[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQHuv4MjSEpfAVmOdRB7mY3XCxxXkznhCuF9cBNZbicQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":140,"fingerprints":180},"user-activation-keys","User Activation Keys","4.6","David Sader","https:\u002F\u002Fprofiles.wordpress.org\u002Fdsader\u002F","\u003Cp>A \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FCreate_A_Network\" rel=\"nofollow ugc\">Multisite\u003C\u002Fa> Network plugin.\u003C\u002Fp>\n\u003Cp>Ever signup a user account, delete it, and try to signup up the same username again?\u003C\u002Fp>\n\u003Cp>Ever try to support a new user who created a username, but entered the wrong email address and so can’t activate, and can’t signup with the same username?\u003C\u002Fp>\n\u003Cp>Ever wanted to signup a bunch of users with phony emails so users without email could start blogging right away?\u003C\u002Fp>\n\u003Cp>I have, so I made a plugin to help me.\u003C\u002Fp>\n\u003Cp>WP Network Multisite “mu-plugin” for user activation key removal or approval.\u003C\u002Fp>\n\u003Cp>See Network–>Users–>”User Activation Keys” to delete activation keys – to allow immediate (re)signup of users who otherwise get the “try again in two days” message.\u003C\u002Fp>\n\u003Cp>Also, users waiting to be activated (or can’t because the email with the generated activation link is “gone”) can be approved manually.\u003C\u002Fp>\n","A Multisite Network plugin for user activation key removal or approval.",100,42257,96,20,"2016-08-08T23:29:00.000Z","4.6.30","3.5","",[20,21,22,23,24],"activation","network","network-user-activation","signup","username","http:\u002F\u002Fdsader.snowotherway.org\u002Fwordpress-plugins\u002Fuser-activation-keys\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activation-keys.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"dsader",4,140,89,30,86,"2026-04-04T20:58:38.684Z",[41,65,86,107,124],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":28,"last_vuln_date":64,"fetched_at":30},"unconfirmed","Unconfirmed","1.3.7","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>If you run a WordPress or BuddyPress installation, you probably know that some of the biggest administrative headaches come from the activation process. Activation emails may be caught by spam filters, deleted unwillingly, or simply not understood. Yet WordPress itself has no UI for viewing and managing unactivated members.\u003C\u002Fp>\n\u003Cp>Unconfirmed creates a Dashboard panel under the Users menu (Network Admin > Users on Multisite) that shows a list of unactivated user registrations. For each registration, you have the option of resending the original activation email, or manually activating the user.\u003C\u002Fp>\n\u003Cp>Note that the plugin works for the following configurations:\u003Cbr \u002F>\n1. Multisite, with or without BuddyPress\u003Cbr \u002F>\n2. Single site, with BuddyPress used for user registration\u003C\u002Fp>\n\u003Cp>There is currently no support for single-site WP registration without BuddyPress.\u003C\u002Fp>\n","Allows WordPress admins to manage unactivated users, by activating them manually, deleting their pending registrations, or resending the activation em …",2000,246166,90,47,"2023-12-04T19:58:00.000Z","6.4.8","3.1",[57,20,58,59,21],"activate","email","multisite","http:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Funconfirmed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funconfirmed.1.3.7.zip",84,1,"2014-04-11 00:00:00",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":11,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":6,"requires_php":18,"tags":78,"homepage":18,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":28,"last_vuln_date":85,"fetched_at":30},"wp-action-network","Action Network","1.8.2","Concerted Action","https:\u002F\u002Fprofiles.wordpress.org\u002Fconcertedaction\u002F","\u003Cp>A free WordPress plugin for the \u003Ca href=\"https:\u002F\u002Factionnetwork.org\" rel=\"nofollow ugc\">Action Network\u003C\u002Fa> online organizing tools maintained by \u003Ca href=\"http:\u002F\u002Fconcertedaction.consulting\u002F\" rel=\"nofollow ugc\">Concerted Action\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create a WordPress shortcode or widget from any Action Network embed code.\u003C\u002Fli>\n\u003Cli>Manage your saved embed codes using the WordPress backend. Supports sorting by title, type and last modified date, and provides a search function.