[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7peWdVb2jJRzfchq5tX1r6xPBGLbSDIWegAUgdVRBEE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":150,"fingerprints":193},"woo-generate-new-password-reset-link","Woo Generate New Password Reset Link","1.0.0","macbookandrew","https:\u002F\u002Fprofiles.wordpress.org\u002Fmacbookandrew\u002F","\u003Cp>If your site auto-generates customer credentials, then they receive their username and password in plaintext in their email.\u003C\u002Fp>\n\u003Cp>To improve security and make the experience a bit more user-friendly, this plugin sends users a link to create their password, much like WordPress core does when you add a new user account.\u003C\u002Fp>\n","Sends customers a link to create a password rather than auto-generating a password for them.",10,1753,0,"2016-06-30T01:28:00.000Z","4.5.33","4.0","",[19,20,21,22,23],"account","customer-account","password","password-link","user-account","http:\u002F\u002Fandrewrminion.com\u002F2016\u002F06\u002Fwoo-generate-new-password-reset-link\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-generate-new-password-reset-link.1.0.0.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},11,8110,92,498,73,"2026-04-04T14:47:24.581Z",[38,62,85,104,128],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":59,"download_link":60,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,176985,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[54,55,56,57,58],"accounts","passwords","security","users","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip","2026-03-15T15:16:48.613Z",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":83,"download_link":84,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"protect-admin-account","Protect Admin","2.1.6","KeystrokeClick","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeystrokeclick\u002F","\u003Cp>This plugin protects selected WP Admin accounts, and standard posts created by those Admins, from being deleted or edited by other users. This plugin is hidden from all users other than the Admin who installs it. Only users with the “Administrator” role can be protected.\u003C\u002Fp>\n\u003Cp>This plugin might be useful if you want to share admin access with other users (i.e. IT team, developers, etc) but don’t want to risk impacting the accounts of certain Admins. Or, perhaps you’re the developer or IT member who might need this plugin to prevent other non-technical Admins from accidentally deleting your account or key Admins on specific projects.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>As soon as the plugin is \u003Cstrong>activated\u003C\u002Fstrong>, it will store the ID of the user that activates the plugin. The plugin will then be hidden from all users other than this user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can choose which Admin accounts (yours or others) to protect. Only the Admin who activates the plugin can save its settings. Other users won’t see the Settings page or the menu.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Once protected admin accounts are selected on the Settings page, other users and admins will \u003Cstrong>NOT\u003C\u002Fstrong> be able to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>delete the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>access the profile edit page for the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>change the role of the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>select the protected Admin accounts in the bulk actions on users list page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Additionally, if other users or Admins, under unlikely circumstances, are able to access the user profile page of the protected Admin accounts using other plugins, this plugin will prevent any modifications from being saved.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Similar to the above, if other users or Admins are able to change the protected Admin account’s email address via the Profile page, this plugin will revert it back to the original email address.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Also, should someone attempt to edit a protected Admin’s account, the attempted action will be logged to the database. You can view recent attempts under Logs within the plugin’s section.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Reminder\u003C\u002Fh3>\n\u003Cp>Once you deactivate the plugin, all users with the ability to manage plugins (\u003Ccode>activate_plugins\u003C\u002Fcode> capability) will be able to see the plugin. It is advised to only deactivate the plugin when you feel safe to do so. Otherwise you can just enable or disable protection from the plugin’s Settings page.\u003C\u002Fp>\n\u003Cp>If you want to be extra cautious (depending on your needs), you should also manually disallow file edit. This plugin doesn’t do that because some people might still need it.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'DISALLOW_FILE_EDIT', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin has NOT been tested with other user management plugins or role editor plugins. Hence its use alongside these types of plugins is not guaranteed to work as intended.\u003C\u002Fp>\n\u003Ch3>Email Notification\u003C\u002Fh3>\n\u003Cp>You can choose to get notified by email when someone attempts to modify your protected Admin accounts. Easily enable or disable email notification when you upgrade to \u003Ca href=\"https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Protect Admin PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Protect Admin PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Be the first to know when someone is attempting to modify your protected admin accounts.