[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpAQXhcAAwaNIp9HfDCTCfFOx32wBmBn2udvme9u2VmY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":58,"crawl_stats":38,"alternatives":64,"analysis":165,"fingerprints":297},"user-spam-remover","User Spam Remover","1.1","Joel","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoelhardi\u002F","\u003Cp>User Spam Remover is a plugin for WordPress that automatically removes spam user registrations and other old, never-used user accounts. It also blocks the notification e-mail that WordPress normally sends to the administrator whenever a new user registers (annoying when that registration is spam!) and logs it instead.\u003C\u002Fp>\n\u003Cp>The plugin adds a configuration panel so that all of these options can be turned on or off, and it logs and fully backs up all user accounts that it deletes, so that you can restore them if you need to.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Automatically deletes user registration spam and other orphaned, never-used accounts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Very simple, enable and go! Doesn’t interfere with the normal user registration process in any way. So, it doesn’t add captchas or activation or anything else — you’re free to use it alongside a plugin that does, if you like.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blocks notification e-mail that WordPress normally sends to the administrator every time a new user registers (instead, logs this event).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully configurable, with grace period for new accounts and optional username whitelist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully logs all actions and backs up all user accounts that it deletes so that you can seamlessly restore them if you ever need to.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please see requirements and installation instructions below, or online \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fofficial-installation-instructions-and-what-to-do-about-errors\u002F\" rel=\"ugc\">in the WordPress support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more information, please go to: \u003Ca href=\"https:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Automatically removes spam user registrations and other old, unused user accounts. Blocks annoying e-mail to administrator after new registrations.",1000,55653,82,18,"2024-03-03T19:20:00.000Z","6.4.8","3.9","",[20,21,22,23,24],"admin","registration","spam","user","users","http:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-spam-remover.zip",61,2,1,"2025-12-04 00:00:00","2026-03-15T15:16:48.613Z",[33,47],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-62735","user-spam-remover-unauthenticated-information-exposure","User Spam Remover \u003C= 1.1 - Unauthenticated Information Exposure","The User Spam Remover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.",null,"\u003C=1.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-12-11 15:39:41",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F904b9aed-0bd6-414e-a347-3881188a04cf?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":53,"updated_date":54,"references":55,"days_to_patch":57},"CVE-2024-31298","user-spam-remover-unauthenticated-sensitive-information-exposure","User Spam Remover \u003C= 1.0 - Unauthenticated Sensitive Information Exposure","The User Spam Remover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 via a log file. This makes it possible for unauthenticated attackers to extract sensitive data from log files.","\u003C=1.0","2024-04-05 00:00:00","2024-04-11 16:31:52",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6efadbe7-ee9b-44cb-b7c6-4c38a872abf2?source=api-prod",7,{"slug":59,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":60,"avg_security_score":61,"avg_patch_time_days":57,"trust_score":62,"computed_at":63},"joelhardi",1500,73,81,"2026-04-04T13:59:14.059Z",[65,88,105,121,142],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":85,"download_link":86,"security_score":87,"vuln_count":75,"unpatched_count":75,"last_vuln_date":38,"fetched_at":31},"fake-user-detector","Fake User Detector","1.0.3","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>Fake User Detector helps WordPress site owners identify and flag suspicious user accounts after they have already registered.\u003C\u002Fp>\n\u003Cp>This plugin does not prevent or block registrations. Instead, it analyzes user data post-registration to highlight accounts that appear automated, fake, or low-quality, making it easier to review and remove them manually.