\u003C\u002Fli>\n\u003Cli>Modify Action Network’s default “thank you for your support” and “help us by using sharing tools” messages, and control which sharing options (social, email & embed codes) are displayed, using shortcode options or widget controls.\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>[actionnetwork_list]\u003C\u002Fcode> shortcode or Action Network List widget to show a list of current actions.\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>[actionnetwork_calendar]\u003C\u002Fcode> shortcode or Action Network Calendar widget to show a list of upcoming events. Optionally outputs upcoming events in JSON. Development of this feature was supported by \u003Ca href=\"http:\u002F\u002Fwww.thepeopleslobbyusa.org\u002F\" rel=\"nofollow ugc\">The People’s Lobby\u003C\u002Fa> – if you like it, please consider \u003Ca href=\"https:\u002F\u002Factionnetwork.org\u002Ffundraising\u002Fdonate-to-the-peoples-lobby\" rel=\"nofollow ugc\">making a donation to them\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>If you are an \u003Ca href=\"https:\u002F\u002Factionnetwork.org\u002Fpartnerships\" rel=\"nofollow ugc\">Action Network Partner\u003C\u002Fa>, use your API key to sync all of your actions from Action Network to WordPress.\u003C\u002Fli>\n\u003Cli>Create signup widgets which allow visitors to your site to sign up for your email list \u003Cem>without\u003C\u002Fem> using Action Network javascript embeds. This allows you to place a signup form on every page (for example in the sidebar), and still load Action Network embed codes for actions on particular pages (since Action Network’s scripts will only load one embed code per page).  This feature does require the API key, so you have to be an \u003Ca href=\"https:\u002F\u002Factionnetwork.org\u002Fpartnerships\" rel=\"nofollow ugc\">Action Network Partner\u003C\u002Fa> to use it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Detailed specs for shortcode attributes, widget options, etc. are available on the Help menu for the Action Network page on the backend.\u003C\u002Fp>\n","Provides Action Network (actionnetwork.org) action embed codes as shortcodes and a calendar and signup widget",400,13080,2,"2025-11-18T18:03:00.000Z","6.8.5",[79,80,81,23],"action-network","events","online-organizing","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-action-network.zip",97,3,"2025-01-08 22:09:53",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":105,"download_link":106,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"restrict-usernames","Restrict Usernames","3.7","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>This plugin allows you to restrict the usernames that new users may use when registering for your site.\u003C\u002Fp>\n\u003Cp>If open registration is enabled for your site (via Settings -> General -> Membership (“Anyone can register”)), WordPress allows visitors to register for an account on your blog. By default, any username they choose is allowed so long as it isn’t an already existing account and it doesn’t include invalid (i.e. non-alphanumeric) characters.\u003C\u002Fp>\n\u003Cp>Possible reasons for wanting to restrict certain usernames:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent usernames that contain foul, offensive, or otherwise undesired words\u003C\u002Fli>\n\u003Cli>Prevent squatting on usernames that you may want to use in the future (but don’t want to actually create the account for just yet) (essentially placing a hold on the username)\u003C\u002Fli>\n\u003Cli>Prevent official-sounding usernames from being used (i.e. help, support, pr, info, sales)\u003C\u002Fli>\n\u003Cli>Prevent official username syntax from being used (i.e. if all of your administrators use a prefix to identify themselves, you don’t want a visitor to use that prefix)\u003C\u002Fli>\n\u003Cli>Prevent spaces from being used in a username (which WordPress allows by default)\u003C\u002Fli>\n\u003Cli>Require that a username starts with, ends with, or contain one of a set of substrings (i.e. “support_”, “admin_”)\u003C\u002Fli>\n\u003Cli>Require a minimum number of characters for usernames\u003C\u002Fli>\n\u003Cli>Limit usernames to a maximum number of characters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When attempting to register with a restricted username, the visitor will be given an error notice that says:\u003Cbr \u002F>\nERROR: This username is invalid. Please enter a valid username.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin does not put any restrictions on usernames that the admin chooses for users when creating user accounts from within the WordPress admin. This only restricts the names that users choose themselves when registering for your site.