\u003C\u002Fli>\n\u003Cli>Get access to all logs and data of users who try to modify the protected admin accounts (the FREE version only records the most recent attempt).\u003C\u002Fli>\n\u003Cli>Protect standard posts and pages made directly by protected Admins.\u003C\u002Fli>\n\u003Cli>See \u003Ca href=\"https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F\" rel=\"nofollow ugc\">more\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect admin accounts from being deleted or modified by other users. This plugin will always be hidden from all users other than the admin who instal …",2000,27720,100,5,"2026-03-03T19:21:00.000Z","6.9.4","4.7","5.3",[79,80,81,82,23],"admin","admin-account","prevent-admin-deletion","protect","https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-admin-account.2.1.6.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":75,"requires_at_least":52,"requires_php":96,"tags":97,"homepage":102,"download_link":103,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"guest-checkout-account-creator","Guest Checkout Account Creator","1.0.3","Noor Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnalam-1\u002F","\u003Cp>\u003Cstrong>Smart Solution to Solve WooCommerce Guest Checkout Problems\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Stop choosing between conversion rates and customer data. Guest Checkout Account Creator automatically creates customer accounts during guest checkout, giving you the best of both worlds.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The Problem Every Store Owner Faces:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable guest checkout \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Higher sales but customers can’t track orders or download products\u003C\u002Fli>\n\u003Cli>Require account creation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Lower conversion rates as customers abandon carts\u003C\u002Fli>\n\u003Cli>Manual account creation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Time-consuming and inefficient customer support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>The Solution:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Guest Checkout Account Creator bridges this gap perfectly. Customers enjoy quick guest checkout while accounts are automatically created behind the scenes. Everyone wins!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Physical product stores\u003Cbr \u002F>\n* Digital download shops\u003Cbr \u002F>\n* Course and membership sites\u003Cbr \u002F>\n* Service-based businesses\u003Cbr \u002F>\n* Any WooCommerce store wanting to improve conversions while building customer relationships\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Account Creation\u003C\u002Fstrong> – Seamlessly creates accounts during guest checkout without interrupting the process\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Password Generation\u003C\u002Fstrong> – Creates strong passwords and emails login credentials to customers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Order Access\u003C\u002Fstrong> – Customers can immediately track orders and access downloads through their new account\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Configuration\u003C\u002Fstrong> – Works out of the box with your existing WooCommerce setup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Integration\u003C\u002Fstrong> – Sends welcome emails with login details after purchase (can be disabled)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Field Support\u003C\u002Fstrong> – Transfers custom billing fields like VAT numbers to user profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>German Market Compatible\u003C\u002Fstrong> – Full support for billing_vat field transfer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Digital Product Support\u003C\u002Fstrong> – Customers get instant access to downloads and future updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order History Access\u003C\u002Fstrong> – Full purchase history available in customer accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Reduction\u003C\u002Fstrong> – Dramatically reduces “where’s my order” support requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>For Your Customers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Skip registration hassles during checkout\u003Cbr \u002F>\n* Still get all account benefits (tracking, downloads, history)\u003Cbr \u002F>\n* Professional shopping experience\u003Cbr \u002F>\n* Easy access to digital products and updates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Store Owners:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Increase conversion rates with frictionless checkout\u003Cbr \u002F>\n* Build customer database automatically\u003Cbr \u002F>\n* Reduce support tickets significantly\u003Cbr \u002F>\n* Better customer relationship management\u003Cbr \u002F>\n* Access to valuable customer data\u003Cbr \u002F>\n* Improved marketing opportunities\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Your Business:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Higher sales through guest checkout convenience\u003Cbr \u002F>\n* Lower cart abandonment rates\u003Cbr \u002F>\n* More efficient customer support\u003Cbr \u002F>\n* Better long-term customer relationships\u003Cbr \u002F>\n* Complete customer profiles for marketing\u003C\u002Fp>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>This plugin is designed to enhance your WooCommerce store by automatically converting guest customers into registered users, improving customer retention and streamlining the shopping experience.