\u003C\u002Fp>\n\u003Cp>Fake User Detector is designed as a cleanup and review tool, not a registration firewall. It works well alongside other plugins that handle CAPTCHA, email verification, honeypots, or other signup prevention techniques.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post-Registration Analysis:\u003C\u002Fstrong> Evaluates user accounts after creation to identify suspicious patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gibberish Detection:\u003C\u002Fstrong> Flags accounts with non-human patterns like too many uppercase letters, no vowels, or clusters of consonants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Symbol and Number Filters:\u003C\u002Fstrong> Detects unnatural use of digits or special characters in names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Detection Rules:\u003C\u002Fstrong> Enable or disable individual checks to suit your site’s user base.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flag for Review:\u003C\u002Fstrong> Suspicious accounts are flagged and marked for potential deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notice:\u003C\u002Fstrong> Quickly see how many flagged users exist from your admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Existing Users:\u003C\u002Fstrong> Scan the users admin list table for suspicious accounts so you can easily delete them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> If using Gravity Forms User Registration, the plugin optionally runs validation checks on registrations submitted via forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Add or customize detection logic with your own functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Detection Checks Include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually flagged by admin\u003C\u002Fli>\n\u003Cli>Excessive uppercase letters (more than 5 in a name unless all caps)\u003C\u002Fli>\n\u003Cli>No vowels in names longer than 5 characters\u003C\u002Fli>\n\u003Cli>Six or more consecutive consonants in a name\u003C\u002Fli>\n\u003Cli>Presence of numbers in names\u003C\u002Fli>\n\u003Cli>Presence of special characters other than letters, numbers, and dashes\u003C\u002Fli>\n\u003Cli>Similarity between first and last name (exact match or one includes the other)\u003C\u002Fli>\n\u003Cli>Very short names (2 characters)\u003C\u002Fli>\n\u003Cli>Invalid or disposable email domains\u003C\u002Fli>\n\u003Cli>Excessive periods in email address (more than 3)\u003C\u002Fli>\n\u003Cli>Username containing URL patterns (\u003Ccode>http\u003C\u002Fcode>, \u003Ccode>https\u003C\u002Fcode>, or \u003Ccode>www\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Known spam words in user bio or name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake User Detector is ideal for membership sites, communities, forums, or any WordPress site that allows user registration and needs a practical way to review and clean up suspicious accounts that already exist.\u003C\u002Fp>\n","Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.",30,214,0,"2025-12-24T20:28:00.000Z","6.9.4","5.9","8.0",[81,82,83,22,84],"account-flagging","bot-detection","fake-users","user-registration","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Ffake-user-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-user-detector.1.0.3.zip",100,{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":73,"downloaded":96,"rating":75,"num_ratings":75,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":102,"download_link":103,"security_score":104,"vuln_count":75,"unpatched_count":75,"last_vuln_date":38,"fetched_at":31},"wordpass","WordPass","1.0.1","Chad Butler","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbutlerjr\u002F","\u003Cp>This plugin is a password generator that creates random passwords with using words, numbers, and special characters.\u003C\u002Fp>\n\u003Cp>Default random passwords can be difficult to for users to use (and remember – if they don’t change it). WordPass simplifies this process by using words to create passwords.  Passwords will be generated in the style of 2*Kayak29, 2Bigcranium2#, or %36POTATOE6.\u003C\u002Fp>\n\u003Cp>This plugin works with WordPress as well as with any plugin that uses the WordPress password generation function.\u003C\u002Fp>\n\u003Cp>WordPass allows you to create a custom list of words to be used in password generation.\u003C\u002Fp>\n\u003Cp>The plugin will create random passwords from your word list and apply numbers as well as capitalization.  How these settings are applied can be set in the plugin’s settings.  