[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2qlvvObu-ONUI72NezUi8BISvorH4NwMFqs1y_SUSCU":3,"$f5DU5RlJN8Se__TfEozxjW7y24g6utOYLeZP0WA4Y0hs":198,"$fFxNg2pDM69tl9gCSI3XOVqkEgsgFLbv3wKBxUCSaJTk":203},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":141,"fingerprints":177},"user-blocks","User Blocks","1.0.0","Kyle B. Johnson","https:\u002F\u002Fprofiles.wordpress.org\u002Fkbjohnson90\u002F","\u003Cp>User blocks for building profile and account pages.\u003C\u002Fp>\n","User blocks for building profile and account pages.",30,2528,0,"2019-09-25T17:45:00.000Z","5.2.24","5.0","5.6",[19,20,21,22,23],"block","blocks","user","usermeta","users","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-blocks.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"kbjohnson90",3,84,"2026-05-20T02:52:45.464Z",[37,62,83,99,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":13,"last_vuln_date":60,"fetched_at":61},"metronet-profile-picture","User Profile Picture","2.6.3","Cozmoslabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fcozmoslabs\u002F","\u003Cp>\u003Cstrong>User Profile Picture is no longer under active development, but will continue to work as is. We have integrated the current functionality in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofile-builder\u002F\" rel=\"ugc\">Profile Builder\u003C\u002Fa> where it will actively be maintained, and we recommend migrating to it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set or remove a custom profile image for a user using the standard WordPress media upload tool.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fuser-profile-picture\u002F\" rel=\"nofollow ugc\">View Documentation and Examples\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F9icnOWWZUpA?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Users must have the ability to upload images (typically author role or greater). You can use the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofile-builder\u002F\" rel=\"ugc\">Profile Builder\u003C\u002Fa> to allow other roles (e.g. subscribers) the ability to upload images.\u003C\u002Fp>\n\u003Cp>A template tag is supplied for outputting to a theme and the option to override a user’s default avatar is also available.\u003C\u002Fp>\n\u003Ch3>Documentation and Feedback\u003C\u002Fh3>\n\u003Cp>See the documentation on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmadalinungureanu\u002Fuser-profile-picture\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmetronet-profile-picture\u002Freviews\u002F#new-post\" rel=\"ugc\">Rate the Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Set a custom profile image (avatar) for a user using the standard WordPress media upload tool.",40000,1025560,92,59,"2024-07-18T13:11:00.000Z","6.6.5","4.6",[53,20,54,55,23],"avatar","gravatar","user-profile","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmetronet-profile-picture\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetronet-profile-picture.2.6.3.zip",91,1,"2024-06-20 00:00:00","2026-04-16T10:56:18.058Z",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":70,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"wp-team-list","Team List","4.0.0","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>Team List is a plugin that helps you to create a simple team site using your WordPress users with various display options. Either use a block, a shortcode, a template tag or the built-in widget to display blog authors.\u003C\u002Fp>\n\u003Cp>After creating similar functionality for a couple of clients, we decided to roll our knowledge into this simple plugin. It’s really straightforward to use:\u003C\u002Fp>\n\u003Cp>First of all, the plugin adds a small checkbox to the user profile in WordPress to toggle its visibility in the team list. This means you can decide for every user whether he should show up in the team list or not.\u003C\u002Fp>\n\u003Cp>You can then use one of these ways to display the list anywhere on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Action\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use the \u003Ccode>wp_team_list\u003C\u002Fcode> hook to directly display the users in your theme or plugin.\u003C\u002Fp>\n\u003Cp>For example, you can show users of any role ordered by their name:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\necho do_action( 'wp_team_list', array( 'role' => 'all', 'orderby' => 'name' ) );\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Team List supports many of the arguments \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002FWP_User_Query\" title=\"WordPress Codex Codex WP_User_Query\" rel=\"nofollow ugc\">\u003Ccode>WP_User_Query\u003C\u002Fcode>\u003C\u002Fa> supports.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use the “Team List” block in the block-based editor to display one or more team lists in any post types. You can select one or more roles and change the order. If you want you can also provide a link to a full team page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use the \u003Ccode>[wp_team_list]\u003C\u002Fcode> shortcode to display a team list in your posts. Supported arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>role\u003C\u002Fcode> – Filter users by roles (comma-separated).\u003Cbr \u002F>\nUse \u003Ccode>all\u003C\u002Fcode> to show users with any role.\u003Cbr \u002F>\n\u003Cstrong>Default:\u003C\u002Fstrong> \u003Ccode>administrator\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>orderby\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Default:\u003C\u002Fstrong> \u003Ccode>post_count\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>order\u003C\u002Fcode> – Either \u003Ccode>asc\u003C\u002Fcode> or \u003Ccode>desc\u003C\u002Fcode>.