[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY_JeNtLkAMkV0Q1-C6b5LycKpXvtDHM5nk2iJWg7LzM":3,"$fISqEvewI2dDsa6B59RK-5Q5lrf-0dW9ipJGH8pL2LVs":113,"$fj1eZAtYbjosDwE7vK7NMXudcrE7EO0lkKM7xIYzIfQk":118},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":37,"analysis":56,"fingerprints":100},"tavakal-destroy-user-sessions","Tavakal – Destroy user sessions","1.0.0","tavakal4devs","https:\u002F\u002Fprofiles.wordpress.org\u002Ftavakal4devs\u002F","\u003Cp>By default in wordpress sessions have expiration date, it might be too long for some kind of websites. With this plugin, you can set N time for afk (away from keyboard) users, before ending their session. For example if N time is 1 hour, users will be logged out after 1 hour from the last activity time.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Ch4>Tavakal – Destroy user sessions Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set maximum inactive time before ending user session\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set roles that should apply this logic.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>🔐 Important Notice\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin requires cron jobs enabled to work\u003C\u002Fp>\n","Free light plugin to kick out user after being afk, or inactive for long time even if the browser is closed. You can change the time and users roles a &hellip;",10,850,100,1,"2022-02-10T14:54:00.000Z","5.9.13","4.0","5.6",[20,21,22,23],"inactive-users","kick-inactive-users","kick-user","logout-afk","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftavakal-destroy-user-sessions.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},3,30,84,"2026-05-20T05:03:55.749Z",[38],{"slug":39,"name":40,"version":6,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":27,"downloaded":45,"rating":27,"num_ratings":27,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":24,"download_link":55,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"storm-clean-admin","Storm Clean Admin","Wpstorm Genius","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpstormdev\u002F","\u003Cp>\u003Cstrong>Storm Clean Admin\u003C\u002Fstrong> is a lightweight and performance-focused WordPress plugin that helps site administrators manage inactive users, track activity, and maintain a clean, secure dashboard.\u003C\u002Fp>\n\u003Cp>Built with a modern React-powered interface and adhering to WordPress coding standards, it provides a seamless experience for both administrators and site managers.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Cstrong>Fast & Lightweight\u003C\u002Fstrong> – Uses native WordPress APIs for optimal performance.\u003C\u002Fli>\n\u003Cli>🧍‍♂️ \u003Cstrong>Smart User Management\u003C\u002Fstrong> – Detect, deactivate, or delete inactive users automatically.\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – Monitor user login activity, registrations, and engagement.\u003C\u002Fli>\n\u003Cli>⚙️ \u003Cstrong>Custom Automation\u003C\u002Fstrong> – Schedule cleanups and inactivity checks.\u003C\u002Fli>\n\u003Cli>🔒 \u003Cstrong>Security Focused\u003C\u002Fstrong> – Protects admin and critical roles from accidental removal.\u003C\u002Fli>\n\u003Cli>🎨 \u003Cstrong>Modern UI\u003C\u002Fstrong> – Clean, responsive React interface integrated with WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Use Storm Clean Admin?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Keep your user database clean and efficient\u003C\u002Fli>\n\u003Cli>Identify dormant or risky accounts\u003C\u002Fli>\n\u003Cli>Automate routine maintenance tasks\u003C\u002Fli>\n\u003Cli>Improve visibility on user activity\u003C\u002Fli>\n\u003Cli>Maintain GDPR compliance by removing unused accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built For Admins and Developers\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully compatible with WordPress coding and security standards\u003C\u002Fli>\n\u003Cli>Translation-ready and fully localizable\u003C\u002Fli>\n\u003Cli>Uses WordPress REST API for scalability and speed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works with WordPress 5.0+\u003C\u002Fli>\n\u003Cli>Tested up to 6.8.3\u003C\u002Fli>\n\u003Cli>Supports classic and block themes\u003C\u002Fli>\n\u003Cli>Translation-ready with included \u003Ccode>.pot\u003C\u002Fcode> file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Inactive Users Management\u003C\u002Fstrong> – Automatically detect and manage inactive accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Activity Tracking\u003C\u002Fstrong> – Track login times and last activity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automated Cleanup\u003C\u002Fstrong> – Schedule automatic cleanup of inactive users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – View site and user activity trends\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Exclusions\u003C\u002Fstrong> – Exclude specific user roles from inactivity checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Actions\u003C\u002Fstrong> – Deactivate or delete inactive users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Charts\u003C\u002Fstrong> – Visualize login and registration patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Actions\u003C\u002Fstrong> – Apply actions to multiple users simultaneously\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security-Focused\u003C\u002Fstrong> – Built with WordPress best practices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern UI\u003C\u002Fstrong> – Responsive React dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cstrong>Storm Clean Admin\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Configure inactivity thresholds and exclusion rules.