[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flhGIo0T9iOTTFyNMXyaQziwcuOzcUnGmwszE8-Uxz3U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":132,"fingerprints":511},"userspn","Users manager – PN","1.1.15","Félix Martínez","https:\u002F\u002Fprofiles.wordpress.org\u002Ffelixmartinez\u002F","\u003Cp>This WordPress plugin simplifies user management by providing customizable registration forms, login functionality, and profile editing directly on your website. Perfect for membership sites, e-commerce, and community platforms, it supports advanced features like role-based access control, email verification, and user activity tracking. Its intuitive interface allows easy setup and management, while offering compatibility with popular themes and plugins. Enhance your site’s user experience with responsive designs and seamless integrations. Whether for small businesses or large-scale websites, this plugin is your all-in-one solution for efficient user management.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core User Management Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Frontend User Registration\u003C\u002Fstrong>: Complete user registration system accessible directly from your website’s frontend. Users can create accounts without accessing the WordPress admin area, with customizable registration forms that include email, password, and unlimited custom fields.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Login System\u003C\u002Fstrong>: Beautiful, responsive login forms that integrate seamlessly with your site design. Includes “Remember Me” functionality and password recovery links, all accessible via shortcodes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Profile Management\u003C\u002Fstrong>: Comprehensive user profile system with tabbed interface including Profile editing, Image\u002Favatar management, Notifications preferences, Private file management, and Advanced options (password change, account deletion). Users can edit their profiles directly from the frontend with real-time validation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Profile Completion Tracking\u003C\u002Fstrong>: Visual progress indicator showing profile completion percentage. Administrators can configure which fields count toward completion, encouraging users to complete their profiles with helpful links to incomplete sections.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Powerful Form Builder:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin includes a sophisticated form builder that allows you to create custom registration and profile forms with a wide variety of field types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Input Fields\u003C\u002Fstrong>: Text, number, email, password, URL, date, time, color, hidden, and nonce fields. Password fields include strength checker with visual feedback and requirements validation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Input Types\u003C\u002Fstrong>: Range sliders with min\u002Fmax labels, star rating systems (customizable number of stars), checkbox switches with toggle styling, and radio button groups with custom styling.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Media Fields\u003C\u002Fstrong>: Image upload with gallery support (single or multiple), video upload and management, audio file upload, and general file upload with preview.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Rich Content Fields\u003C\u002Fstrong>: Textarea for longer text input, WYSIWYG editor (Trumbowyg) for rich text editing, HTML content blocks, and audio recorder with transcription capabilities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Selection Fields\u003C\u002Fstrong>: Single and multiple select dropdowns with search functionality, custom selector component with AJAX search, and tag input system with autocomplete suggestions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Complex Fields\u003C\u002Fstrong>: Multi-field groups (html_multi) that allow creating repeating field sets with drag-and-drop reordering, conditional fields that show\u002Fhide based on parent field values, and field sections with collapsible groups.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All form fields support: custom CSS classes, required field validation, placeholder text, help descriptions, default values, conditional display logic, and custom validation rules.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Google reCAPTCHA v3 Integration\u003C\u002Fstrong>: Invisible bot protection with score-based verification. Configurable threshold settings and automatic suspicious registration detection with email notifications to administrators.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Honeypot Protection\u003C\u002Fstrong>: Hidden form fields that trap automated bots without affecting legitimate users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Rate Limiting\u003C\u002Fstrong>: Configurable limits on registration attempts per IP address within specified time windows to prevent abuse.