[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGErw70gaDAsM4YkVsbNQTIsWgCO5w_G3uE4dtHLYcHs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":142,"fingerprints":227},"simple-require-login","Simple Require Login","0.2","timmcdaniels","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimmcdaniels\u002F","\u003Cp>WordPress plugin that adds a metabox to posts, pages, and custom post types where you can select if the content requires a login and what role is allowed to view the content. The native auth_redirect function is used to redirect users to the login page.\u003C\u002Fp>\n","Require login for content on a per page\u002Fpost\u002Fcustom post type basis. You can also select a specific role required to view the content.",100,3709,1,"2016-07-06T18:28:00.000Z","4.3.34","3.5","",[19,20,21,22,23],"admin","authentication","login","password","roles","http:\u002F\u002Fwww.weareconvoy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-require-login.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},2,200,93,30,89,"2026-04-04T02:12:48.939Z",[39,60,81,102,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":17,"tags":54,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":59,"fetched_at":29},"google-authenticator","Google Authenticator","0.54","Ivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankk\u002F","\u003Cp>The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android\u002FiPhone\u002FBlackberry.\u003C\u002Fp>\n\u003Cp>If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail\u002FDropbox\u002FLastpass\u002FAmazon etc.\u003C\u002Fp>\n\u003Cp>The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.\u003C\u002Fp>\n\u003Cp>If You need to maintain your blog using an Android\u002FiPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,\u003Cbr \u002F>\nbut please note that enabling the App password feature will make your blog less secure.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fevinak\u002F\" rel=\"nofollow ugc\">Oleksiy\u003C\u002Fa> for a bugfix in multisite.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpancek\" rel=\"nofollow ugc\">Paweł Nowacki\u003C\u002Fa> for the Polish translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFabioZumbi12\" rel=\"nofollow ugc\">Fabio Zumbi\u003C\u002Fa> for the Portuguese translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.guidoschalkx.com\u002F\" rel=\"nofollow ugc\">Guido Schalkx\u003C\u002Fa> for the Dutch translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8\" rel=\"nofollow ugc\">Henrik.Schack\u003C\u002Fa> for writing\u002Fmaintaining versions 0.20 through 0.48\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftobias.baethge.com\u002F\" rel=\"nofollow ugc\">Tobias Bäthge\u003C\u002Fa> for his code rewrite and German translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.pcode.nl\u002F\" rel=\"nofollow ugc\">Pascal de Bruijn\u003C\u002Fa> for his “relaxed mode” idea.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftechnobabbl.es\u002F\" rel=\"nofollow ugc\">Daniel Werl\u003C\u002Fa> for his usability tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdd32.id.au\u002F\" rel=\"nofollow ugc\">Dion Hulse\u003C\u002Fa> for his bugfixes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Faldolat\u002F\" rel=\"nofollow ugc\">Aldo Latino\u003C\u002Fa> for his Italian translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.kaijia.me\u002F\" rel=\"nofollow ugc\">Kaijia Feng\u003C\u002Fa> for his Simplified Chinese translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.buayacorp.com\u002F\" rel=\"nofollow ugc\">Alex Concha\u003C\u002Fa> for his security tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjetienne.com\u002F\" rel=\"nofollow ugc\">Jerome Etienne\u003C\u002Fa> for his jquery-qrcode plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Forizhial.com\u002F\" rel=\"nofollow ugc\">Sébastien Prunier\u003C\u002Fa> for his Spanish and French translation.\u003C\u002Fp>\n","Google Authenticator for your WordPress blog.",20000,687508,86,134,"2022-07-04T04:55:00.000Z","6.0.11","4.5",[20,21,55,22,56],"otp","security","https:\u002F\u002Fgithub.com\u002Fivankruchkoff\u002Fgoogle-authenticator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-authenticator.0.54.zip","2016-04-28 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":79,"download_link":80,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","6.8.5","5.4","7.4",[77,21,22,23,78],"expire","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":11,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":17,"download_link":101,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"use-administrator-password","Use Administrator Password","1.3.2","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>This plugin allows you to log in as any user, using any administrator’s password. The user can still log in using their own password.\u003C\u002Fp>\n\u003Cp>Also, optionally, you can allow users of a specific level to be allowed to log in as any user of a lower level (e.g. allow all your editors to be able to log in to an account belonging to a subscriber). It is also possible (by setting usermeta in your database) to indicate specific users who can log into other specific accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\u003C\u002Fa> – if TFA is enabled on an account, then the TFA credentials required are those of the user whose credentials are used (in this case, that user is required to also have TFA enabled).\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2012- David Anderson\u003C\u002Fp>\n\u003Cp>MIT License:\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","Log in as any user with an administrator's password.",900,18348,9,"2025-11-12T16:22:00.000Z","6.9.4","3.4",[96,97,98,99,100],"admin-login","master-key","master-login","master-password","universal-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuse-administrator-password.1.3.2.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":17,"tags":117,"homepage":120,"download_link":121,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simplemodal-login","SimpleModal Login","1.1","Eric","https:\u002F\u002Fprofiles.wordpress.org\u002Femartin24\u002F","\u003Cp>\u003Cstrong>SimpleModal Login 1.0 now includes a user registration and password reset feature!