[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faFZYpgbe0gpz_tsC_oMe3u9hsGetAcebYkNt0pjFG6s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":145,"fingerprints":547},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1865629,100,1499,"2025-12-22T11:48:00.000Z","6.8.5","3.0.1","5.3",[20,21,22,23,24],"developer-access","magic-pin","passwordless-login","secure-login","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip",1,0,"2021-11-15 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2021-24836","temporary-login-without-password-subscriber-plugin-settings-update","Temporary Login Without Password \u003C= 1.7.0 - Subscriber+ Plugin Settings Update","The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them",null,"\u003C=1.7.0","1.7.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Incorrect Authorization","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5eb85bc1-cffd-4363-ba53-30e3f6f6fc56?source=api-prod",799,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},9,132400,95,761,76,"2026-04-03T19:58:34.838Z",[56,76,94,112,128],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":16,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"login-links","Login Links – Passwordless Login, Temporary Access Links & Custom Login Form","2.1.0","Denis Alemán","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisaleman\u002F","\u003Cp>Login Links allows you to create temporary, password-less access links for existing users or guest accounts. The links can be configured to expire either after a certain period of time or after a set number of successful logins.\u003C\u002Fp>\n\u003Ch3>How Login Link Works\u003C\u002Fh3>\n\u003Cp>A login link is a special link that, when clicked, automatically logs the user in. They don’t need an account. The login occurs either under an existing account or under a temporary account created specifically for this link. The link has an expiration date, after which it is automatically deleted.\u003C\u002Fp>\n\u003Ch3>Provide Temporary Access\u003C\u002Fh3>\n\u003Cp>Create a login link with a specific role for support teams, clients, developers, or guest users who need temporary access to the site, and email it directly to them. They don’t need to create an account or come up with a password, and you won’t have to worry about deleting their account later.\u003C\u002Fp>\n\u003Ch3>Passwordless Access for Users\u003C\u002Fh3>\n\u003Cp>Allow already registered users to log in without a password. Users request a one-time login link by entering the email they used during registration, and the link is sent to that email.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>Temporary Login Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create an unlimited number of temporary login links.\u003C\u002Fli>\n\u003Cli>Choose to log in as an existing user or as a temporary user, which will automatically create a temporary account attached to the link.\u003C\u002Fli>\n\u003Cli>Delete and manage created links through a table interface, allowing you to view and remove links as needed.\u003C\u002Fli>\n\u003Cli>Set expiration limits for each login link based on time or number of logins.\u003C\u002Fli>\n\u003Cli>Expiration can be based on the number of logins, time, or a combination of both, whichever occurs first.\u003C\u002Fli>\n\u003Cli>Send an email invitation with a login link.\u003C\u002Fli>\n\u003Cli>Customize the email’s body and subject text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Password-less Access\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Allow password-less access for your users.\u003C\u002Fli>\n\u003Cli>Custom login form via shortcode for password-less access.\u003C\u002Fli>\n\u003Cli>Automatic deletion of expired links.\u003C\u002Fli>\n\u003Cli>Automatic generation of a temporary account with a designated role upon link creation.\u003C\u002Fli>\n\u003Cli>Optional password-less access through the standard WordPress login form.\u003C\u002Fli>\n\u003Cli>Ability to disallow password-based access.