[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faBSi6l1DblhSYBgSBPMqlU48ioMZ5Nrd2V70h_R-wcY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":85,"crawl_stats":36,"alternatives":92,"analysis":195,"fingerprints":536},"user-access-manager","User Access Manager","2.3.11","gm_alex","https:\u002F\u002Fprofiles.wordpress.org\u002Fgm_alex\u002F","\u003Cp>The “User Access Manager”-plugin for WordPress allows you to manage the access of your content. This is useful if you need a member area, a private section at your blog, or you want that other people can write at your blog but not everywhere. Including all post type (post, pages etc.), taxonomies (categories etc.) and files by creating user groups. Just assign the content you want to restrict und and your registered users which should have access to a group. From now on the content is only accessible and writable for the specified group.\u003C\u002Fp>\n\u003Cp>\u003Cem>Try it out\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>You can try it out at TasteWP.com before install: \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-access-manager?a=jlQ7F1va\" rel=\"nofollow ugc\">Try user access manager\u003C\u002Fa> (affiliate link)\u003C\u002Fp>\n\u003Cp>\u003Cem>Feature list\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User groups\u003C\u002Fli>\n\u003Cli>Set separate access for readers and editors\u003C\u002Fli>\n\u003Cli>Set access by user groups\u003C\u002Fli>\n\u003Cli>Set default user groups\u003C\u002Fli>\n\u003Cli>Set time based access\u003C\u002Fli>\n\u003Cli>User-defined post type (posts, pages etc.) title (if no access)\u003C\u002Fli>\n\u003Cli>User-defined post type (posts, pages etc.) text (if no access)\u003C\u002Fli>\n\u003Cli>Optional login form (if no access)\u003C\u002Fli>\n\u003Cli>User-defined comment text (if no access)\u003C\u002Fli>\n\u003Cli>Hide complete post types (posts, pages etc.)\u003C\u002Fli>\n\u003Cli>Hide elements in the navigation\u003C\u002Fli>\n\u003Cli>Redirecting users to other pages (if no access)\u003C\u002Fli>\n\u003Cli>Recursive locking of content\u003C\u002Fli>\n\u003Cli>Limited access to uploaded files\u003C\u002Fli>\n\u003Cli>Full integrated at the admin panel\u003C\u002Fli>\n\u003Cli>Multilingual support\u003C\u002Fli>\n\u003Cli>Also protect your rss feeds\u003C\u002Fli>\n\u003Cli>Give access by IP-address\u003C\u002Fli>\n\u003Cli>Plugin-Api to use the User Access Manager in your on plugins or extend other plugins\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-access-manager-private-public-extension\u002F\" rel=\"ugc\">UAMPPE\u003C\u002Fa> like behaviour is now build in (Expect negation like !groupName and showprivate and shownotauthorized parameter)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Included languages\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fuser-access-manager\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fuser-access-manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The documentation can be found here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fwiki\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fwiki\u003C\u002Fa>\u003Cbr \u002F>\nPlease report bugs and feature requests here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fissues\u003C\u002Fa>\u003Cbr \u002F>\nIf you are a developer and want to contribute please visit \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u003C\u002Fa>\u003Cbr \u002F>\nFor general questions, like how to set up, best practice and so on please use the support thread here (don’t post issues here): \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-access-manager\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-access-manager\u003C\u002Fa>\u003Cbr \u002F>\nTo stay up-to-date follow me on Twitter: \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002FGM_Alex\" rel=\"nofollow ugc\">GMAlex on Twitter\u003C\u002Fa>\u003C\u002Fp>\n","With the \"User Access Manager\"-plugin you can manage the access to your posts, pages and files.",10000,1286950,86,114,"2026-01-26T10:25:00.000Z","6.9.4","4.7","8.0",[20,21,4,22],"access","member-access","user-management","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-access-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-access-manager.2.3.11.zip",98,4,0,"2023-08-04 00:00:00","2026-03-15T15:16:48.613Z",[31,47,61,70],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2022-1601","user-access-manager-ip-spoofing","User Access Manager \u003C= 2.2.16 - IP Spoofing","The User Access Manager plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.2.16. This is due to insufficient restrictions, and the prioritization of REMOTE_ADDR, on where the IP Address information is being retrieved for access restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from accessing a restricted area.",null,"\u003C=2.2.16","2.2.18","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Use of Less Trusted Source","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F88c5752c-ef4e-4343-810e-ecf1f33d3538?source=api-prod",172,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":43,"references":58,"days_to_patch":60},"WF-5b3268c2-7cdd-4839-9859-42218d4d632b-user-access-manager","user-access-manager-reflected-cross-site-scripting","User Access Manager \u003C= 1.2.14 - Reflected Cross-Site Scripting","The User Access Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.2.14","2.0.