[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX89XOJvD8oXvsOxijrYcBtxqTUVUAt0NJ_3hb89RSyo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":36,"analysis":125,"fingerprints":184},"ss-find-post-with-password","SS Find Post with Password","1.0.0","spotlightstudios","https:\u002F\u002Fprofiles.wordpress.org\u002Fspotlightstudios\u002F","\u003Cp>This plugin allows you to search out and find posts with a specific password.\u003C\u002Fp>\n\u003Cp>The plugin was developed with photographers in mind who may want to password protect their albums and give that password to clients, without having to provide dedicated links and or user-name login details each time.\u003C\u002Fp>\n\u003Cp>This plugin will integrate with most custom post types and Gallery plugins including NexGenGallery and WP Photo Seller\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Please Donate to: admin@spotlightstudios.co.uk or use the link below\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=62YBJTBQ7HXLG\u003C\u002Fp>\n","This plugin allows you to search out and find posts with a specific password.",10,1596,100,1,"2014-07-09T16:51:00.000Z","3.9.40","2.3","",[20,21,22,23,24],"page","password","post","spotlight","studios","http:\u002F\u002Fspotlightstudios.co.uk\u002Fplugins\u002Fss-postpassword\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fss-find-post-with-password.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,84,"2026-04-04T17:02:10.406Z",[37,58,74,89,108],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":13,"vuln_count":14,"unpatched_count":28,"last_vuln_date":57,"fetched_at":30},"multiple-post-passwords","Multiple Post Passwords","1.1.4","Andreas Münch","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreasmuench\u002F","\u003Cp>This is a simple Plugin that lets you set multiple passwords for your password protected posts and pages.\u003C\u002Fp>\n\u003Cp>On posts\u002Fpages with password protection it will show an extra Metabox with a field to input additional passwords, one in each line.\u003C\u002Fp>\n\u003Cp>Note that if you just changed a post\u002Fpage to password protection you have to save once so that the extra field appears.\u003C\u002Fp>\n\u003Ch4>Expire passwords\u003C\u002Fh4>\n\u003Cp>You can also make passwords expire after x hours when being used. You can find the settings under Settings -> Multiple Post Passwords.\u003C\u002Fp>\n\u003Cp>Note that the actual deletion of the passwords is triggered by a cronjob which is run every 30 minutes. So even if you set your expiry time to very short, it may still take 30 minutes until the password really expires.\u003C\u002Fp>\n\u003Cp>Also note that the expiration only works for the additional passwords, not for the standard WordPress page\u002Fpost password.\u003C\u002Fp>\n\u003Ch4>Using lots of passwords on one page\u003C\u002Fh4>\n\u003Cp>If you are using lots of passwords on one page and the password check takes a long time, you should activate the alternative password check in the settings to speed up the password check.\u003C\u002Fp>\n","Set multiple passwords for your protected pages so you can give them to different users.",2000,24287,11,"2026-01-17T16:46:00.000Z","6.8.5","4.7.0","5.6",[53,20,21,22,54],"multiple","protected","https:\u002F\u002Fwww.andreasmuench.de\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-post-passwords.1.1.4.zip","2023-11-28 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":49,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":18,"download_link":73,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"password-passthrough","Password Passthrough","2.0.0","KaeruCT","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaeruct\u002F","\u003Cp>This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.\u003C\u002Fp>\n\u003Cp>The query string parameter that should contain the password is \u003Ccode>pw\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>For example, if the URL of your post is \u003Ccode>http:\u002F\u002Fmyblog.com\u002Fpassword-protected-page\u002F\u003C\u002Fcode> and the password is \u003Ccode>PASSWORD\u003C\u002Fcode>,\u003Cbr \u002F>\nthen just append \u003Ccode>?pw=PASSWORD\u003C\u002Fcode> to it.\u003C\u002Fp>\n\u003Cp>If the URL already contains a query string (for example, \u003Ccode>http:\u002F\u002Fmyblog.com\u002F?p=5\u003C\u002Fcode>), then be sure to append \u003Ccode>&pw=PASSWORD\u003C\u002Fcode> instead.