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create secure self-expiring login links for temporary access and guest users, and enable passwordless login for registered ones.",40,977,80,4,"2025-07-02T22:56:00.000Z","5.5","7.0",[72,73,22,23,24],"custom-login-form","login-without-password","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-links.2.1.0.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":28,"downloaded":84,"rating":28,"num_ratings":28,"last_updated":74,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":93},"safetemplogin-tawa","SafeTemp Login – Temporary Access with Approval","1.0.1","Fernando Filho","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyferweb\u002F","\u003Cp>SafeTemp Login allows you to create temporary users with any role. Perfect for contractors, auditors, or anyone who needs limited-time access to your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create temporary users with any role (subscriber, editor, administrator, etc.)\u003C\u002Fli>\n\u003Cli>Automatic expiration with configurable behavior (block login or delete user)\u003C\u002Fli>\n\u003Cli>Intercept sensitive actions when temporary administrator tries to perform them\u003C\u002Fli>\n\u003Cli>Approval system via admin dashboard or secure email links\u003C\u002Fli>\n\u003Cli>Email notifications to administrators\u003C\u002Fli>\n\u003Cli>Configurable restricted actions list\u003C\u002Fli>\n\u003Cli>Log only mode for testing\u003C\u002Fli>\n\u003Cli>Secure token-based approval system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When a temporary user with administrator role tries to perform a restricted action (like deleting a post, switching themes, installing plugins, etc.), the action is blocked and a request is created. Real administrators receive an email with secure one-time links to approve or deny the action.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Nonce verification on all actions\u003C\u002Fli>\n\u003Cli>Secure token-based approval links (expire in 30 minutes)\u003C\u002Fli>\n\u003Cli>User capability checking\u003C\u002Fli>\n\u003Cli>Automatic logout on expiration\u003C\u002Fli>\n\u003Cli>One-time use tokens\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Actions for Approval (Configurable):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Delete Posts\u003C\u002Fli>\n\u003Cli>Edit\u002FPublish Posts\u003C\u002Fli>\n\u003Cli>Switch Themes\u003C\u002Fli>\n\u003Cli>Install Plugins\u003C\u002Fli>\n\u003Cli>Activate Plugins\u003C\u002Fli>\n\u003Cli>Deactivate Plugins\u003C\u002Fli>\n\u003Cli>Delete Users\u003C\u002Fli>\n\u003Cli>Update Core Settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Open-source, donation-supported. Developed by \u003Ca href=\"https:\u002F\u002Fcyfer.com.br\" rel=\"nofollow ugc\">Cyfer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support & Donations\u003C\u002Fh3>\n\u003Cp>This plugin is free and open-source, developed by Cyfer.\u003C\u002Fp>\n\u003Cp>For support, visit \u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002Fcyfer\" rel=\"nofollow ugc\">Buy Me a Coffee:\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you find this plugin useful, please consider making a donation to help support continued development.\u003C\u002Fp>\n\u003Cp>Open-source, donation-supported. Developed by \u003Ca href=\"https:\u002F\u002Fcyfer.com.br\" rel=\"nofollow ugc\">Cyfer\u003C\u002Fa>.\u003C\u002Fp>\n","Create temporary users with any role. When a temporary user is an administrator, sensitive actions require approval from a real administrator.",148,"6.9.4","6.0","7.4",[22,23,24,89,90],"user-temporary","users","https:\u002F\u002Fgithub.com\u002Ffernandocyfer\u002Fsafetemp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafetemplogin-tawa.