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Akismet Integration\u003C\u002Fstrong>: Spam detection for user registrations using WordPress’s built-in Akismet service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bot Analysis Tool\u003C\u002Fstrong>: Advanced analysis system that examines existing users for bot patterns including suspicious email patterns, bot-like usernames, empty profiles, rapid registrations from same IP, suspicious user agents, sequential email patterns, and generic display names. Provides detailed reports with suspicion scores and pattern identification.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Security Logging\u003C\u002Fstrong>: Comprehensive logging system that tracks security events, failed registration attempts, suspicious activities, and bot confirmations for administrative review.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Profile Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Avatar System\u003C\u002Fstrong>: Users can upload custom profile pictures with automatic Gravatar fallback. Includes random avatar generation with color-coded initials for users without images. Supports custom image sets for default avatars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Profile Fields Management\u003C\u002Fstrong>: Administrators can add unlimited custom fields to user profiles through an intuitive interface. Fields can be added, edited, or removed dynamically without code changes. Supports all form field types mentioned above.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Profile Validation\u003C\u002Fstrong>: Real-time validation of required profile fields with visual indicators. Users are prompted to complete missing required information before accessing certain features.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto-Login Tool\u003C\u002Fstrong>: Administrators can log in as any user (except other administrators) for support and testing purposes. Includes secure token-based authentication and automatic session management.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Account Management\u003C\u002Fstrong>: Users can change passwords through WordPress’s standard password reset system, delete their own accounts with password confirmation, and manage notification preferences.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Notifications System:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Integrated Notifications\u003C\u002Fstrong>: Full integration with Mail Manager – PN plugin for advanced email notifications. Users can manage their notification preferences directly from their profile.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Newsletter Management\u003C\u002Fstrong>: Newsletter subscription system with email activation links. Users receive welcome emails upon newsletter activation. Supports multi-language notification preferences when Polylang is active.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Notification Preferences\u003C\u002Fstrong>: Users can opt-in\u002Fopt-out of system notifications with a simple checkbox. Language selection for notifications when multiple languages are available.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>CSV Import\u002FExport:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bulk User Import\u003C\u002Fstrong>: Import multiple users at once using CSV files. Download customizable CSV templates that include all registered profile fields with proper formatting instructions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Template Generation\u003C\u002Fstrong>: Automatic CSV template generation based on your current form field configuration. Includes example rows showing proper data formats for each field type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Data Validation\u003C\u002Fstrong>: CSV import includes validation for email addresses, role assignments, date formats, and custom field types before user creation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcodes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin provides numerous shortcodes for easy integration:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[userspn-profile]\u003C\u002Fcode> – Complete user profile interface (popup or inline)\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-login]\u003C\u002Fcode> – Login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-user-register-form]\u003C\u002Fcode> – Registration form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-profile-edit]\u003C\u002Fcode> – Profile editing form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-profile-image]\u003C\u002Fcode> – Avatar\u002Fimage management\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-get-avatar]\u003C\u002Fcode> – Display user avatar\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-notifications]\u003C\u002Fcode> – Notification preferences\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-user-files]\u003C\u002Fcode> – Private file management\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-csv-template]\u003C\u002Fcode> – Download CSV template\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-csv-template-upload]\u003C\u002Fcode> – CSV upload interface\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-call-to-action]\u003C\u002Fcode> – Customizable call-to-action blocks\u003C\u002Fli>\n\u003Cli>\u003Ccode>[userspn-newsletter]\u003C\u002Fcode> – Newsletter subscription form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Gutenberg Blocks:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Profile Block\u003C\u002Fstrong>: Native Gutenberg block for inserting user profiles directly into pages and posts. Supports inline display mode and integrates seamlessly with the block editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multi-language Support\u003C\u002Fstrong>: Full Polylang integration for multi-language sites. Users can select their preferred notification language, and profile fields adapt to the current language context.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Responsive Design\u003C\u002Fstrong>: All forms and interfaces are fully responsive and mobile-friendly, ensuring a great experience on all devices.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>AJAX-Powered\u003C\u002Fstrong>: Forms submit via AJAX without page reloads, providing a smooth user experience with loading indicators and success\u002Ferror messages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizable Styling\u003C\u002Fstrong>: Extensive CSS classes and structure allow for easy theme customization. All components follow consistent naming conventions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong>: Designed to work seamlessly with WooCommerce, avoiding conflicts during checkout processes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cron Jobs\u003C\u002Fstrong>: Built-in scheduled tasks for maintenance, cleanup, and automated processes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Developer-Friendly\u003C\u002Fstrong>: Extensive hooks and filters for developers to extend functionality. Clean, well-documented code following WordPress coding standards.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Technical Highlights:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses WordPress best practices for security, sanitization, and validation\u003C\u002Fli>\n\u003Cli>Proper nonce verification for all form submissions\u003C\u002Fli>\n\u003Cli>KSES filtering for safe HTML output\u003C\u002Fli>\n\u003Cli>Efficient database queries and caching where appropriate\u003C\u002Fli>\n\u003Cli>Proper script and style enqueuing with dependency management\u003C\u002Fli>\n\u003Cli>Translation-ready with .pot file included\u003C\u002Fli>\n\u003Cli>Compatible with WordPress 3.0.1+ and PHP 7.2+\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin transforms WordPress user management from a backend-only task into a comprehensive, user-friendly frontend experience that enhances engagement and simplifies administration.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin stands on the shoulders of giants\u003C\u002Fp>\n\u003Cp>Tooltipster v4.2.8 – A rockin’ custom tooltip jQuery plugin\u003Cbr \u002F>\nDeveloped by Caleb Jacob and Louis Ameline\u003Cbr \u002F>\nMIT license\u003Cbr \u002F>\nhttps:\u002F\u002Fcalebjacob.github.io\u002Ftooltipster\u002F\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fcalebjacob\u002Ftooltipster\u002Fblob\u002Fmaster\u002Fdist\u002Fjs\u002Ftooltipster.main.js\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fcalebjacob\u002Ftooltipster\u002Fblob\u002Fmaster\u002Fdist\u002Fcss\u002Ftooltipster.main.css\u003C\u002Fp>\n\u003Cp>Owl Carousel v2.3.4\u003Cbr \u002F>\nLicensed under: SEE LICENSE IN https:\u002F\u002Fgithub.com\u002FOwlCarousel2\u002FOwlCarousel2\u002Fblob\u002Fmaster\u002FLICENSE\u003Cbr \u002F>\nCopyright 2013-2018 David Deutsch\u003Cbr \u002F>\nhttps:\u002F\u002Fowlcarousel2.github.io\u002FOwlCarousel2\u002F\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FOwlCarousel2\u002FOwlCarousel2\u002Fblob\u002Fdevelop\u002Fdist\u002Fowl.carousel.js\u003C\u002Fp>\n\u003Cp>Trumbowyg v2.27.3 – A lightweight WYSIWYG editor\u003Cbr \u002F>\nalex-d.github.io\u002FTrumbowyg\u002F\u003Cbr \u002F>\nLicense MIT – Author : Alexandre Demode (Alex-D)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Fui\u002Fsass\u002Ftrumbowyg.scss\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Fui\u002Fsass\u002Ftrumbowyg.scss\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Ftrumbowyg.js\u003C\u002Fp>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Ch3>Architecture Overview\u003C\u002Fh3>\n\u003Cp>The plugin follows WordPress coding standards and uses an object-oriented architecture. The core class (\u003Ccode>USERSPN\u003C\u002Fcode>) orchestrates functionality through a loader system (\u003Ccode>USERSPN_Loader\u003C\u002Fcode>) that manages actions, filters, and shortcodes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Main plugin file: \u003Ccode>userspn.php\u003C\u002Fcode> – Constants, activation\u002Fdeactivation hooks, initialization\u003C\u002Fli>\n\u003Cli>Core class: \u003Ccode>includes\u002Fclass-userspn.php\u003C\u002Fcode> – Loads dependencies and registers hooks\u003C\u002Fli>\n\u003Cli>Modular classes: Each feature is encapsulated in its own class file (Forms, Security, Validation, CSV, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Hooks\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Actions:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>userspn_user_register\u003C\u002Fcode> – Fires after user registration\u003Cbr \u002F>\n* \u003Ccode>userspn_user_wp_login\u003C\u002Fcode> – Fires on login\u003Cbr \u002F>\n* \u003Ccode>userspn_cron_daily\u003C\u002Fcode> – Daily scheduled task\u003Cbr \u002F>\n* \u003Ccode>userspn_cron_thirty_minutes\u003C\u002Fcode> – 30-minute scheduled task\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filters:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>userspn_get_avatar\u003C\u002Fcode> – Filter avatar output\u003Cbr \u002F>\n* \u003Ccode>userspn_body_classes\u003C\u002Fcode> – Add custom body classes\u003Cbr \u002F>\n* \u003Ccode>userspn_show_admin_bar\u003C\u002Fcode> – Control admin bar visibility\u003Cbr \u002F>\n* \u003Ccode>userspn_lostpassword_url\u003C\u002Fcode> – Customize lost password URL\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AJAX Endpoints:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>wp_ajax_userspn_ajax\u003C\u002Fcode> – Authenticated requests\u003Cbr \u002F>\n* \u003Ccode>wp_ajax_nopriv_userspn_ajax_nopriv\u003C\u002Fcode> – Non-authenticated requests\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For developer support, bug reports, or feature requests:\u003Cbr \u002F>\n* Email: info@padresenlanube.com\u003Cbr \u002F>\n* Website: https:\u002F\u002Fpadresenlanube.com\u002F\u003C\u002Fp>\n","Streamline user management on your WordPress site with this powerful plugin. Enable custom forms, secure login, and seamless profile management.",0,845,"2026-03-05T03:17:00.000Z","6.8.5","3.0.1","7.2",[18,19,20,21,22],"contacts","login","register","user-management","users","https:\u002F\u002Fpadresenlanube.com\u002Fplugins\u002Fuserspn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserspn.1.1.15.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"felixmartinez",8,20,99,30,93,"2026-04-04T16:06:03.287Z",[38,59,77,101,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":25,"downloaded":46,"rating":47,"num_ratings":31,"last_updated":48,"tested_up_to":14,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"wp-front-end-profile","WP Frontend Profile","1.3.9","Glowlogix","https:\u002F\u002Fprofiles.wordpress.org\u002Fglowlogix\u002F","\u003Cp>WP Frontend Profile gives you the ability to add a extensible user profile section to the frontend of your WordPress website. By default the plugin adds two tabs to the frontend profile. One of these tabs, titled profile, allows a user to edit their user data including email, first and last names, URL and bio (description). The password tab allows a user to change their password for the site.\u003C\u002Fp>\n\u003Ch4>Plugin Extensibility\u003C\u002Fh4>\n\u003Cp>As the frontend profile is rendered with tabs you can easily add your own tabs with your own fields to store user meta data. Tabs and fields are added through filters and all the saving of the data is taken care of for you.\u003C\u002Fp>\n\u003Cp>You can add the following field types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WYSIWYG\u003C\u002Fli>\n\u003Cli>Select\u003C\u002Fli>\n\u003Cli>Multi Select\u003C\u002Fli>\n\u003Cli>Radio\u003C\u002Fli>\n\u003Cli>Text Area\u003C\u002Fli>\n\u003Cli>Checkbox\u003C\u002Fli>\n\u003Cli>Password\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See FAQs for how to add our own fields and tabs.\u003C\u002Fp>\n\u003Ch4>Profile Output\u003C\u002Fh4>\n\u003Cp>To output the frontend profile feature you can use the following shortcodes in editor:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Profile page \u003Ccode>[wpfep-profile]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Edit profile \u003Ccode>[wpfep]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Register page \u003Ccode>[wpfep-register]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Login page \u003Ccode>[wpfep-login]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added Login Widget\u003C\u002Fli>\n\u003Cli>Addon for Mailchimp\u003C\u002Fli>\n\u003Cli>Added Content Restriction feature for paid members.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Frontend Profile allows users to edit\u002Fview their profile and register\u002Flogin without going into the dashboard to do so.",22187,86,"2026-02-21T21:44:00.000Z","4.0.1","5.2.17",[19,52,20,53,22],"profile","user-meta","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-front-end-profile\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-front-end-profile.1.3.9.zip",83,5,"2026-03-06 11:21:23",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":34,"downloaded":67,"rating":11,"num_ratings":11,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"user-mail-only-register","Multibyte CAPTCHA login and Mail only register","4.03","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Ch4>Login form with Multibyte CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Anti-Bot measures with original CAPTCHA.\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=register\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=lostpassword\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Register\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Register only email address.\u003C\u002Fli>\n\u003Cli>Can check the terms of use agreement for user register.\u003C\u002Fli>\n\u003Cli>Anti-Bot measures with original CAPTCHA.\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=register\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>shortcode : \u003Ccode>[umorregister]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter for shortcode form\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for message.