\u003C\u002Fp>\n","This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.",600,6589,6,"2025-06-21T19:23:00.000Z","5.4",[20,21,22,54,72],"url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-passthrough.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":66,"downloaded":82,"rating":28,"num_ratings":28,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":87,"download_link":88,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"replace-protected-password","Replace Protected Password","1.0.3","Ko Takagi","https:\u002F\u002Fprofiles.wordpress.org\u002Fko31\u002F","\u003Cp>This plugin allows you to update the password for the post or page at a time.\u003C\u002Fp>\n\u003Cp>Manage your protected passwords easier.\u003C\u002Fp>\n\u003Ch4>Related Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fko31\u002Freplace-protected-password\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to update the password for the post or page at a time.",4344,"2022-11-18T12:48:00.000Z","6.1.10","4.3",[20,21,22],"https:\u002F\u002Fgithub.com\u002Fko31\u002Freplace-protected-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freplace-protected-password.1.0.3.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":28,"num_ratings":28,"last_updated":98,"tested_up_to":84,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":106,"download_link":107,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"authpro","AuthPro","1.3.0","yuryk","https:\u002F\u002Fprofiles.wordpress.org\u002Fyuryk\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.authpro.com\" rel=\"nofollow ugc\">AuthPro.com\u003C\u002Fa> is remotely hosted password protection and membership site management service for your website.\u003Cbr \u002F>\nWith this plugin you can easily add AuthPro protection code to your WordPress blog.\u003C\u002Fp>\n\u003Cp>You can select to protect whole website or selected pages or posts.\u003Cbr \u002F>\nYou can also disable protection code on all pages page if you need.\u003C\u002Fp>\n\u003Cp>PS: You’ll need an active AuthPro account to use this plugin.\u003Cbr \u002F>\nIf you do not have AuthPro account you can \u003Ca href=\"https:\u002F\u002Fwww.authpro.com\u002Fsignup.shtml\" rel=\"nofollow ugc\">signup\u003C\u002Fa> for new one on authpro.com website.\u003C\u002Fp>\n","Adds AuthPro.com remotely hosted service support to your WordPress website.",2502,"2022-11-23T13:08:00.000Z","4.1.0",[101,102,103,104,105],"category-protection","login","page-protection","password-protection","post-protection","https:\u002F\u002Fwww.authpro.com\u002Fintegrations\u002Fwordpress.shtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthpro.1.3.0.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":11,"downloaded":116,"rating":28,"num_ratings":28,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":18,"tags":120,"homepage":123,"download_link":124,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lx-password-generator","LX Password Generator","1.0.2","lx6g","https:\u002F\u002Fprofiles.wordpress.org\u002Flx6g\u002F","\u003Cp>You can choose from upper and lower letters, digits and special characters to make your new hardcore passwords impossible to break.\u003Cbr \u002F>\nAnd yes, all the passwords are generated only within client’s browser session and are not saved anywhere on the server side,\u003Cbr \u002F>\nso it is absolutely safe to use in real world.\u003C\u002Fp>\n\u003Cp>You can also specify the following attributes to tune the form’s appearance:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>length=4..64\u003C\u002Fcode> specifies the default length of a password. Allowed values range from 4 to 64.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>upper=1\u003C\u002Fcode> enables upper-case letters option. Activated by default.\u003C\u002Fli>\n\u003Cli>\u003Ccode>lower=1\u003C\u002Fcode> enables lower-case letters option. Activated by default.\u003C\u002Fli>\n\u003Cli>\u003Ccode>digits=1\u003C\u002Fcode> enables digits option. Activated by default.\u003C\u002Fli>\n\u003Cli>\u003Ccode>special=1\u003C\u002Fcode> enables special characters \u003Ccode>,.:;_=\u003C\u002Fcode> option. Disabled by default. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin’s Official Site\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Flx6g.com\" rel=\"nofollow ugc\">Alex Granovsky Blog\u003C\u002Fa>\u003C\u002Fp>\n","LX Password Generator is simple yet nifty password generation form to be placed in any page or post you like.",2514,"2015-11-10T16:56:00.000Z","3.0.5","2.5",[121,20,21,122,22],"generator","password-generator","http:\u002F\u002Flx6g.com\u002F2011\u002F01\u002Fpassgen-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flx-password-generator.1.0.2.zip",{"attackSurface":126,"codeSignals":136,"taintFlows":144,"riskAssessment":172,"analyzedAt":183},{"hooks":127,"ajaxHandlers":128,"restRoutes":129,"shortcodes":130,"cronEvents":135,"entryPointCount":14,"unprotectedCount":28},[],[],[],[131],{"tag":132,"callback":132,"file":133,"line":134},"ss_postpassword","ss-findPostWithPassword.php",95,[],{"dangerousFunctions":137,"sqlUsage":138,"outputEscaping":141,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":143},[],{"prepared":139,"raw":28,"locations":140},2,[],{"escaped":28,"rawEcho":28,"locations":142},[],[],[145],{"entryPoint":146,"graph":147,"unsanitizedCount":139,"severity":171},"\u003Css-findPostWithPassword> (ss-findPostWithPassword.php:0)",{"nodes":148,"edges":167},[149,154,160,162],{"id":150,"type":151,"label":152,"file":133,"line":153},"n0","source","$_POST",33,{"id":155,"type":156,"label":157,"file":133,"line":158,"wp_function":159},"n1","sink","get_var() [SQLi]",37,"get_var",{"id":161,"type":151,"label":152,"file":133,"line":153},"n2",{"id":163,"type":156,"label":164,"file":133,"line":165,"wp_function":166},"n3","wp_redirect() [Open Redirect]",45,"wp_redirect",[168,170],{"from":150,"to":155,"sanitized":169},false,{"from":161,"to":163,"sanitized":169},"high",{"summary":173,"deductions":174},"The \"ss-find-post-with-password\" v1.0.0 plugin exhibits a mixed security posture.  On the positive side, the static analysis reveals excellent security practices in several key areas. All SQL queries are protected by prepared statements, and all observed output is properly escaped, indicating a strong defense against common injection and cross-site scripting (XSS) vulnerabilities. The absence of file operations, external HTTP requests, and the fact that all entry points (though minimal) are seemingly protected also contribute positively to its security.  However, there are significant concerns arising from the taint analysis. One analyzed flow shows unsanitized paths, which is flagged as a high-severity issue. This suggests a potential avenue for an attacker to manipulate file paths or other path-related data, potentially leading to unauthorized file access or other system compromises. The lack of nonces and capability checks, while not directly tied to the identified taint flow, represents a missed opportunity to further harden the plugin, especially if the shortcode or other potential entry points are ever expanded or used in a sensitive context. The plugin's vulnerability history is clean, with no known CVEs, which is a strong positive. This, combined with the good practices in SQL and output handling, suggests the developers have some security awareness. However, the single high-severity taint flow remains a critical concern that overshadows the otherwise clean code. The overall risk is moderate, with the potential for exploitation of the identified taint flow being the primary threat.",[175,178,181],{"reason":176,"points":177},"High severity unsanitized path in taint analysis",12,{"reason":179,"points":180},"Missing nonce checks",5,{"reason":182,"points":180},"Missing capability checks","2026-03-17T00:43:02.790Z",{"wat":185,"direct":190},{"assetPaths":186,"generatorPatterns":187,"scriptPaths":188,"versionParams":189},[],[],[],[],{"cssClasses":191,"htmlComments":195,"htmlAttributes":196,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":200},[192,193,194],"uk-alert","uk-alert-danger","uk-form-danger",[],[197],"data-uk-alert",[],[],[201,202,203,204,205,206,207,208,209],"\u003Cform action=\"\" method=\"post\">","\u003Cdiv style=\"text-align: center;\">\u003Cinput type=\"password\" placeholder=\"","\" name=\"pw_field\" value=\"\" class=\"","\" \u002F> \u003Cinput type=\"submit\" name=\"submit_pw_field\" value=\"","\" \u002F>\u003C\u002Fdiv>","\u003Cdiv style=\"text-align: center;\" ",">","\u003C\u002Fdiv>","\u003C\u002Fform>"]