[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB70G19ygLIq06X0LKcf3eHcVRsXVR1mn0J5ibBEEVss":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":137,"fingerprints":200},"um-user-switching","UM User Switching","1.0.1.1","SuitePlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuiteplugins\u002F","\u003Cp>Adds a link to member profile header section of Ultimate Member for switching to a user.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Tested up to 1.4.0 of User Switching\u003C\u002Fli>\n\u003Cli>Tested up to 2.0.35 of Ultimate Member\u003C\u002Fli>\n\u003C\u002Ful>\n","Addon that integrates User Switching to Ultimate Member",10,1842,0,"2018-12-12T15:21:00.000Z","4.9.29","3.7","",[19,20,21,22,23],"fast-user-switching","multisite","profiles","user-switching","users","https:\u002F\u002Fsuiteplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fum-user-switching.1.0.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"suiteplugins",17,1600,86,7,90,"2026-04-04T15:34:18.735Z",[39,59,78,97,117],{"slug":22,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"User Switching","1.11.2","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You’ll be instantly logged out and logged in as your desired user. This is handy for helping customers on WooCommerce sites, membership sites, testing environments, or for any site where administrators need to switch between multiple accounts.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Switch user: Instantly switch to any user account from the \u003Cem>Users\u003C\u002Fem> screen.\u003C\u002Fli>\n\u003Cli>Switch back: Instantly switch back to your originating account.\u003C\u002Fli>\n\u003Cli>Switch off: Log out of your account but retain the ability to instantly switch back in again.\u003C\u002Fli>\n\u003Cli>Compatible with Multisite, WooCommerce, BuddyPress, and bbPress.\u003C\u002Fli>\n\u003Cli>Compatible with most membership and user management plugins.\u003C\u002Fli>\n\u003Cli>Compatible with most two-factor authentication solutions (see the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info).\u003C\u002Fli>\n\u003Cli>Approved for use on enterprise-grade WordPress platforms such as \u003Ca href=\"https:\u002F\u002Fwww.altis-dxp.com\u002F\" rel=\"nofollow ugc\">Altis\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpvip.com\u002F\" rel=\"nofollow ugc\">WordPress VIP\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: User Switching supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.\u003C\u002Fli>\n\u003Cli>Passwords are not (and cannot be) revealed.\u003C\u002Fli>\n\u003Cli>Uses the cookie authentication system in WordPress when remembering the account(s) you’ve switched from and when switching back.\u003C\u002Fli>\n\u003Cli>Implements the nonce security system in WordPress, meaning only those who intend to switch users can switch.\u003C\u002Fli>\n\u003Cli>Full support for user session validation where appropriate.\u003C\u002Fli>\n\u003Cli>Full support for HTTPS.\u003C\u002Fli>\n\u003Cli>Backed by \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fuser-switching\" rel=\"nofollow ugc\">the Patchstack Vulnerability Disclosure Program\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the \u003Cem>Users\u003C\u002Fem> menu in WordPress and you’ll see a \u003Cem>Switch To\u003C\u002Fem> link in the list of action links for each user.\u003C\u002Fli>\n\u003Cli>Click this and you will immediately switch into that user account.\u003C\u002Fli>\n\u003Cli>You can switch back to your originating account via the \u003Cem>Switch back\u003C\u002Fem> link on each dashboard screen or in your profile menu in the WordPress toolbar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for information about the \u003Cem>Switch Off\u003C\u002Fem> feature.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.\u003C\u002Fp>\n\u003Cp>User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, which means their values contain the user’s \u003Ccode>user_login\u003C\u002Fcode> field in plain text which should be treated as potentially personally identifiable information (PII) for privacy and regulatory reasons (GDPR, CCPA, etc). The names of the cookies are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wordpress_user_sw_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_secure_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_olduser_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See also the FAQ for some questions relating to privacy and safety when switching between users.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>User Switching aims to be fully accessible to all of its users. It implements best practices for web accessibility, outputs semantic and structured markup, adheres to the default styles and accessibility guidelines of WordPress, uses the accessibility APIs provided by WordPress and web browsers where appropriate, and is fully accessible via keyboard.