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":66,"num_ratings":67,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":87,"tags":107,"homepage":109,"download_link":110,"security_score":111,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"temporary-login","Temporary Login","1.3.0","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>Temporary Login creates a secure, temporary URL for easy access to your WP admin with no username and password. Share this URL with trusted support agents and colleagues in order to resolve issues quickly, and shut down access as soon as you’re done.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Grant access to your site with a single click; a temporary URL will be created that you can share for admin-level access to your site and it will automatically expire 7 days from creation.\u003C\u002Fli>\n\u003Cli>Extend access – need more time? No problem. Just click to extend access so that users don’t get locked out.\u003C\u002Fli>\n\u003Cli>All done? Revoke access and the link becomes inaccessible.\u003C\u002Fli>\n\u003Cli>Auto disable access – whether you forget to revoke access or lose track of the timing, there’s no need to worry. We will automatically disable the access URL at the expiration, within 7 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONTRIBUTION\u003C\u002Fh4>\n\u003Cp>Would you like to contribute to this plugin? You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Felementor\u002Ftemporary-login\u002F\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. Also, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","Create a secure, temporary URL for easy access to your WP admin.",40000,134160,"2024-11-26T16:13:00.000Z","6.7.5","6.2",[108,22,24,95],"login","https:\u002F\u002Felementor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login.1.3.0.zip",92,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":28,"num_ratings":28,"last_updated":122,"tested_up_to":85,"requires_at_least":106,"requires_php":87,"tags":123,"homepage":124,"download_link":125,"security_score":126,"vuln_count":27,"unpatched_count":28,"last_vuln_date":127,"fetched_at":30},"create-temporary-login","Bifröst – Instant Passwordless Temporary Login Links","1.0.9","Hakik Zaman","https:\u002F\u002Fprofiles.wordpress.org\u002Fhakik\u002F","\u003Cp>\u003Cstrong>Bifröst\u003C\u002Fstrong> is a WordPress plugin that helps create instant passwordless login links. Use those links to securely allow people temporary admin access to your WordPress site (dashboard).\u003C\u002Fp>\n\u003Cp>As WordPress site owners, we frequently give temporary admin access to people. Among many cases, giving temporary admin access to support engineers to troubleshoot an issue is prominent. In contrast with the default process of creating a user, \u003Cstrong>Bifröst\u003C\u002Fstrong> can instantly create a secure login link.\u003C\u002Fp>\n\u003Ch3>How to Create Passwordless Temporary Login Links for WordPress\u003C\u002Fh3>\n\u003Cp>The following video demonstrates creating a temporary login link for WordPress using \u003Cstrong>Bifröst\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmG9rUl0ou5k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>How often do you need to allow someone access to your WordPress site? There are many cases when you need to allow people access to your site, including support engineers.\u003C\u002Fp>\n\u003Cp>Allowing temporary access to your WordPress site was never easier. Create a temporary login URL to give people instant access to your site. You don’t need any email address, username or password.\u003C\u002Fp>\n\u003Ch3>🔐️ Feature Highlight of Bifröst\u003C\u002Fh3>\n\u003Cp>🔑️ Instantly create passwordless temporary login links for WP.\u003C\u002Fp>\n\u003Cp>🔑️ Remove\u002Fdelete temporary login links anytime you want.\u003C\u002Fp>\n\u003Cp>🔑️ By default, the temporary login links are valid for 7 days.\u003C\u002Fp>\n\u003Cp>🔑️ You can increase the validity by 3 days for expired login links.\u003C\u002Fp>\n\u003Ch3>How does Bifröst work\u003C\u002Fh3>\n\u003Cp>You can create passwordless temporary login links after successfully installing \u003Cstrong>Bifröst\u003C\u002Fstrong> on your WordPress site. Like most WordPress plugins installation is very straightforward. Moreover, it does not require any additional configuration.