[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHCyDlwm1B46HUwdiAU9VkwSOwp70eQYTKUXj2c4Azpc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":163,"fingerprints":507},"wp-access-areas","Access Areas for WordPress","1.5.22","podpirate","https:\u002F\u002Fprofiles.wordpress.org\u002Fpodpirate\u002F","\u003Cp>WP Access Areas lets you fine-tune who may read, edit or comment on your Blog posts.\u003Cbr \u002F>\nYou can either restrict access to logged-in uses only, certain WordPress-Roles or even custom Access Areas.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define custom Access Areas and assign them to your blog-users\u003C\u002Fli>\n\u003Cli>Restrict reading, editing and commenting permission to logged-in users, certain WordPress-Roles or Access Areas\u003C\u002Fli>\n\u003Cli>define global access areas on a network\u003C\u002Fli>\n\u003Cli>Supports bulk editing\u003C\u002Fli>\n\u003Cli>German, Italian, Polish and Swedish localization (Huge Thankyou @ all translators!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Known Issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress calendar Widget still shows dates where restricted posts have been created.\u003Cbr \u002F>\nWhen clicked on such a date a 404 will occur. There is an open \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F29319\" rel=\"nofollow ugc\">WordPress Core ticket on that issue\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Taxonomy menus (e.g. Tags \u002F Categories) also count restricted posts when the total number of posts in a taxonomy is ascertained.\u003Cbr \u002F>\nSee \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Farchive-recents-posts-last-comments-show-restricted-content?replies=5#post-5929330\" rel=\"ugc\">this post\u003C\u002Fa> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Please head over to the source code \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmcguffin\u002Fwp-access-areas\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003C\u002Fp>\n","Fine tuning access to your posts.",400,32124,90,17,"2025-12-05T11:08:00.000Z","6.9.4","4.6","5.6",[20,21,22,23,24],"access","capability","role","security","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-access-areas\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-access-areas.1.5.22.zip",99,1,0,"2025-04-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-30913","access-areas-reflected-cross-site-scripting","Access Areas \u003C= 1.5.19 - Reflected Cross-Site Scripting","The Access Areas plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.5.19","1.5.20","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-09 20:48:59",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb3ecec49-9185-409e-8dd8-1363bdbfdd04?source=api-prod",9,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},6,50800,97,345,77,"2026-04-04T15:22:09.191Z",[57,81,101,126,145],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":16,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":29,"last_vuln_date":80,"fetched_at":31},"wpfront-user-role-editor","WPFront User Role Editor","4.2.4","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>WPFront User Role Editor plugin allows you to easily manage WordPress user roles within your site.\u003Cbr \u002F>\nYou can create, edit or delete user roles and manage role capabilities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Edit or rename existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Manage capabilities.\u003C\u002Fli>\n\u003Cli>Allows you to add role capabilities.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Add or Remove capabilities.\u003C\u002Fli>\n\u003Cli>Restore role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles.\u003C\u002Fli>\n\u003Cli>Migrate users.\u003C\u002Fli>\n\u003Cli>Navigation menu permissions basic.\u003C\u002Fli>\n\u003Cli>Widget permissions basic.\u003C\u002Fli>\n\u003Cli>Login redirect basic.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmenu-editor\u002F\" rel=\"nofollow ugc\">Admin menu editor.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmedia-attachment-file-permissions\u002F\" rel=\"nofollow ugc\">Media library permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fuser-level-permissions\u002F\" rel=\"nofollow ugc\">User level permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fnavigation-menu-permissions\u002F\" rel=\"nofollow ugc\">Navigation menu permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fwidget-permissions\u002F\" rel=\"nofollow ugc\">Widget permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Flogin-redirect\u002F\" rel=\"nofollow ugc\">Login redirect advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fposts-pages-extended-permissions\u002F\" rel=\"nofollow ugc\">Post\u002FPage extended permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcustom-post-type-permissions\u002F\" rel=\"nofollow ugc\">Custom post type permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcontent-restriction-shortcodes\u002F\" rel=\"nofollow ugc\">Content restriction shortcodes.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fexport-roles\u002F\" rel=\"nofollow ugc\">Import\u002FExport.