\u003C\u002Fp>\n\u003Cp>User Switching should adhere to Web Content Accessibility Guidelines (WCAG) 2.0 at level AA when used with a recent version of WordPress where its admin area itself adheres to these guidelines. If you’ve experienced or identified an accessibility issue in User Switching, please open a thread in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-switching\u002F\" rel=\"ugc\">the User Switching plugin support forum\u003C\u002Fa> and I’ll address it swiftly.\u003C\u002Fp>\n","Instant switching between user accounts in WordPress and WooCommerce.",200000,5499975,98,239,"2026-02-27T00:17:00.000Z","6.9.4","6.1","7.4",[19,20,22,23,55],"woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-switching.1.11.2.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":76,"download_link":77,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"admin-bar-user-switching","Admin Bar User Switching","1.4","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>This plugin was originally developed by \u003Ca href=\"https:\u002F\u002Fmarkwilkinson.me\u002F\" rel=\"nofollow ugc\">Mark Wilkinson\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>An admin bar “Switch to User” option is provided which on hover provides a search box where you can query a user to switch to. The results are links to switch to that user. This plugin is great for when you are building sites for clients and it is beneficial to see the site as your logged in client see’s it.\u003C\u002Fp>\n\u003Cp>And there is an optional mode where you can use a custom keyboard combination, say ‘su’, and it activates the form where you search for users, and then you can use keyboard arrows to navigate the list of results, and the return key to switch to the selected user. The same combo can be used to focus the ‘Switch Off’ link, following a return to simulate a click.\u003C\u002Fp>\n\u003Cp>To activate this feature and set the custom keyboard combination, aka magic word, you need to use the \u003Ccode>abus_ajax_args\u003C\u002Fcode> and add a ‘magicWord’ variable.\u003C\u002Fp>\n\u003Cp>Note that keyboard navigation is not dependant on the custom keyboard combination, and can be used out of the box.\u003C\u002Fp>\n","Extends the excellent User Switching plugin by John Blackbourn by adding a User Switching to the admin bar for quick and easy user switching.",2000,49259,96,12,"2022-05-24T09:29:00.000Z","6.0.11","3.1","5.6",[22,23],"https:\u002F\u002Fwpexperts.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-bar-user-switching.1.4.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":58,"downloaded":86,"rating":58,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":95,"download_link":96,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"multisite-user-role-manager","Multisite User Role Manager","1.0.7","OzTheGreat","https:\u002F\u002Fprofiles.wordpress.org\u002Fozthegreat\u002F","\u003Cp>For WordPress Multisite (WPMU) installs, allows Super Admins to easily manage each users roles and blogs from one\u003Cbr \u002F>\nscreen in the Network Admin menu.\u003C\u002Fp>\n\u003Cp>You no longer have to go to each blog to change the user’s role. It’s also\u003Cbr \u002F>\nmuch easier to see which sites a user is associated with.\u003C\u002Fp>\n","Manage user roles for each blog from a single screen on multisite (WPMU) setups",30215,3,"2017-11-07T14:04:00.000Z","4.8.28","4.0",[92,20,93,23,94],"management","roles","wpmu","https:\u002F\u002Fwpartisan.me\u002Fplugins\u002Fmultisite-user-role-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-user-role-manager.1.0.7.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":58,"downloaded":105,"rating":58,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":16,"requires_php":109,"tags":110,"homepage":114,"download_link":115,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-user-role-switcher","User Role Switcher","0.2.1","Dhanendran Rajagopal","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhanendran\u002F","\u003Cp>This plugin allows you to quickly swap between user roles in WordPress at the click of a button. You’ll be instantly switched to the new user role. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts to test the feature in different user roles.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Switch Role To: Instantly switch to any user role from the admin bar at top.\u003C\u002Fli>\n\u003Cli>Switch back: Instantly switch back to your originating role.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, WordPress Multisite, WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only users with the ability to edit other users can switch user roles. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Once plugin is activated, you will see \u003Cem>Switch Role To\u003C\u002Fem> in the top admin bar.\u003C\u002Fli>\n\u003Cli>Clicking this will bring the list of user roles available in the system.\u003C\u002Fli>\n\u003Cli>Click on any user role you want to test as.\u003C\u002Fli>\n\u003Cli>You can switch back to your originating user role via the \u003Cem>Switch back\u003C\u002Fem> link on the top admin bar.