The recommended setting is “random” for best security.\u003C\u002Fp>\n\u003Cp>Note: this plugin is great for membership sites where subscribers or low level users need easy to remember passwords.  But you should use secure (and possibly more complex) passwords for higher level users, especially administrators.  Use common sense in the application of this plugin!\u003C\u002Fp>\n","Creates word-based passwords for WordPress.",3677,"2021-08-05T14:03:00.000Z","5.8.13","4.0.0",[20,101,21,23,24],"password","http:\u002F\u002Fdevbitz.com\u002Fplugins\u002Fwordpass\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordpass.1.0.1.zip",85,{"slug":106,"name":107,"version":68,"author":18,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":75,"num_ratings":75,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":119,"download_link":120,"security_score":104,"vuln_count":75,"unpatched_count":75,"last_vuln_date":38,"fetched_at":31},"logical-captcha","Logical Captcha","https:\u002F\u002Fprofiles.wordpress.org\u002Flioncourt\u002F","\u003Cp>Logical Captcha takes advantage of the TextCaptcha.com service, which provides logic-based textual questions instead of distorted images or audio to validate that the entity registering is a real live human being, and not a spam bot. It will provide protection against false registrations and the dreaded spam comments, etc.\u003C\u002Fp>\n\u003Cp>An example of such a question might be:\u003C\u002Fp>\n\u003Cp>Question:\u003Cbr \u002F>\nOut of a truck, a lion, the color purple, and the number forty-two, which has a door?\u003C\u002Fp>\n\u003Cp>Answer:\u003Cbr \u002F>\ntruck\u003C\u002Fp>\n\u003Cp>Textual logic-based captchas mean that your registration process will be accessible to everyone, including visually\u002Fhearing impaired visitors who use access technology to surf the web. It requires a free API key from \u003Ca href=\"http:\u002F\u002FTextCaptcha.com\" rel=\"nofollow ugc\">TextCaptcha.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin was developed by Josh de Lioncourt of \u003Ca href=\"http:\u002F\u002Fmaccessibility.net\" rel=\"nofollow ugc\">the Mac-cessibility Network\u003C\u002Fa>, a site dedicated to blind and visually impaired users of the Mac OS X operating system, the iPhone OS, and other Apple Inc. products and services. Josh de Lioncourt, the Mac-cessibility Network, and related sites are not in anyway affiliated with TextCaptcha.com\u003C\u002Fp>\n","Integrates a logic captcha to verify that the registrant is a human and not a spam bot instead of using distorted images or audio.",10,2211,"2009-08-24T23:37:00.000Z","2.8.4","2.7.1",[117,118,21,22,24],"captcha","register","http:\u002F\u002Fmaccessibility.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogical-captcha.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":77,"requires_at_least":134,"requires_php":18,"tags":135,"homepage":138,"download_link":139,"security_score":131,"vuln_count":140,"unpatched_count":75,"last_vuln_date":141,"fetched_at":31},"new-user-approve","New User Approve","3.2.4","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>🚀 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fpricing\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> | 📘 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fdocumentation\u002Fintroduction\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | 📱 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fmobile-app\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Mobile App\u003C\u002Fa> | 💬 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fget-in-touch\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FKlhWmlfuaVg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Running a WordPress site is exciting but it also means you’re constantly battling spam registrations, fake accounts, and unwanted users. New User Approve works as a default WordPress registration system that does not let anyone sign up and instantly gain access. Because its your responsibility as a site owner as exactly who’s allowed into your site before any user log in.\u003C\u002Fp>\n\u003Cp>New User Approve comes is a powerful WordPress user approval plugin that puts you in full control of your community, membership site, online store, or private portal. With this manual user approval plugin, you can moderate user registration, protect your content, and keep your website free from unwanted registration requests.\u003Cbr \u002F>\nWhether you want to restrict user access before approval, prevent fake user signups, or simply make sure every new member is legit, New User Approve makes it easy, professional, and efficient.