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmultisite-sync-roles\u002F\" rel=\"nofollow ugc\">Multisite support.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compare \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fppro\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Spanish tutorial\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYRZdWH-uukI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.",30000,962618,65,"2025-12-02T16:53:00.000Z","5.1","7.0",[72,73,23,74,75],"capability-manager","role-editor","user-access","user-permissions","http:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-user-role-editor.4.2.4.zip",94,5,"2025-09-26 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":13,"num_ratings":91,"last_updated":92,"tested_up_to":16,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":97,"download_link":98,"security_score":52,"vuln_count":99,"unpatched_count":29,"last_vuln_date":100,"fetched_at":31},"user-role-editor","User Role Editor","4.64.6","Vladimir Garagulya","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinephp\u002F","\u003Cp>User Role Editor WordPress plugin allows you to change user roles and capabilities easy.\u003Cbr \u002F>\nJust turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done.\u003Cbr \u002F>\nAdd new roles and customize its capabilities according to your needs, from scratch of as a copy of other existing role.\u003Cbr \u002F>\nUnnecessary self-made role can be deleted if there are no users whom such role is assigned.\u003Cbr \u002F>\nRole assigned every new created user by default may be changed too.\u003Cbr \u002F>\nCapabilities could be assigned on per user basis. Multiple roles could be assigned to user simultaneously.\u003Cbr \u002F>\nYou can add new capabilities and remove unnecessary capabilities which could be left from uninstalled plugins.\u003Cbr \u002F>\nMulti-site support is provided.\u003C\u002Fp>\n\u003Cp>Try it out on your free TasteWP \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-role-editor\" rel=\"nofollow ugc\">test site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To read more about ‘User Role Editor’ visit \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> at \u003Ca href=\"http:\u002F\u002Fshinephp.com\" rel=\"nofollow ugc\">shinephp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you need more functionality with quality support in a real time? Do you wish to remove advertisements from User Role Editor pages?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">Buy Pro version\u003C\u002Fa>.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa> includes extra modules:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block selected admin menu items for role.\u003C\u002Fli>\n\u003Cli>Hide selected front-end menu items for no logged-in visitors, logged-in users, roles.\u003C\u002Fli>\n\u003Cli>Block selected widgets under “Appearance” menu for role.\u003C\u002Fli>\n\u003Cli>Show widgets at front-end for selected roles.\u003C\u002Fli>\n\u003Cli>Block selected meta boxes (dashboard, posts, pages, custom post types) for role.\u003C\u002Fli>\n\u003Cli>“Export\u002FImport” module. You can export user role to the local file and import it to any WordPress site or other sites of the multi-site WordPress network.\u003C\u002Fli>\n\u003Cli>Roles and Users permissions management via Network Admin  for multisite configuration. One click Synchronization to the whole network.\u003C\u002Fli>\n\u003Cli>“Other roles access” module allows to define which other roles user with current role may see at WordPress: dropdown menus, e.g assign role to user editing user profile, etc.\u003C\u002Fli>\n\u003Cli>Manage user access to editing posts\u002Fpages\u002Fcustom post type using posts\u002Fpages, authors, taxonomies ID list.\u003C\u002Fli>\n\u003Cli>Per plugin users access management for plugins activate\u002Fdeactivate operations.\u003C\u002Fli>\n\u003Cli>Per form users access management for Gravity Forms plugin.\u003C\u002Fli>\n\u003Cli>Shortcode to show enclosed content to the users with selected roles only.\u003C\u002Fli>\n\u003Cli>Posts and pages view restrictions for selected roles.\u003C\u002Fli>\n\u003Cli>Admin back-end pages permissions viewer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro version is advertisement free. Premium support is included.\u003C\u002Fp>\n\u003Ch3>Additional Documentation\u003C\u002Fh3>\n\u003Cp>You can find more information about “User Role Editor” plugin at \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>I am ready to answer on your questions about plugin usage. Use \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugin page comments\u003C\u002Fa> for that.