\u003C\u002Fli>\n\u003C\u002Fol>\n","Instant switching between user roles in WordPress.",4683,2,"2025-01-02T08:02:00.000Z","5.6.17","6.2.2",[111,21,112,113,23],"admin-role","role","user-role-switching","https:\u002F\u002Fgithub.com\u002Fdhanendran\u002Fwp-user-role-switcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-role-switcher.0.2.2.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":17,"tags":132,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"multisite-user-management","Multisite User Management","1.1","thenbrent","https:\u002F\u002Fprofiles.wordpress.org\u002Fthenbrent\u002F","\u003Cp>Running a WordPress network? You no longer need to manually add new users to each of your sites.\u003C\u002Fp>\n\u003Cp>With this plugin, users are assigned a default role for each of your sites. You set the default role for each site and this plugin applies it.\u003C\u002Fp>\n\u003Cp>You can assign different roles for each site or keep a site private by assigning no role.\u003C\u002Fp>\n","Automatically add users to each site in your WordPress network.",70,89954,84,21,"2014-10-16T23:47:00.000Z","3.4.2","3.0",[133,20,134,93,23],"buddypress","multiuser","http:\u002F\u002Fgithub.com\u002Fthenbrent\u002Fmultisite-user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-user-management.1.1.zip",{"attackSurface":138,"codeSignals":173,"taintFlows":192,"riskAssessment":193,"analyzedAt":199},{"hooks":139,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":13,"unprotectedCount":13},[140,145,150,154,158,162,164,165,166,167],{"type":141,"name":142,"callback":142,"priority":13,"file":143,"line":144},"action","init","trunk\\um-user-switching.php",151,{"type":141,"name":146,"callback":147,"priority":148,"file":143,"line":149},"um_profile_header","um_add_switch_button",99,152,{"type":141,"name":151,"callback":152,"file":143,"line":153},"all_admin_notices","requirements_not_met_notice",216,{"type":141,"name":155,"callback":156,"file":143,"line":157},"admin_init","deactivate_me",219,{"type":141,"name":159,"callback":160,"file":143,"line":161},"plugins_loaded","hooks",363,{"type":141,"name":142,"callback":142,"priority":13,"file":163,"line":144},"um-user-switching.php",{"type":141,"name":146,"callback":147,"priority":148,"file":163,"line":149},{"type":141,"name":151,"callback":152,"file":163,"line":153},{"type":141,"name":155,"callback":156,"file":163,"line":157},{"type":141,"name":159,"callback":160,"file":163,"line":168},364,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":177,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":191},[],{"prepared":13,"raw":13,"locations":176},[],{"escaped":35,"rawEcho":178,"locations":179},6,[180,183,185,187,188,189],{"file":143,"line":181,"context":182},198,"raw output",{"file":143,"line":184,"context":182},282,{"file":143,"line":186,"context":182},283,{"file":163,"line":181,"context":182},{"file":163,"line":186,"context":182},{"file":163,"line":190,"context":182},284,[],[],{"summary":194,"deductions":195},"The \"um-user-switching\" plugin, in version 1.0.1.1, demonstrates a generally positive security posture based on the provided static analysis and vulnerability history. There are no reported CVEs, indicating a lack of known critical or high-severity vulnerabilities in its past. The static analysis also shows a clean slate regarding dangerous functions, SQL injection risks (all queries use prepared statements), and external HTTP requests. The attack surface is reported as zero, which is highly unusual and suggests the plugin may not have active components exposed for direct user interaction or integration, or the analysis might have limitations in identifying certain entry points.\n\nHowever, the static analysis does reveal a concern with output escaping, where only 54% of the outputs are properly escaped. This leaves a portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not adequately sanitized before being displayed. While there are no explicit taint flows or specific vulnerability types flagged, the unescaped output is a tangible risk that requires attention. The absence of capability checks and nonce checks, combined with zero unprotected entry points, is puzzling. If there were any entry points, their lack of authorization checks would be a major concern. Given the zero-entry-point finding, the lack of these checks might be irrelevant in practice, but it's a point to note for future development.",[196],{"reason":197,"points":198},"Unescaped output detected",5,"2026-03-17T01:11:13.222Z",{"wat":201,"direct":208},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":205,"versionParams":206},[],[204],"generator-plugin-wp",[],[207],"um-user-switching\u002Fincludes\u002Fclass-um-user-switching.php?ver=",{"cssClasses":209,"htmlComments":211,"htmlAttributes":212,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":215},[210],"user_switching",[],[],[],[],[216],"\u003Ca href=\"\" class=\"\" id=\"user_switching\">\u003Ci class=\"um-faicon-sign-in\" aria-hidden=\"true\">\u003C\u002Fi> Switch To\u003C\u002Fa>"]