\u003C\u002Fp>\n\u003Cp>Bifröst adds its option as a sub-menu under the WordPress \u003Cstrong>User\u003C\u002Fstrong> menu. You can also quickly access the menu from the installed plugins section. Under the plugin name, there is a quick link called \u003Cstrong>Create Login Links\u003C\u002Fstrong>. Click on \u003Cstrong>Create Login Links\u003C\u002Fstrong> to access plugin settings. You can create temporary login links from here by clicking the Generate button.\u003C\u002Fp>\n\u003Cp>By default, temporary login links are valid for 7 days. When the link expires after 7 days, you will find an option to extend the validity. You can extend validity for 3 days (you can keep repeating this process as long as necessary).\u003C\u002Fp>\n\u003Ch3>Bifröst prioritizes security\u003C\u002Fh3>\n\u003Cp>🔒️ Though we want to add ease to your workflow, site security is our top priority. As a result, we have coupled ease and security together.\u003C\u002Fp>\n\u003Cp>🔒️ First, the temporary login link appends a cryptographically secure random byte stream. As a result, there is no pattern for people to predict\u002Ftarget.\u003C\u002Fp>\n\u003Cp>🔒️ Second, the link expires in 7 days. So, even if you don’t remove a link, access to your dashboard will not work.\u003C\u002Fp>\n\u003Cp>🔒️ On top of that, people who access your dashboard using the passwordless temporary login links, cannot access the \u003Cstrong>User\u003C\u002Fstrong> menu. As a result, they cannot create a new user or modify an existing user.\u003C\u002Fp>\n","🔗️ Create passwordless temporary login links. Instantly ⚡️",50,2459,"2026-03-05T17:56:00.000Z",[108,22,24,95],"https:\u002F\u002Fgithub.com\u002Fhakikz\u002Fcreate-temporary-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcreate-temporary-login.1.0.9.zip",97,"2025-10-14 19:59:32",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":28,"downloaded":136,"rating":28,"num_ratings":28,"last_updated":137,"tested_up_to":16,"requires_at_least":138,"requires_php":87,"tags":139,"homepage":143,"download_link":144,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"password-less-login","Password Less Login","1.0.0.1","Sadekur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadekur\u002F","\u003Cp>\u003Cstrong>Password Less Login\u003C\u002Fstrong> is a passwordless and OTP-based login system for WordPress.\u003Cbr \u002F>\nEvery user — both existing and new — must verify their identity using a \u003Cstrong>One-Time Password (OTP)\u003C\u002Fstrong> sent to their email before being logged in.\u003C\u002Fp>\n\u003Cp>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user enters their email address.\u003C\u002Fli>\n\u003Cli>The plugin sends a \u003Cstrong>6-digit OTP\u003C\u002Fstrong> to that email.\u003C\u002Fli>\n\u003Cli>The user enters the OTP:\n\u003Cul>\n\u003Cli>If the email exists \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user is securely logged in.\u003C\u002Fli>\n\u003Cli>If the email is new \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user provides a username, verifies the OTP, and a new account is created automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The OTP is valid for \u003Cstrong>10 minutes\u003C\u002Fstrong> and expires after use.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin never logs in users without OTP verification.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication for All Users\u003C\u002Fstrong> – Both existing and new users must verify the OTP before login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Securely log in using only your email and OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto User Registration\u003C\u002Fstrong> – New users can register instantly after OTP verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary OTP (10 Minutes)\u003C\u002Fstrong> – Each OTP expires after 10 minutes and can only be used once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Protects REST API endpoints from unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Email Handling\u003C\u002Fstrong> – Emails are hashed when stored in transients to protect user data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience\u003C\u002Fstrong> – Clean, minimal login flow with conditional fields for existing vs. new users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Password Less Login?