\u003C\u002Fp>\n","User Role Editor WordPress plugin makes user roles and capabilities changing easy. Edit\u002Fadd\u002Fdelete WordPress user roles and capabilities.",700000,21349734,287,"2025-12-02T03:45:00.000Z","4.4","7.3",[20,96,22,23,24],"editor","https:\u002F\u002Fwww.role-editor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-editor.4.64.6.zip",2,"2024-12-16 19:51:53",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":16,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":121,"download_link":122,"security_score":123,"vuln_count":124,"unpatched_count":29,"last_vuln_date":125,"fetched_at":31},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,84,420,"2026-03-08T15:53:00.000Z","5.8.0","5.6.0",[117,118,119,23,120],"access-governance","api-security","restricted-content","user-roles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":16,"requires_at_least":139,"requires_php":70,"tags":140,"homepage":142,"download_link":143,"security_score":136,"vuln_count":99,"unpatched_count":29,"last_vuln_date":144,"fetched_at":31},"controlled-admin-access","Controlled Admin Access","2.1.2","Waseem Senjer","https:\u002F\u002Fprofiles.wordpress.org\u002Fwaseem_senjer\u002F","\u003Cp>Give a temporary limited admin. access to themes designers, plugins developers and support agents.\u003C\u002Fp>\n\u003Cp>The plugin is simple and clean, it helps the administrator to create a user with a temporary access and choose which pages in your admin area which you don’t want the user to access. send the details to the user and when he finished his task, you can easily deactivate the account and activate it later.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpruby.com\u002Fplugin\u002Fcontrolled-admin-access-pro?utm_source=lite&utm_medium=readme&utm_campaign=freetopro\" title=\"Upgrade to Controlled Admin Access Pro\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpruby.com\u002Fknowledgebase_category\u002Fcontrolled-admin-access-pro\u002F\" title=\"Documentation \" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>Menu Filter\u003C\u002Fh3>\n\u003Cp>The plugin will allow you to select admin menu items that you want to restrict for the created admin. Not only the plugin will hide the menu item from the admin but it also will block the page if they access it in some other way.\u003C\u002Fp>\n\u003Ch3>Expiration Time\u003C\u002Fh3>\n\u003Cp>You may don’t want to give access indefinitely, the plugin allows you to set an expiration time for the restricted admin account. After the account expires, the account will no longer be able to login into the admin dashboard. Moreover, you can always extend the expiry time or change it.\u003C\u002Fp>\n\u003Ch3>Hide Admin Bar\u003C\u002Fh3>\n\u003Cp>WordPress offers an admin bar to provide quick access to some pages or to perform some actions. Using the plugin, you can hide the admin bar links at the top of the page will be hidden in both the frontend and admin areas.\u003C\u002Fp>\n\u003Ch3>Disable Access\u003C\u002Fh3>\n\u003Cp>You can always disable the restricted admin account at any time. For example, if you gave a developer access to fix a bug or install a theme, when they finish the task you can disable their account. This will block login in using the account but it will retain the account’s information in case you wanted to give them access in the future.\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Ch3>Plugins Internal Pages\u003C\u002Fh3>\n\u003Cp>Take more control and restrict access to plugins’ internal pages. For example, you would like to give access to the WooCommerce Settings page, but you do not want the account to see the Payments Gateways tab. Currently, the plugin supports WooCommerce, Easy Digital Downloads and BuddyPress. In the future, we will add support for more plugins.\u003C\u002Fp>\n\u003Ch3>No Password Login\u003C\u002Fh3>\n\u003Cp>Add some convenience when sending access to the user, you can generate a secure login URL for the user, and the user will use the link to login into the dashboard without the need for a password. You can also disable login by a password for restricted admins, this will restrict the admin from login in using a password or sending a reset password email.\u003C\u002Fp>\n\u003Ch3>Activity Log\u003C\u002Fh3>\n\u003Cp>Keep track of what restricted admins have done while logged in, the plugin will log more than 20 actions such as activating\u002Fdeactivating\u002Fdeleting a plugin, switching a theme, deleting a theme, exporting data, publishing\u002Fdeleting a post and uploading a file.\u003C\u002Fp>\n\u003Ch3>Remote Logout\u003C\u002Fh3>\n\u003Cp>At any given time, you can force logging out any restricted admin if you no longer need them logged in the admin dashboard. This action will log them out on all logged-in devices and locations.\u003C\u002Fp>\n","Give a temporarily limited admin access to themes designers, plugins developers and support agents.",10000,218137,96,44,"2025-12-08T13:28:00.000Z","4.0",[20,141,21,22,24],"access-manager","https:\u002F\u002Fwpruby.com\u002Fproduct\u002Fcontrolled-admin-access","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontrolled-admin-access.2.1.2.zip","2021-03-30 00:00:00",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":29,"num_ratings":29,"last_updated":155,"tested_up_to":156,"requires_at_least":157,"requires_php":18,"tags":158,"homepage":160,"download_link":161,"security_score":162,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"custom-role-creator","Custom Role Creator (CRC)","1.1.4","Ratul Hasan","https:\u002F\u002Fprofiles.wordpress.org\u002Fratulhasan\u002F","\u003Cp>Custom Role Creator plugin allows you to add or change user roles and capabilities easily. You can add new role or edit existing role. You can add capabilities to a role or change a roles’ capability.