\u003Cbr \u002F>\n\u003Cstrong>Default:\u003C\u002Fstrong> \u003Ccode>desc\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>include\u003C\u002Fcode> – Filter users with specific IDs (comma-separated).\u003C\u002Fli>\n\u003Cli>\u003Ccode>has_published_posts\u003C\u002Fcode> – Filter users with published posts.\u003Cbr \u002F>\nEither a comma-separated list of post types or \u003Ccode>true\u003C\u002Fcode> to filter by all post types.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp_team_list role=\"author\" orderby=\"last_name\" order=\"desc\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Pro tip:\u003C\u002Fstrong> If you use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortcode-ui\u002F\" rel=\"ugc\">Shortcake WordPress plugin\u003C\u002Fa>, you’ll get an inline preview of the shortcode right in the visual editor. You can also add the shortcode with the click of a button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Widget\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Want do display the team members in your sidebar? Use the built-in WordPress widget. You can set the role you want, the number of users to show and even link to a separate team page.\u003C\u002Fp>\n","Display your teammates anywhere on your WordPress site using this easy-to-use plugin.",100,15968,7,"2024-11-18T13:54:00.000Z","6.7.5","6.0","7.4",[78,20,79,23,80],"authors","team","widget","https:\u002F\u002Fgithub.com\u002Fwearerequired\u002Fwp-team-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-team-list.4.0.0.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":70,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":16,"requires_php":17,"tags":96,"homepage":24,"download_link":98,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"user-block-visibility","User Block Visibility","1.0","noraconley","https:\u002F\u002Fprofiles.wordpress.org\u002Fnoraconley\u002F","\u003Cp>Allows authors to restrict access to blocks by user roles.\u003C\u002Fp>\n\u003Cp>This plugin is meant to be lightweight, limited in scope, while maintaining extensibility. If you need a hook, please reach out!\u003C\u002Fp>\n\u003Ch3>Developer API\u003C\u002Fh3>\n\u003Cp>User Block Visibility is meant to be extensible. For example, use the filter \u003Ccode>ubv_built_in_user_roles\u003C\u002Fcode> to restrict the built-in roles that are available.\u003C\u002Fp>\n\u003Cp>To create custom restriction options, use \u003Ccode>ubv_additional_roles\u003C\u002Fcode> and the built-in WordPress filter \u003Ccode>render_block\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>To restrict access to this functionality, use \u003Ccode>ubv_do_enqueue_sidebar\u003C\u002Fcode>.\u003C\u002Fp>\n","Allows authors to restrict access to blocks by user roles.",10,1406,2,"2019-04-13T05:32:00.000Z","5.1.22",[20,97,23],"gutenberg","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-block-visibility.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":47,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":117,"download_link":118,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"export-user-data","Export User Data","2.2.6","qstudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fqlstudio\u002F","\u003Cp>A plugin that exports WordPress user data and metadata.\u003C\u002Fp>\n\u003Cp>Includes an option to export the users by role, registration date range, usermeta option and two export formats.\u003C\u002Fp>\n\u003Cp>This plugin is designed to export user data stored in the 2 standard WordPress user data tables wp_users and wp_usermeta, if you use a plugin which stores data in its own database tables, this plugin will not export this data, without customization.\u003C\u002Fp>\n\u003Cp>In version 2 + we added some additional filters and API controls which control aspects such as the returned value formats and keys, pulling data from custom post types and builing lists of “common” usermeta fields to export – you can read more on the \u003Ca href=\"https:\u002F\u002Fqstudio.us\u002Freleases\u002Fexport-user-data-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Q Studio Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For feature requests and bug reports, \u003Ca href=\"https:\u002F\u002Fqstudio.us\u002Fsupport\u002Ftopic\u002Fexport-user-data\u002F\" rel=\"nofollow ugc\">please use the Q Support Website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please do not use the WordPress.org forum to report bugs, as we no longer monitor or respond to questions there.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Exports all standard users fields\u003C\u002Fli>\n\u003Cli>Exports users meta\u003C\u002Fli>\n\u003Cli>Exports users by role\u003C\u002Fli>\n\u003Cli>Exports users by date range\u003C\u002Fli>\n\u003Cli>NEW: Filters to control format, add common\u003C\u002Fli>\n\u003C\u002Ful>\n","Export users data and metadata to a csv or Excel file",7000,240612,45,"2021-12-28T09:18:00.000Z","5.8.13","4.8","7.0",[115,116,22,23],"excel","export","http:\u002F\u002Fqstudio.us\u002Freleases\u002Fexport-user-data","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-user-data.2.2.6.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":129,"last_updated":130,"tested_up_to":50,"requires_at_least":131,"requires_php":24,"tags":132,"homepage":138,"download_link":139,"security_score":47,"vuln_count":59,"unpatched_count":13,"last_vuln_date":140,"fetched_at":61},"user-blocker","User Blocker","2.2","solwininfotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fsolwininfotech\u002F","\u003Cp>User Blocker plugin provide the ability to admin to block or unblock user accounts quickly and effortlessly. User can be blocked by Roll or username for specific day & time OR date range Or permanently. When someone tries to log in, and if that user blocked then a friendly error message is displayed on the login screen. You can unblock accounts at any time you want.