[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$facxsVLtgq_ERlssq9n_vyVwwTOuqmZ92wIRBMeD-RMw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":53,"analysis":153,"fingerprints":230},"theme-per-user","Theme per user","1.0.4","Presslabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fpresslabs\u002F","\u003Cp>Load one Theme for a specific user. You must set the theme from User Profile then logout and login again in order to take effect.\u003C\u002Fp>\n\u003Ch4>Github repository\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fpresslabs\u002Ftheme-per-user\u003C\u002Fp>\n","Load one Theme for a specific user. You must set the theme from User Profile then logout and login again in order to take effect.",90,8013,74,3,"2025-12-04T19:22:00.000Z","6.9.4","3.8.1","",[20,21,4,22,23],"presslabs","redirect","themes","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-per-user.1.0.4.zip",98,1,0,"2023-12-29 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2023-52181","theme-per-user-unauthenticated-php-object-injection","Theme per user \u003C= 1.0.1 - Unauthenticated PHP Object Injection","The Theme per user plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.2 (exclusive) via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=1.0.1","1.0.2","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbc7e6844-23e2-4523-8261-21d4cba87db3?source=api-prod",25,{"slug":20,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":46,"trust_score":51,"computed_at":52},5,1300,100,94,"2026-04-04T11:03:44.703Z",[54,78,98,118,136],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":51,"num_ratings":64,"last_updated":65,"tested_up_to":16,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":74,"download_link":75,"security_score":76,"vuln_count":14,"unpatched_count":27,"last_vuln_date":77,"fetched_at":29},"inactive-logout","Inactive Logout","3.6.1","Deepen Bajracharya","https:\u002F\u002Fprofiles.wordpress.org\u002Fj_3rk\u002F","\u003Cp>Protect your WordPress users’ sessions from prying eyes and snoopers!\u003C\u002Fp>\n\u003Cp>The Inactive Logout plugin automatically terminates idle user sessions, safeguarding your site if users leave their sessions unattended.\u003C\u002Fp>\n\u003Cp>A simple plugin which is easy to configure and use. After installing and activating it, just set the idle timeout from the plugin settings. From then on, any unattended idle WordPress sessions will be automatically terminated. You can also display a custom message to users, warning them that their session is about to end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it out ==> \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Finactive-logout\u002F\" title=\"Demo Link\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES:\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change idle timeout time.\u003C\u002Fli>\n\u003Cli>Count down of 10 seconds before actual logout. You can remove this feature if you dont want it.\u003C\u002Fli>\n\u003Cli>Add only \u003Cstrong>Wake Up!\u003C\u002Fstrong> message where user will not logout but instead a wakeup message will be shown upon inactive.\u003C\u002Fli>\n\u003Cli>Custom Popup Message.\u003C\u002Fli>\n\u003Cli>Show idle message for non authenticated users or redirect them.\u003C\u002Fli>\n\u003Cli>Concurrent user logouts.\u003C\u002Fli>\n\u003Cli>Toast notification on Logout.\u003C\u002Fli>\n\u003Cli>Redirect to a Different Page instead of Popup box. Create a page such as timeout page and add your content there by creating a blank template or style it as you wish according to your theme.\u003C\u002Fli>\n\u003Cli>Multiple User Role Configurations for individual timeout and session logout redirects.\u003C\u002Fli>\n\u003Cli>Logout to custom page or existing page.\u003C\u002Fli>\n\u003Cli>Clean UI\u003C\u002Fli>\n\u003Cli>WooCommerce Supported.\u003C\u002Fli>\n\u003Cli>Multisite Support: Override all sites with one setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>EXTEND OTHER FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Few of the key features to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002Fpricing\u002F\" title=\"Inactive Logout Pro\" rel=\"nofollow ugc\">Inactive Logout Pro\u003C\u002Fa>\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto browser close logout after defined duration.\u003C\u002Fli>\n\u003Cli>Fully functional multi-tab support.\u003C\u002Fli>\n\u003Cli>User Based Logout\u003C\u002Fli>\n\u003Cli>Track Visitors based on \u003Cstrong>(Login time, logout time, browser, online status, session duration, role, os, IP)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Force Logout All Users\u003C\u002Fli>\n\u003Cli>Logout Specific User(s)\u003C\u002Fli>\n\u003Cli>Bulk Logout Users\u003C\u002Fli>\n\u003Cli>Concurrent Login Limits.\u003C\u002Fli>\n\u003Cli>Last Login Activity\u003C\u002Fli>\n\u003Cli>Override Multiple Login priority\u003C\u002Fli>\n\u003Cli>User Lock whenever certain limit login has been reached.\u003C\u002Fli>\n\u003Cli>Track user login sessions.\u003C\u002Fli>\n\u003Cli>Logout redirects.\u003C\u002Fli>\n\u003Cli>Login redirects.\u003C\u002Fli>\n\u003Cli>Email notification and email template overrides for Locked concurrent session.\u003C\u002Fli>\n\u003Cli>Disable inactive logout for specified pages according to your need. Check this \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftechies23\u002F6d2852eedd6ae56c486056e021e4ee48\" title=\"documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong> for additional post type support.