\n *\n *\u002F\nadd_filter( 'umor_register_success_msg', function(){ return 'Message for register success.'; }, 10, 1 );\nadd_filter( 'umor_login_success_login_msg', function(){ return 'Message for login success.'; }, 10, 1 );\nadd_filter( 'umor_register_error', function(){ return 'Message for register error.'; }, 10, 1 );\nadd_filter( 'umor_register_nomail', function(){ return 'Message for unentered mail.'; }, 10, 1 );\nadd_filter( 'umor_register_noterm', function(){ return 'Message for unentered term of use.'; }, 10, 1 );\nadd_filter( 'umor_register_form_label', function(){ return 'Message for form label.'; }, 10, 1 );\nadd_filter( 'umor_register_term_of_use', function(){ return 'Message for term of use.'; }, 10, 1 );\nadd_filter( 'umor_not_register_message', function(){ return 'Message for not register.'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for login form message.\n *\n *\u002F\nadd_filter(\n    'umor_login_message',\n    function( $message, $text ) {\n        $message = '\u003Cp class=\"myclass\">';\n        $message .= $text;\n        $message .= '\u003C\u002Fp>';\n        return $message;\n    },\n    10,\n    2\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for Term of use URL.\n *\n *\u002F\nadd_filter(\n    'umor_register_term_of_use_url',\n    function( $term_of_use_url ) {\n        if ( 'ja' === get_locale() ) {\n            $term_of_use_url = 'https:\u002F\u002Ftest.com\u002Fja\u002F';\n        }\n        return $term_of_use_url;\n    },\n    10,\n    1\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for input text size.\n *\n *\u002F\nadd_filter( 'umor_register_input_size', function(){ return 17; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for class name.\n *\n *\u002F\nadd_filter( 'umor_register_notice_class_name', function(){ return 'mynotice'; }, 10, 1 );\nadd_filter( 'umor_register_form_class_name', function(){ return 'myform'; }, 10, 1 );\nadd_filter( 'umor_register_label_class_name', function(){ return 'mylabel'; }, 10, 1 );\nadd_filter( 'umor_register_input_class_name', function(){ return 'myinput'; }, 10, 1 );\nadd_filter( 'umor_register_check_form_class_name', function(){ return 'mycheckform'; }, 10, 1 );\nadd_filter( 'umor_register_check_class_name', function(){ return 'mycheck'; }, 10, 1 );\nadd_filter( 'umor_register_captcha_input_class_name', function(){ return 'mycaptcha_input'; }, 10, 1 );\nadd_filter( 'umor_register_submit_class_name', function(){ return 'mysubmit'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Multibyte CAPTCHA login form and register users with mail only.",5650,"2025-12-02T23:22:00.000Z","6.9.4","4.7","8.0",[73,74,19,20,22],"captcha","email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-mail-only-register\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-mail-only-register.4.03.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":87,"tags":90,"homepage":98,"download_link":99,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":100},"restrict-role-login","Restrict Role Login","1.0.0","konnektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonnektiv\u002F","\u003Cp>This Plugin allows administrators to restrict user login based on user roles. This is useful e.g. when you want anyone to register on your site but you do only want certain people (e.g. editors) to enter the logged in area.\u003C\u002Fp>\n\u003Cp>Roles that are allowed to log in are set in a new menu entry in the Users menu.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed for the \u003Ca href=\"https:\u002F\u002Fquality4digitallearning.org\u002F\" rel=\"nofollow ugc\">globe – Community of Digital Learning\u003C\u002Fa> on behalf of \u003Ca href=\"https:\u002F\u002Fwww.giz.de\u002F\" rel=\"nofollow ugc\">GIZ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkonnektiv.de\u002F\" rel=\"nofollow ugc\">Konnektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkonnektiv\u002Frestrict-role-login\" rel=\"nofollow ugc\">Restrict Role Login on GitHub\u003C\u002Fa> – Report issues, contribute code\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows administrators to restrict user login based on user roles.",10,1523,"","4.5.33","3.6.0",[91,92,19,20,93,94,95,96,97,22],"area","authentication","restrict","role","sign-in","sign-up","user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestrict-role-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-role-login.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":11,"downloaded":109,"rating":25,"num_ratings":110,"last_updated":87,"tested_up_to":14,"requires_at_least":111,"requires_php":16,"tags":112,"homepage":87,"download_link":115,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":100},"last-login-info","Last Login Info","2.0.0","Hardik Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhardikhuptechdev\u002F","\u003Cp>\u003Cstrong>Last Login Info\u003C\u002Fstrong> is a lightweight plugin that helps administrators see when users last logged into the site.\u003C\u002Fp>\n\u003Cp>This plugin adds a “Last Login” column to the Users table in the WordPress admin. It tracks and displays each user’s last login time, with either human-readable formatting (e.g., “2 days ago”) or full date\u002Ftimestamp. The column is sortable, making it easier to find inactive users.