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No passwords to remember or reset.\u003C\u002Fli>\n\u003Cli>OTP verification ensures true ownership of email.\u003C\u002Fli>\n\u003Cli>Protects against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Simple setup – works with the native WordPress login page.\u003C\u002Fli>\n\u003Cli>Modern and user-friendly design.\u003C\u002Fli>\n\u003Cli>Reduces “Forgot Password” support requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to your WordPress login page.\u003C\u002Fli>\n\u003Cli>Enter your email address and click “Send OTP”.\u003C\u002Fli>\n\u003Cli>Check your email for the OTP.\u003C\u002Fli>\n\u003Cli>Enter the OTP in the login form:\n\u003Cul>\n\u003Cli>If your account exists, you’ll be logged in.\u003C\u002Fli>\n\u003Cli>If not, you’ll be prompted to provide a username before registration and login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>You’ll be redirected to your dashboard after successful verification.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL license. You are free to use and modify it.\u003C\u002Fp>\n\u003Cp>For support, contact: \u003Ca href=\"mailto:sadekur0rahman@gmail.com\" rel=\"nofollow ugc\">sadekur0rahman@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n","A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.",229,"2026-01-07T16:26:00.000Z","5.9",[140,141,142,22,23],"easy-login","email-authentication","otp-login","https:\u002F\u002Fgithub.com\u002Fsadekur\u002Fpassword-less-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-less-login.zip",{"attackSurface":146,"codeSignals":300,"taintFlows":498,"riskAssessment":537,"analyzedAt":546},{"hooks":147,"ajaxHandlers":281,"restRoutes":295,"shortcodes":296,"cronEvents":297,"entryPointCount":298,"unprotectedCount":299},[148,155,160,165,168,170,173,176,178,180,182,184,187,190,193,195,198,201,204,207,210,213,216,219,222,226,229,232,237,240,244,250,253,256,259,262,266,269,274,278],{"type":149,"name":150,"callback":151,"priority":152,"file":153,"line":154},"action","admin_init","check_version",5,"includes\\class-tlwp-install.php",38,{"type":156,"name":157,"callback":158,"file":153,"line":159},"filter","tlwp_memory_limit","tlwp_increase_memory_limit",241,{"type":149,"name":161,"callback":162,"file":163,"line":164},"plugins_loaded","anonymous","includes\\class-wp-temporary-login-without-password.php",137,{"type":149,"name":166,"callback":162,"file":163,"line":167},"admin_enqueue_scripts",149,{"type":149,"name":166,"callback":162,"file":163,"line":169},150,{"type":149,"name":171,"callback":162,"file":163,"line":172},"admin_menu",152,{"type":149,"name":174,"callback":162,"file":163,"line":175},"network_admin_menu",153,{"type":149,"name":150,"callback":162,"file":163,"line":177},154,{"type":149,"name":150,"callback":162,"file":163,"line":179},155,{"type":149,"name":150,"callback":162,"file":163,"line":181},156,{"type":149,"name":150,"callback":162,"file":163,"line":183},157,{"type":149,"name":185,"callback":162,"file":163,"line":186},"admin_notices",158,{"type":149,"name":188,"callback":162,"file":163,"line":189},"admin_bar_menu",159,{"type":149,"name":191,"callback":162,"file":163,"line":192},"admin_head",160,{"type":149,"name":185,"callback":162,"file":163,"line":194},164,{"type":156,"name":196,"callback":162,"file":163,"line":197},"wpmu_welcome_notification",168,{"type":156,"name":199,"callback":162,"file":163,"line":200},"plugin_action_links",169,{"type":149,"name":202,"callback":162,"file":163,"line":203},"admin_print_scripts",172,{"type":149,"name":205,"callback":162,"file":163,"line":206},"in_plugin_update_message-temporary-login-without-password\u002Ftemporary-login-without-password.php",174,{"type":156