[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVGjEwQuZ1R3za9NOORM3da-O_VQbK1GwSa8Voy1g0bA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":142,"fingerprints":168},"skeleton-key","Skeleton Key","1.1.1","sant0sk1","https:\u002F\u002Fprofiles.wordpress.org\u002Fsant0sk1\u002F","\u003Cp>As an administrator of a WordPress site with many users, it is often useful to login to a user’s account to troubleshoot something. Asking for their password is tacky and having to reset it is amateurish. Thankfully, you don’t have to do either when you’re armed with this plugin. You can login to the site with any user’s account by providing admin username followed by a “+” followed by their username and your administrative password. All other user authentication is passed on to WordPress core. Handy, huh?\u003C\u002Fp>\n\u003Cp>To login as user joeblow you’d provide:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Username = admin+joeblow\nPassword = [the admin's password]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>New In This Version\u003C\u002Fh4>\n\u003Col>\n\u003Cli>WordPress 2.9 compatibility\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpixelgraphics.us\u002F\" rel=\"nofollow ugc\">Doug Neiner\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Gives administrators a skeleton key (their own password) to login as any user they'd like.",40,3786,0,"2009-12-20T15:11:00.000Z","2.9.2","2.8","",[19,20,21,22,23],"admin","login","password","skeleton","users","http:\u002F\u002Fgithub.com\u002Fsant0sk1\u002Fwp-skeleton-key","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskeleton-key.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,240,30,84,"2026-04-04T15:07:23.541Z",[37,61,82,102,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":59,"last_vuln_date":60,"fetched_at":28},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","6.8.5","5.4","7.4",[54,20,21,55,23],"expire","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",75,1,"2026-03-20 14:37:35",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":34,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":17,"download_link":80,"security_score":81,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[20,77,78,79,23],"membership","passwords","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",100,{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":81,"num_ratings":92,"last_updated":93,"tested_up_to":73,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":17,"download_link":101,"security_score":81,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"use-administrator-password","Use Administrator Password","1.3.2","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>This plugin allows you to log in as any user, using any administrator’s password. The user can still log in using their own password.\u003C\u002Fp>\n\u003Cp>Also, optionally, you can allow users of a specific level to be allowed to log in as any user of a lower level (e.g. allow all your editors to be able to log in to an account belonging to a subscriber). It is also possible (by setting usermeta in your database) to indicate specific users who can log into other specific accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\u003C\u002Fa> – if TFA is enabled on an account, then the TFA credentials required are those of the user whose credentials are used (in this case, that user is required to also have TFA enabled).\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2012- David Anderson\u003C\u002Fp>\n\u003Cp>MIT License:\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","Log in as any user with an administrator's password.",900,18348,9,"2025-11-12T16:22:00.000Z","3.4",[96,97,98,99,100],"admin-login","master-key","master-login","master-password","universal-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuse-administrator-password.1.3.2.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":17,"tags":117,"homepage":120,"download_link":121,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simplemodal-login","SimpleModal Login","1.1","Eric","https:\u002F\u002Fprofiles.wordpress.org\u002Femartin24\u002F","\u003Cp>\u003Cstrong>SimpleModal Login 1.0 now includes a user registration and password reset feature!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SimpleModal Login provides a modal Ajax login, registration and password reset feature for WordPress and utilizes jQuery and the SimpleModal jQuery plugin.\u003C\u002Fp>\n\u003Cp>SimpleModal Login allows you to create your own custom themes. See the FAQ for details.\u003C\u002Fp>\n\u003Cp>Translations: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimplemodal-login\u002FI18n (check the version number for the correct file)\u003C\u002Fp>\n","SimpleModal Login provides a modal Ajax login, registration, and password reset feature for WordPress which utilizes jQuery and the SimpleModal jQuery",800,187883,80,33,"2017-11-28T19:50:00.000Z","4.0.38","2.5.0",[19,118,20,119,21],"ajax","modal","http:\u002F\u002Fwww.studiofuel.com\u002Fsimplemodal-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplemodal-login.1.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":17,"tags":137,"homepage":140,"download_link":141,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"chap-secure-login","Chap Secure Password Login","1.6.6","Enrico Rossomando","https:\u002F\u002Fprofiles.wordpress.org\u002Fredsend\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.\u003Cbr \u002F>\nIn the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.\u003Cbr \u002F>\nIf you want more details about this algorithm, check \u003Ca href=\"http:\u002F\u002Fwww.devarticles.com\u002Fc\u002Fa\u002FJavaScript\u002FBuilding-a-CHAP-Login-System-An-ObjectOriented-Approach\u002F\" rel=\"nofollow ugc\">“Building a CHAP Login System”\u003C\u002Fa>.\u003Cbr \u002F>\nThis is a zero-configuration plugin.\u003C\u002Fp>\n\u003Cp>Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > \u003Ca href=\"https:\u002F\u002Fwww.mrred.it\u002F\" title=\"Blog about programming, gaming and startup\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mrred.it\u003C\u002Fa>\u003C\u002Fp>\n","Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.",700,58331,62,8,"2020-06-07T08:21:00.000Z","5.4.19","2.5",[19,20,21,138,139],"privacy","username","https:\u002F\u002Fwww.mrred.it\u002Fchap-secure-login-a-wordpress-plugin-for-secure-password-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchap-secure-login.1.6.6.zip",{"attackSurface":143,"codeSignals":156,"taintFlows":163,"riskAssessment":164,"analyzedAt":167},{"hooks":144,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[145],{"type":146,"name":147,"callback":148,"priority":149,"file":150,"line":151},"filter","authenticate","authenticate_with_skeleton_key",10,"wp-skeleton-key.php",12,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":162},[],{"prepared":13,"raw":13,"locations":159},[],{"escaped":13,"rawEcho":13,"locations":161},[],[],[],{"summary":165,"deductions":166},"The static analysis of skeleton-key version 1.1.1 reveals a strong security posture with no identified vulnerabilities or exploitable attack surface. The plugin demonstrates excellent adherence to secure coding practices, as evidenced by the absence of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and importantly, a lack of unprotected entry points. The complete absence of taint analysis findings further reinforces this positive assessment, indicating that data flows are handled securely and no unsanitized paths were detected.\n\nThe vulnerability history is equally impressive, with zero recorded CVEs. This indicates a history of stable and secure development. The lack of any past vulnerabilities, regardless of severity, suggests a mature and well-maintained codebase. \n\nIn conclusion, skeleton-key v1.1.1 presents an exceptionally low-risk profile. Its design exhibits a commitment to security best practices. While the absence of nonces and capability checks on entry points might be a technicality given the zero entry points, the overall lack of attack surface and no recorded vulnerabilities makes this plugin a highly secure option.",[],"2026-03-16T22:18:17.124Z",{"wat":169,"direct":174},{"assetPaths":170,"generatorPatterns":171,"scriptPaths":172,"versionParams":173},[],[],[],[],{"cssClasses":175,"htmlComments":176,"htmlAttributes":177,"restEndpoints":178,"jsGlobals":179,"shortcodeOutput":180},[],[],[],[],[],[]]