,"file":185,"line":220},"truncate_sll","cron",67,{"type":182,"name":222,"callback":223,"file":185,"line":224},"wp_login","login_success",139,{"type":182,"name":226,"callback":227,"file":185,"line":45},"wp_login_failed","login_failed",[],[],[],[232],{"hook":218,"callback":218,"file":185,"line":233},168,{"dangerousFunctions":235,"sqlUsage":243,"outputEscaping":246,"fileOperations":98,"externalRequests":27,"nonceChecks":70,"capabilityChecks":27,"bundledLibraries":263},[236,240],{"fn":237,"file":185,"line":238,"context":239},"unserialize",1206,"$tmp = unserialize($row['data']);",{"fn":237,"file":185,"line":241,"context":242},1331,"$data = unserialize($item[$column_name]);",{"prepared":244,"raw":27,"locations":245},129,[],{"escaped":247,"rawEcho":248,"locations":249},63,6,[250,253,255,257,259,261],{"file":185,"line":251,"context":252},451,"raw output",{"file":185,"line":254,"context":252},452,{"file":185,"line":256,"context":252},466,{"file":185,"line":258,"context":252},897,{"file":185,"line":260,"context":252},907,{"file":185,"line":262,"context":252},915,[],[265,282,301],{"entryPoint":266,"graph":267,"unsanitizedCount":98,"severity":38},"log_manager (simple-login-log.php:889)",{"nodes":268,"edges":279},[269,274],{"id":270,"type":271,"label":272,"file":185,"line":273},"n0","source","$_GET",911,{"id":275,"type":276,"label":277,"file":185,"line":262,"wp_function":278},"n1","sink","echo() [XSS]","echo",[280],{"from":270,"to":275,"sanitized":281},false,{"entryPoint":283,"graph":284,"unsanitizedCount":98,"severity":300},"prepare_items (simple-login-log.php:1436)",{"nodes":285,"edges":297},[286,289,292],{"id":270,"type":271,"label":287,"file":185,"line":288},"$_REQUEST",1497,{"id":275,"type":290,"label":291,"file":185,"line":288},"transform","→ log_get_data()",{"id":293,"type":276,"label":294,"file":185,"line":295,"wp_function":296},"n2","get_results() [SQLi]",877,"get_results",[298,299],{"from":270,"to":275,"sanitized":281},{"from":275,"to":293,"sanitized":281},"high",{"entryPoint":302,"graph":303,"unsanitizedCount":98,"severity":300},"\u003Csimple-login-log> (simple-login-log.php:0)",{"nodes":304,"edges":312},[305,306,307,308,310],{"id":270,"type":271,"label":272,"file":185,"line":273},{"id":275,"type":276,"label":277,"file":185,"line":262,"wp_function":278},{"id":293,"type":271,"label":287,"file":185,"line":288},{"id":309,"type":290,"label":291,"file":185,"line":288},"n3",{"id":311,"type":276,"label":294,"file":185,"line":295,"wp_function":296},"n4",[313,315,316],{"from":270,"to":275,"sanitized":314},true,{"from":293,"to":309,"sanitized":281},{"from":309,"to":311,"sanitized":281},{"summary":318,"deductions":319},"The \"simple-login-log\" v2.0.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, ensuring a high percentage of properly escaped output, and limiting file operations and external HTTP requests. The static analysis also shows a limited attack surface with no unprotected entry points (AJAX, REST API, shortcodes). However, the presence of two 'unserialize' calls is a significant concern, as deserialization of untrusted data is a well-known attack vector, especially when not properly validated. This is further highlighted by the taint analysis revealing two high-severity flows, strongly suggesting potential vulnerabilities related to unsanitized data input that could be leveraged through deserialization.\n\nThe plugin's vulnerability history is alarming, with three known CVEs, two of which were rated critical. The types of past vulnerabilities, including Deserialization of Untrusted Data and SQL Injection, directly correlate with the risks identified in the static and taint analysis. While there are currently no unpatched vulnerabilities, the pattern of critical past issues, especially involving deserialization, indicates a recurring weakness that attackers may still find exploitable if not meticulously addressed. The last known vulnerability occurring in 2025 is unusual and may indicate an error in the data, but if accurate, suggests a recent history of critical flaws.\n\nIn conclusion, while the plugin implements some essential security measures like prepared statements and output escaping, the critical findings around deserialization and the historical pattern of severe vulnerabilities necessitate a cautious approach. The potential for deserialization vulnerabilities, coupled with past critical SQL injection issues, makes this plugin a moderate to high-risk component, especially if user-supplied data can influence the unserialization process. Further in-depth manual review focusing on the 'unserialize' functions and the data sources feeding them is strongly recommended.",[320,323,326,329,332],{"reason":321,"points":322},"Dangerous function 'unserialize' found",15,{"reason":324,"points":325},"High severity taint flow (2 instances)",12,{"reason":327,"points":328},"Critical past CVEs (2 instances)",20,{"reason":330,"points":331},"Medium past CVE (1 instance)",7,{"reason":333,"points":334},"0 capability checks found",10,"2026-03-16T18:06:44.429Z",{"wat":337,"direct":346},{"assetPaths":338,"generatorPatterns":341,"scriptPaths":342,"versionParams":343},[339,340],"\u002Fwp-content\u002Fplugins\u002Fsimple-login-log\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fsimple-login-log\u002Fjs\u002Fscripts.js",[],[340],[344,345],"simple-login-log\u002Fcss\u002Fstyles.css?ver=","simple-login-log\u002Fjs\u002Fscripts.js?ver=",{"cssClasses":347,"htmlComments":352,"htmlAttributes":354,"restEndpoints":357,"jsGlobals":358,"shortcodeOutput":362},[348,349,350,351],"sll-login-log-page","sll-form-container","sll-table-container","sll-delete-button",[353],"\u003C!-- Simple Login Log by Joris Le Blansch -->",[355,356],"data-sll-id","data-sll-action",[],[359,360,361],"window.SLL_Ajax","var SLL_Ajax","window.SLL_Settings",[]]