\u003Cbr \u002F>\nAlso admin can view blocked user list and quickly search user and unblock account if require.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Blocker Plugin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block user by time (FROM-time to TO-time) for certain week days\u003C\u002Fli>\n\u003Cli>Block user by date (FROM-date to TO-date)\u003C\u002Fli>\n\u003Cli>Block user Permanently\u003C\u002Fli>\n\u003Cli>Unblock user any time\u003C\u002Fli>\n\u003Cli>Block user by UserName OR by Role\u003C\u002Fli>\n\u003Cli>Customizable message for each blocked User OR Blocked Role\u003C\u002Fli>\n\u003Cli>View blocked user list By Time, By Date and Permanently blocked users.\u003C\u002Fli>\n\u003Cli>Easy to search any blocked user by username\u002F email \u002F First name to view blocking status and modify or remove blocking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Technical Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You have any suggestion with User Blocker plugin or you found a bug, please contact us at \u003Ca href=\"http:\u002F\u002Fsupport.solwininfotech.com\" rel=\"nofollow ugc\">support.solwininfotech.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permissions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Only administrators are allowed to use this system. People with lower access levels are neither shown the new bulk actions, nor are they allowed to change the status of accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important: Plugin does not deactivate any Admin users.\u003C\u002Fstrong>\u003C\u002Fp>\n","To block users from admin side except admin users for specific day,time, and date or permanently.",3000,81777,82,"2024-08-09T14:45:00.000Z","5.4",[133,134,135,136,137],"block-user","deactivate-users","deny-user","disable-users","restrict-user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-blocker.zip","2022-11-09 00:00:00",{"attackSurface":142,"codeSignals":158,"taintFlows":169,"riskAssessment":170,"analyzedAt":176},{"hooks":143,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":13,"unprotectedCount":13},[144,149],{"type":145,"name":146,"callback":147,"file":148,"line":33},"action","init","closure","blocks\\src\\init.php",{"type":145,"name":150,"callback":151,"file":152,"line":153},"admin_notices","user_blocks_below_php_version_notice","php_version_notice.php",16,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":59,"bundledLibraries":168},[],{"prepared":13,"raw":13,"locations":161},[],{"escaped":13,"rawEcho":93,"locations":163},[164,167],{"file":152,"line":165,"context":166},9,"raw output",{"file":152,"line":91,"context":166},[],[],{"summary":171,"deductions":172},"The \"user-blocks\" plugin, in version 1.0.0, exhibits a strong security posture in terms of its attack surface and adherence to basic WordPress security practices. There are no exposed AJAX handlers, REST API routes, shortcodes, or cron events, significantly limiting potential entry points for attackers. Furthermore, all identified SQL queries utilize prepared statements, a critical practice for preventing SQL injection vulnerabilities. The absence of file operations and external HTTP requests also reduces the plugin's exposure to common attack vectors. The presence of capability checks is a positive sign of intended access control.\n\nHowever, the static analysis reveals a critical weakness: none of the identified output points are properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress admin or frontend if user-controlled data is displayed without sanitization. The lack of taint analysis results is unusual and might suggest a limited scope of analysis or a very simple plugin architecture where such flows are not easily detectable. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past security diligence or a low profile. Nevertheless, the lack of proper output escaping presents a tangible and significant risk that needs immediate attention.\n\nIn conclusion, while \"user-blocks\" v1.0.0 demonstrates strengths in minimizing its attack surface and secure database interaction, the complete absence of output escaping is a major security concern. This oversight creates a clear path for XSS attacks, overshadowing the other positive security attributes. The clean vulnerability history is encouraging but does not mitigate the immediate risk posed by the unescaped output.",[173],{"reason":174,"points":175},"Unescaped output found",6,"2026-03-16T22:40:13.778Z",{"wat":178,"direct":186},{"assetPaths":179,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[180,181,182],"\u002Fwp-content\u002Fplugins\u002Fuser-blocks\u002Fdist\u002Fblocks.style.build.css","\u002Fwp-content\u002Fplugins\u002Fuser-blocks\u002Fdist\u002Fblocks.build.js","\u002Fwp-content\u002Fplugins\u002Fuser-blocks\u002Fdist\u002Fblocks.editor.build.css",[],[181],[],{"cssClasses":187,"htmlComments":191,"htmlAttributes":192,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":197},[188,189,190],"user-blocks-block-style-css","user-blocks-block-js","user-blocks-editor-css",[],[193],"data-usermeta",[],[196],"userBlocks",[],{"error":199,"url":200,"statusCode":201,"statusMessage":202,"message":202},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fuser-blocks\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":59,"versions":204},[205],{"version":6,"download_url":206,"svn_tag_url":207,"released_at":27,"has_diff":208,"diff_files_changed":209,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":210,"is_current":199},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-blocks.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-blocks\u002Ftags\u002F1.0.0\u002F",false,[],[]]