\u003C\u002Fp>\n\u003Ch3>⭐ New User Approve Offers Mobile App for Faster User Approvals ⭐\u003C\u002Fh3>\n\u003Cp>New User Approve also includes a dedicated mobile app that lets you manage registrations without opening your WordPress dashboard. It gives you quick access to every pending user and keeps your site protected even when you are away from your computer.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With the mobile app, you can:\u003C\u002Fstrong>\u003Cbr \u002F>\n⚡ Review complete user profiles in a clean, mobile-friendly layout\u003Cbr \u002F>\n⚡ Approve or deny registrations with single tap\u003Cbr \u002F>\n⚡ Verify identities with clear, mobile-friendly user profiles\u003Cbr \u002F>\n⚡ Keep full control of who joins your site without logging into WordPress\u003Cbr \u002F>\n⚡ Stay updated with instant push notifications for every new signup\u003C\u002Fp>\n\u003Cp>This feature ensures you never miss an approval request and keeps your site consistently secure, responsive, and easy to manage from anywhere.\u003C\u002Fp>\n\u003Ch3>⭐ Why You Need New User Approve ⭐\u003C\u002Fh3>\n\u003Cp>Imagine running a membership site, community forum, or private business portal where quality and security matter. The last thing you want is spam bots flooding your database or strangers sneaking into confidential areas.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New User Approve helps you:\u003C\u002Fstrong>\u003Cbr \u002F>\n⚡ \u003Cstrong>Stop spam registrations\u003C\u002Fstrong> and fake accounts before they ever log in\u003Cbr \u002F>\n⚡ \u003Cstrong>Verify user identities\u003C\u002Fstrong> by reviewing each signup manually\u003Cbr \u002F>\n⚡ Maintain \u003Cstrong>complete control\u003C\u002Fstrong> over who becomes part of your community\u003Cbr \u002F>\n⚡ Create a \u003Cstrong>safe, trusted space\u003C\u002Fstrong> for your members or customers\u003C\u002Fp>\n\u003Cp>Unlike generic WordPress plugins that simply hide login pages, New User Approve adds a true \u003Cstrong>user verification before approval\u003C\u002Fstrong> process. It gives you confidence to grow your site without worrying about who’s lurking behind those new user accounts.\u003C\u002Fp>\n\u003Ch3>🛠 How It Works\u003C\u002Fh3>\n\u003Cp>Here’s how \u003Cstrong>New User Approve\u003C\u002Fstrong>, your go-to \u003Cstrong>member approval plugin\u003C\u002Fstrong>, transforms your registration flow:\u003C\u002Fp>\n\u003Cp>When someone registers on your WordPress site, you’ll receive an email alert. You can then decide to approve or deny their account. The plugin automatically emails the user to let them know the outcome.\u003C\u002Fp>\n\u003Cp>👁If approved, the user receives their login details and can access your site immediately.\u003Cbr \u002F>\n👁If denied, they’ll be kept out—and can’t even log in.\u003Cbr \u002F>\n👁Pending users stay locked out until you make a decision.\u003C\u002Fp>\n\u003Cp>This makes it simple to \u003Cstrong>restrict user access before approval\u003C\u002Fstrong> and ensure only the right people become part of your online community.\u003C\u002Fp>\n\u003Cp>Already have users on your website? No problem.\u003C\u002Fp>\n\u003Cp>Existing users stay approved automatically when you install New User Approve. You can also change someone’s approval status at any time, with easy search tools for managing pending, approved, or denied users.\u003C\u002Fp>\n\u003Ch3>⌛ Save Time with Zapier Automation\u003C\u002Fh3>\n\u003Cp>Want to work smarter? Connect \u003Cstrong>New User Approve\u003C\u002Fstrong> to Zapier to automate routine tasks.\u003Cbr \u002F>\nFor example:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger a Slack message when a user is approved\u003C\u002Fli>\n\u003Cli>Add approved users to a Google Sheet\u003C\u002Fli>\n\u003Cli>Send emails through Gmail when someone’s denied\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zapier, you can integrate the plugin with thousands of apps without writing a single line of code. It’s perfect for businesses looking to streamline their processes while maintaining strict \u003Cstrong>user verification before approval.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>🤝 Invite Trusted Users Instantly\u003C\u002Fh3>\n\u003Cp>Sometimes you want trusted people—like staff, VIPs, or clients—to skip the approval queue. With New User Approve’s invitation codes, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📜 Generate unique codes manually or automatically\u003C\u002Fli>\n\u003Cli>💳 Give those codes to users so they’re \u003Cstrong>auto-approved\u003C\u002Fstrong> upon registration\u003C\u002Fli>\n\u003Cli>💻 Manage, edit, or disable codes anytime\u003C\u002Fli>\n\u003Cli>🛒 Seamlessly integrate codes with WooCommerce registrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This feature makes it easier than ever to onboard important members without sacrificing security.