\u003C\u002Fp>\n\u003Cp>The settings page under \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Last Login Info\u003C\u002Fstrong> allows you to customize the date format, exclude roles, export data to CSV, or reset all login records.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds a new “Last Login” column to the Users admin screen.\u003C\u002Fli>\n\u003Cli>Tracks login time on successful user login.\u003C\u002Fli>\n\u003Cli>Choose between human-readable or full timestamp display.\u003C\u002Fli>\n\u003Cli>Exclude specific roles from being tracked (e.g., Administrator).\u003C\u002Fli>\n\u003Cli>Export all user logins to CSV.\u003C\u002Fli>\n\u003Cli>Reset all login tracking data.\u003C\u002Fli>\n\u003Cli>Sortable column by last login time.\u003C\u002Fli>\n\u003Cli>Lightweight, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays the last login timestamp of each user in the WordPress admin Users table, with tools to export and manage login data.",536,1,"5.5",[113,114,19,21,22],"admin","last-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-login-info.2.0.0.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":11,"num_ratings":11,"last_updated":125,"tested_up_to":69,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"last-login-info-display","Last Login Info Display","1.1.1","Ahmod Musa","https:\u002F\u002Fprofiles.wordpress.org\u002Fmusabin\u002F","\u003Cp>Last Login Info Display is a lightweight WordPress plugin that helps administrators track user activity by displaying the last login time and total login count for each user in the WordPress admin users list.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Last Login Tracking\u003C\u002Fstrong>: Adds a sortable “Last Login” column showing when each user last logged in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Count\u003C\u002Fstrong>: Tracks and displays the total number of logins for each user\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sortable Columns\u003C\u002Fstrong>: Sort users by last login time or login count\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Compatible\u003C\u002Fstrong>: Works perfectly with WordPress Multisite installations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Includes .pot file for translations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong>: Optimized for performance with minimal database overhead\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Configuration Needed\u003C\u002Fstrong>: Works out of the box after activation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all plugin data when uninstalled\u003C\u002Fli>\n\u003C\u002Ful>\n","Track user activity with a detailed \"Last Login\" and \"Login Count\" column in the WordPress Users dashboard.",334,"2026-01-02T13:44:00.000Z","4.9","7.0",[113,19,129,21,22],"security","https:\u002F\u002Fahmodmusa.com\u002Flast-login-info-display\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-login-info-display.1.1.1.zip",{"attackSurface":133,"codeSignals":165,"taintFlows":386,"riskAssessment":500,"analyzedAt":510},{"hooks":134,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":11,"unprotectedCount":11},[135,141,147,149],{"type":136,"name":137,"callback":138,"priority":85,"file":139,"line":140},"filter","render_block","userspn_render_block_filter","includes\\class-userspn-blocks.php",65,{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","wp_enqueue_scripts","enqueue_scripts","includes\\class-userspn-selector.php",29,{"type":142,"name":148,"callback":144,"file":145,"line":34},"admin_enqueue_scripts",{"type":142,"name":150,"callback":151,"priority":11,"file":152,"line":153},"init","userspn_run","userspn.php",204,[],[],[],[158,162],{"hook":159,"callback":159,"file":160,"line":161},"userspn_cron_daily","includes\\class-userspn-cron.php",21,{"hook":163,"callback":163,"file":160,"line":164},"userspn_cron_thirty_minutes",25,{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":177,"fileOperations":11,"externalRequests":110,"nonceChecks":31,"capabilityChecks":381,"bundledLibraries":382},[],{"prepared":85,"raw":168,"locations":169},2,[170,174],{"file":171,"line":172,"context":173},"includes\\class-userspn-security.php",688,"$wpdb->get_results() with variable interpolation",{"file":175,"line":176,"context":173},"includes\\class-userspn-settings.php",1030,{"escaped":178,"rawEcho":25,"locations":179},833,[180,184,186,188,190,192,194,196,198,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,286,288,290,292,295,297,299,301,303,305,307,308,310,312,314,316,318,320,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349,350,352,354,355,357,359,361,364,366,368,370,372,374,376,377,379],{"file":181,"line":182,"context":183},"includes\\class-userspn-ajax-nopriv.php",22,"raw