\u003C\u002Fp>\n\u003Cp>SPECIAL NOTE: Many membership plugins implement their own user registration handling that often bypasses checks (and hooks) performed by WordPress. As such, it is unlikely that the plugin is compatible with them without special plugin-specific amendments.\u003C\u002Fp>\n\u003Cp>Compatible with Multisite and BuddyPress as well.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Frestrict-usernames\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestrict-usernames\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Frestrict-usernames\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>The plugin exposes one filter for hooking. Typically, customizations utilizing this hook would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>c2c_restrict_usernames-validate (filter)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The ‘c2c_restrict_usernames-validate’ hook allows you to add your own customized checks for the username being registered. You can add additional restrictions or override the assessment performed by the plugin.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$valid (boolean): The assessment by the plugin about the validity of the username based on settings. True means username can be used.\u003C\u002Fli>\n\u003Cli>$username (string): The username being registered.\u003C\u002Fli>\n\u003Cli>$settings (array): The plugin’s settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Add custom checks on usernames.\n *\n * Specifically, prevent use of usernames ending in numbers.\n *\n * @param bool   $valid    True if the username is valid, false if not.\n * @param string $username The username.\n * @param array  $options  Plugin options.\n *\u002F\nfunction my_restrict_usernames_check( $valid, $username, $options ) {\n    \u002F\u002F Only do additional checking if the plugin has already performed its\n    \u002F\u002F checks and deemed the username valid.\n    if ( $valid ) {\n        \u002F\u002F Don't allow usernames to end in numbers.\n        if ( preg_match( '\u002F[0-9]+$\u002F', $username ) ) {\n            $valid = false;\n        }\n    }\n    return $valid;\n}\nadd_filter( 'c2c_restrict_usernames-validate', 'my_restrict_usernames_check', 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Restrict the usernames that new users may use when registering for your site.",300,24271,72,14,"2018-06-21T05:36:00.000Z","4.9.29","4.7",[102,103,23,24,104],"registration","restrictions","users","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Frestrict-usernames\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-usernames.3.7.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":11,"num_ratings":117,"last_updated":118,"tested_up_to":77,"requires_at_least":100,"requires_php":18,"tags":119,"homepage":122,"download_link":123,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"network-subsite-user-registration","Network Subsite User Registration","4.1","Justin Fletcher","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustinticktock\u002F","\u003Cp>The ‘Network Subsite User Registration’ (NSUR) plugin removes the WordPress Multisite restriction that registration is on the Network main site, subsite Administrators can now allow user registration for their site only.\u003C\u002Fp>\n\u003Cp>WordPress Network (Multisite) installations by default only allow user registration for the whole Network, e.g. users can only register for the main site and not the other sites on the network.  The ‘Network Subsite User Registration’ plugin allows local admins of sub-sites within the Network\u002FMultisite the ability to enable user registration themselves for their site.\u003C\u002Fp>\n\u003Cp>The role by default that a new user receives is ‘subscriber’, however, there is a setting which allows you to define a different initial role (per sub-site) that a user receives after registration.\u003C\u002Fp>\n\u003Cp>@Developers – If you want to use your own template you can override the template used for the ..\u002Flocal-signup page by creating a template with the file ‘page-signup.php’ and add this to either the parent or child theme.\u003C\u002Fp>\n\u003Ch4>Plugin site\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>GitHub – Development\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustinticktock\u002Fnetwork-subsite-user-registration\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fjustinticktock\u002Fnetwork-subsite-user-registration\u003C\u002Fa>\u003C\u002Fp>\n","Allow the public to register user accounts on Subsites within a Network (MultiSite) installation.",50,45539,52,"2025-04-17T15:48:00.000Z",[59,21,120,23,121],"register","user-registration","http:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-subsite-user-registration.4.1.