[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGOALqPBX62c6XtP8WEapKhgbIG4WC64sz9eQ4GrUKj8":3,"$fk9wEziD7FuLMSW21pIj_wy6xwi9KxwLIujiwCGiuplA":210,"$f49BpmqhyM7-RfnUjmNLGWo2npsq9rp5OxZpQfXRZB0Q":215},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":121,"fingerprints":196},"userlog","1.4","williewonka","https:\u002F\u002Fprofiles.wordpress.org\u002Fwilliewonka\u002F","\u003Cp>This small plugin lets you monitor who logs into you site. I created this plugin because I could see that bots from china were trying to login to my site with the bettersecurity plugin but not if they were succesfull.\u003C\u002Fp>\n\u003Cp>This small plugin saves the time and ip address from every user that succesfully logs in on wordpress and displays them on the admin dashboard. Only administrators can acces the logs.\u003C\u002Fp>\n\u003Cp>Since version 1.2 its also possible to search within the logs.\u003C\u002Fp>\n\u003Cp>If you have feedback on this plugin or problems with it (such as bugreports) please shoot me an email at williewonka341@gmail.com.\u003C\u002Fp>\n","Allows you to see wich users have logged in when and from where.",10,2111,0,"2013-10-07T07:29:00.000Z","3.6.1","3.0.1","",[18,19,20,21,22],"log","logs","security","user","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserlog.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":30,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-05-20T04:46:20.860Z",[35,56,73,88,104],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":32,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":16,"download_link":54,"security_score":55,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,58543,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[51,52,53,20,22],"login","membership","passwords","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":55,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":16,"tags":70,"homepage":16,"download_link":72,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"prevent-concurrent-logins","Prevent Concurrent Logins","0.4.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fprevent-concurrent-logins\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Deters members\u002Fsubscribers from sharing their accounts with others\u003C\u002Fli>\n\u003Cli>Hardens security by destoying old sessions automatically\u003C\u002Fli>\n\u003Cli>Prompts old sessions to login again if they want to continue\u003C\u002Fli>\n\u003Cli>Ideal for membership sites and web applications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> If you plan to network-activate this plugin on a multisite network, please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproper-network-activation\u002F\" rel=\"ugc\">Proper Network Activation\u003C\u002Fa> plugin \u003Cem>beforehand\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Prevents users from staying logged into the same account from multiple places.",900,17403,17,"2016-08-16T22:21:00.000Z","4.6.30","4.1",[51,52,20,71,22],"sensei","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-concurrent-logins.0.4.0.zip",{"slug":74,"name":75,"version":76,"author":60,"author_profile":61,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":69,"requires_php":16,"tags":85,"homepage":16,"download_link":87,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"user-session-control","User Session Control","0.3.1","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fuser-session-control\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress 4.1 “Dinah” introduced the awesome power of user session management.\u003C\u002Fp>\n\u003Cp>However, you are limited to only being able to destroy your own sessions, and you cannot destroy them individually.\u003C\u002Fp>\n\u003Cp>This plugin allows Administrators to view and manage all sessions by all users on an individual basis.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays a custom “God view” screen of all active user sessions\u003C\u002Fli>\n\u003Cli>Sort sessions by user, role, creation date, expiry date or IP address\u003C\u002Fli>\n\u003Cli>Quickly and easily destroy sessions you think may be a security risk\u003C\u002Fli>\n\u003Cli>Respects the timezone, date format and time format saved under General Settings\u003C\u002Fli>\n\u003Cli>View all user sessions from all blogs on your network via the Network Admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Deutsch\u003C\u002Fli>\n\u003Cli>Español\u003C\u002Fli>\n\u003Cli>Français\u003C\u002Fli>\n\u003Cli>Português\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fuser-session-control\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fuser-session-control\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","View and manage all active user sessions in a custom admin screen.",700,10221,94,7,"2016-12-23T19:25:00.000Z","4.7.33",[51,20,86,22],"sessions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-session-control.0.3.1.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":55,"num_ratings":30,"last_updated":98,"tested_up_to":99,"requires_at_least":15,"requires_php":16,"tags":100,"homepage":102,"download_link":103,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"log-user-stats","Log Users Stats","1.0","graphical_force","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraphical_force\u002F","\u003Cp>A plugin that displays the ‘Total Minutes’, ‘Number of Logins’, and ‘Average Time in Minutes Per Login’ that each user has logged on the site. Stats can be exported to csv, and can be reset.\u003C\u002Fp>\n","Display 'Total Minutes', 'Number of Logins', and 'Average Minutes Per Login' for users with an option to export to csv.",70,3727,"2013-11-19T20:13:00.000Z","3.7.41",[19,101,22],"stats","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Flog-user-stats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flog-user-stats.