output",{"file":181,"line":185,"context":183},31,{"file":181,"line":187,"context":183},202,{"file":181,"line":189,"context":183},365,{"file":181,"line":191,"context":183},368,{"file":181,"line":193,"context":183},395,{"file":181,"line":195,"context":183},617,{"file":181,"line":197,"context":183},649,{"file":199,"line":200,"context":183},"includes\\class-userspn-ajax.php",23,{"file":199,"line":202,"context":183},32,{"file":199,"line":204,"context":183},108,{"file":199,"line":206,"context":183},117,{"file":199,"line":208,"context":183},130,{"file":199,"line":210,"context":183},163,{"file":199,"line":212,"context":183},179,{"file":199,"line":214,"context":183},182,{"file":199,"line":216,"context":183},494,{"file":199,"line":218,"context":183},497,{"file":199,"line":220,"context":183},642,{"file":199,"line":222,"context":183},645,{"file":199,"line":224,"context":183},687,{"file":199,"line":226,"context":183},690,{"file":199,"line":228,"context":183},694,{"file":199,"line":230,"context":183},703,{"file":199,"line":232,"context":183},706,{"file":199,"line":234,"context":183},783,{"file":199,"line":236,"context":183},791,{"file":199,"line":238,"context":183},793,{"file":199,"line":240,"context":183},799,{"file":199,"line":242,"context":183},809,{"file":199,"line":244,"context":183},818,{"file":199,"line":246,"context":183},824,{"file":199,"line":248,"context":183},832,{"file":199,"line":250,"context":183},847,{"file":199,"line":252,"context":183},854,{"file":199,"line":254,"context":183},864,{"file":199,"line":256,"context":183},873,{"file":199,"line":258,"context":183},883,{"file":199,"line":260,"context":183},890,{"file":199,"line":262,"context":183},904,{"file":199,"line":264,"context":183},911,{"file":199,"line":266,"context":183},924,{"file":199,"line":268,"context":183},931,{"file":199,"line":270,"context":183},941,{"file":199,"line":272,"context":183},957,{"file":199,"line":274,"context":183},971,{"file":199,"line":276,"context":183},979,{"file":199,"line":278,"context":183},990,{"file":199,"line":280,"context":183},1001,{"file":199,"line":282,"context":183},1010,{"file":284,"line":285,"context":183},"includes\\class-userspn-forms.php",427,{"file":284,"line":287,"context":183},727,{"file":284,"line":289,"context":183},921,{"file":284,"line":291,"context":183},1004,{"file":293,"line":294,"context":183},"includes\\class-userspn-functions-user.php",580,{"file":293,"line":296,"context":183},585,{"file":293,"line":298,"context":183},592,{"file":293,"line":300,"context":183},609,{"file":293,"line":302,"context":183},651,{"file":293,"line":304,"context":183},655,{"file":293,"line":306,"context":183},663,{"file":293,"line":232,"context":183},{"file":293,"line":309,"context":183},711,{"file":293,"line":311,"context":183},718,{"file":293,"line":313,"context":183},735,{"file":293,"line":315,"context":183},778,{"file":293,"line":317,"context":183},782,{"file":293,"line":319,"context":183},800,{"file":293,"line":248,"context":183},{"file":293,"line":322,"context":183},837,{"file":293,"line":324,"context":183},860,{"file":293,"line":326,"context":183},865,{"file":293,"line":328,"context":183},985,{"file":293,"line":330,"context":183},1077,{"file":293,"line":332,"context":183},1174,{"file":293,"line":334,"context":183},1365,{"file":293,"line":336,"context":183},1367,{"file":293,"line":338,"context":183},1438,{"file":293,"line":340,"context":183},1685,{"file":342,"line":187,"context":183},"includes\\class-userspn-notifications.php",{"file":175,"line":344,"context":183},834,{"file":175,"line":346,"context":183},871,{"file":175,"line":348,"context":183},876,{"file":175,"line":258,"context":183},{"file":175,"line":351,"context":183},897,{"file":175,"line":353,"context":183},927,{"file":175,"line":268,"context":183},{"file":175,"line":356,"context":183},982,{"file":175,"line":358,"context":183},991,{"file":175,"line":360,"context":183},999,{"file":362,"line":363,"context":183},"templates\\userspn-footer.php",68,{"file":362,"line":365,"context":183},73,{"file":362,"line":367,"context":183},80,{"file":362,"line":369,"context":183},94,{"file":362,"line":371,"context":183},127,{"file":362,"line":373,"context":183},131,{"file":362,"line":375,"context":183},158,{"file":362,"line":210,"context":183},{"file":362,"line":378,"context":183},174,{"file":380,"line":34,"context":183},"templates\\userspn-popups.php",26,[383],{"name":384,"version":26,"knownCves":385},"DataTables",[],[387,429,445,458,468,476,490],{"entryPoint":388,"graph":389,"unsanitizedCount":110,"severity":428},"userspn_ajax_server (includes\\class-userspn-ajax.php:19)",{"nodes":390,"edges":421},[391,396,402,406,411,413,417],{"id":392,"type":393,"label":394,"file":199,"line":395},"n0","source","$_POST (x15)",53,{"id":397,"type":398,"label":399,"file":199,"line":400,"wp_function":401},"n1","sink","echo() [XSS]",193,"echo",{"id":403,"type":393,"label":404,"file":199,"line":405},"n2","$_POST",802,{"id":407,"type":398,"label":408,"file":199,"line":409,"wp_function":410},"n3","query() [SQLi]",805,"query",{"id":412,"type":393,"label":404,"file":199,"line":220},"n4",{"id":414,"type":415,"label":416,"file":199,"line":220},"n5","transform","→ userspn_get_private_file_uploaded()",{"id":418,"type":398,"label":399,"file":419,"line":420,"wp_function":401},"n6","includes\\class-userspn-functions-attachment.php",144,[422,424,425,427],{"from":392,"to":397,"sanitized":423},true,{"from":403,"to":407,"sanitized":423},{"from":412,"to":414,"sanitized":426},false,{"from":414,"to":418,"sanitized":426},"medium",{"entryPoint":430,"graph":431,"unsanitizedCount":110,"severity":428},"\u003Cclass-userspn-ajax> (includes\\class-userspn-ajax.php:0)",{"nodes":432,"edges":440},[433,434,435,436,437,438,439],{"id":392,"type":393,"label":394,"file":199,"line":395},{"id":397,"type":398,"label":399,"file":199,"line":400,"wp_function":401},{"id":403,"type":393,"label":404,"file":199,"line":405},{"id":407,"type":398,"label":408,"file":199,"line":409,"wp_function":410},{"id":412,"type":393,"label":404,"file":199,"line":220},{"id":414,"type":415,"label":416,"file":199,"line":220},{"id":418,"type":398,"label":399,"file":419,"line":420,"wp_function":401},[441,442,443,444],{"from":392,"to":397,"sanitized":423},{"from":403,"to":407,"sanitized":423},{"from":412,"to":414,"sanitized":426},{"from":414,"to":418,"sanitized":426},{"entryPoint":446,"graph":447,"unsanitizedCount":110,"severity":428},"userspn_auto_login (includes\\class-userspn-functions-user.php:230)",{"nodes":448,"edges":456},[449,452],{"id":392,"type":393,"label":450,"file":293,"line":451},"$_SERVER",252,{"id":397,"type":398,"label":453,"file":293,"line":454,"wp_function":455},"wp_redirect() [Open Redirect]",253,"wp_redirect",[457],{"from":392,"to":397,"sanitized":426},{"entryPoint":459,"graph":460,"unsanitizedCount":11,"severity":467},"userspn_ajax_nopriv_server (includes\\class-userspn-ajax-nopriv.php:19)",{"nodes":461,"edges":465},[462,464],{"id":392,"type":393,"label":404,"file":181,"line":463},473,{"id":397,"type":398,"label":399,"file":181,"line":195,"wp_function":401},[466],{"from":392,"to":397,"sanitized":423},"low",{"entryPoint":469,"graph":470,"unsanitizedCount":11,"severity":467},"\u003Cclass-userspn-ajax-nopriv> (includes\\class-userspn-ajax-nopriv.php:0)",{"nodes":471,"edges":474},[472,473],{"id":392,"type":393,"label":404,"file":181,"line":463},{"id":397,"type":398,"label":399,"file":181,"line":195,"wp_function":401},[475],{"from":392,"to":397,"sanitized":423},{"entryPoint":477,"graph":478,"unsanitizedCount":11,"severity":467},"\u003Cclass-userspn-functions-user> (includes\\class-userspn-functions-user.php:0)",{"nodes":479,"edges":487},[480,481,482,485],{"id":392,"type":393,"label":450,"file":293,"line":451},{"id":397,"type":398,"label":453,"file":293,"line":454,"wp_function":455},{"id":403,"type":393,"label":483,"file":293,"line":484},"$_GET (x10)",238,{"id":407,"type":398,"label":399,"file":293,"line":486,"wp_function":401},541,[488,489],{"from":392,"to":397,"sanitized":423},{"from":403,"to":407,"sanitized":423},{"entryPoint":491,"graph":492,"unsanitizedCount":11,"severity":467},"\u003Cclass-userspn-notifications> (includes\\class-userspn-notifications.php:0)",{"nodes":493,"edges":498},[494,497],{"id":392,"type":393,"label":495,"file":342,"line":496},"$_GET",36,{"id":397,"type":398,"label":399,"file":342,"line":187,"wp_function":401},[499],{"from":392,"to":397,"sanitized":423},{"summary":501,"deductions":502},"The 'userspn' plugin version 1.1.15 demonstrates a generally strong security posture based on the static analysis. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes significantly limits the immediate attack surface. Furthermore, the code exhibits good practices with a high percentage of SQL queries using prepared statements and a large majority of output operations being properly escaped. The presence of nonce and capability checks further bolsters its defensive mechanisms.\n\nDespite these strengths, there are a few areas of concern. The taint analysis revealed three flows with unsanitized paths, although they were not categorized as critical or high severity. This indicates a potential for subtle vulnerabilities that might not be immediately obvious. The plugin also makes one external HTTP request, which, depending on its implementation, could be a vector for supply chain attacks or cross-site scripting if not handled securely. The bundled DataTables library, while common, could be a concern if it's an outdated version, as this is a frequent source of vulnerabilities.\n\nThe plugin's vulnerability history is remarkably clean, with zero known CVEs. This suggests a history of responsible development and maintenance, or that the plugin hasn't been a significant target for vulnerability research. In conclusion, 'userspn' v1.1.15 is reasonably secure, with a robust approach to common WordPress security pitfalls. However, the unsanitized paths in taint analysis and the potential risk associated with the bundled library warrant careful consideration and potential further investigation.",[503,505,507],{"reason":504,"points":31},"Flows with unsanitized paths found",{"reason":506,"points":57},"External HTTP requests present",{"reason":508,"points":509},"Bundled library DataTables present",3,"2026-03-17T06:26:01.879Z",{"wat":512,"direct":521},{"assetPaths":513,"generatorPatterns":516,"scriptPaths":517,"versionParams":518},[514,515],"\u002Fwp-content\u002Fplugins\u002Fuserspn\u002Fassets\u002Fcss\u002Fadmin\u002Fuserspn-admin.css","\u002Fwp-content\u002Fplugins\u002Fuserspn\u002Fassets\u002Fjs\u002Fadmin\u002Fuserspn-admin.js",[],[515],[519,520],"userspn-admin?ver=","userspn-admin.js?ver=",{"cssClasses":522,"htmlComments":524,"htmlAttributes":525,"restEndpoints":538,"jsGlobals":539,"shortcodeOutput":543},[523],"userspn-admin-wrap",[],[526,527,528,529,530,531,532,533,534,535,536,537],"data-userspn-meta","data-userspn-popup-id","data-userspn-post-id","data-userspn-parent","data-userspn-parent-option","data-userspn-type","data-userspn-subtype","data-userspn-user-id","data-userspn-section-id","data-userspn-form-type","data-userspn-input-id","data-userspn-input-type",[],[540,541,542],"USERSPN_VERSION","USERSPN_DIR","USERSPN_URL",[]]