,"name":208,"callback":162,"file":163,"line":209},"admin_footer_text",176,{"type":149,"name":211,"callback":162,"file":163,"line":212},"wp_loaded",178,{"type":149,"name":214,"callback":162,"file":163,"line":215},"init",191,{"type":156,"name":217,"callback":162,"file":163,"line":218},"wp_authenticate_user",192,{"type":156,"name":220,"callback":162,"file":163,"line":221},"allow_password_reset",193,{"type":149,"name":166,"callback":223,"file":224,"line":225},"enqueue_styles","includes\\feedback\\class-ig-feedback.php",112,{"type":149,"name":166,"callback":227,"file":224,"line":228},"enqueue_scripts",113,{"type":149,"name":185,"callback":230,"file":224,"line":231},"show_review_notice",120,{"type":149,"name":233,"callback":234,"priority":235,"file":224,"line":236},"admin_print_footer_scripts","js",20,348,{"type":149,"name":202,"callback":238,"file":224,"line":239},"css",349,{"type":149,"name":241,"callback":242,"file":224,"line":243},"admin_footer","modal",350,{"type":156,"name":245,"callback":246,"priority":247,"file":248,"line":249},"tlwp_additional_feedback_meta_info","tlwp_get_additional_info",10,"includes\\feedback.php",43,{"type":156,"name":251,"callback":251,"priority":247,"file":248,"line":252},"tlwp_can_ask_user_for_review",84,{"type":156,"name":254,"callback":254,"priority":247,"file":248,"line":255},"tlwp_review_message_data",107,{"type":156,"name":257,"callback":257,"priority":247,"file":248,"line":258},"tlwp_can_load_sweetalert_js",129,{"type":156,"name":260,"callback":260,"priority":247,"file":248,"line":261},"tlwp_can_load_sweetalert_css",151,{"type":156,"name":263,"callback":264,"file":248,"line":265},"tlwp_escape_allowed_tags","tlwp_add_escape_allowed_tags",300,{"type":149,"name":185,"callback":267,"file":248,"line":268},"tlwp_show_feature_survey",371,{"type":156,"name":270,"callback":271,"priority":247,"file":272,"line":273},"tlwp_login_redirect","redirect_after_login","public\\class-wp-temporary-login-without-password-public.php",39,{"type":149,"name":161,"callback":275,"priority":27,"file":276,"line":277},"wtlwp_deactivate_free_plugin","temporary-login-without-password.php",25,{"type":149,"name":150,"callback":279,"file":276,"line":280},"tlwp_redirect",128,[282,289,292],{"action":283,"nopriv":284,"callback":285,"hasNonce":286,"hasCapCheck":286,"file":287,"line":288},"wtlwp_enable_one_click_login",false,"handle_enable_one_click_login",true,"admin\\class-wp-temporary-login-without-password-admin.php",48,{"action":290,"nopriv":284,"callback":162,"hasNonce":284,"hasCapCheck":284,"file":163,"line":291},"tlwp_dismiss_mailer_promotion_notice",165,{"action":293,"nopriv":284,"callback":162,"hasNonce":284,"hasCapCheck":284,"file":163,"line":294},"tlwp_mailer_notice_clickable",166,[],[],[],3,2,{"dangerousFunctions":301,"sqlUsage":302,"outputEscaping":304,"fileOperations":299,"externalRequests":27,"nonceChecks":247,"capabilityChecks":496,"bundledLibraries":497},[],{"prepared":67,"raw":28,"locations":303},[],{"escaped":305,"rawEcho":13,"locations":306},397,[307,310,312,314,316,318,320,322,324,327,329,331,333,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,366,369,371,373,376,378,380,382,384,386,388,389,391,393,395,397,399,400,402,404,406,408,410,412,414,416,418,419,420,422,424,426,428,430,432,434,436,438,439,441,443,445,447,449,451,453,454,456,459,461,462,463,464,466,468,469,470,472,474,476,477,478,481,482,484,486,488,489,490,491,493,494],{"file":287,"line":308,"context":309},677,"raw