\u003C\u002Fp>\n","Automatically create customer accounts during WooCommerce guest checkout. Boost sales while building your customer database.",300,1800,"2026-02-03T16:35:00.000Z","7.4",[98,99,100,101,58],"account-creation","customer-accounts","e-commerce","guest-checkout","https:\u002F\u002Fwpthemespace.com\u002Fproduct\u002Fguest-checkout-account-creator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguest-checkout-account-creator.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":126,"download_link":127,"security_score":33,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"lock-bad-user","Lock Bad User","1.1.8","Nabi Abdi","https:\u002F\u002Fprofiles.wordpress.org\u002Fnabiabdi\u002F","\u003Cp>With this plugin you can block any bad users without deleting the account and then any time you want you can unlock the user.\u003C\u002Fp>\n\u003Ch3>Attributes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Ban \u002F Locked Bad User.\u003C\u002Fli>\n\u003Cli>Force Logout The User You Locked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Under Construction\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Support \u003Ca href=\"https:\u002F\u002Fwebkima.com\u002F\" rel=\"nofollow ugc\">Webkima Academy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","By this plugin you can Ban \u002F Lock any user you want",200,2915,60,2,"2025-03-12T06:40:00.000Z","6.7.5","5.0","5.6",[121,122,123,124,125],"ban-account","ban-user","lock-account","lock-user","lock-user-account","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flock-bad-user\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-bad-user.1.1.8.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":72,"num_ratings":138,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":17,"tags":142,"homepage":148,"download_link":149,"security_score":33,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":61},"tcbd-lost-password-remove","TCBD Lost Password Remover","2.0","Touhidul Sadeek","https:\u002F\u002Fprofiles.wordpress.org\u002Ftcoder\u002F","\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>(improve website security) If you want to remove reset\u002Flost password remover option in your wordpress then just use this plguin. Removes the ability for non admin users to reset\u002Flost password remover\u002F their passwords option.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will enable to removes the ability for non admin users to reset\u002Flost password remover\u002Ftheir passwords option.",30,2038,3,"2024-05-19T11:46:00.000Z","6.5.8","3.0",[143,144,145,146,147],"lost-password-remover","remove","remove-lost-password","remove-lost-password-link","spam","http:\u002F\u002Fdemos.tcoderbd.com\u002Fwordpress_plugin\u002Ftcbd-lost-password-remove","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftcbd-lost-password-remove.2.0.zip",{"attackSurface":151,"codeSignals":163,"taintFlows":181,"riskAssessment":182,"analyzedAt":192},{"hooks":152,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":13,"unprotectedCount":13},[153],{"type":154,"name":155,"callback":156,"priority":11,"file":157,"line":158},"filter","woocommerce_locate_template","woo_new_account_password_locate_templates","woo-generate-new-password-reset-link.php",29,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":180},[],{"prepared":13,"raw":13,"locations":166},[],{"escaped":115,"rawEcho":73,"locations":168},[169,173,175,177,178],{"file":170,"line":171,"context":172},"woocommerce\\emails\\plain\\customer-new-account.php",23,"raw output",{"file":170,"line":174,"context":172},25,{"file":170,"line":176,"context":172},28,{"file":170,"line":136,"context":172},{"file":170,"line":179,"context":172},34,[],[],{"summary":183,"deductions":184},"The static analysis of \"woo-generate-new-password-reset-link\" v1.0.0 shows a seemingly secure foundation with no identified dangerous functions, SQL injection vulnerabilities, or file operations. The plugin also avoids external HTTP requests, which are common vectors for attacks. Notably, all SQL queries are prepared, and there are no known CVEs associated with this plugin, indicating a positive security history.  However, a significant concern arises from the lack of capability checks and nonce checks. This absence, coupled with only 29% of output being properly escaped, exposes the plugin to potential cross-site scripting (XSS) vulnerabilities and unauthorized actions if any user-facing functionality is introduced or modified without proper authentication and authorization.  The zero attack surface and zero taint flows are promising, but these are based on the current plugin structure and might not reflect potential future additions or interactions with other plugins.  Overall, while the current codebase appears to have avoided common pitfalls, the lack of fundamental security checks on potentially exposed operations presents a notable weakness.",[185,187,189],{"reason":186,"points":11},"Missing capability checks",{"reason":188,"points":11},"Missing nonce checks",{"reason":190,"points":191},"Low output escaping coverage (29%)",7,"2026-03-16T23:38:07.718Z",{"wat":194,"direct":199},{"assetPaths":195,"generatorPatterns":196,"scriptPaths":197,"versionParams":198},[],[],[],[],{"cssClasses":200,"htmlComments":201,"htmlAttributes":202,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[],[],[],[],[],[]]