[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB8PnN2OAAhz-VCw5f5V1cMILzU_n1NxOmhWEHxIDfx4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":119,"fingerprints":396},"simple-user-admin","Simple User Admin","1.5","Chris Taylor","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrwiblog\u002F","\u003Cp>Simple user admin is a WordPress MultiSite plugin that gives site administrators a simpler interface to manage blogs and users. The plugin allows you to search for users and blogs, see the blogs that a particular user has access to, and users that have access to a particular blog. You can add users to a blog, or add blogs to a user. You can also easily change roles for a user for all their blogs, or change roles for all users of a particular blog.\u003C\u002Fp>\n\u003Cp>The plugin also makes use of the __() function to allow for easy translation.\u003C\u002Fp>\n\u003Cp>Many thanks to Joost from http:\u002F\u002Fyoast.com\u002F for fixing the plugin to work with MultiSite. Also thanks to Adam Dunson of http:\u002F\u002Fwww.cloudspace.com for lots of development work.\u003C\u002Fp>\n\u003Ch3>1.5 (2015\u002F04\u002F20)\u003C\u002Fh3>\n\u003Cp>Fixed deprecated calls. Tested up to 4.2.\u003C\u002Fp>\n\u003Ch3>1.4 (2011\u002F09\u002F09)\u003C\u002Fh3>\n\u003Cp>Most of the development work for this version was done by Adam Dunson of http:\u002F\u002Fwww.cloudspace.com\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tightened security\u003C\u002Fli>\n\u003Cli>Made the plugin run from the Network Users admin area\u003C\u002Fli>\n\u003Cli>Made the search boxes more consistent across every page\u003C\u002Fli>\n\u003Cli>Shows all users and blogs by default (pagination will be done for a future release)\u003C\u002Fli>\n\u003Cli>Now shows custom roles, not just the standard roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.3 (2010\u002F11\u002F17)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Implemented fix for WordPress MultiSite (thanks to Joost from http:\u002F\u002Fyoast.com\u002F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed bug in blog search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Updated plugin URI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0\u003C\u002Fh3>\n\u003Cp>Initial version\u003C\u002Fp>\n","Simple user admin is a WordPress MultiSite plugin that gives site administrators a simpler interface to manage blogs and users.",10,11220,0,"2015-04-20T21:25:00.000Z","4.2.39","3.0","",[19,20,21,22,23],"administration","blog","buddypress","user","wordpress-mu","http:\u002F\u002Fwww.stillbreathing.co.uk\u002Fwordpress\u002Fsimple-user-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-user-admin.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":34,"computed_at":36},"mrwiblog",11,460,81,30,"2026-04-04T21:10:06.596Z",[38,55,74,86,96],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"add-link","Add Link","1.1","ctltwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fctltwp\u002F","\u003Cp>Add Link enables your users to add links to your blog.\u003Cbr \u002F>\nThis is a simple plugin that enables users to add a sidebar widget to submit links to the blogroll.\u003C\u002Fp>\n\u003Cp>You can enable Login users to managed thier links. Usefull for populating the a blogroll.\u003C\u002Fp>\n","Add Link enables your users to add links to your blog.",7733,"2010-04-15T23:12:00.000Z","2.9.2","2.8",[39,51,22,23,52],"blogroll","wpmu","http:\u002F\u002Fblogs.ubc.ca\u002Fsupport\u002Fplugins\u002Fadd-links-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-link.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":17,"requires_php":17,"tags":68,"homepage":72,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-signup-member-type","BP Signup Member Type","0.1.1","Meitar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeitar\u002F","\u003Cp>Augment your BuddyPress sign-up form with your social network’s registered \u003Ca href=\"https:\u002F\u002Fcodex.buddypress.org\u002Fdeveloper\u002Fmember-types\u002F\" rel=\"nofollow ugc\">Member Types\u003C\u002Fa>. This allows new users to self-select one or more Member Types for themselves when they register for your site. You choose which Member Types you want to allow people to register with when they fill in your signup form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works with all BuddyPress member types registered by other plugins and themes.