[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1Mv2bY5qyGrSEe5_N34OMfPBqnGBm7-flZZ7pFIMuKI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":34,"fingerprints":69},"unified-login-error-messages","Unified Login Error Messages","1.0","latz","https:\u002F\u002Fprofiles.wordpress.org\u002Flatz\u002F","\u003Cp>If you log-in to your WordPress backend and enter the right username but a false\u003Cbr \u002F>\npassword WordPress shows the error message “ERROR: The password you entered for\u003Cbr \u002F>\nthe username admin is incorrect. Lost your password?” revealing that the username\u003Cbr \u002F>\n“admin” is registered and a possible attacker can check passwords with this\u003Cbr \u002F>\nusername to gain access to the installation.\u003Cbr \u002F>\nThis plugin changes the error messages to “ERROR: Invalid user\u002Fpassword\u003Cbr \u002F>\ncombination.” if you enter a non-registered username and\u002For a false password and\u003Cbr \u002F>\nmakes it more difficult for an attacker to decypher your blog’s passwords.\u003C\u002Fp>\n","Changes the login error messages revealing the existence of a user name to a more secure version.",200,3083,100,1,"2011-06-07T09:16:00.000Z","3.2.1","3.0","",[],"http:\u002F\u002Fx.elektroelch.net\u002Fulem\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funified-login-error-messages.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},8,1540,587,69,"2026-04-05T04:00:57.760Z",[],{"attackSurface":35,"codeSignals":52,"taintFlows":59,"riskAssessment":60,"analyzedAt":68},{"hooks":36,"ajaxHandlers":48,"restRoutes":49,"shortcodes":50,"cronEvents":51,"entryPointCount":23,"unprotectedCount":23},[37,43],{"type":38,"name":39,"callback":40,"file":41,"line":42},"filter","login_errors","login_error_messages","ulem.php",25,{"type":44,"name":45,"callback":46,"file":41,"line":47},"action","init","load_textdomain",26,[],[],[],[],{"dangerousFunctions":53,"sqlUsage":54,"outputEscaping":56,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":58},[],{"prepared":23,"raw":23,"locations":55},[],{"escaped":23,"rawEcho":23,"locations":57},[],[],[],{"summary":61,"deductions":62},"The \"unified-login-error-messages\" v1.0 plugin exhibits an exceptionally strong security posture based on the provided static analysis.  The complete absence of any identified attack surface, dangerous functions, direct SQL queries, unescaped output, file operations, external requests, or taint flows indicates meticulous development practices.  Furthermore, the lack of any recorded vulnerability history reinforces this positive assessment, suggesting a history of secure code and prompt patching.  This plugin appears to be very lightweight and focused, with no obvious mechanisms for introducing vulnerabilities.\n\nThe primary concern, though minor in this context, stems from the complete absence of capability checks and nonce checks. While the current analysis shows no exploitable entry points, in future versions or if the plugin were to introduce new features (like AJAX handlers or REST API endpoints), the lack of these fundamental security checks could become a significant risk.  Without them, any new functionality could potentially be exploited by unauthenticated or unauthorized users if not carefully implemented. However, as it stands, this plugin represents a secure and well-developed component.",[63,66],{"reason":64,"points":65},"Missing nonce checks",5,{"reason":67,"points":65},"Missing capability checks","2026-03-16T20:26:57.227Z",{"wat":70,"direct":75},{"assetPaths":71,"generatorPatterns":72,"scriptPaths":73,"versionParams":74},[],[],[],[],{"cssClasses":76,"htmlComments":77,"htmlAttributes":78,"restEndpoints":79,"jsGlobals":80,"shortcodeOutput":81},[],[],[],[],[],[]]