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2017-09-05 00:00:00",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5b3268c2-7cdd-4839-9859-42218d4d632b?source=api-prod",2331,{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":36,"affected_versions":66,"patched_in_version":67,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":43,"references":68,"days_to_patch":60},"WF-7c6e233f-c612-4625-8097-0637e976190d-user-access-manager","user-access-manager-reflected-cross-site-scripting-2","User Access Manager \u003C= 2.0.8 - Reflected Cross-Site Scripting","The User Access Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C2.0.9","2.0.9",[69],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7c6e233f-c612-4625-8097-0637e976190d?source=api-prod",{"id":71,"url_slug":72,"title":73,"description":74,"plugin_slug":4,"theme_slug":36,"affected_versions":75,"patched_in_version":76,"severity":77,"cvss_score":78,"cvss_vector":79,"vuln_type":80,"published_date":81,"updated_date":43,"references":82,"days_to_patch":84},"CVE-2011-5328","user-access-manager-cross-site-request-forgery","User Access Manager \u003C 1.2 - Cross-Site Request Forgery","The user-access-manager plugin before 1.2 for WordPress has CSRF.","\u003C1.2","1.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2011-10-11 00:00:00",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F14d81210-9360-4153-9b5a-35d12cc0cbf0?source=api-prod",4487,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":86,"total_installs":87,"avg_security_score":88,"avg_patch_time_days":89,"trust_score":90,"computed_at":91},2,10010,92,2330,73,"2026-04-04T05:05:32.915Z",[93,118,140,159,176],{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":16,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":27,"last_vuln_date":117,"fetched_at":29},"memberfindme","MembershipWorks – Membership, Events & Directory","6.15","MembershipWorks","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourcefound\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmembershipworks.com\u002F\" rel=\"nofollow ugc\">MembershipWorks\u003C\u002Fa> is an advanced all-in-one membership, directory, events, and donation platform for chambers, associations, professional, networking and other membership groups. This plugin integrates your MembershipWorks account to your WordPress site. MembershipWorks is free for small groups and also free to try with our 50 member\u002Faccount plan.\u003C\u002Fp>\n\u003Ch4>Easy WordPress Setup\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use shortcodes to place the membership forms, events calendar, member directory and more on pages.\u003C\u002Fli>\n\u003Cli>Fully responsive and works with most themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Third Party Integrations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Payment Gateways – Stripe, Paypal Website Payments Pro, Paypal Payments Pro\u002FPayflow, Paypal Expanded Checkout, Authorize.net\u003C\u002Fli>\n\u003Cli>Accounting Software – Xero, QuickBooks Desktop, QuickBooks Online\u003C\u002Fli>\n\u003Cli>Emails\u002FNewsletters – MailChimp\u003C\u002Fli>\n\u003Cli>OAuth 2.0 Single Sign On\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Membership\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Unlimited membership levels, add-ons and billing configurations\u003C\u002Fli>\n\u003Cli>Configurable pro-rating, fixed anniversary dates, trial periods, application fees and discount codes\u003C\u002Fli>\n\u003Cli>Members can signup, renew, or upgrade\u002Fdowngrade their membership at any time\u003C\u002Fli>\n\u003Cli>Automated emails for payment receipts, renewal and past-due notices\u003C\u002Fli>\n\u003Cli>Segment members by labels or folders\u003C\u002Fli>\n\u003Cli>View\u002FExport metrics and financials\u003C\u002Fli>\n\u003Cli>Daily membership report email\u003C\u002Fli>\n\u003Cli>Send bulk emails to members\u003C\u002Fli>\n\u003Cli>Custom fields and customizable membership forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Events\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display events in calendar or list\u003C\u002Fli>\n\u003Cli>Upcoming events widget\u003C\u002Fli>\n\u003Cli>Event categories\u003C\u002Fli>\n\u003Cli>Create unlimited paid and free event tickets\u003C\u002Fli>\n\u003Cli>Limit event ticket quantity, event capacity, event tickets per registration, and more\u003C\u002Fli>\n\u003Cli>Restrict event tickets by membership\u003C\u002Fli>\n\u003Cli>Customizable event registration and ticketing questions\u003C\u002Fli>\n\u003Cli>Automatic event registration confirmation email with iCalendar attachment\u003C\u002Fli>\n\u003Cli>Edit or cancel registrations and issue full or partial refunds \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Member Only Access\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict content on any page or post to members or to specific membership levels with a shortcode\u003C\u002Fli>\n\u003Cli>Member only event tickets or cart items\u003C\u002Fli>\n\u003Cli>Automatically retire access when membership is past due\u003C\u002Fli>\n\u003Cli>Allow members to add or edit events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Directory and Deals\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Search