\u003C\u002Fli>\n\u003Cli>Seamlessly integrates with the BuddyPress registration form and administration screens.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Donations for this plugin make up a chunk of my income. If you continue to enjoy this plugin, please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=BP%20Signup%20Member%20Type&item_number=bp-signup-member-type&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. 🙂 Thank you for your support!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Once installed, simply access your main BuddyPress options (WordPress Dashboard → Settings → BuddyPress → Options → Main Settings) and you’ll see several \u003Cem>member type\u003C\u002Fem> options for you to configure.\u003C\u002Fp>\n","Add a \"Member Type\" option to the BuddyPress registration form.",2105,20,1,"2020-05-14T04:58:00.000Z","4.8.28",[19,21,69,70,71],"member-type","members","users","https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fbp-signup-member-type","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-signup-member-type.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":84,"homepage":17,"download_link":85,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jet-active-blog-list-ru-edition","Jet Blog List","0.1.2","milordk","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilordk\u002F","\u003Cp>Provides a list of blogs sorted by last update (the last activity on the blog) in two columns. Ability to customize the header and the number of blogs in the blog list\u003C\u002Fp>\n\u003Cp>no longer supported! completely replaced by this plugin https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjet-blog-meta-list-2-ru-edition\u002F\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For suggestions, bugs, hugs and love can be donated at the following locations.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fmilordk.ru\" rel=\"nofollow ugc\">Authors page\u003C\u002Fa>\u003C\u002Fp>\n","Provides a list of blogs sorted by last update (the last activity on the blog) in two columns.",2661,"2010-02-08T18:05:00.000Z",[20,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjet-active-blog-list-ru-edition.zip",{"slug":87,"name":88,"version":58,"author":59,"author_profile":60,"description":89,"short_description":90,"active_installs":13,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":67,"requires_at_least":17,"requires_php":17,"tags":93,"homepage":94,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-delegated-xprofile","BP Delegated XProfile","\u003Cp>Creates a simple, secure delegation system whereby a privileged user (such as an administrator) can assign other registered BuddyPress members to be “delegates” for a given user. A delegate has the capability to view and edit Extended Profile (XProfile) fields for the delegated user. This is useful on sites where certain relationships exist between one user and another, such as legal guardianship by an adult over a child. Using delegation reduces the need to share passwords or log in to shared accounts.\u003C\u002Fp>\n\u003Cp>\u003Cem>Donations for this plugin make up a chunk of my income. If you continue to enjoy this plugin, please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=BP%20Delegated%20XProfile&item_number=bp-delegated-xprofile&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. 🙂 Thank you for your support!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Roles and capabilities\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin uses the built-in capabilities system as part of WordPress core, along with core BuddyPress hooks (\u003Ccode>bp_current_user_can\u003C\u002Fcode>) to check for appropriate permissions, making it both simple to customize and as secure as WP and BP core code. The custom capabilities are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>edit_user_delegates\u003C\u002Fcode> – Users with this capability can assign delegates for users they can edit (determined by \u003Ccode>edit_users\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, the following core capabilities are required:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>list_users\u003C\u002Fcode> – The delegation options implicitly enumerate all registered users, so a user must also have the \u003Ccode>list_users\u003C\u002Fcode> capability to be granted access to the Delegation user interface.