[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRF3yzpoRuyuO4_49YjBB8yXbhpfcTfm0nrTgtCyLMO8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":124,"fingerprints":685},"user-blocker","User Blocker","2.2","solwininfotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fsolwininfotech\u002F","\u003Cp>User Blocker plugin provide the ability to admin to block or unblock user accounts quickly and effortlessly. User can be blocked by Roll or username for specific day & time OR date range Or permanently. When someone tries to log in, and if that user blocked then a friendly error message is displayed on the login screen. You can unblock accounts at any time you want.\u003Cbr \u002F>\nAlso admin can view blocked user list and quickly search user and unblock account if require.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Blocker Plugin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block user by time (FROM-time to TO-time) for certain week days\u003C\u002Fli>\n\u003Cli>Block user by date (FROM-date to TO-date)\u003C\u002Fli>\n\u003Cli>Block user Permanently\u003C\u002Fli>\n\u003Cli>Unblock user any time\u003C\u002Fli>\n\u003Cli>Block user by UserName OR by Role\u003C\u002Fli>\n\u003Cli>Customizable message for each blocked User OR Blocked Role\u003C\u002Fli>\n\u003Cli>View blocked user list By Time, By Date and Permanently blocked users.\u003C\u002Fli>\n\u003Cli>Easy to search any blocked user by username\u002F email \u002F First name to view blocking status and modify or remove blocking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Technical Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You have any suggestion with User Blocker plugin or you found a bug, please contact us at \u003Ca href=\"http:\u002F\u002Fsupport.solwininfotech.com\" rel=\"nofollow ugc\">support.solwininfotech.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permissions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Only administrators are allowed to use this system. People with lower access levels are neither shown the new bulk actions, nor are they allowed to change the status of accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important: Plugin does not deactivate any Admin users.\u003C\u002Fstrong>\u003C\u002Fp>\n","To block users from admin side except admin users for specific day,time, and date or permanently.",3000,81478,82,"2024-08-09T14:45:00.000Z","6.6.5","5.4","",[19,20,21,22,23],"block-user","deactivate-users","deny-user","disable-users","restrict-user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-blocker.zip",92,1,0,"2022-11-09 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2022-45078","user-blocker-authenticated-admin-csv-injection","User Blocker \u003C= 1.5.5 - Authenticated (Admin+) CSV Injection","The User Blocker plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.5.5. This allows administrator-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.",null,"\u003C=1.5.5","1.5.6","medium",5.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6ee6dedb-72bc-43b0-a7cb-9069533df705?source=api-prod",440,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":13,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},7,14180,642,66,"2026-04-04T21:11:02.362Z",[55,76,99],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":49,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"block-user-account","DW Block User Account","1.4","Dango Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fdangoweb\u002F","\u003Cp>If you have a large website with a lot of users or a small website with few users, and in some cases, such as user abuse or other reasons, you can block user, with this plugin. (user cannot enter to wp_admin.)