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":31,"downloaded":112,"rating":12,"num_ratings":12,"last_updated":113,"tested_up_to":47,"requires_at_least":69,"requires_php":114,"tags":115,"homepage":118,"download_link":119,"security_score":55,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":120},"users-login-monitor","Users Login Monitor","5.22","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>Ext Security.\u003Cbr \u002F>\nDashboard & Daily-Digest about users activity.\u003Cbr \u002F>\nNow the console has a widget that displays last login users, whith: Date-Time, IP address (whith Whois info) and Device type\u002FBrowser.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Even without going to the site admin area, you will be informed about the activity of the current day.\u003C\u002Fli>\n\u003Cli>Any person can be a recipient of notifications. Not necessarily the Administrator.\u003C\u002Fli>\n\u003Cli>Now in the Admin console you have a new widget with a list of users in order of decreasing Login time.\u003C\u002Fli>\n\u003Cli>Determine and save the IP address, device and browser details, from which the was made Login. (if your server is configured correctly). For better informational content, in order to be able to determine the parameters of the User’s devices (OS, Browser, Type Device), you should have a PHP extension on the server: “Browscap”. Alternatively, you can use the Lite-Version – Plugin: “quick-browscap” from the official WP repository.\u003C\u002Fli>\n\u003Cli>It is important to understand that the time to enter the site and the time of the last activity of the user are different events.\u003C\u002Fli>\n\u003Cli>Displays “Login Success” Statistics for each User.\u003C\u002Fli>\n\u003Cli>Displays Count “Users Activity” in Admin Bar.\u003C\u002Fli>\n\u003C\u002Ful>\n","A freeware plugin, for daily-notify site administrator, about users who logged in during the day.",2575,"2026-02-26T09:01:00.000Z","5.4",[51,116,117,20,22],"logout","members","https:\u002F\u002Fwpgear.xyz\u002Fusers-login-monitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-login-monitor.zip","2026-04-06T09:54:40.288Z",{"attackSurface":122,"codeSignals":151,"taintFlows":183,"riskAssessment":184,"analyzedAt":195},{"hooks":123,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":12,"unprotectedCount":12},[124,130,133,137,140,144],{"type":125,"name":126,"callback":127,"priority":10,"file":128,"line":129},"action","wp_login","userlog_loguser","userlog.php",16,{"type":125,"name":131,"callback":132,"file":128,"line":66},"admin_menu","userlog_dashboard_addpage",{"type":125,"name":134,"callback":135,"file":128,"line":136},"admin_init","userlog_check_admin_input",18,{"type":125,"name":134,"callback":138,"file":128,"line":139},"userlog_register_options",19,{"type":125,"name":141,"callback":142,"file":128,"line":143},"init","userlog_version_check",20,{"type":125,"name":141,"callback":145,"file":128,"line":146},"userlog_checkupdatedb",21,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":159,"fileOperations":82,"externalRequests":12,"nonceChecks":12,"capabilityChecks":30,"bundledLibraries":182},[],{"prepared":154,"raw":30,"locations":155},9,[156],{"file":128,"line":157,"context":158},392,"$wpdb->query() with variable interpolation",{"escaped":12,"rawEcho":10,"locations":160},[161,164,166,168,170,172,174,176,178,180],{"file":128,"line":162,"context":163},135,"raw output",{"file":128,"line":165,"context":163},221,{"file":128,"line":167,"context":163},223,{"file":128,"line":169,"context":163},225,{"file":128,"line":171,"context":163},227,{"file":128,"line":173,"context":163},297,{"file":128,"line":175,"context":163},299,{"file":128,"line":177,"context":163},306,{"file":128,"line":179,"context":163},308,{"file":128,"line":181,"context":163},341,[],[],{"summary":185,"deductions":186},"The userlog plugin version 1.4 presents a mixed security posture. On the positive side, the plugin has no recorded CVEs, indicating a generally stable security history.  The static analysis reveals a minimal attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. Furthermore, the majority of SQL queries utilize prepared statements, and there are no critical or high severity taint flows identified.  However, significant concerns arise from the complete lack of output escaping for all identified outputs. This is a critical weakness, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities if any data processed by the plugin is directly outputted to the user's browser without proper sanitization.  Additionally, the absence of nonce checks and the single capability check suggest a potential for authorization bypasses if specific actions within the plugin are not adequately protected, especially if new entry points are introduced in future versions.  While the current vulnerability history is clean, the lack of robust output escaping is a serious oversight that requires immediate attention.",[187,190,192],{"reason":188,"points":189},"No output escaping for any outputs",8,{"reason":191,"points":45},"No nonce checks found",{"reason":193,"points":194},"Limited capability checks (1 total)",2,"2026-03-17T01:39:00.383Z",{"wat":197,"direct":202},{"assetPaths":198,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[],[],[],[],{"cssClasses":203,"htmlComments":204,"htmlAttributes":205,"restEndpoints":206,"jsGlobals":207,"shortcodeOutput":209},[],[],[],[],[208],"window.alert",[],{"error":211,"url":212,"statusCode":213,"statusMessage":214,"message":214},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fuserlog\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":5,"total_versions":12,"versions":216},[]]