by keyword, location, fields or by labels\u002Ffolders\u003C\u002Fli>\n\u003Cli>Interactive map\u003C\u002Fli>\n\u003Cli>Multiple locations for a business or organization\u003C\u002Fli>\n\u003Cli>Customizable cards\u003C\u002Fli>\n\u003Cli>Customizable member profiles with logos, pictures, map, social media links and more\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable features by membership\u003C\u002Fli>\n\u003Cli>Create a member deals or offers page\u003C\u002Fli>\n\u003Cli>Comply with CAN-SPAM act and protect member email addresses from spam with our messaging system\u003C\u002Fli>\n\u003Cli>Member slideshow widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>General Forms, Shopping Cart and Donations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create forms for donations, committee or volunteer signup, contact forms, and more\u003C\u002Fli>\n\u003Cli>Sell items or collect donations\u003C\u002Fli>\n\u003Cli>Setup item quantities and checkout limits\u003C\u002Fli>\n\u003Cli>Create member only forms or shopping carts\u003C\u002Fli>\n\u003Cli>Automated confirmation and notification emails\u003C\u002Fli>\n\u003Cli>Checkout actions to add or remove labels\u002Ffolders, allows for advanced workflow\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Job Board, Classifieds and Announcements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create boards for jobs, classifieds, announcements and other listings\u003C\u002Fli>\n\u003Cli>Monetize listings by charging listing fee or make it a membership privilege\u003C\u002Fli>\n\u003Cli>Restrict listings to members only or make it public \u003C\u002Fli>\n\u003Cli>Option to require admin approval for new listings\u003C\u002Fli>\n\u003Cli>Allow members to manage their own listings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Billing and Accounting\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Financial dashboard\u003C\u002Fli>\n\u003Cli>Setup tax rates by city, state, zip or country\u003C\u002Fli>\n\u003Cli>Export transactions to Xero, QuickBooks or spreadsheet\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Events and directory listings optimized with Rich Snippets\u003C\u002Fli>\n\u003C\u002Ful>\n","All-in-one membership, directory, events and donations for organizations. Secure member profiles, renewals, upgrades and limit member only access to c &hellip;",2000,92424,88,37,"2026-02-22T06:56:00.000Z","3.0.2","",[109,110,21,111,112],"calendar","directory","membership","tickets","https:\u002F\u002Fmembershipworks.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberfindme.6.15.zip",99,1,"2025-11-11 19:16:16",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":126,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":107,"tags":132,"homepage":137,"download_link":138,"security_score":139,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"new-post-notification","New Post Notification","1.0.10","kilozwo","https:\u002F\u002Fprofiles.wordpress.org\u002Fkilozwo\u002F","\u003Cp>Simply notifies registered users if a new post has been published. If you use the User-Access-Manager (UAM) Plugin by GM_Alex, users will only be notified if they have access to the post. Notifies the admin if a user changes his subscription status. There is zero configuration. Available in English, German, French and Japan.\u003C\u002Fp>\n\u003Cp>The subscription to new posts is activated to new users by default. Based on the post category, users are able to choose which notifications they would like to receive. They can also deactivate all notifications.\u003C\u002Fp>\n","Simply notifies users if a new post has been published. This can also be used as an addon for User-Access-Manager. Users will only be notified if they &hellip;",100,12820,5,"2014-11-23T13:32:00.000Z","4.0.38","3.0.1",[133,134,135,136,4],"email","notification","posts","subscription","http:\u002F\u002Fkilozwo.de\u002Fwordpress-new-post-notification-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-post-notification.1.0.10.zip",85,{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":27,"num_ratings":27,"last_updated":150,"tested_up_to":16,"requires_at_least":151,"requires_php":152,"tags":153,"homepage":157,"download_link":158,"security_score":126,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"dp-admin-access-menu","DP Admin Access Menu","1.0.0","Priyanshu Kast","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevpriyanshu\u002F","\u003Cp>DP Admin Access Menu is a powerful WordPress plugin that allows administrators to control which backend menu items are visible to specific users. This is perfect for customizing the admin experience for different user roles and improving security by limiting access to unnecessary menu items.\u003C\u002Fp>\n\u003Cp>Whether you’re managing a team of content creators, restricting access for client accounts, or creating a streamlined admin experience, DP Admin Access Menu gives you granular control over what each user can see in the WordPress admin area.