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":37,"downloaded":132,"rating":11,"num_ratings":84,"last_updated":133,"tested_up_to":134,"requires_at_least":18,"requires_php":18,"tags":135,"homepage":138,"download_link":139,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lh-buddypress-login-on-activation","LH Buddypress login on activation","1.03","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>All this plugin does is is change the buddypress signup activation process such that:\u003C\u002Fp>\n\u003Cp>When signed up user activates their account, it makes them logged in\u003C\u002Fp>\n\u003Cp>Once that user is logged in, they are redirected to their profile\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-buddypress-login-on-activation\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-buddypress-login-on-activation\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Makes your buddypress signup process seamless by automatically logging on users who activate their account.",3105,"2022-08-02T03:06:00.000Z","6.0.11",[20,136,58,23,137],"buddypress","xprofile","http:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-buddypress-login-on-activation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-buddypress-login-on-activation.zip",{"attackSurface":141,"codeSignals":153,"taintFlows":169,"riskAssessment":170,"analyzedAt":179},{"hooks":142,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":28,"unprotectedCount":28},[143],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","network_admin_menu","ds_uak_admin_page","ds_wp3_user_activation_keys.php",25,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":157,"fileOperations":28,"externalRequests":28,"nonceChecks":63,"capabilityChecks":28,"bundledLibraries":168},[],{"prepared":63,"raw":28,"locations":156},[],{"escaped":28,"rawEcho":34,"locations":158},[159,162,164,166],{"file":147,"line":160,"context":161},45,"raw output",{"file":147,"line":163,"context":161},58,{"file":147,"line":165,"context":161},60,{"file":147,"line":167,"context":161},62,[],[],{"summary":171,"deductions":172},"The user-activation-keys plugin v4.6 presents a mixed security posture.  On the positive side, the static analysis reveals no known vulnerabilities in its history, no dangerous functions are used, all SQL queries are prepared, and there are no file operations or external HTTP requests. The presence of a nonce check is also a good practice.  However, a significant concern arises from the complete lack of output escaping.  This means that any dynamic data processed and displayed by the plugin is not being properly sanitized, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  The absence of capability checks on entry points, although the attack surface is currently zero, is also a weakness that could become a problem if new entry points are introduced in future versions without proper authorization checks.\n\nThe taint analysis shows no detected vulnerabilities, which is encouraging. The plugin's vulnerability history is clean, suggesting a history of secure development or minimal exposure. However, the critical issue of unescaped output remains the most pressing concern.  While the plugin has strengths in its secure handling of database operations and lack of dangerous functions, the unescaped output is a fundamental security flaw that could allow attackers to inject malicious scripts into the WordPress admin area or frontend, impacting users and potentially compromising the site.\n\nIn conclusion, while the user-activation-keys plugin v4.6 has demonstrated a strong track record with no past vulnerabilities and secure internal operations like prepared SQL queries, the severe lack of output escaping creates a substantial risk.  The plugin is currently susceptible to XSS attacks. Addressing the output escaping issue should be the top priority for improving its security.",[173,176],{"reason":174,"points":175},"Unescaped output detected",15,{"reason":177,"points":178},"Missing capability checks on entry points",5,"2026-03-16T20:57:32.673Z",{"wat":181,"direct":186},{"assetPaths":182,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[],[],[],[],{"cssClasses":187,"htmlComments":190,"htmlAttributes":191,"restEndpoints":192,"jsGlobals":193,"shortcodeOutput":194},[188,189],"wrap","widefat",[],[],[],[],[]]