\u003C\u002Fp>\n\u003Ch3>☀ A Fresh New Interface\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> has been redesigned with a crisp, modern look that’s clean and user-friendly. The updated interface is intuitive for admins and gives users confidence in your website’s professionalism.\u003C\u002Fp>\n\u003Cp>Whether you’re a WordPress beginner or seasoned WordPress user, managing new user approvals has never been easier or looked this good.\u003C\u002Fp>\n\u003Ch3>⭐ Compatible with Top Plugins\u003C\u002Fh3>\n\u003Cp>New User Approve integrates beautifully with popular WordPress plugins, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>MemberPress\u003C\u002Fli>\n\u003Cli>WP-Foro\u003C\u002Fli>\n\u003Cli>LearnDash\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So, whether you’re running a store, a membership site, or a thriving online community, this user approval plugin fits right in.\u003C\u002Fp>\n\u003Ch3>🖍 Customize Everything\u003C\u002Fh3>\n\u003Cp>For those who want complete flexibility, New User Approve lets you customize nearly every step of the user approval process:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tailor the welcome message above the login or registration form\u003C\u002Fli>\n\u003Cli>Personalize messages for pending or denied users\u003C\u002Fli>\n\u003Cli>Craft unique notification emails for users and admins\u003C\u002Fli>\n\u003Cli>Suppress denial notifications if preferred\u003C\u002Fli>\n\u003Cli>Use HTML formatting in emails for a branded, professional look\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There’s even a commercial add-on available at \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fpricing\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">New User Approve\u003C\u002Fa> that unlocks additional powerful features for businesses and growing sites.\u003C\u002Fp>\n\u003Ch3>📌 Documentation\u003C\u002Fh3>\n\u003Cp>Need help getting started? \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">View the detailed technical documentation here\u003C\u002Fa>. It walks you through every step of installing and configuring \u003Cstrong>New User Approve\u003C\u002Fstrong>, plus troubleshooting tips if you get stuck.\u003C\u002Fp>\n\u003Ch3>🔥 New User Approve Pro Features\u003C\u002Fh3>\n\u003Cp>Upgrade to the premium version for advanced features like:\u003C\u002Fp>\n\u003Cp>✔ Customizable Email Notifications\u003Cbr \u002F>\n✔ Invite-Only Registration\u003Cbr \u002F>\n✔ Bulk Invitation Code Generator\u003Cbr \u002F>\n✔ Email Invitation Codes\u003Cbr \u002F>\n✔ Import Invitation Codes\u003Cbr \u002F>\n✔ Auto-Approve Trusted Email Domains\u003Cbr \u002F>\n✔ Blacklist Generic or Suspicious Email Domains\u003Cbr \u002F>\n✔ Registration Deadlines\u003Cbr \u002F>\n✔ Auto-Approve Selected User Roles\u003Cbr \u002F>\n✔ User Role Change Requests\u003Cbr \u002F>\n✔ Extended Zapier Triggers\u003C\u002Fp>\n\u003Ch3>✨ Translations\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> is already available in many languages thanks to an amazing community of translators. You can help expand translations further with tools like Poedit.\u003C\u002Fp>\n\u003Cp>Current supported languages include:\u003C\u002Fp>\n\u003Cp>Belarusian, Brazilian Portuguese, Bulgarian, Catalan, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Lithuanian, Persian, Polish, Romanian, Russian, Serbo-Croatian, Slovak, Spanish, Swedish.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> isn’t just a plugin. It’s your ultimate solution for user verification before approval, helping you moderate user registration, prevent fake user signups, and stop spam registrations for good.\u003Cbr \u002F>\nIf you need a reliable manual user approval plugin for WordPress, get it now!\u003C\u002Fp>\n","WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.",20000,847425,86,130,"2026-02-10T07:30:00.000Z","4.0",[21,136,137,84,24],"user-approval","user-management","http:\u002F\u002Fnewuserapprove.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-user-approve.zip",9,"2026-03-20 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":162,"download_link":163,"security_score":164,"vuln_count":75,"unpatched_count":75,"last_vuln_date":38,"fetched_at":31},"view-admin-as","View Admin As","1.8.10","Jory Hogeveen","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeraweb\u002F","\u003Ch4>The ultimate User switcher and Role manager\u003C\u002Fh4>\n\u003Cp>This plugin will add a menu item to your admin bar where you can change your view in the WordPress admin.