[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSI-q_rtc9WbRFhuce9_Bdvm3GL2dxy3RSH-D9uIAFCQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":118},"user-activation-validate","User Activation Validate","1.1.3","CodeManas","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodemanas\u002F","\u003Cp>This plugin checks and provides an interface to Admins, giving the option to either delete the user or resend activation link.\u003C\u002Fp>\n","This plugin checks and provides an interface to Admins, giving the option to either delete the user or resend activation link.",0,1013,100,1,"2024-01-08T09:06:00.000Z","6.4.8","4.5","7.4",[20,21,22,23,24],"delete-spam-users","unactivated","unconfirmed","user-active","user-validation","https:\u002F\u002Fwww.codemanas.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activation-validate.1.1.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"codemanas",15,1830,96,9,91,"2026-04-04T14:11:36.737Z",[],{"attackSurface":41,"codeSignals":89,"taintFlows":108,"riskAssessment":109,"analyzedAt":117},{"hooks":42,"ajaxHandlers":74,"restRoutes":85,"shortcodes":86,"cronEvents":87,"entryPointCount":88,"unprotectedCount":88},[43,49,53,58,64,69],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_menu","create_admin_menu","includes\\AdminInterface.php",28,{"type":44,"name":50,"callback":51,"file":47,"line":52},"admin_enqueue_scripts","load_scripts",29,{"type":44,"name":54,"callback":55,"file":56,"line":57},"plugins_loaded","uav_initialize_plugin","includes\\bootstrap.php",6,{"type":59,"name":60,"callback":61,"file":62,"line":63},"filter","manage_users_columns","uav_add_uav_status_user_column","includes\\Init.php",41,{"type":59,"name":65,"callback":66,"priority":67,"file":62,"line":68},"manage_users_custom_column","uav_add_uav_status_user_column_value",10,44,{"type":44,"name":70,"callback":71,"file":72,"line":73},"init","codemanas_uav_load_text_domain","user-activation-validate.php",39,[75,81],{"action":76,"nopriv":77,"callback":78,"hasNonce":77,"hasCapCheck":77,"file":79,"line":80},"uav_user_resend_single",false,"user_resend_single","includes\\SignupHandler.php",30,{"action":82,"nopriv":77,"callback":83,"hasNonce":77,"hasCapCheck":77,"file":79,"line":84},"uav_user_delete_single","user_delete_single",31,[],[],[],2,{"dangerousFunctions":90,"sqlUsage":91,"outputEscaping":94,"fileOperations":11,"externalRequests":11,"nonceChecks":14,"capabilityChecks":88,"bundledLibraries":107},[],{"prepared":92,"raw":11,"locations":93},3,[],{"escaped":36,"rawEcho":95,"locations":96},4,[97,100,102,104],{"file":47,"line":98,"context":99},113,"raw output",{"file":47,"line":101,"context":99},126,{"file":47,"line":103,"context":99},130,{"file":105,"line":106,"context":99},"views\\users.php",89,[],[],{"summary":110,"deductions":111},"The 'user-activation-validate' v1.1.3 plugin exhibits a mixed security posture.  On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and performing nonce checks on its entry points. It also has no recorded vulnerability history, suggesting a generally stable codebase. However, a significant concern arises from the presence of two AJAX handlers that lack proper authentication checks. This creates a direct attack vector where unauthenticated users could potentially interact with sensitive functionality.  While taint analysis did not reveal any specific issues, the unprotected AJAX endpoints are a considerable risk that warrants immediate attention. The plugin's strengths lie in its database query security and nonce implementation, but the unprotected AJAX handlers represent a notable weakness that overshadows these positive aspects.",[112,114],{"reason":113,"points":67},"AJAX handlers without auth checks",{"reason":115,"points":116},"High percentage of unescaped output",5,"2026-03-17T06:41:39.261Z",{"wat":119,"direct":126},{"assetPaths":120,"generatorPatterns":122,"scriptPaths":123,"versionParams":124},[121],"\u002Fwp-content\u002Fplugins\u002Fuser-activation-validate\u002Fassets\u002Fjs\u002Fadmin.js",[],[121],[125],"user-activation-validate\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":127,"htmlComments":129,"htmlAttributes":130,"restEndpoints":133,"jsGlobals":134,"shortcodeOutput":136},[128],"uav-error-msg",[],[131,132],"id=\"uav-error-msg\"","id=\"icon-themes\"",[],[135],"uav",[]]