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Selection\u003C\u002Fstrong>: Easy-to-use dropdown to select any WordPress user\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menu Control\u003C\u002Fstrong>: Checkbox interface for all WordPress admin menu items including child menus\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Superadmin Protection\u003C\u002Fstrong>: First administrator (superadmin) always has full access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Useradmin Support\u003C\u002Fstrong>: Configure menu access for other administrators (useradmins)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Users\u003C\u002Fstrong>: Configure menu access for unlimited users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Menus\u003C\u002Fstrong>: Select unlimited menu items per user\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Filtering\u003C\u002Fstrong>: Menu items are automatically hidden\u002Fshown based on saved settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-friendly Interface\u003C\u002Fstrong>: Clean admin interface with select all\u002Fdeselect all options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Edit & Delete\u003C\u002Fstrong>: Manage configured users with edit and delete functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Parent-Child Menu Logic\u003C\u002Fstrong>: Selecting a parent menu automatically selects its children\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menu Counter\u003C\u002Fstrong>: Real-time counter showing selected menus\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Protection\u003C\u002Fstrong>: Prevents direct access to restricted admin pages via URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Menu Access\u003C\u002Fstrong> in the WordPress admin sidebar (under DP Admin Access Menu)\u003C\u002Fli>\n\u003Cli>Select a user from the dropdown (or edit an existing configured user)\u003C\u002Fli>\n\u003Cli>Check\u002Funcheck the menu items you want to show\u002Fhide for that user\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The selected user will only see the checked menu items when they log in\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Client Management\u003C\u002Fstrong>: Give clients access only to specific sections of their website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Team Collaboration\u003C\u002Fstrong>: Limit access for editors, authors, or contributors to their relevant areas\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Enhancement\u003C\u002Fstrong>: Hide sensitive admin sections from users who don’t need them\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customized Admin Experience\u003C\u002Fstrong>: Create a cleaner, focused admin interface for specific users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Administrator Sites\u003C\u002Fstrong>: Manage menu access for multiple administrators with different responsibilities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Training Environments\u003C\u002Fstrong>: Simplify the admin interface for users learning WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agency Workflows\u003C\u002Fstrong>: Control what clients can access when managing their own sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Superadmin vs Useradmin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Superadmin\u003C\u002Fstrong>: The first administrator user (lowest user ID) always has full access to all menus and cannot be restricted. This ensures you never lock yourself out of your WordPress admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Useradmin\u003C\u002Fstrong>: Other administrators can have their menu access configured and will only see assigned menus. This allows you to create different admin experiences for different administrator accounts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unlimited Users\u003C\u002Fstrong>: Configure menu access for as many users as needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Menus\u003C\u002Fstrong>: Select unlimited menu items per user\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully Functional\u003C\u002Fstrong>: All features are available without restrictions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.0 or higher\u003C\u002Fli>\n\u003Cli>Administrator access to configure settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All settings are stored locally in your WordPress database. No external services are used.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All menu restrictions are enforced server-side\u003C\u002Fli>\n\u003Cli>Direct URL access to restricted pages is blocked\u003C\u002Fli>\n\u003Cli>Superadmin protection prevents accidental lockout\u003C\u002Fli>\n\u003Cli>Settings are stored securely in WordPress database\u003C\u002Fli>\n\u003Cli>No external API calls – all functionality works locally\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Performance\u003C\u002Fh3>\n\u003Cp>The plugin is lightweight and optimized for performance:\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Efficient menu filtering using WordPress hooks\u003Cbr \u002F>\n* No impact on frontend performance\u003Cbr \u002F>\n* Settings cached for fast menu rendering\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 5.0 – 6.8+\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.0 – 8.3+\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite\u003C\u002Fstrong>: Limited support (single site recommended)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Other Plugins\u003C\u002Fstrong>: Compatible with most WordPress plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Themes\u003C\u002Fstrong>: Works with all WordPress themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Contributions are welcome! Please ensure your code follows WordPress coding standards and best practices. You can contribute by:\u003Cbr \u002F>\n* Reporting bugs\u003Cbr \u002F>\n* Suggesting features\u003Cbr \u002F>\n* Submitting pull requests\u003Cbr \u002F>\n* Improving documentation\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support, feature requests, or bug reports, please visit the plugin support forum on WordPress.org.