\u003Cbr \u002F>\nAfter blocking if the user is in his account, he will also be logged out.\u003C\u002Fp>\n","This plugin blocks user accounts and prevents users from accessing the WP ADMIN",1000,10290,86,"2025-08-28T23:41:00.000Z","6.8.5","6.5","7.4",[71,19,72],"block-account","disable-account","https:\u002F\u002Fdangoweb.ir\u002Fproduct\u002Fbuacc-wordpress-user-block-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-user-account.1.4.zip",100,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":63,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":75,"vuln_count":27,"unpatched_count":28,"last_vuln_date":98,"fetched_at":30},"restrict-usernames-emails-characters","Restrict Usernames Emails Characters","4.1.2","Benaceur","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenaceur\u002F","\u003Cp>This plugin allows you to Restrict a particular or certain username, email addresses or symbols,\u003Cbr \u002F>\nor email from specific domain names in the form registration when registering for your site\u003Cbr \u002F>\nand you can allow to use a certain language (arabic cyrillic latin …)\u003Cbr \u002F>\nor all languages and characters and symbols, you can also control and modify all errors messages\u003Cbr \u002F>\nand allow certain characters (Symbols and characters accented as é û),\u003Cbr \u002F>\nand allowing you to change the author slug (defaults to the username of the author),\u003Cbr \u002F>\nand you can control and adjust all settings from the plugin settings page in admin Panel.\u003C\u002Fp>\n\u003Ch4>and here is all plugin settings in admin Panel:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>enable\u002Fdisable the plugin\u003C\u002Fli>\n\u003Cli>disallow to use the spaces in username\u003C\u002Fli>\n\u003Cli>disallow to use only numbers in username\u003C\u002Fli>\n\u003Cli>disallow all characters (Symbols) in username\u003C\u002Fli>\n\u003Cli>disallow characters (Symbols) permitted by wordpress in username: @ – . _\u003C\u002Fli>\n\u003Cli>allow certain characters (Symbols and characters accented as é û)\u003C\u002Fli>\n\u003Cli>restrict certain email addresses\u003C\u002Fli>\n\u003Cli>restrict certain username\u003C\u002Fli>\n\u003Cli>restrict certain domain names for example: yournamesite@com\u003C\u002Fli>\n\u003Cli>No\u002Fyes uppercase in username\u003C\u002Fli>\n\u003Cli>Compatible with single site, network (multi-site), buddypress and buddyboss.\u003C\u002Fli>\n\u003Cli>The possibility to:\u003C\u002Fli>\n\u003Cli>choose language (characters) in username (arabic cyrillic latin …) or all languages\u003C\u002Fli>\n\u003Cli>remove all settings and data of the plugin from database when the plugin is disabled\u003C\u002Fli>\n\u003Cli>reset default settings\u003C\u002Fli>\n\u003Cli>control and modify all errors messages\u003C\u002Fli>\n\u003Cli>restrict any name contains a part of word (partial matching)\u003C\u002Fli>\n\u003Cli>prevent the use of email in the username\u003C\u002Fli>\n\u003Cli>prevent the use of numbers more than letters and symbols in the user name.\u003C\u002Fli>\n\u003Cli>allowing you to change the author slug\u003C\u002Fli>\n\u003Cli>Author Slug Structure\u003C\u002Fli>\n\u003Cli>Update of the author’s slug for all users\u003C\u002Fli>\n\u003Cli>Limit the number of users to update (in batches) with every click, if your database is big\u003C\u002Fli>\n\u003Cli>Update or convert only names (author slug) not latin\u003C\u002Fli>\n\u003Cli>remove name field in buddypress.\u003C\u002Fli>\n\u003Cli>hide or change message (Must be at least 4 characters, letters and numbers only.) of multisite.\u003C\u002Fli>\n\u003Cli>add an notice or text in registration form.