\u003C\u002Fli>\n\u003Cli>Disable native wordpress login popup after logout\u003C\u002Fli>\n\u003Cli>Modal Customizer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>**See the \u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002F\" title=\"Inactive Logout\" rel=\"nofollow ugc\">Inactive Logout\u003C\u002Fa> homepage for further information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please consider giving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finactive-logout\u002Freviews\u002F#new-post\" title=\"5 star thumbs up\" rel=\"ugc\">5 star thumbs up\u003C\u002Fa> if you found this useful.\u003C\u002Fstrong>\u003C\u002Fp>\n","Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.",20000,656143,106,"2025-12-09T05:09:00.000Z","6.6","7.4",[69,70,71,72,73],"concurrent-login-limit","idle-logout","logout","security","user-redirection","https:\u002F\u002Finactive-logout.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finactive-logout.3.6.1.zip",96,"2025-10-31 13:27:51",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":76,"num_ratings":88,"last_updated":89,"tested_up_to":16,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":18,"download_link":97,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"role-based-redirect","Role Based Redirect","1.6","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>Role Based Redirect allows you to customize the login and logout redirection URLs based on user roles. Additionally, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect users after login based on their role.\u003C\u002Fli>\n\u003Cli>Redirect users after logout based on their role.\u003C\u002Fli>\n\u003Cli>Hide the WordPress admin bar for selected user roles.\u003C\u002Fli>\n\u003Cli>Restrict dashboard access by user role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is useful for membership sites, multi-role websites, or any WordPress setup where you want to provide a tailored user experience.\u003C\u002Fp>\n","Redirect users after login\u002Flogout by role. Optionally hide admin bar and block dashboard access for selected roles.",2000,24663,17,"2025-07-18T04:36:00.000Z","4.0","5.6",[93,94,95,96,23],"hide-admin-bar","redirection","restrict-dashboard","role","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frole-based-redirect.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":13,"num_ratings":14,"last_updated":108,"tested_up_to":16,"requires_at_least":109,"requires_php":67,"tags":110,"homepage":116,"download_link":117,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"basic-front-end-login","Basic Front-End Login","2.1","Mitchell Bennis","https:\u002F\u002Fprofiles.wordpress.org\u002Feemitch\u002F","\u003Cp>Adds a basic front-end login for to any page, post or widget and redirects to the page you choose. It also can block access to the back-end and disable the Admin Bar. This plugin is for when you want your users to be logged-in, but do not want them to have access to the WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>To display the login form, place this shortcode on any page, post, or widget: \u003Cem>[eeBFEL]\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>After the user has logged in, they will be redirected to your home page or the URL you define in the plugin settings. You can also optionaly display a logout button at the bottom-right of each page.\u003C\u002Fp>\n\u003Ch3>Redirect After Login\u003C\u002Fh3>\n\u003Cp>To define destinations in additional login forms, use the “redirect” attribute to over-ride the default. There is no limit to the number of forms you can use.\u003C\u002Fp>\n\u003Cp>\u003Cem>[eeBFEL redirect=”https:\u002F\u002Fwebsite.com\u002Fyour-files-page\u002F”]\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Deny Dashboard Access\u003C\u002Fh3>\n\u003Cp>In the plugin settings you can optionally select roles that you want to deny back-end access to. All built-in and custom roles, except Administrator, can be blocked. The Admin Bar will not appear and direct back-end access attempts will simply redirect to your home page. This restriction will be site-wide and is unrelated to the use of the shortcode.\u003C\u002Fp>\n\u003Cp>Even if you don’t need a login form, this can add an extra measure of security to your website by denying back-end access to all roles except Administrators.\u003C\u002Fp>\n\u003Ch3>NEW – Show a Logout Button\u003C\u002Fh3>\n\u003Cp>Optionally show a small logout button on the bottom-right of each page if the user is logged in. Logging out returns the user to the home page.\u003C\u002Fp>\n","Adds a basic front-end login form to any page, post or widget and redirects to the page you choose.",300,5310,"2025-12-25T22:12:00.000Z","5.0",[111,112,113,114,115],"login-form","login-redirect","logout-button","no-admin-bar","user-login","https:\u002F\u002Fsimplefilelist.com\u002Fbasic-front-end-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-front-end-login.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":50,"downloaded":126,"rating":27,"num_ratings":27,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":133,"download_link":134,"security_score":135,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"redirect-wp-sign-up-for-ithemes-security","Redirect WordPress Sign-up for iThemes Security","1.0","Michal Danko","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaldanko\u002F","\u003Cp>This is a simple plugin that redirects WordPress Sign-up to homepage if is activated “Hide Backend” module in iThemes Security settings.