\u003C\u002Fp>\n\u003Ch4>Changelog Policy\u003C\u002Fh4>\n\u003Cp>We maintain a detailed changelog for all versions. Major updates are announced in the upgrade notice section.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by devpriyanshu following WordPress coding standards and best practices. Built with security and user experience in mind.\u003C\u002Fp>\n\u003Ch3>Additional Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The plugin is fully functional with unlimited users and unlimited menus\u003C\u002Fli>\n\u003Cli>All core functionality works locally without any external services\u003C\u002Fli>\n\u003C\u002Ful>\n","Control which WordPress backend menu items are visible to specific users. Perfect for managing user access and customizing admin experience.",40,175,"2026-01-15T16:24:00.000Z","5.0","7.0",[154,155,156,22],"access-control","admin","menu","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdp-admin-access-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdp-admin-access-menu.1.0.0.zip",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":167,"downloaded":168,"rating":126,"num_ratings":116,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":107,"tags":172,"homepage":107,"download_link":175,"security_score":139,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"network-restricted-members","Network Restricted Members","0.3.1","Luis Rodrigues","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoblindegook\u002F","\u003Cp>If you have a private network where all sites are open to anyone with an account, but still want the ability to invite someone from outside and limit their access to a single site, then Network Restricted Members is for you.\u003C\u002Fp>\n\u003Cp>This plugin was developed for our private \u003Ca href=\"http:\u002F\u002Fp2theme.com\" rel=\"nofollow ugc\">P2\u003C\u002Fa> network, which is open to all company employees. However, we still wanted to be able to bring contractors and clients over without giving them access to everything on the network.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Network Restricted Members provides a user setting that allows multisite network administrators to restrict a user to the sites he or she is a member of.\u003C\u002Fp>\n\u003Col>\n\u003Cli>As a super admin, navigate to the Users dashboard\u003C\u002Fli>\n\u003Cli>Click ‘Edit’ on the user you wish to restrict\u003C\u002Fli>\n\u003Cli>Check the option ‘Restrict User Access’\u003C\u002Fli>\n\u003Cli>Save your changes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>From this point on, administrators will need to add this user to their sites before he or she is able to see them.\u003C\u002Fp>\n\u003Cp>If you wish to lift the restrictions on a user, repeat the steps above but \u003Cem>uncheck\u003C\u002Fem> the option box instead.\u003C\u002Fp>\n\u003Ch4>Other plugins\u003C\u002Fh4>\n\u003Cp>Network Restricted Members works best when combined with a network privacy plugin, such as one of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmore-privacy-options\u002F\" rel=\"ugc\">More Privacy Options\u003C\u002Fa> by David Sader\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnetwork-privacy\u002F\" rel=\"ugc\">Network Privacy\u003C\u002Fa> by Ron Rennick\u003C\u002Fli>\n\u003C\u002Ful>\n","Restrict user access to selected sites on open multisite networks.",10,2115,"2016-02-14T04:35:00.000Z","4.4.34","4.0",[154,111,173,174,22],"multisite","network","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-restricted-members.0.3.1.zip",{"slug":177,"name":178,"version":179,"author":180,"author_profile":181,"description":182,"short_description":183,"active_installs":27,"downloaded":184,"rating":126,"num_ratings":116,"last_updated":185,"tested_up_to":186,"requires_at_least":187,"requires_php":188,"tags":189,"homepage":193,"download_link":194,"security_score":126,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"access-guard","Access Guard","1.0.1","Nitin Prakash","https:\u002F\u002Fprofiles.wordpress.org\u002Fnitin247\u002F","\u003Cp>Access Guard is a comprehensive WordPress plugin that enhances access protection, controls user permissions, and provides IP banning functionality. With Access Guard, you can safeguard your website from malicious users, protect sensitive content, and strengthen overall security measures.\u003C\u002Fp>\n\u003Ch3>Free Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>IP Blocking: Easily ban specific IP addresses or IP ranges to prevent unwanted traffic and protect your website from malicious users.\u003C\u002Fli>\n\u003Cli>Customizable Ban Messages: Personalize the messages displayed to blocked users, providing instructions or redirecting them to alternative content.