\u003Cbr \u002F>\nSwitch to other users without the need to login as that user or even switch roles and temporarily change your own capabilities.\u003C\u002Fp>\n\u003Cp>When you’re viewing as a different user, you can also change this user’s preferences; like screen settings on various admin pages.\u003C\u002Fp>\n\u003Cp>With the “Role defaults” module you can set default screen settings and metabox locations for roles and apply them to users through various bulk actions.\u003C\u002Fp>\n\u003Cp>It also features a “Role manager” module to add, edit or remove roles and grant or deny them capabilities.\u003C\u002Fp>\n\u003Ch4>Overview \u002F Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Switch between user accounts\n\u003Cul>\n\u003Cli>Edit this user’s screen preferences and settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Switch between roles\u003C\u002Fli>\n\u003Cli>Temporarily change your own capabilities (non-destructively)\u003C\u002Fli>\n\u003Cli>View your site as an unregistered visitor\u003C\u002Fli>\n\u003Cli>Switch language\u002Flocale on backend and frontend\u003C\u002Fli>\n\u003Cli>Make combinations of the above view types\u003C\u002Fli>\n\u003Cli>Easily switch back anytime\u003C\u002Fli>\n\u003Cli>Completely secure (see \u003Cem>Security\u003C\u002Fem> below)\u003C\u002Fli>\n\u003Cli>Do all the above without logging out!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Module: Role defaults (screen settings)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set default screen settings for roles\u003C\u002Fli>\n\u003Cli>Apply defaults to a user\u003C\u002Fli>\n\u003Cli>Apply defaults to all users of a role\u003C\u002Fli>\n\u003Cli>Apply defaults when registering a new user (in a multisite this is done when a user is added to its first blog)\u003C\u002Fli>\n\u003Cli>Copy defaults from one role to another (or multiple)\u003C\u002Fli>\n\u003Cli>Import\u002FExport role defaults, can also download (and upload) setting files\u003C\u002Fli>\n\u003Cli>Disable the “screen settings” option and\u002For lock the meta boxes for all users that don’t have access to this plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FRole-Defaults\" rel=\"nofollow ugc\">Click here for Role Defaults documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Module: Role manager (role editor)\u003C\u002Fh4>\n\u003Cp>\u003Cem>Note: Changes made with the Role Manager are permanent!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add, edit or delete roles\u003C\u002Fli>\n\u003Cli>Grant and\u002For add capabilities to roles\u003C\u002Fli>\n\u003Cli>Rename roles\u003C\u002Fli>\n\u003Cli>Clone roles\u003C\u002Fli>\n\u003Cli>Import\u002FExport roles, can also download (and upload) setting files\u003C\u002Fli>\n\u003Cli>Update role capabilities from current view\u003C\u002Fli>\n\u003Cli>Automatically migrate users to another role after deleting a role\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FRole-Manager\" rel=\"nofollow ugc\">Click here for Role Manager documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility & Integrations\u003C\u002Fh4>\n\u003Cp>This plugin will work with most other plugins but these are tested:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Access Manager\u003C\u002Fstrong> \u003Cem>(Pro version not verified)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Genesis Framework\u003C\u002Fstrong> \u003Cem>(and probably other theme frameworks)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Site Kit\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Groups 2.1+\u003C\u002Fstrong> \u003Cem>(Custom integration: adds a view type for groups. Pro version not tested)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pods Framework 2.0+\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Members\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict User Access 0.13+\u003C\u002Fstrong> \u003Cem>(Custom integration: adds a view type for access levels)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Roles and Capabilities\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Role Editor\u003C\u002Fstrong> \u003Cem>(Pro version not verified)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Switching\u003C\u002Fstrong> \u003Cem>(Not sure why you’d want this but yes, switch-ception is possible!)