\u003C\u002Fli>\n\u003Cli>\u003Ccode>edit_users\u003C\u002Fcode> – If you cannot \u003Ccode>edit_users\u003C\u002Fcode>, you cannot \u003Ccode>edit_user_delegates\u003C\u002Fcode>, either.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On a default WordPress and BuddyPress installation, these capabilities are granted only to Administrator users. However, this can be changed using the built-in capability filter hooks.\u003C\u002Fp>\n","Enables delegating a user's Extended Profile for editing by other users.",1462,"2017-08-23T21:01:00.000Z",[19,21,69,70,71],"https:\u002F\u002Fgithub.com\u002Fmeitar\u002Fbp-delegated-xprofile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-delegated-xprofile.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":117,"unpatched_count":13,"last_vuln_date":118,"fetched_at":28},"bp-profile-search","BP Profile Search","5.8.3","Andrea Tarantini","https:\u002F\u002Fprofiles.wordpress.org\u002Fdontdream\u002F","\u003Cp>BP Profile Search is a member search and member directories plugin for BuddyPress. It provides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A form builder to build the member search forms\u003C\u002Fli>\n\u003Cli>The [bps_directory] shortcode to customize the BuddyPress Members directory, or to build additional member directories\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each search form has a \u003Cem>target directory\u003C\u002Fem>. When you run a search, you are redirected to the form’s target directory, filtered according to your search.\u003C\u002Fp>\n\u003Ch4>Build a search form\u003C\u002Fh4>\n\u003Cp>With the form builder you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add, edit, rearrange, and remove the search fields\u003C\u002Fli>\n\u003Cli>Use as search fields the BuddyPress profile fields, the \u003Cem>users\u003C\u002Fem> and \u003Cem>usermeta\u003C\u002Fem> data (including roles), the BuddyPress user groups, and the user taxonomies (including BuddyPress member types)\u003C\u002Fli>\n\u003Cli>Use \u003Cem>search by distance\u003C\u002Fem> fields when you install the free companion plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-distance-search\u002F\" rel=\"ugc\">BP Distance Search\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Select, for each search field, one of the available search modes\u003C\u002Fli>\n\u003Cli>Select the BuddyPress Members directory, or one of the member directories built with this plugin, as the target directory\u003C\u002Fli>\n\u003Cli>Select the form template to display your form\u003C\u002Fli>\n\u003Cli>If in doubt, use the \u003Cem>Help\u003C\u002Fem> tab above the screen title\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The form template works just like any other BuddyPress template. To override a form template, copy it to the \u003Cem>buddypress\u002Fmembers\u003C\u002Fem> directory in your theme’s root, then edit the new copy according to your needs.\u003C\u002Fp>\n\u003Ch4>Display a search form\u003C\u002Fh4>\n\u003Cp>After you build your search form, you can display it:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>In its target directory, using the option \u003Cem>Add Form to Directory\u003C\u002Fem> in the form settings\u003C\u002Fli>\n\u003Cli>In a sidebar or widget area, using the widget \u003Cem>Profile Search\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>In a post or page, using the shortcode [bps_form]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Run a search\u003C\u002Fh4>\n\u003Cp>On the front-end, when you hit the \u003Cem>Search\u003C\u002Fem> button in a form, BP Profile Search shows the form’s target directory filtered according to your search. Both the \u003Cem>All Members\u003C\u002Fem> tab and the \u003Cem>My Friends\u003C\u002Fem> tab are filtered.\u003C\u002Fp>\n\u003Cp>Additionally, the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays an \u003Cem>active filters\u003C\u002Fem> section containing the active search filters and a \u003Cem>Clear\u003C\u002Fem> button to clear them\u003C\u002Fli>\n\u003Cli>Displays for each member a \u003Cem>member details\u003C\u002Fem> section containing the values of the searched fields\u003C\u002Fli>\n\u003Cli>Adds to the \u003Cem>Order By\u003C\u002Fem> drop-down the options to sort the directory by the searched fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Cem>active filters\u003C\u002Fem> section and the \u003Cem>member details\u003C\u002Fem> section are displayed by two dedicated templates, that can be overridden just like any other BuddyPress template.