\u003C\u002Fli>\n\u003Cli>User Role-Based Access Control: Define access permissions for different user roles, restricting content visibility or interaction based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Coming Soon\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Password Protection: Add password protection to specific pages or posts, granting access only to those who enter the correct password.\u003C\u002Fli>\n\u003Cli>Time-Based Access Control: Set time-based restrictions to make content available for a limited period, perfect for time-sensitive promotions or temporary exclusivity.\u003C\u002Fli>\n\u003Cli>IP Whitelisting: Whitelist specific IP addresses or IP ranges, allowing access only to designated users or regions.\u003C\u002Fli>\n\u003Cli>Activity Logging: Keep track of user activities, including IP ban events and access attempts, to monitor website security.\u003C\u002Fli>\n\u003Cli>Basic Brute Force Protection: Implement basic protection against brute force attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Paid Features ( Coming Soon )\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Advanced Brute Force Protection: Enhance login security with advanced measures like CAPTCHA verification, two-factor authentication, and login attempt limiting.\u003C\u002Fli>\n\u003Cli>Advanced IP Blocking: Unlock advanced IP blocking options, such as blocking entire countries or regions based on IP geolocation data.\u003C\u002Fli>\n\u003Cli>Advanced Access Control Rules: Create complex access control rules based on user roles, specific conditions, or custom criteria.\u003C\u002Fli>\n\u003Cli>Advanced Activity Logging and Notifications: Receive detailed email notifications for critical events, and access comprehensive activity logs with advanced filtering and search options.\u003C\u002Fli>\n\u003Cli>Multisite Support: Extend Access Guard’s capabilities to WordPress multisite installations, managing access and IP blocking across multiple sites.\u003C\u002Fli>\n\u003Cli>Developer API: Utilize a developer-friendly API to extend Access Guard’s functionality or integrate it with other plugins or custom solutions.\u003C\u002Fli>\n\u003Cli>Priority Support: Access premium support channels, including priority email support and dedicated assistance from the plugin developers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. For more details, see the License URI mentioned above.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For any support inquiries or feature requests, please email \u003Ca href=\"mailto:neebplugins@gmail.com\" rel=\"nofollow ugc\">neebplugins@gmail.com\u003C\u002Fa> or contact \u003Ca href=\"https:\u002F\u002Fneebplugins.com\u002Fsupport-desk\u002F\" rel=\"nofollow ugc\">Support Desk\u003C\u002Fa>\u003C\u002Fp>\n","Access Guard enhances security by managing user permissions and banning IPs to protect sensitive content.",1393,"2025-04-21T08:21:00.000Z","6.8.5","6.2","7.4",[190,154,191,192,4],"access-protection","ip-blocking","restrict-content","https:\u002F\u002Fneebplugins.com\u002Faccess-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-guard.1.0.1.zip",{"attackSurface":196,"codeSignals":214,"taintFlows":520,"riskAssessment":521,"analyzedAt":535},{"hooks":197,"ajaxHandlers":210,"restRoutes":211,"shortcodes":212,"cronEvents":213,"entryPointCount":27,"unprotectedCount":27},[198,204,206],{"type":199,"name":200,"callback":201,"file":202,"line":203},"action","admin_notices","closure","user-access-manager.php",45,{"type":199,"name":200,"callback":201,"file":202,"line":205},61,{"type":199,"name":207,"callback":208,"priority":27,"file":202,"line":209},"init","initUam",80,[],[],[],[],{"dangerousFunctions":215,"sqlUsage":221,"outputEscaping":232,"fileOperations":324,"externalRequests":27,"nonceChecks":116,"capabilityChecks":116,"bundledLibraries":519},[216],{"fn":217,"file":218,"line":219,"context":220},"unserialize","src\\Cache\\FileSystemCacheProvider.php",173,"return unserialize(base64_decode(file_get_contents($cacheFile)));",{"prepared":222,"raw":223,"locations":224},36,3,[225,229,231],{"file":226,"line":227,"context":228},"src\\Setup\\Database\\DatabaseHandler.php",165,"$wpdb->query() with variable interpolation",{"file":226,"line":230,"context":228},170,{"file":226,"line":149,"context":228},{"escaped":116,"rawEcho":230,"locations":233},[234,238,241,243,246,248,250,253,255,258,260,262,264,266,269,271,273,275,277,279,281,283,285,288,290,292,293,295,297,299,301,302,304,306,308,310,312,313,315,316,318,319,320,321,323,325,326,328,329,330,331,333,335,337,340,341,342,344,346,347,349,351,353,355,357,359,361,363,364,366,368,370,372,373,375,378,379,381,382,383,386,387,388,390,391,392,394,395,397,399,400,402,404,406,408,410,411,413,415,417,419,421,423,424,426,428,431,433,434,435,437,438,440,442,444,445,447,448,450,452,453,455,457,458,461,462,463,464,465,466,467,470,472,473,474,475,476,477,478,480,482,483,484,485,486,487,489,491,492,493,494,495,497,498,500,502,504,505,506,507,508,509,510,511,512,513,514,516,517,518],{"file":235,"line":236,"context":237},"src\\Controller\\Backend\\BackendController.php",53,"raw