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPFront User Role Editor\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Admin UI Customize 1.5.11+\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Yoast SEO\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Full list of tested plugins and details: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FCompatibility-&-Integrations\" rel=\"nofollow ugc\">Compatibility & Integrations\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>I can’t switch back!\u003C\u002Fh4>\n\u003Cp>See item \u003Cstrong>3\u003C\u002Fstrong> at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-admin-as\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>It’s not working! \u002F I found a bug!\u003C\u002Fh4>\n\u003Cp>Please let me know through the support and add a plugins and themes list! 🙂\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>This plugin is completely safe and will keep your users, passwords and data secure.\u003Cbr \u002F>\nFor more info see item \u003Cstrong>7\u003C\u002Fstrong> at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-admin-as\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Developer notes\u003C\u002Fh4>\n\u003Cp>This plugin will only be useful for admins (network super admins or regular admins). It will not add functionalities for other roles unless you specifically apply custom capabilities for those users.\u003Cbr \u002F>\nAlso keep in mind that switching to users that have equal roles is disabled. (regular admins to regular admins + super admins to super admins)\u003C\u002Fp>\n\u003Cp>I’ve created this at first for myself since I’m a developer and often need to see the outcome on roles which my clients use.\u003C\u002Fp>\n\u003Cp>So, when you are developing a plugin or theme that does anything with roles or capabilities you can use this plugin to easily check if everything works.\u003Cbr \u002F>\nNo more hassle of creating test users and constantly logging out and in anymore!\u003C\u002Fp>\n\u003Cp>This plugin is also useful to support your clients and\u002For users. For example; make screen display presets of the edit and overview pages before you let them log in.\u003C\u002Fp>\n\u003Ch4>You can find me here:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.keraweb.nl\u002F\" rel=\"nofollow ugc\">Keraweb\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fnl.linkedin.com\u002Fin\u002Fjoryhogeveen\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Please help translating this plugin on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fview-admin-as\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FActions\" rel=\"nofollow ugc\">Click here for Action documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FFilters\" rel=\"nofollow ugc\">Click here for Filter documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin capabilities\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fwiki\u002FCustom-capabilities\" rel=\"nofollow ugc\">Click here for documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Ideas?\u003C\u002Fh4>\n\u003Cp>Please let me know on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoryHogeveen\u002Fview-admin-as\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n","View the WordPress admin as a different role or visitor, switch between users, temporarily change your capabilities, set screen settings for roles.",9000,122645,98,48,"2024-11-23T15:34:00.000Z","6.7.5","4.1","5.2.4",[20,159,160,24,161],"roles","switch","view","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-admin-as\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fview-admin-as.1.8.10.zip",92,{"attackSurface":166,"codeSignals":182,"taintFlows":250,"riskAssessment":286,"analyzedAt":296},{"hooks":167,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":75,"unprotectedCount":75},[168,174],{"type":169,"name":170,"callback":171,"file":172,"line":173},"action","admin_init","adminRegisterSettings","user-spam-remover.php",179,{"type":169,"name":175,"callback":176,"file":172,"line":177},"admin_menu","adminMenu",970,[],[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":57,"externalRequests":75,"nonceChecks":29,"capabilityChecks":28,"bundledLibraries":249},[],{"prepared":75,"raw":75,"locations":185},[],{"escaped":187,"rawEcho":188,"locations":189},11,34,[190,193,195,196,198,200,202,204,206,207,209,211,212,214,216,217,219,221,222,224,226,227,229,231,232,234,236,237,239,241,242,244,246,247],{"file":172,"line":191,"context":192},240,"raw