\u003C\u002Fli>\n\u003Cli>etc…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>TRANSLATED IN FOLLOWING LANGUAGES:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Direct support page:\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fbenaceur-php.com\u002F?p=2268\u003C\u002Fp>\n","Restrict the usernames, email addresses, characters and symbols or email from specific domain names or language in registration ...",38817,90,25,"2025-12-01T20:58:00.000Z","6.9.4","3.0","5.3.19",[92,93,94,23,95],"anti-spam","author-slug","registration","security","https:\u002F\u002Fbenaceur-php.com\u002F?p=2268","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-usernames-emails-characters.4.1.2.zip","2024-01-31 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":121,"download_link":122,"security_score":123,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bp-block-users","BP Block Users","1.0.2","Brandon Allen","https:\u002F\u002Fprofiles.wordpress.org\u002Fthebrandonallen\u002F","\u003Cblockquote>\n\u003Cp>This plugin requires BuddyPress 2.4.0+.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Sometimes a user in your community needs a some time to cool off. In BuddyPress, spamming or deleting the user is a destructive action, leaving little to no trace that the user existed. BP Block Users allows a capable user (administrators only by default) to block a user from logging into the site. Users can be blocked for a specified period of time, or indefinitely, if administrators need more time to determine the best course of action.\u003C\u002Fp>\n\u003Cp>A message will be shown on the login screen when a blocked user attempts, but ultimately fails, to login, informing them that their account has been blocked. During the block period, email notifications are suspended.\u003C\u002Fp>\n\u003Cp>For bug reports or to submit patches or translation files, visit https:\u002F\u002Fgithub.com\u002Fthebrandonallen\u002Fbp-block-users\u002Fissues.\u003C\u002Fp>\n","Allows BuddyPress administrators to block users indefinitely, or for a specified period of time.",50,6491,60,2,"2018-01-15T21:39:00.000Z","4.9.29","4.3","5.2.4",[116,117,118,119,120],"block","block-users","bp","buddypress","users","https:\u002F\u002Fgithub.com\u002Fthebrandonallen\u002Fbp-block-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-block-users.1.0.2.zip",85,{"attackSurface":125,"codeSignals":243,"taintFlows":356,"riskAssessment":675,"analyzedAt":684},{"hooks":126,"ajaxHandlers":230,"restRoutes":240,"shortcodes":241,"cronEvents":242,"entryPointCount":110,"unprotectedCount":27},[127,133,138,140,142,144,149,153,158,162,165,170,173,178,181,185,189,192,196,200,204,208,210,215,218,222,226],{"type":128,"name":129,"callback":130,"file":131,"line":132},"filter","pre_user_query","ublk_sort_by_member_number","includes\\user-blocker-blocked-users-list.php",155,{"type":134,"name":135,"callback":136,"file":131,"line":137},"action","admin_init","user_blocker_export_data",494,{"type":128,"name":129,"callback":130,"file":131,"line":139},618,{"type":128,"name":129,"callback":130,"file":131,"line":141},1360,{"type":128,"name":129,"callback":130,"file":131,"line":143},2284,{"type":134,"name":145,"callback":146,"file":147,"line":148},"wp_dashboard_setup","ublk_solwin_latest_news_with_product_details","includes\\user-blocker-common-functions.php",16,{"type":128,"name":150,"callback":151,"file":147,"line":152},"admin_footer_text","ublk_remove_footer_admin",103,{"type":134,"name":154,"callback":155,"priority":156,"file":147,"line":157},"delete_user","ublk_update_block_user_role",15,992,{"type":134,"name":159,"callback":155,"priority":160,"file":147,"line":161},"user_register",20,993,{"type":134,"name":163,"callback":155,"priority":86,"file":147,"line":164},"edit_user_profile_update",994,{"type":134,"name":166,"callback":167,"file":168,"line":169},"plugins_loaded","ublk_load_plugin","includes\\user-blocker-promo-notice.php",10,{"type":134,"name":171,"callback":172,"file":168,"line":86},"admin_notices","ublk_promo",{"type":134,"name":174,"callback":175,"file":176,"line":177},"admin_menu","ublk_plugin_setup","user_blocker.php",43,{"type":134,"name":166,"callback":179,"file":176,"line":180},"ublk_latest_news_solwin_feed",44,{"type":134,"name":182,"callback":183,"file":176,"line":184},"current_screen","ublk_footer",45,{"type":134,"name":186,"callback":187,"file":176,"line":188},"admin_enqueue_scripts","ublk_enqueue_style_script",46,{"type":134,"name":166,"callback":190,"file":176,"line":191},"ublk_load_text_domain",47,{"type":128,"name":193,"callback":194,"priority":169,"file":176,"line":195},"set-screen-option","ublk_set_screen_option",49,{"type":134,"name":197,"callback":198,"file":176,"line":199},"init","ublk_session_start",53,{"type":134,"name":201,"callback":202,"priority":169,"file":176,"line":203},"admin_head","ublk_subscribe_mail",54,{"type":128,"name":205,"callback":206,"priority":169,"file":176,"line":207},"login_errors","ublk_login_error",235,{"type":128,"name":205,"callback":206,"priority":169,"file":176,"line":209},285,{"type":128,"name":211,"callback":212,"priority":213,"file":176,"line":214},"authenticate","ublk_auth_signon",30,293,{"type":134,"name":159,"callback":216,"priority":169,"file":176,"line":217},"ublk_when_register",418,{"type":128,"name":219,"callback":220,"file":176,"line":221},"wpmem_login_failed_sb","ublk_wp_member_plugin_login_failed_sb_msg",903,{"type":128,"name":223,"callback":224,"file":176,"line":225},"wpmem_login_failed","ublk_wp_member_plugin_login_failed_msg",938,{"type":134,"name":227,"callback":228,"file":176,"line":229},"activated_plugin","ublk_activated_plugin",1132,[231,236],{"action":232,"nopriv":233,"callback":234,"hasNonce":233,"hasCapCheck":233,"file":176,"line":235},"close_tab",false,"wp_ajax_blocker_close_tab",55,{"action":237,"nopriv":233,"callback":237,"hasNonce":238,"hasCapCheck":233,"file":176,"line":239},"ublk_submit_optin",true,969,[],[],[],{"dangerousFunctions":244,"sqlUsage":245,"outputEscaping":247,"fileOperations":28,"externalRequests":353,"nonceChecks":354,"capabilityChecks":28,"bundledLibraries":355},[],{"prepared":169,"raw":28,"locations":246},[],{"escaped":248,"rawEcho":249,"locations":250},1464,52,[251,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,328,329,331,333,335,337,339,341,343,344,346,347,349,351],{"file":252,"line":253,"context":254},"includes\\user-blocker-block-users.php",914,"raw output",{"file":252,"line":256,"context":254},932,{"file":252,"line":258,"context":254},950,{"file":252,"line":260,"context":254},968,{"file":252,"line":262,"context":254},983,{"file":252,"line":264,"context":254},1004,{"file":252,"line":266,"context":254},1022,{"file":252,"line":268,"context":254},1211,{"file":252,"line":270,"context":254},1229,{"file":252,"line":272,"context":254},1247,{"file":252,"line":274,"context":254},1265,{"file":252,"line":276,"context":254},1283,{"file":252,"line":278,"context":254},1301,{"file":252,"line":280,"context":254},1319,{"file":252,"line":282,"context":254},1454,{"file":252,"line":284,"context":254},2104,{"file":252,"line":286,"context":254},2127,{"file":252,"line":288,"context":254},2259,{"file":252,"line":290,"context":254},2302,{"file":252,"line":292,"context":254},2337,{"file":252,"line":294,"context":254},3094,{"file":131,"line":296,"context":254},790,{"file":131,"line":298,"context":254},812,{"file":131,"line":300,"context":254},834,{"file":131,"line":302,"context":254},856,{"file":131,"line":304,"context":254},878,{"file":131,"line":306,"context":254},900,{"file":131,"line":308,"context":254},922,{"file":131,"line":310,"context":254},