output",{"file":239,"line":240,"context":237},"src\\Controller\\Backend\\DynamicGroupsController.php",20,{"file":239,"line":242,"context":237},59,{"file":244,"line":245,"context":237},"src\\Controller\\Backend\\PostObjectController.php",26,{"file":244,"line":247,"context":237},39,{"file":244,"line":249,"context":237},46,{"file":251,"line":252,"context":237},"src\\Controller\\Backend\\TermObjectController.php",44,{"file":254,"line":247,"context":237},"src\\Controller\\Backend\\UserObjectController.php",{"file":256,"line":257,"context":237},"src\\Controller\\BaseControllerTrait.php",81,{"file":259,"line":103,"context":237},"src\\File\\FileHandler.php",{"file":259,"line":261,"context":237},145,{"file":259,"line":263,"context":237},232,{"file":259,"line":265,"context":237},241,{"file":267,"line":268,"context":237},"src\\View\\AdminAbout.php",63,{"file":267,"line":270,"context":237},90,{"file":267,"line":272,"context":237},108,{"file":274,"line":167,"context":237},"src\\View\\AdminForm\\Input.php",{"file":274,"line":276,"context":237},11,{"file":274,"line":278,"context":237},15,{"file":274,"line":280,"context":237},16,{"file":274,"line":282,"context":237},17,{"file":274,"line":284,"context":237},19,{"file":286,"line":287,"context":237},"src\\View\\AdminForm\\Radio.php",12,{"file":286,"line":289,"context":237},23,{"file":286,"line":291,"context":237},24,{"file":286,"line":245,"context":237},{"file":286,"line":294,"context":237},27,{"file":286,"line":296,"context":237},34,{"file":286,"line":298,"context":237},42,{"file":286,"line":300,"context":237},43,{"file":286,"line":252,"context":237},{"file":286,"line":303,"context":237},48,{"file":286,"line":305,"context":237},50,{"file":286,"line":307,"context":237},51,{"file":286,"line":309,"context":237},56,{"file":286,"line":311,"context":237},57,{"file":286,"line":268,"context":237},{"file":286,"line":314,"context":237},68,{"file":286,"line":209,"context":237},{"file":317,"line":167,"context":237},"src\\View\\AdminForm\\Select.php",{"file":317,"line":276,"context":237},{"file":317,"line":278,"context":237},{"file":317,"line":280,"context":237},{"file":317,"line":322,"context":237},22,{"file":317,"line":324,"context":237},30,{"file":317,"line":104,"context":237},{"file":327,"line":167,"context":237},"src\\View\\AdminForm\\Textarea.php",{"file":327,"line":276,"context":237},{"file":327,"line":278,"context":237},{"file":327,"line":282,"context":237},{"file":327,"line":332,"context":237},18,{"file":327,"line":334,"context":237},21,{"file":336,"line":240,"context":237},"src\\View\\AdminNotice.php",{"file":338,"line":339,"context":237},"src\\View\\AdminSettings.php",31,{"file":338,"line":300,"context":237},{"file":338,"line":236,"context":237},{"file":338,"line":343,"context":237},54,{"file":338,"line":345,"context":237},55,{"file":338,"line":309,"context":237},{"file":338,"line":348,"context":237},84,{"file":350,"line":322,"context":237},"src\\View\\AdminSetup.php",{"file":350,"line":352,"context":237},41,{"file":350,"line":354,"context":237},94,{"file":350,"line":356,"context":237},121,{"file":350,"line":358,"context":237},128,{"file":350,"line":360,"context":237},130,{"file":350,"line":362,"context":237},131,{"file":350,"line":362,"context":237},{"file":350,"line":365,"context":237},151,{"file":350,"line":367,"context":237},158,{"file":350,"line":369,"context":237},160,{"file":350,"line":371,"context":237},161,{"file":350,"line":371,"context":237},{"file":350,"line":374,"context":237},185,{"file":376,"line":377,"context":237},"src\\View\\AdminUserGroup.php",25,{"file":376,"line":298,"context":237},{"file":380,"line":222,"context":237},"src\\View\\GroupInfo.php",{"file":380,"line":352,"context":237},{"file":380,"line":270,"context":237},{"file":384,"line":385,"context":237},"src\\View\\GroupSelectionForm.php",71,{"file":384,"line":385,"context":237},{"file":384,"line":385,"context":237},{"file":384,"line":389,"context":237},72,{"file":384,"line":90,"context":237},{"file":384,"line":90,"context":237},{"file":384,"line":393,"context":237},74,{"file":384,"line":393,"context":237},{"file":384,"line":396,"context":237},76,{"file":384,"line":398,"context":237},95,{"file":384,"line":25,"context":237},{"file":384,"line":401,"context":237},102,{"file":384,"line":403,"context":237},103,{"file":384,"line":405,"context":237},104,{"file":384,"line":407,"context":237},105,{"file":384,"line":409,"context":237},107,{"file":384,"line":272,"context":237},{"file":384,"line":412,"context":237},109,{"file":384,"line":414,"context":237},112,{"file":384,"line":416,"context":237},116,{"file":384,"line":418,"context":237},117,{"file":384,"line":420,"context":237},118,{"file":384,"line":422,"context":237},119,{"file":384,"line":356,"context":237},{"file":384,"line":425,"context":237},122,{"file":384,"line":427,"context":237},123,{"file":429,"line":430,"context":237},"src\\View\\Login\\LoginForm.php",7,{"file":429,"line":432,"context":237},9,{"file":429,"line":282,"context":237},{"file":429,"line":289,"context":237},{"file":429,"line":436,"context":237},29,{"file":429,"line":104,"context":237},{"file":429,"line":439,"context":237},38,{"file":441,"line":289,"context":237},"src\\View\\LoginForm.php",{"file":443,"line":311,"context":237},"src\\View\\MediaAjaxEditForm.php",{"file":443,"line":311,"context":237},{"file":443,"line":446,"context":237},58,{"file":443,"line":242,"context":237},{"file":443,"line":449,"context":237},60,{"file":443,"line":451,"context":237},62,{"file":443,"line":451,"context":237},{"file":443,"line":454,"context":237},64,{"file":456,"line":296,"context":237},"src\\