\u003C\u002Fli>\n\u003Cli>Enable automatic cleanup or manage users manually.\u003C\u002Fli>\n\u003Cli>Monitor user activity and manage accounts from the dashboard.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>All user login times are tracked locally in your database. No external data transmission occurs. Data remains on your WordPress installation.\u003C\u002Fp>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Multisite compatibility\u003C\u002Fli>\n\u003Cli>Email notifications for inactive users\u003C\u002Fli>\n\u003Cli>Export\u002Fimport cleanup logs\u003C\u002Fli>\n\u003Cli>WooCommerce integration for user activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Documentation, FAQs, and support: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\u002Fclean-admin\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u002Fclean-admin\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Feedback & Contribution\u003C\u002Fh3>\n\u003Cp>Report issues or share ideas: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\u002Fsupport\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u002Fsupport\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Cstrong>Wpstorm Team\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u003C\u002Fa>\u003C\u002Fp>\n","A modern WordPress plugin to manage inactive users, monitor site activity, and keep your site optimized and secure.",158,"2025-11-29T20:28:00.000Z","6.8.5","5.0","7.4",[51,20,52,53,54],"admin-tools","optimization","security","user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstorm-clean-admin.1.0.0.zip",{"attackSurface":57,"codeSignals":85,"taintFlows":93,"riskAssessment":94,"analyzedAt":99},{"hooks":58,"ajaxHandlers":79,"restRoutes":80,"shortcodes":81,"cronEvents":82,"entryPointCount":27,"unprotectedCount":27},[59,65,71,75],{"type":60,"name":61,"callback":62,"file":63,"line":64},"action","admin_init","generate_options","includes\u002FTavakalDestroySessionSettings.php",33,{"type":66,"name":67,"callback":68,"file":69,"line":70},"filter","cron_schedules","cron_add_five_min","includes\u002FTavakalDestroyUserSession.php",14,{"type":60,"name":72,"callback":73,"file":69,"line":74},"init","update_last_activity",16,{"type":60,"name":76,"callback":77,"file":69,"line":78},"tavakal_destroy_expired_sessions","destroy_expired_sessions",18,[],[],[],[83],{"hook":76,"callback":76,"file":69,"line":84},21,{"dangerousFunctions":86,"sqlUsage":87,"outputEscaping":89,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":92},[],{"prepared":14,"raw":27,"locations":88},[],{"escaped":90,"rawEcho":27,"locations":91},13,[],[],[],{"summary":95,"deductions":96},"The \"tavakal-destroy-user-sessions\" plugin, version 1.0.0, exhibits a strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are all prepared, and all outputs are properly escaped. The absence of file operations and external HTTP requests further bolsters its security. Crucially, the lack of any taint analysis findings indicates no obvious risks related to data sanitization or path manipulation.  The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a history of secure development or limited exposure.\n\nWhile the static analysis shows a positive security profile, the complete absence of any authorization checks (capability checks, nonce checks) across all entry points is a significant concern. Although the attack surface is reported as zero unprotected entry points (AJAX, REST API, shortcodes), the lack of explicit capability checks on the identified cron event leaves it potentially vulnerable to unauthorized execution if not properly secured at the application level.  The plugin's strengths lie in its clean code and lack of known vulnerabilities, but the absence of authorization mechanisms on its sole identified entry point (cron event) is a notable weakness that could be exploited.",[97],{"reason":98,"points":11},"Cron event lacks capability checks","2026-04-16T12:06:57.481Z",{"wat":101,"direct":106},{"assetPaths":102,"generatorPatterns":103,"scriptPaths":104,"versionParams":105},[],[],[],[],{"cssClasses":107,"htmlComments":108,"htmlAttributes":109,"restEndpoints":110,"jsGlobals":111,"shortcodeOutput":112},[],[],[],[],[],[],{"error":114,"url":115,"statusCode":116,"statusMessage":117,"message":117},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ftavakal-destroy-user-sessions\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":119},[]]