1071,{"file":131,"line":312,"context":254},1093,{"file":131,"line":314,"context":254},1115,{"file":131,"line":316,"context":254},1137,{"file":131,"line":318,"context":254},1159,{"file":131,"line":320,"context":254},1181,{"file":131,"line":322,"context":254},1203,{"file":131,"line":324,"context":254},2552,{"file":147,"line":326,"context":254},37,{"file":147,"line":235,"context":254},{"file":147,"line":109,"context":254},{"file":147,"line":330,"context":254},421,{"file":147,"line":332,"context":254},539,{"file":147,"line":334,"context":254},540,{"file":147,"line":336,"context":254},556,{"file":147,"line":338,"context":254},557,{"file":147,"line":340,"context":254},593,{"file":147,"line":342,"context":254},632,{"file":147,"line":262,"context":254},{"file":147,"line":345,"context":254},1092,{"file":168,"line":191,"context":254},{"file":176,"line":348,"context":254},469,{"file":176,"line":350,"context":254},687,{"file":176,"line":352,"context":254},751,5,14,[],[357,417,450,496,529,563,592,620,648],{"entryPoint":358,"graph":359,"unsanitizedCount":416,"severity":40},"ublk_block_user_page (includes\\user-blocker-block-users.php:21)",{"nodes":360,"edges":408},[361,366,372,376,381,385,388,392,396,398,402,405],{"id":362,"type":363,"label":364,"file":252,"line":365},"n0","source","$_POST (x4)",400,{"id":367,"type":368,"label":369,"file":252,"line":370,"wp_function":371},"n1","sink","update_option() [Settings Manipulation]",405,"update_option",{"id":373,"type":363,"label":374,"file":252,"line":375},"n2","$_GET (x10)",748,{"id":377,"type":368,"label":378,"file":252,"line":379,"wp_function":380},"n3","echo() [XSS]",756,"echo",{"id":382,"type":363,"label":383,"file":252,"line":384},"n4","$_POST (x17)",463,{"id":386,"type":368,"label":378,"file":252,"line":387,"wp_function":380},"n5",796,{"id":389,"type":363,"label":390,"file":252,"line":391},"n6","$_POST",781,{"id":393,"type":394,"label":395,"file":252,"line":391},"n7","transform","→ ublk_user_category_dropdown()",{"id":397,"type":368,"label":378,"file":147,"line":334,"wp_function":380},"n8",{"id":399,"type":363,"label":400,"file":252,"line":401},"n9","$_GET (x2)",783,{"id":403,"type":394,"label":404,"file":252,"line":401},"n10","→ ublk_pagination()",{"id":406,"type":368,"label":378,"file":147,"line":407,"wp_function":380},"n11",713,[409,410,411,412,413,414,415],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":238},{"from":382,"to":386,"sanitized":238},{"from":389,"to":393,"sanitized":233},{"from":393,"to":397,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"from":403,"to":406,"sanitized":233},3,{"entryPoint":418,"graph":419,"unsanitizedCount":416,"severity":40},"ublk_block_user_date_page (includes\\user-blocker-block-users.php:1568)",{"nodes":420,"edges":442},[421,423,425,427,429,432,434,436,437,438,440,441],{"id":362,"type":363,"label":364,"file":252,"line":422},1712,{"id":367,"type":368,"label":369,"file":252,"line":424,"wp_function":371},1717,{"id":373,"type":363,"label":374,"file":252,"line":426},1985,{"id":377,"type":368,"label":378,"file":252,"line":428,"wp_function":380},1993,{"id":382,"type":363,"label":430,"file":252,"line":431},"$_POST (x5)",1775,{"id":386,"type":368,"label":378,"file":252,"line":433,"wp_function":380},2027,{"id":389,"type":363,"label":390,"file":252,"line":435},2011,{"id":393,"type":394,"label":395,"file":252,"line":435},{"id":397,"type":368,"label":378,"file":147,"line":334,"wp_function":380},{"id":399,"type":363,"label":400,"file":252,"line":439},2013,{"id":403,"type":394,"label":404,"file":252,"line":439},{"id":406,"type":368,"label":378,"file":147,"line":407,"wp_function":380},[443,444,445,446,447,448,449],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":238},{"from":382,"to":386,"sanitized":238},{"from":389,"to":393,"sanitized":233},{"from":393,"to":397,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"from":403,"to":406,"sanitized":233},{"entryPoint":451,"graph":452,"unsanitizedCount":495,"severity":40},"ublk_block_user_permenant_page (includes\\user-blocker-block-users.php:2376)",{"nodes":453,"edges":485},[454,456,458,461,463,466,468,470,471,472,475,477,478,481,483],{"id":362,"type":363,"label":364,"file":252,"line":455},2509,{"id":367,"type":368,"label":369,"file":252,"line":457,"wp_function":371},2518,{"id":373,"type":363,"label":459,"file":252,"line":460},"$_GET (x19)",2755,{"id":377,"type":368,"label":378,"file":252,"line":462,"wp_function":380},2763,{"id":382,"type":363,"label":464,"file":252,"line":465},"$_POST (x3)",2561,{"id":386,"type":368,"label":378,"file":252,"line":467,"wp_function":380},2802,{"id":389,"type":363,"label":390,"file":252,"line":469},2783,{"id":393,"type":394,"label":395,"file":252,"line":469},{"id":397,"type":368,"label":378,"file":147,"line":334,"wp_function":380},{"id":399,"type":363,"label":473,"file":252,"line":474},"$_GET",2784,{"id":403,"type":394,"label":476,"file":252,"line":474},"→ ublk_role_selection_dropdown()",{"id":406,"type":368,"label":378,"file":147,"line":340,"wp_function":380},{"id":479,"type":363,"label":400,"file":252,"line":480},"n12",2785,{"id":482,"type":394,"label":404,"file":252,"line":480},"n13",{"id":484,"type":368,"label":378,"file":147,"line":407,"wp_function":380},"n14",[486,487,488,489,490,491,492,493,494],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":238},{"from":382,"to":386,"sanitized":238},{"from":389,"to":393,"sanitized":233},{"from":393,"to":397,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"from":403,"to":406,"sanitized":233},{"from":479,"to":482,"sanitized":233},{"from":482,"to":484,"sanitized":233},4,{"entryPoint":497,"graph":498,"unsanitizedCount":169,"severity":40},"\u003Cuser-blocker-block-users> (includes\\user-blocker-block-users.php:0)",{"nodes":499,"edges":519},[500,502,503,505,506,508,509,510,511,512,514,515,516,517,518],{"id":362,"type":363,"label":501,"file":252,"line":365},"$_POST (x12)",{"id":367,"type":368,"label":369,"file":252,"line":370,"wp_function":371},{"id":373,"type":363,"label":504,"file":252,"line":375},"$_GET (x39)",{"id":377,"type":368,"label":378,"file":252,"line":379,"wp_function":380},{"id":382,"type":363,"label":507,"file":252,"line":384},"$_POST (x29)",{"id":386,"type":368,"label":378,"file":252,"line":387,"wp_function":380},{"id":389,"type":363,"label":464,"file":252,"line":391},{"id":393,"type":394,"label":395,"file":252,"line":391},{"id":397,"type":368,"label":378,"file":147,"line":334,"wp_function":380},{"id":399,"type":363,"label":513,"file":252,"line":401},"$_GET (x6)",{"id":403,"type":394,"label":404,"file":252,"line":401},{"id":406,"type":368,"label":378,"file":147,"line":407,"wp_function":380},{"id":479,"type":363,"label":473,"file":252,"line":474},{"id":482,"type":394,"label":476,"file":252,"line":474},{"id":484,"type":368,"label":378,"file":147,"line":340,"wp_function":380},[520,521,522,523,524,525,526,527,528],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":238},{"from":382,"to":386,"sanitized":238},{"from":389,"to":393,"sanitized":233},{"from":393,"to":397,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"from":403,"to":406,"sanitized":233},{"from":479,"to":482,"sanitized":233},{"from":482,"to":484,"sanitized":233},{"entryPoint":530,"graph":531,"unsanitizedCount":562,"severity":40},"ublk_block_user_list_page (includes\\user-blocker-blocked-users-list.php:499)",{"nodes":532,"edges":554},[533,535,537,539,541,542,544,546,548,550,552],{"id":362,"type":363,"label":534,"file":131,"line":332},"$_GET (x13)",{"id":367,"type":368,"label":378,"file":131,"line":536,"wp_function":380},669,{"id":373,"type":363,"label":473,"file":131,"line":538},698,{"id":377,"type":394,"label":540,"file":131,"line":538},"→ ublk_blocked_role_selection_dropdown()",{"id":382,"type":368,"label":378,"file":147,"line":342,"wp_function":380},{"id":386,"type":363,"label":513,"file":131,"line":543},699,{"id":389,"type":394,"label":545,"file":131,"line":543},"→ ublk_blocked_pagination()",{"id":393,"type":368,"label":378,"file":147,"line":547,"wp_function":380},904,{"id":397,"type":363,"label":473,"file":131,"line":549},702,{"id":399,"type":394,"label":551,"file":131,"line":549},"→ ublk_search_field()",{"id":403,"type":368,"label":378,"file":147,"line":553,"wp_function":380},931,[555,556,557,558,559,560,561],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":233},{"from":377,"to":382,"sanitized":233},{"from":386,"to":389,"sanitized":233},{"from":389,"to":393,"sanitized":233},{"from":397,"to":399,"sanitized":233},{"from":399,"to":403,"sanitized":233},8,{"entryPoint":564,"graph":565,"unsanitizedCount":562,"severity":40},"ublk_datewise_block_user_list_page (includes\\user-blocker-blocked-users-list.php:1249)",{"nodes":566,"edges":584},[567,570,572,574,575,576,578,579,580,582,583],{"id":362,"type":363,"label":568,"file":131,"line":569},"$_GET (x31)",1287,{"id":367,"type":368,"label":378,"file":131,"line":571,"wp_function":380},1412,{"id":373,"type":363,"label":473,"file":131,"line":573},1435,{"id":377,"type":394,"label":540,"file":131,"line":573},{"id":382,"type":368,"label":378,"file":147,"line":342,"wp_function":380},{"id":386,"type":363,"label":513,"file":131,"line":577},1436,{"id":389,"type":394,"label":545,"file":131,"line":577},{"id":393,"type":368,"label":378,"file":147,"line":547,"wp_function":380},{"id":397,"type":363,"label":473,"file":131,"line":581},1439,{"id":399,"type":394,"label":551,"file":131,"line":581},{"id":403,"type":368,"label":378,"file":147,"line":553,"wp_function":380},[585,586,587,588,589,590,591],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":233},{"from":377,"to":382,"sanitized":233},{"from":386,"to":389,"sanitized":233},{"from":389,"to":393,"sanitized":233},{"from":397,"to":399,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"entryPoint":593,"graph":594,"unsanitizedCount":562,"severity":40},"ublk_permanent_block_user_list_page (includes\\user-blocker-blocked-users-list.php:1702)",{"nodes":595,"edges":612},[596,598,600,602,603,604,606,607,608,610,611],{"id":362,"type":363,"label":568,"file":131,"line":597},1739,{"id":367,"type":368,"label":378,"file":131,"line":599,"wp_function":380},1852,{"id":373,"type":363,"label":473,"file":131,"line":601},1875,{"id":377,"type":394,"label":540,"file":131,"line":601},{"id":382,"type":368,"label":378,"file":147,"line":342,"wp_function":380},{"id":386,"type":363,"label":513,"file":131,"line":605},1876,{"id":389,"type":394,"label":545,"file":131,"line":605},{"id":393,"type":368,"label":378,"file":147,"line":547,"wp_function":380},{"id":397,"type":363,"label":473,"file":131,"line":609},1879,{"id":399,"type":394,"label":551,"file":131,"line":609},{"id":403,"type":368,"label":378,"file":147,"line":553,"wp_function":380},[613,614,615,616,617,618,619],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":233},{"from":377,"to":382,"sanitized":233},{"from":386,"to":389,"sanitized":233},{"from":389,"to":393,"sanitized":233},{"from":397,"to":399,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"entryPoint":621,"graph":622,"unsanitizedCount":562,"severity":40},"ublk_all_type_block_user_list_page (includes\\user-blocker-blocked-users-list.php:2105)",{"nodes":623,"edges":640},[624,626,628,630,631,632,634,635,636,638,639],{"id":362,"type":363,"label":568,"file":131,"line":625},2144,{"id":367,"type":368,"label":378,"file":131,"line":627,"wp_function":380},2317,{"id":373,"type":363,"label":473,"file":131,"line":629},2340,{"id":377,"type":394,"label":540,"file":131,"line":629},{"id":382,"type":368,"label":378,"file":147,"line":342,"wp_function":380},{"id":386,"type":363,"label":513,"file":131,"line":633},2341,{"id":389,"type":394,"label":545,"file":131,"line":633},{"id":393,"type":368,"label":378,"file":147,"line":547,"wp_function":380},{"id":397,"type":363,"label":473,"file":131,"line":637},2344,{"id":399,"type":394,"label":551,"file":131,"line":637},{"id":403,"type":368,"label":378,"file":147,"line":553,"wp_function":380},[641,642,643,644,645,646,647],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":233},{"from":377,"to":382,"sanitized":233},{"from":386,"to":389,"sanitized":233},{"from":389,"to":393,"sanitized":233},{"from":397,"to":399,"sanitized":233},{"from":399,"to":403,"sanitized":233},{"entryPoint":649,"graph":650,"unsanitizedCount":674,"severity":40},"\u003Cuser-blocker-blocked-users-list> (includes\\user-blocker-blocked-users-list.php:0)",{"nodes":651,"edges":666},[652,654,655,657,658,659,661,662,663,664,665],{"id":362,"type":363,"label":653,"file":131,"line":332},"$_GET (x106)",{"id":367,"type":368,"label":378,"file":131,"line":536,"wp_function":380},{"id":373,"type":363,"label":656,"file":131,"line":538},"$_GET (x4)",{"id":377,"type":394,"label":540,"file":131,"line":538},{"id":382,"type":368,"label":378,"file":147,"line":342,"wp_function":380},{"id":386,"type":363,"label":660,"file":131,"line":543},"$_GET (x24)",{"id":389,"type":394,"label":545,"file":131,"line":543},{"id":393,"type":368,"label":378,"file":147,"line":547,"wp_function":380},{"id":397,"type":363,"label":656,"file":131,"line":549},{"id":399,"type":394,"label":551,"file":131,"line":549},{"id":403,"type":368,"label":378,"file":147,"line":553,"wp_function":380},[667,668,669,670,671,672,673],{"from":362,"to":367,"sanitized":238},{"from":373,"to":377,"sanitized":233},{"from":377,"to":382,"sanitized":233},{"from":386,"to":389,"sanitized":233},{"from":389,"to":393,"sanitized":233},{"from":397,"to":399,"sanitized":233},{"from":399,"to":403,"sanitized":233},32,{"summary":676,"deductions":677},"The \"user-blocker\" v2.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output.  The absence of critical or high-severity taint flows is also encouraging. However, significant concerns arise from the presence of an unprotected AJAX handler, which represents a direct entry point into the application without proper authentication or authorization checks. The plugin's history includes a medium-severity 'Injection' vulnerability, indicating past weaknesses in handling user-supplied data, even though it is currently patched. This, combined with the unprotected AJAX handler, suggests a potential for attackers to exploit these weaknesses if not addressed.",[678,680,682],{"reason":679,"points":169},"Unprotected AJAX handler",{"reason":681,"points":49},"Past medium severity injection vulnerability",{"reason":683,"points":562},"Lack of capability checks on entry points","2026-03-16T18:20:55.730Z",{"wat":686,"direct":695},{"assetPaths":687,"generatorPatterns":690,"scriptPaths":691,"versionParams":692},[688,689],"\u002Fwp-content\u002Fplugins\u002Fuser-blocker\u002Fassets\u002Fcss\u002Fuser-blocker.css","\u002Fwp-content\u002Fplugins\u002Fuser-blocker\u002Fassets\u002Fjs\u002Fuser-blocker.js",[],[689],[693,694],"user-blocker\u002Fassets\u002Fcss\u002Fuser-blocker.css?ver=","user-blocker\u002Fassets\u002Fjs\u002Fuser-blocker.js?ver=",{"cssClasses":696,"htmlComments":698,"htmlAttributes":699,"restEndpoints":700,"jsGlobals":701,"shortcodeOutput":703},[697],"ublk-welcome-page",[],[],[],[702],"ublk_ajax_object",[]]