View\\ObjectColumn.php",{"file":456,"line":203,"context":237},{"file":459,"line":460,"context":237},"src\\View\\TabList.php",35,{"file":459,"line":222,"context":237},{"file":459,"line":104,"context":237},{"file":459,"line":343,"context":237},{"file":459,"line":451,"context":237},{"file":459,"line":454,"context":237},{"file":459,"line":385,"context":237},{"file":468,"line":469,"context":237},"src\\View\\UserColumn.php",33,{"file":471,"line":287,"context":237},"src\\View\\UserGroups\\DefaultUserGroupEditForm.php",{"file":471,"line":439,"context":237},{"file":471,"line":247,"context":237},{"file":471,"line":148,"context":237},{"file":471,"line":352,"context":237},{"file":471,"line":298,"context":237},{"file":471,"line":203,"context":237},{"file":471,"line":479,"context":237},49,{"file":471,"line":481,"context":237},52,{"file":471,"line":236,"context":237},{"file":471,"line":345,"context":237},{"file":471,"line":242,"context":237},{"file":471,"line":451,"context":237},{"file":471,"line":268,"context":237},{"file":471,"line":488,"context":237},65,{"file":490,"line":276,"context":237},"src\\View\\UserGroups\\UserGroupEditForm.php",{"file":490,"line":332,"context":237},{"file":490,"line":294,"context":237},{"file":490,"line":222,"context":237},{"file":490,"line":300,"context":237},{"file":490,"line":496,"context":237},125,{"file":490,"line":362,"context":237},{"file":490,"line":499,"context":237},132,{"file":490,"line":501,"context":237},133,{"file":503,"line":294,"context":237},"src\\View\\UserGroups\\UserGroupList.php",{"file":503,"line":352,"context":237},{"file":503,"line":298,"context":237},{"file":503,"line":300,"context":237},{"file":503,"line":252,"context":237},{"file":503,"line":249,"context":237},{"file":503,"line":345,"context":237},{"file":503,"line":242,"context":237},{"file":503,"line":385,"context":237},{"file":503,"line":389,"context":237},{"file":503,"line":396,"context":237},{"file":503,"line":515,"context":237},110,{"file":503,"line":362,"context":237},{"file":202,"line":303,"context":237},{"file":202,"line":454,"context":237},[],[],{"summary":522,"deductions":523},"The 'user-access-manager' plugin version 2.3.11 exhibits a mixed security posture. On the positive side, the static analysis reveals a very limited attack surface with no unprotected AJAX handlers, REST API routes, shortcodes, or cron events. This suggests that direct entry points for potential attackers are well-guarded. Furthermore, the plugin makes extensive use of prepared statements for SQL queries, which is a strong security practice. However, several significant concerns emerge. The presence of a dangerous `unserialize` function without immediate context about its usage is a red flag, as deserialization vulnerabilities can be severe if not handled with extreme care. The most concerning aspect is the extremely low percentage of properly escaped output (1%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities across various output mechanisms. The vulnerability history further reinforces these concerns, with four previously disclosed CVEs, including one high-severity XSS and three medium-severity issues related to improper neutralization, use of less trusted sources, and CSRF. This pattern suggests a recurring struggle with input validation and output sanitization, despite efforts to secure SQL queries.",[524,526,528,530,532],{"reason":525,"points":278},"Low percentage of properly escaped output (1%)",{"reason":527,"points":167},"Presence of dangerous unserialize function",{"reason":529,"points":278},"High severity CVE in vulnerability history",{"reason":531,"points":287},"Multiple medium severity CVEs in history",{"reason":533,"points":534},"Vulnerability history indicates recurring issues",8,"2026-03-16T17:35:45.790Z",{"wat":537,"direct":551},{"assetPaths":538,"generatorPatterns":544,"scriptPaths":545,"versionParams":546},[539,540,541,542,543],"\u002Fwp-content\u002Fplugins\u002Fuser-access-manager\u002Fassets\u002Fcss\u002Fbackend\u002Fuser-access-manager.css","\u002Fwp-content\u002Fplugins\u002Fuser-access-manager\u002Fassets\u002Fcss\u002Ffrontend\u002Fuser-access-manager.css","\u002Fwp-content\u002Fplugins\u002Fuser-access-manager\u002Fassets\u002Fjs\u002Fbackend\u002Fuser-access-manager.js","\u002Fwp-content\u002Fplugins\u002Fuser-access-manager\u002Fassets\u002Fjs\u002Ffrontend\u002Fuser-access-manager.js","\u002Fwp-content\u002Fplugins\u002Fuser-access-manager\u002Fassets\u002Fjs\u002Fvendor\u002Fjquery\u002Fjquery.js",[],[541,542],[547,548,549,550],"user-access-manager\u002Fassets\u002Fcss\u002Fbackend\u002Fuser-access-manager.css?ver=","user-access-manager\u002Fassets\u002Fcss\u002Ffrontend\u002Fuser-access-manager.css?ver=","user-access-manager\u002Fassets\u002Fjs\u002Fbackend\u002Fuser-access-manager.js?ver=","user-access-manager\u002Fassets\u002Fjs\u002Ffrontend\u002Fuser-access-manager.js?ver=",{"cssClasses":552,"htmlComments":554,"htmlAttributes":559,"restEndpoints":561,"jsGlobals":563,"shortcodeOutput":565},[553],"uam_user_group",[555,556,557,558],"\u003C!-- BOF -->","\u003C!-- Not the best way to handle full user access. Capabilities seem"," -->","\u003C!-- to be the right way, but it is way challenging. -->",[560],"uam-access",[562],"\u002Fwp-json\u002Fuser-access-manager\u002Fv1\u002Fuser",[564],"uam_ajax_object",[566],"[uam_restrict_content]"]