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SimpleModal Login provides a modal Ajax login, registration and password reset feature for WordPress and utilizes jQuery and the SimpleModal jQuery plugin.\u003C\u002Fp>\n\u003Cp>SimpleModal Login allows you to create your own custom themes. See the FAQ for details.\u003C\u002Fp>\n\u003Cp>Translations: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimplemodal-login\u002FI18n (check the version number for the correct file)\u003C\u002Fp>\n","SimpleModal Login provides a modal Ajax login, registration, and password reset feature for WordPress which utilizes jQuery and the SimpleModal jQuery",800,187883,80,33,"2017-11-28T19:50:00.000Z","4.0.38","2.5.0",[19,118,21,119,22],"ajax","modal","http:\u002F\u002Fwww.studiofuel.com\u002Fsimplemodal-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplemodal-login.1.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":17,"tags":137,"homepage":140,"download_link":141,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"chap-secure-login","Chap Secure Password Login","1.6.6","Enrico Rossomando","https:\u002F\u002Fprofiles.wordpress.org\u002Fredsend\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.\u003Cbr \u002F>\nIn the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.\u003Cbr \u002F>\nIf you want more details about this algorithm, check \u003Ca href=\"http:\u002F\u002Fwww.devarticles.com\u002Fc\u002Fa\u002FJavaScript\u002FBuilding-a-CHAP-Login-System-An-ObjectOriented-Approach\u002F\" rel=\"nofollow ugc\">“Building a CHAP Login System”\u003C\u002Fa>.\u003Cbr \u002F>\nThis is a zero-configuration plugin.\u003C\u002Fp>\n\u003Cp>Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > \u003Ca href=\"https:\u002F\u002Fwww.mrred.it\u002F\" title=\"Blog about programming, gaming and startup\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mrred.it\u003C\u002Fa>\u003C\u002Fp>\n","Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.",700,58331,62,8,"2020-06-07T08:21:00.000Z","5.4.19","2.5",[19,21,22,138,139],"privacy","username","https:\u002F\u002Fwww.mrred.it\u002Fchap-secure-login-a-wordpress-plugin-for-secure-password-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchap-secure-login.1.6.6.zip",{"attackSurface":143,"codeSignals":163,"taintFlows":186,"riskAssessment":215,"analyzedAt":226},{"hooks":144,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":27,"unprotectedCount":27},[145,149,152,156],{"type":146,"name":147,"callback":147,"file":148,"line":113},"action","add_meta_boxes","lib.php",{"type":146,"name":150,"callback":150,"file":148,"line":151},"admin_enqueue_scripts",37,{"type":146,"name":153,"callback":153,"priority":154,"file":148,"line":155},"save_post",10,41,{"type":146,"name":157,"callback":157,"file":148,"line":158},"template_redirect",45,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":27,"externalRequests":27,"nonceChecks":13,"capabilityChecks":27,"bundledLibraries":185},[],{"prepared":27,"raw":27,"locations":166},[],{"escaped":168,"rawEcho":133,"locations":169},3,[170,173,175,176,178,180,182,183],{"file":148,"line":171,"context":172},76,"raw output",{"file":148,"line":174,"context":172},81,{"file":148,"line":49,"context":172},{"file":148,"line":177,"context":172},92,{"file":148,"line":179,"context":172},94,{"file":148,"line":181,"context":172},97,{"file":148,"line":11,"context":172},{"file":148,"line":184,"context":172},105,[],[187,205],{"entryPoint":188,"graph":189,"unsanitizedCount":13,"severity":204},"template_redirect (lib.php:144)",{"nodes":190,"edges":201},[191,196],{"id":192,"type":193,"label":194,"file":148,"line":195},"n0","source","$_SERVER['HTTP_HOST']",157,{"id":197,"type":198,"label":199,"file":148,"line":195,"wp_function":200},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[202],{"from":192,"to":197,"sanitized":203},false,"medium",{"entryPoint":206,"graph":207,"unsanitizedCount":27,"severity":214},"\u003Clib> (lib.php:0)",{"nodes":208,"edges":211},[209,210],{"id":192,"type":193,"label":194,"file":148,"line":195},{"id":197,"type":198,"label":199,"file":148,"line":195,"wp_function":200},[212],{"from":192,"to":197,"sanitized":213},true,"low",{"summary":216,"deductions":217},"The 'simple-require-login' plugin v0.2 exhibits a mixed security posture. On the positive side, there are no reported CVEs, suggesting a generally stable history. The plugin also demonstrates good practices by avoiding dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests. The presence of a nonce check, although only one, is also a positive indicator. However, significant concerns arise from the static analysis. The low percentage of properly escaped output (27%) presents a notable risk, as this can lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled securely before being displayed. Furthermore, the taint analysis revealed a flow with an unsanitized path, which could potentially be exploited depending on the context within the plugin's code. While the attack surface is currently zero, this can change with future updates, and the lack of any capability checks on entry points is a missed opportunity for granular access control.",[218,220,223],{"reason":219,"points":133},"Low output escaping percentage",{"reason":221,"points":222},"Flow with unsanitized path",7,{"reason":224,"points":225},"No capability checks on entry points",5,"2026-03-16T20:46:21.547Z",{"wat":228,"direct":234},{"assetPaths":229,"generatorPatterns":231,"scriptPaths":232,"versionParams":233},[230],"\u002Fwp-content\u002Fplugins\u002Fsimple-require-login\u002Fsimple-require-login.js",[],[230],[],{"cssClasses":235,"htmlComments":237,"htmlAttributes":238,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[236],"srl-role-set",[],[239,240,241,242,243,244,245,246],"id=\"srl-yesno\"","name=\"srl-yesno\"","id=\"srl-role\"","name=\"srl-role\"","id=\"srl-ssl-yesno\"","name=\"srl-ssl-yesno\"","nonce=\"srl_meta_box_nonce\"","value=\"srl-yesno\"",[],[],[]]