output",{"file":172,"line":194,"context":192},255,{"file":172,"line":194,"context":192},{"file":172,"line":197,"context":192},287,{"file":172,"line":199,"context":192},323,{"file":172,"line":201,"context":192},328,{"file":172,"line":203,"context":192},352,{"file":172,"line":205,"context":192},354,{"file":172,"line":205,"context":192},{"file":172,"line":208,"context":192},359,{"file":172,"line":210,"context":192},361,{"file":172,"line":210,"context":192},{"file":172,"line":213,"context":192},366,{"file":172,"line":215,"context":192},368,{"file":172,"line":215,"context":192},{"file":172,"line":218,"context":192},378,{"file":172,"line":220,"context":192},380,{"file":172,"line":220,"context":192},{"file":172,"line":223,"context":192},391,{"file":172,"line":225,"context":192},393,{"file":172,"line":225,"context":192},{"file":172,"line":228,"context":192},408,{"file":172,"line":230,"context":192},410,{"file":172,"line":230,"context":192},{"file":172,"line":233,"context":192},415,{"file":172,"line":235,"context":192},417,{"file":172,"line":235,"context":192},{"file":172,"line":238,"context":192},429,{"file":172,"line":240,"context":192},431,{"file":172,"line":240,"context":192},{"file":172,"line":243,"context":192},436,{"file":172,"line":245,"context":192},438,{"file":172,"line":245,"context":192},{"file":172,"line":248,"context":192},727,[],[251,275],{"entryPoint":252,"graph":253,"unsanitizedCount":75,"severity":274},"optionsPage (user-spam-remover.php:224)",{"nodes":254,"edges":270},[255,259,264,268],{"id":256,"type":257,"label":258,"file":172,"line":194},"n0","source","$_SERVER['REQUEST_URI']",{"id":260,"type":261,"label":262,"file":172,"line":194,"wp_function":263},"n1","sink","echo() [XSS]","echo",{"id":265,"type":257,"label":266,"file":172,"line":267},"n2","$_SERVER",321,{"id":269,"type":261,"label":262,"file":172,"line":199,"wp_function":263},"n3",[271,273],{"from":256,"to":260,"sanitized":272},true,{"from":265,"to":269,"sanitized":272},"low",{"entryPoint":276,"graph":277,"unsanitizedCount":75,"severity":274},"\u003Cuser-spam-remover> (user-spam-remover.php:0)",{"nodes":278,"edges":283},[279,280,281,282],{"id":256,"type":257,"label":258,"file":172,"line":194},{"id":260,"type":261,"label":262,"file":172,"line":194,"wp_function":263},{"id":265,"type":257,"label":266,"file":172,"line":267},{"id":269,"type":261,"label":262,"file":172,"line":199,"wp_function":263},[284,285],{"from":256,"to":260,"sanitized":272},{"from":265,"to":269,"sanitized":272},{"summary":287,"deductions":288},"The User Spam Remover plugin v1.1 exhibits a mixed security posture. While the static analysis reveals a commendable absence of direct attack surface entry points like AJAX handlers, REST API routes, and shortcodes without proper authorization checks, and all SQL queries are prepared, there are significant concerns regarding output escaping. Only 24% of outputs are properly escaped, which presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also performs several file operations, which, combined with the poor output escaping, could lead to more complex attack chains if malicious input is not handled carefully.\n\nThe vulnerability history is particularly worrying. The plugin has a history of two medium-severity vulnerabilities, both related to Exposure of Sensitive Information to an Unauthorized Actor. Crucially, one of these vulnerabilities remains unpatched, indicating a lack of ongoing maintenance and a direct, known security risk. The last vulnerability being dated in late 2025 suggests either a very recent discovery of past issues or potentially a forward-looking data entry error; however, the existence of an unpatched CVE is a critical flag.\n\nIn conclusion, while the plugin demonstrates good practices in limiting its attack surface and using prepared statements for SQL, the severe lack of output escaping and the presence of an unpatched CVE significantly outweigh these positives. The plugin is at a considerable risk of security compromise due to known, unaddressed vulnerabilities and potential for XSS attacks.",[289,291,294],{"reason":290,"points":14},"Unpatched CVE (medium severity)",{"reason":292,"points":293},"Poor output escaping (24% properly escaped)",15,{"reason":295,"points":111},"History of sensitive information exposure vulnerabilities","2026-03-16T18:47:19.874Z",{"wat":298,"direct":305},{"assetPaths":299,"generatorPatterns":300,"scriptPaths":301,"versionParams":302},[],[],[],[303,304],"user-spam-remover\u002Fstyle.css?ver=","user-spam-remover\u002Fscript.js?ver=",{"cssClasses":306,"htmlComments":307,"htmlAttributes":308,"restEndpoints":310,"jsGlobals":311,"shortcodeOutput":313},[],[],[309],"data-usr-id",[],[312],"user_spam_remover_ajax_object",[]]