\u003C\u002Fp>\n","This plugin redirects WordPress Sign-up to homepage if is activated \"Hide Backend\" module in iThemes Security settings.",1491,"2017-11-30T10:42:00.000Z","4.9.29","4.4",[131,21,72,132],"ithemes","wp-sign-up","https:\u002F\u002Fgithub.com\u002Fmichaldanko\u002Fredirect-wp-signup-for-itsec","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fredirect-wp-sign-up-for-ithemes-security.zip",85,{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":146,"requires_at_least":18,"requires_php":18,"tags":147,"homepage":18,"download_link":151,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":152},"wp-redirect-to-homepage-after-login","WP – Redirect to homepage after login","1.7.9","Hervé Yvis","https:\u002F\u002Fprofiles.wordpress.org\u002Fyvisherve\u002F","\u003Cp>This lightweight plugin allow you to redirect all users to your site’s homepage after the login step.\u003C\u002Fp>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>This program is provided under the MIT license.\u003C\u002Fp>\n\u003Cp>Copyright (c) 2019 Hervé Yvis\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy\u003Cbr \u002F>\nof this software and associated documentation files (the “Software”), to deal\u003Cbr \u002F>\nin the Software without restriction, including without limitation the rights\u003Cbr \u002F>\nto use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell\u003Cbr \u002F>\ncopies of the Software, and to permit persons to whom the Software is\u003Cbr \u002F>\nfurnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in all\u003Cbr \u002F>\ncopies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\u003Cbr \u002F>\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\u003Cbr \u002F>\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\u003Cbr \u002F>\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\u003Cbr \u002F>\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\u003Cbr \u002F>\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\u003Cbr \u002F>\nSOFTWARE.\u003C\u002Fp>\n","This lightweight plugin allow you to redirect all users to your site's homepage after the login step.",80,2874,"5.4.19",[148,149,21,150],"homepage","login","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-redirect-to-homepage-after-login.1.7.9.zip","2026-03-15T10:48:56.248Z",{"attackSurface":154,"codeSignals":204,"taintFlows":217,"riskAssessment":218,"analyzedAt":229},{"hooks":155,"ajaxHandlers":200,"restRoutes":201,"shortcodes":202,"cronEvents":203,"entryPointCount":27,"unprotectedCount":27},[156,162,166,169,172,175,180,185,189,193,196],{"type":157,"name":158,"callback":159,"file":160,"line":161},"filter","template","theme_per_user_custom_theme_template","theme-per-user.php",34,{"type":157,"name":163,"callback":164,"file":160,"line":165},"stylesheet","theme_per_user_custom_theme_style",35,{"type":157,"name":167,"callback":159,"file":160,"line":168},"option_current_theme",36,{"type":157,"name":170,"callback":164,"file":160,"line":171},"option_template",37,{"type":157,"name":173,"callback":159,"file":160,"line":174},"option_stylesheet",38,{"type":176,"name":177,"callback":178,"file":160,"line":179},"action","plugins_loaded","theme_per_user_change_theme",41,{"type":176,"name":181,"callback":182,"priority":183,"file":160,"line":184},"set_auth_cookie","theme_per_user_set_cookie",10,56,{"type":176,"name":186,"callback":187,"file":160,"line":188},"profile_personal_options","theme_per_user_extra_profile_fields",97,{"type":176,"name":190,"callback":191,"file":160,"line":192},"personal_options_update","theme_per_user_save_extra_profile_fields",118,{"type":176,"name":194,"callback":191,"file":160,"line":195},"edit_user_profile_update",119,{"type":176,"name":197,"callback":198,"file":160,"line":199},"after_switch_theme","theme_per_user_theme_activation_function",137,[],[],[],[],{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":208,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":26,"bundledLibraries":216},[],{"prepared":27,"raw":27,"locations":207},[],{"escaped":27,"rawEcho":14,"locations":209},[210,213,214],{"file":160,"line":211,"context":212},84,"raw output",{"file":160,"line":211,"context":212},{"file":160,"line":215,"context":212},86,[],[],{"summary":219,"deductions":220},"The security posture of the 'theme-per-user' plugin v1.0.4 presents a mixed picture. On one hand, the plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and having no identified dangerous functions, file operations, or external HTTP requests. The absence of a significant attack surface through AJAX, REST API, shortcodes, and cron events is also a positive indicator.  However, a critical concern arises from the vulnerability history. The plugin has a known critical CVE related to Deserialization of Untrusted Data, and crucially, this vulnerability is listed as 'currently unpatched'. This single unpatched critical vulnerability significantly elevates the risk associated with using this plugin.",[221,224,227],{"reason":222,"points":223},"Unpatched critical CVE (Deserialization of Untrusted Data)",20,{"reason":225,"points":226},"Output not properly escaped",6,{"reason":228,"points":48},"No nonce checks found","2026-03-16T21:22:42.075Z",{"wat":231,"direct":236},{"assetPaths":232,"generatorPatterns":233,"scriptPaths":234,"versionParams":235},[],[],[],[],{"cssClasses":237,"htmlComments":238,"htmlAttributes":239,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":243},[],[],[240],"theme_per_user",[],[],[]]