output",{"file":287,"line":311,"context":309},729,{"file":287,"line":313,"context":309},812,{"file":287,"line":315,"context":309},824,{"file":287,"line":317,"context":309},836,{"file":287,"line":319,"context":309},840,{"file":287,"line":321,"context":309},850,{"file":287,"line":323,"context":309},854,{"file":325,"line":326,"context":309},"includes\\class-wp-temporary-login-without-password-common.php",313,{"file":325,"line":328,"context":309},943,{"file":325,"line":330,"context":309},1035,{"file":325,"line":332,"context":309},1194,{"file":224,"line":334,"context":309},294,{"file":224,"line":336,"context":309},544,{"file":224,"line":338,"context":309},789,{"file":224,"line":340,"context":309},994,{"file":224,"line":342,"context":309},1006,{"file":224,"line":344,"context":309},1144,{"file":224,"line":346,"context":309},1147,{"file":224,"line":348,"context":309},1151,{"file":224,"line":350,"context":309},1203,{"file":224,"line":352,"context":309},1228,{"file":224,"line":354,"context":309},1582,{"file":224,"line":356,"context":309},1583,{"file":224,"line":358,"context":309},1598,{"file":224,"line":360,"context":309},1606,{"file":224,"line":362,"context":309},1608,{"file":364,"line":365,"context":309},"templates\\activity-logs.php",17,{"file":367,"line":368,"context":309},"templates\\admin-settings.php",62,{"file":367,"line":370,"context":309},131,{"file":367,"line":372,"context":309},142,{"file":374,"line":375,"context":309},"templates\\list-temporary-logins.php",11,{"file":374,"line":377,"context":309},21,{"file":374,"line":379,"context":309},24,{"file":374,"line":381,"context":309},32,{"file":383,"line":49,"context":309},"templates\\new-login.php",{"file":383,"line":385,"context":309},14,{"file":383,"line":387,"context":309},23,{"file":383,"line":381,"context":309},{"file":383,"line":390,"context":309},42,{"file":383,"line":392,"context":309},45,{"file":383,"line":394,"context":309},51,{"file":383,"line":396,"context":309},63,{"file":383,"line":398,"context":309},74,{"file":383,"line":111,"context":309},{"file":383,"line":401,"context":309},104,{"file":403,"line":212,"context":309},"templates\\other-plugins.php",{"file":403,"line":405,"context":309},180,{"file":403,"line":407,"context":309},182,{"file":403,"line":409,"context":309},184,{"file":403,"line":411,"context":309},199,{"file":403,"line":413,"context":309},201,{"file":403,"line":415,"context":309},207,{"file":417,"line":67,"context":309},"templates\\pricing.php",{"file":417,"line":152,"context":309},{"file":417,"line":247,"context":309},{"file":417,"line":421,"context":309},13,{"file":417,"line":423,"context":309},16,{"file":417,"line":425,"context":309},28,{"file":417,"line":427,"context":309},29,{"file":417,"line":429,"context":309},34,{"file":417,"line":431,"context":309},35,{"file":417,"line":433,"context":309},46,{"file":417,"line":435,"context":309},47,{"file":417,"line":437,"context":309},56,{"file":417,"line":437,"context":309},{"file":417,"line":440,"context":309},59,{"file":417,"line":442,"context":309},60,{"file":417,"line":444,"context":309},64,{"file":417,"line":446,"context":309},65,{"file":417,"line":448,"context":309},66,{"file":417,"line":450,"context":309},68,{"file":417,"line":452,"context":309},70,{"file":417,"line":452,"context":309},{"file":455,"line":365,"context":309},"templates\\system-info.php",{"file":457,"line":458,"context":309},"templates\\temporary-login-notification.php",15,{"file":457,"line":460,"context":309},18,{"file":457,"line":377,"context":309},{"file":457,"line":379,"context":309},{"file":457,"line":277,"context":309},{"file":457,"line":465,"context":309},26,{"file":467,"line":235,"context":309},"templates\\temporary-logins-settings.php",{"file":467,"line":377,"context":309},{"file":467,"line":273,"context":309},{"file":467,"line":471,"context":309},57,{"file":467,"line":473,"context":309},75,{"file":467,"line":475,"context":309},94,{"file":467,"line":51,"context":309},{"file":467,"line":228,"context":309},{"file":479,"line":480,"context":309},"templates\\update-login.php",8,{"file":479,"line":421,"context":309},{"file":479,"line":483,"context":309},22,{"file":479,"line":485,"context":309},31,{"file":479,"line":487,"context":309},41,{"file":479,"line":392,"context":309},{"file":479,"line":394,"context":309},{"file":479,"line":448,"context":309},{"file":479,"line":492,"context":309},77,{"file":479,"line":51,"context":309},{"file":479,"line":495,"context":309},106,6,[],[499,517,529],{"entryPoint":500,"graph":501,"unsanitizedCount":28,"severity":516},"\u003Cclass-wp-temporary-login-without-password-admin> (admin\\class-wp-temporary-login-without-password-admin.php:0)",{"nodes":502,"edges":514},[503,508],{"id":504,"type":505,"label":506,"file":287,"line":507},"n0","source","$_GET (x2)",197,{"id":509,"type":510,"label":511,"file":287,"line":512,"wp_function":513},"n1","sink","wp_redirect() [Open Redirect]",483,"wp_redirect",[515],{"from":504,"to":509,"sanitized":286},"low",{"entryPoint":518,"graph":519,"unsanitizedCount":28,"severity":516},"show_review_notice (includes\\feedback\\class-ig-feedback.php:128)",{"nodes":520,"edges":527},[521,523],{"id":504,"type":505,"label":506,"file":224,"line":522},217,{"id":509,"type":510,"label":524,"file":224,"line":525,"wp_function":526},"echo() [XSS]",222,"echo",[528],{"from":504,"to":509,"sanitized":286},{"entryPoint":530,"graph":531,"unsanitizedCount":28,"severity":516},"\u003Cclass-ig-feedback> (includes\\feedback\\class-ig-feedback.php:0)",{"nodes":532,"edges":535},[533,534],{"id":504,"type":505,"label":506,"file":224,"line":522},{"id":509,"type":510,"label":524,"file":224,"line":525,"wp_function":526},[536],{"from":504,"to":509,"sanitized":286},{"summary":538,"deductions":539},"The 'temporary-login-without-password' plugin version 1.9.7 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a reasonably high percentage of output escaping, there are significant areas of concern. The presence of 3 AJAX handlers, with 2 lacking authentication checks, presents a substantial attack surface that could be exploited by unauthenticated users. Fortunately, the static analysis did not reveal any critical or high severity taint flows, suggesting that while entry points are exposed, the immediate risk of data compromise or code execution from these specific flows might be limited.\n\nThe plugin's vulnerability history, while not showing any currently unpatched issues, does indicate a past medium severity vulnerability related to 'Incorrect Authorization' in 2021. This historical pattern, combined with the current lack of authentication checks on AJAX handlers, suggests a potential recurring weakness in how the plugin handles user permissions and access control.\n\nIn conclusion, the plugin has strengths in its data handling (SQL, output escaping), but these are overshadowed by the significant security risk posed by unprotected AJAX endpoints. The historical vulnerability further reinforces the need for careful review of its authorization mechanisms. Immediate attention should be paid to securing the identified AJAX handlers to mitigate the risk of unauthorized actions.",[540,542,544],{"reason":541,"points":247},"Unprotected AJAX handlers",{"reason":543,"points":247},"Past medium severity vulnerability (Incorrect Authorization)",{"reason":545,"points":298},"Relatively high attack surface (3 entry points)","2026-03-16T17:09:17.390Z",{"wat":548,"direct":561},{"assetPaths":549,"generatorPatterns":554,"scriptPaths":555,"versionParams":556},[550,551,552,553],"\u002Fwp-content\u002Fplugins\u002Ftemporary-login-without-password\u002Fcss\u002Fwp-temporary-login-without-password-admin.css","\u002Fwp-content\u002Fplugins\u002Ftemporary-login-without-password\u002Fjs\u002Fwp-temporary-login-without-password-admin.js","\u002Fwp-content\u002Fplugins\u002Ftemporary-login-without-password\u002Fjs\u002Fclipboard.min.js","\u002Fwp-content\u002Fplugins\u002Ftemporary-login-without-password\u002Fdist\u002Fmain.css",[],[551,552],[557,558,559,560],"temporary-login-without-password\u002Fcss\u002Fwp-temporary-login-without-password-admin.css?ver=","temporary-login-without-password\u002Fjs\u002Fwp-temporary-login-without-password-admin.js?ver=","temporary-login-without-password\u002Fjs\u002Fclipboard.min.js?ver=","temporary-login-without-password\u002Fdist\u002Fmain.css?ver=",{"cssClasses":562,"htmlComments":568,"htmlAttributes":569,"restEndpoints":574,"jsGlobals":575,"shortcodeOutput":578},[563,564,565,566,567],"wtlwp-field-wrap","wtlwp-form-group","wtlwp-input","wtlwp-btn","wtlwp-btn-primary",[],[570,571,572,573],"data-tlwp-user-id","data-tlwp-role","data-tlwp-expiration","data-tlwp-copy-btn",[],[576,577],"data","WTLWP_PLUGIN_VERSION",[]]