\u003C\u002Fp>\n\u003Ch4>Build a member directory\u003C\u002Fh4>\n\u003Cp>With the [bps_directory] shortcode you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize the BuddyPress Members directory, or build additional member directories\u003C\u002Fli>\n\u003Cli>Add hidden filters to a directory\u003C\u002Fli>\n\u003Cli>Add more sort options to a directory\u003C\u002Fli>\n\u003Cli>Show additional member information in each \u003Cem>member details\u003C\u002Fem> section, e.g. the value of profile fields\u003C\u002Fli>\n\u003Cli>Use a different Members directory template for each directory\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can enter the shortcode in an empty page to build a new member directory, or you can enter it in the BuddyPress Members page to customize the BuddyPress Members directory.\u003C\u002Fp>\n\u003Ch4>Additional documentation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.dontdream.it\u002Fbp-profile-search\u002Fform-builder\u002F\" rel=\"nofollow ugc\">Form Builder\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdontdream.it\u002Fbp-profile-search\u002Fsearch-modes\u002F\" rel=\"nofollow ugc\">Search Modes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdontdream.it\u002Fbp-profile-search\u002Fcustom-directories\u002F\" rel=\"nofollow ugc\">Custom Directories\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdontdream.it\u002Fbp-profile-search\u002Fform-templates\u002F\" rel=\"nofollow ugc\">Form Templates\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In the screenshots below, the \u003Cem>City\u003C\u002Fem> field is provided by the free companion plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-distance-search\u002F\" rel=\"ugc\">BP Distance Search\u003C\u002Fa>.\u003C\u002Fp>\n","Member search and member directories for BuddyPress and the BuddyBoss Platform.",6000,669034,100,71,"2025-12-14T16:30:00.000Z","6.9.4","6.1",[21,112,70,113,71],"directory","search","https:\u002F\u002Fdontdream.it\u002Fbp-profile-search\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-profile-search.5.8.3.zip",95,3,"2024-08-19 13:39:17",{"attackSurface":120,"codeSignals":140,"taintFlows":225,"riskAssessment":384,"analyzedAt":395},{"hooks":121,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":139,"entryPointCount":13,"unprotectedCount":13},[122,128,132],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","network_admin_menu","simple_user_management_add_admin","simple_user_management.php",13,{"type":123,"name":129,"callback":130,"file":126,"line":131},"network_admin_head","simple_user_management_show_css",14,{"type":123,"name":133,"callback":134,"file":126,"line":135},"init","simple_user_management_security_check",17,[],[],[],[],{"dangerousFunctions":141,"sqlUsage":142,"outputEscaping":145,"fileOperations":13,"externalRequests":13,"nonceChecks":223,"capabilityChecks":13,"bundledLibraries":224},[],{"prepared":143,"raw":13,"locations":144},4,[],{"escaped":13,"rawEcho":146,"locations":147},37,[148,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221],{"file":126,"line":149,"context":150},60,"raw output",{"file":126,"line":152,"context":150},69,{"file":126,"line":154,"context":150},79,{"file":126,"line":156,"context":150},88,{"file":126,"line":158,"context":150},98,{"file":126,"line":160,"context":150},111,{"file":126,"line":162,"context":150},152,{"file":126,"line":164,"context":150},161,{"file":126,"line":166,"context":150},170,{"file":126,"line":168,"context":150},178,{"file":126,"line":170,"context":150},181,{"file":126,"line":172,"context":150},192,{"file":126,"line":174,"context":150},237,{"file":126,"line":176,"context":150},246,{"file":126,"line":178,"context":150},254,{"file":126,"line":180,"context":150},257,{"file":126,"line":182,"context":150},261,{"file":126,"line":184,"context":150},271,{"file":126,"line":186,"context":150},276,{"file":126,"line":188,"context":150},288,{"file":126,"line":190,"context":150},380,{"file":126,"line":192,"context":150},388,{"file":126,"line":194,"context":150},392,{"file":126,"line":196,"context":150},409,{"file":126,"line":198,"context":150},417,{"file":126,"line":200,"context":150},421,{"file":126,"line":202,"context":150},438,{"file":126,"line":204,"context":150},456,{"file":126,"line":206,"context":150},468,{"file":126,"line":208,"context":150},481,{"file":126,"line":210,"context":150},501,{"file":126,"line":212,"context":150},513,{"file":126,"line":214,"context":150},526,{"file":126,"line":216,"context":150},540,{"file":126,"line":218,"context":150},579,{"file":126,"line":220,"context":150},593,{"file":126,"line":222,"context":150},634,2,[],[226,310,319,328,337,346],{"entryPoint":227,"graph":228,"unsanitizedCount":308,"severity":309},"simple_user_management (simple_user_management.php:58)",{"nodes":229,"edges":294},[230,235,240,244,246,250,252,255,257,260,262,266,270,275,279,282,285,289,292],{"id":231,"type":232,"label":233,"file":126,"line":234},"n0","source","$_POST['userquery']",70,{"id":236,"type":237,"label":238,"file":126,"line":152,"wp_function":239},"n1","sink","echo() [XSS]","echo",{"id":241,"type":232,"label":242,"file":126,"line":243},"n2","$_POST['blogquery']",89,{"id":245,"type":237,"label":238,"file":126,"line":156,"wp_function":239},"n3",{"id":247,"type":232,"label":248,"file":126,"line":249},"n4","$_GET (x2)",108,{"id":251,"type":237,"label":238,"file":126,"line":160,"wp_function":239},"n5",{"id":253,"type":232,"label":254,"file":126,"line":170},"n6","$_GET['user']",{"id":256,"type":237,"label":238,"file":126,"line":170,"wp_function":239},"n7",{"id":258,"type":232,"label":259,"file":126,"line":180},"n8","$_GET['blog']",{"id":261,"type":237,"label":238,"file":126,"line":180,"wp_function":239},"n9",{"id":263,"type":232,"label":264,"file":126,"line":265},"n10","$_POST['userquery'] (x2)",74,{"id":267,"type":268,"label":269,"file":126,"line":265},"n11","transform","→ simple_user_management_search_users()",{"id":271,"type":237,"label":272,"file":126,"line":273,"wp_function":274},"n12","get_results() [SQLi]",628,"get_results",{"id":276,"type":232,"label":277,"file":126,"line":278},"n13","$_POST['blogquery'] (x2)",93,{"id":280,"type":268,"label":281,"file":126,"line":278},"n14","→ simple_user_management_search_blogs()",{"id":283,"type":237,"label":272,"file":126,"line":284,"wp_function":274},"n15",573,{"id":286,"type":232,"label":287,"file":126,"line":288},"n16","$_GET",149,{"id":290,"type":268,"label":291,"file":126,"line":288},"n17","→ simple_user_management_show_user_blogs_table()",{"id":293,"type":237,"label":238,"file":126,"line":204,"wp_function":239},"n18",[295,297,298,299,300,301,302,304,305,306,307],{"from":231,"to":236,"sanitized":296},false,{"from":241,"to":245,"sanitized":296},{"from":247,"to":251,"sanitized":296},{"from":253,"to":256,"sanitized":296},{"from":258,"to":261,"sanitized":296},{"from":263,"to":267,"sanitized":296},{"from":267,"to":271,"sanitized":303},true,{"from":276,"to":280,"sanitized":296},{"from":280,"to":283,"sanitized":303},{"from":286,"to":290,"sanitized":296},{"from":290,"to":293,"sanitized":296},7,"medium",{"entryPoint":311,"graph":312,"unsanitizedCount":65,"severity":309},"simple_user_management_show_assign_blog_to_user_form (simple_user_management.php:378)",{"nodes":313,"edges":317},[314,316],{"id":231,"type":232,"label":254,"file":126,"line":315},381,{"id":236,"type":237,"label":238,"file":126,"line":190,"wp_function":239},[318],{"from":231,"to":236,"sanitized":296},{"entryPoint":320,"graph":321,"unsanitizedCount":65,"severity":309},"simple_user_management_show_add_user_to_blog_form (simple_user_management.php:407)",{"nodes":322,"edges":326},[323,325],{"id":231,"type":232,"label":259,"file":126,"line":324},410,{"id":236,"type":237,"label":238,"file":126,"line":196,"wp_function":239},[327],{"from":231,"to":236,"sanitized":296},{"entryPoint":329,"graph":330,"unsanitizedCount":65,"severity":309},"simple_user_management_show_user_blogs_table (simple_user_management.php:436)",{"nodes":331,"edges":335},[332,334],{"id":231,"type":232,"label":254,"file":126,"line":333},439,{"id":236,"type":237,"label":238,"file":126,"line":202,"wp_function":239},[336],{"from":231,"to":236,"sanitized":296},{"entryPoint":338,"graph":339,"unsanitizedCount":65,"severity":309},"simple_user_management_show_blog_users_table (simple_user_management.php:479)",{"nodes":340,"edges":344},[341,343],{"id":231,"type":232,"label":259,"file":126,"line":342},482,{"id":236,"type":237,"label":238,"file":126,"line":208,"wp_function":239},[345],{"from":231,"to":236,"sanitized":296},{"entryPoint":347,"graph":348,"unsanitizedCount":65,"severity":309},"\u003Csimple_user_management> (simple_user_management.php:0)",{"nodes":349,"edges":372},[350,351,352,353,354,356,357,359,360,362,363,364,365,366,367,368,369,370,371],{"id":231,"type":232,"label":233,"file":126,"line":234},{"id":236,"type":237,"label":238,"file":126,"line":152,"wp_function":239},{"id":241,"type":232,"label":242,"file":126,"line":243},{"id":245,"type":237,"label":238,"file":126,"line":156,"wp_function":239},{"id":247,"type":232,"label":355,"file":126,"line":249},"$_GET (x10)",{"id":251,"type":237,"label":238,"file":126,"line":160,"wp_function":239},{"id":253,"type":232,"label":358,"file":126,"line":170},"$_GET['user'] (x3)",{"id":256,"type":237,"label":238,"file":126,"line":170,"wp_function":239},{"id":258,"type":232,"label":361,"file":126,"line":180},"$_GET['blog'] (x3)",{"id":261,"type":237,"label":238,"file":126,"line":180,"wp_function":239},{"id":263,"type":232,"label":264,"file":126,"line":265},{"id":267,"type":268,"label":269,"file":126,"line":265},{"id":271,"type":237,"label":272,"file":126,"line":273,"wp_function":274},{"id":276,"type":232,"label":277,"file":126,"line":278},{"id":280,"type":268,"label":281,"file":126,"line":278},{"id":283,"type":237,"label":272,"file":126,"line":284,"wp_function":274},{"id":286,"type":232,"label":287,"file":126,"line":288},{"id":290,"type":268,"label":291,"file":126,"line":288},{"id":293,"type":237,"label":238,"file":126,"line":204,"wp_function":239},[373,374,375,376,377,378,379,380,381,382,383],{"from":231,"to":236,"sanitized":303},{"from":241,"to":245,"sanitized":303},{"from":247,"to":251,"sanitized":303},{"from":253,"to":256,"sanitized":303},{"from":258,"to":261,"sanitized":303},{"from":263,"to":267,"sanitized":296},{"from":267,"to":271,"sanitized":303},{"from":276,"to":280,"sanitized":296},{"from":280,"to":283,"sanitized":303},{"from":286,"to":290,"sanitized":296},{"from":290,"to":293,"sanitized":296},{"summary":385,"deductions":386},"The \"simple-user-admin\" v1.5 plugin exhibits a mixed security posture.  On one hand, the absence of known CVEs and a lack of critical vulnerabilities in static and taint analysis are positive indicators. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks. However, a significant concern arises from the complete lack of output escaping, meaning all 37 identified outputs are vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the absence of capability checks for any of its functionalities suggests a potential for privilege escalation or unauthorized access if any of the entry points (though none are currently identified) were to be discovered or introduced.\n\nThe taint analysis, while not revealing critical or high-severity issues, shows all 6 analyzed flows with unsanitized paths. This, combined with the unescaped output, strongly suggests a high likelihood of XSS vulnerabilities.  The zero unescaped outputs, when coupled with 37 total outputs, is a critical finding. The vulnerability history being clean is reassuring, but it doesn't mitigate the immediate risks identified in the code analysis.  Therefore, while the plugin avoids common pitfalls like raw SQL or unpatched CVEs, the severe lack of output escaping and capability checks presents a notable security risk that requires immediate attention.",[387,390,392],{"reason":388,"points":389},"100% of outputs unescaped",15,{"reason":391,"points":11},"No capability checks implemented",{"reason":393,"points":394},"All taint flows have unsanitized paths",8,"2026-03-17T00:28:11.190Z",{"wat":397,"direct":406},{"assetPaths":398,"generatorPatterns":401,"scriptPaths":402,"versionParams":403},[399,400],"\u002Fwp-content\u002Fplugins\u002Fsimple-user-admin\u002Fsimple_user_management.css","\u002Fwp-content\u002Fplugins\u002Fsimple-user-admin\u002Fsimple_user_management.js",[],[400],[404,405],"simple-user-admin\u002Fsimple_user_management.css?ver=","simple-user-admin\u002Fsimple_user_management.js?ver=",{"cssClasses":407,"htmlComments":418,"htmlAttributes":419,"restEndpoints":429,"jsGlobals":430,"shortcodeOutput":432},[408,409,410,411,412,413,414,415,416,417],"wrap","field_label","field_value","submit_button","cancel_button","user_row","blog_row","add_user_to_blog_form","assign_blog_to_user_form","search_form",[],[420,421,422,423,424,425,426,427,428],"name=\"userquery\"","name=\"blogquery\"","name=\"user\"","name=\"blog\"","name=\"role\"","name=\"_wpnonce\"","id=\"results\"","name=\"userids\"","name=\"blogids\"",[],[125,134,130,431],"simple_user_management",[]]