\u003Cbr \u002F>\nJust turn on check boxes of capabilities you wish to add to the selected role and click “Save Capabilities” button to save your changes. Add new role and customize its’ capabilities according to your needs. You can add role from scratch or as a copy of other existing role.\u003Cbr \u002F>\nAn unnecessary role can be deleted. If there is no use for this role, you can delete that role. That’s it.\u003Cbr \u002F>\n\u003Cstrong>Currently supports:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Create new role.\u003Cbr \u002F>\n– Edit role.\u003Cbr \u002F>\n– Create new role as a copy existing role capabilities.\u003Cbr \u002F>\n– Assign capabilities to a role.\u003Cbr \u002F>\n– Delete unnecessary role.\u003Cbr \u002F>\n– Assign capabilities to individual users’.\u003Cbr \u002F>\n– Reset Custom Role Creator Made Roles To Default.\u003Cbr \u002F>\n– Restore roles and capabilities to default as WordPress Core.\u003C\u002Fp>\n\u003Cp>The plugin is an open source project. If anyone has new ideas – pull requests are welcome!\u003Cbr \u002F>\nThe development repo is \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FRatulHasan\u002Fcustom-role-creator\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Custom Role Creator (CRC) uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","Custom Role Creator plugin allows you to add or change user roles and capabilities easily.",200,2966,"2025-05-19T19:37:00.000Z","6.8.5","5.2",[21,159,22,23,24],"permission","https:\u002F\u002Fgithub.com\u002FRatulHasan\u002Fcustom-role-creator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-role-creator.zip",100,{"attackSurface":164,"codeSignals":395,"taintFlows":444,"riskAssessment":498,"analyzedAt":506},{"hooks":165,"ajaxHandlers":383,"restRoutes":392,"shortcodes":393,"cronEvents":394,"entryPointCount":99,"unprotectedCount":29},[166,172,175,179,184,189,192,196,202,205,208,211,214,218,222,225,228,231,233,236,239,243,247,250,253,256,259,263,265,270,273,276,279,282,285,288,291,293,296,298,301,304,307,309,312,315,317,319,323,327,329,332,334,338,340,342,345,347,350,353,355,358,361,363,366,368,369,371,373,374,375,379],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","admin_menu","user_menu","inc\\class-wpaa_caps.php",18,{"type":167,"name":173,"callback":169,"file":170,"line":174},"network_admin_menu",20,{"type":167,"name":176,"callback":177,"file":170,"line":178},"load-users_page_user_labels","do_userlabel_actions",33,{"type":167,"name":180,"callback":181,"file":182,"line":183},"plugins_loaded","plugin_loaded","inc\\class-wpaa_core.php",28,{"type":167,"name":185,"callback":186,"priority":187,"file":182,"line":188},"wpmu_new_blog","set_network_roles_for_blog",10,31,{"type":167,"name":190,"callback":186,"priority":187,"file":182,"line":191},"wpmu_upgrade_site",32,{"type":167,"name":193,"callback":194,"file":182,"line":195},"init","admin_register_scripts",35,{"type":197,"name":198,"callback":199,"priority":187,"file":200,"line":201},"filter","wp_insert_post_data","edit_post","inc\\class-wpaa_editpost.php",19,{"type":167,"name":203,"callback":204,"priority":187,"file":200,"line":174},"save_post","set_post_behavior",{"type":167,"name":206,"callback":206,"file":200,"line":207},"edit_attachment",21,{"type":167,"name":209,"callback":206,"file":200,"line":210},"add_attachment",22,{"type":167,"name":212,"callback":212,"file":200,"line":213},"add_meta_boxes",24,{"type":167,"name":215,"callback":216,"priority":187,"file":200,"line":217},"bulk_edit_custom_box","bulk_edit_fields",26,{"type":167,"name":219,"callback":220,"priority":187,"file":200,"line":221},"quick_edit_custom_box","quick_edit_fields",27,{"type":167,"name":223,"callback":224,"file":200,"line":188},"admin_init","add_post_type_columns",{"type":167,"name":226,"callback":227,"file":200,"line":178},"load-edit.php","enqueue_script_style",{"type":167,"name":226,"callback":229,"file":200,"line":230},"enqueue_style",34,{"type":167,"name":232,"callback":229,"file":200,"line":195},"load-upload.php",{"type":167,"name":234,"callback":227,"file":200,"line":235},"load-post.php",37,{"type":167,"name":237,"callback":227,"file":200,"line":238},"load-post-new.php",38,{"type":197,"name":240,"callback":241,"file":200,"line":242},"manage_posts_columns","add_disclosure_column",43,{"type":167,"name":244,"callback":245,"priority":187,"file":200,"line":246},"manage_posts_custom_column","manage_disclosure_column",45,{"type":197,"name":248,"callback":241,"file":200,"line":249},"manage_pages_columns",48,{"type":167,"name":251,"callback":245,"priority":187,"file":200,"line":252},"manage_pages_custom_column",49,{"type":197,"name":254,"callback":241,"file":200,"line":255},"manage_media_columns",52,{"type":167,"name":257,"callback":245,"priority":187,"file":200,"line":258},"manage_media_custom_column",53,{"type":167,"name":260,"callback":261,"file":200,"line":262},"admin_enqueue_scripts","load_style",93,{"type":167,"name":260,"callback":264,"file":200,"line":136},"load_edit_script",{"type":167,"name":266,"callback":267,"file":268,"line":269},"pre_get_posts","wp_query_allow_filters","inc\\class-wpaa_posts.php",16,{"type":167,"name":271,"callback":272,"priority":187,"file":268,"line":171},"get_pages","skip_undisclosed_items",{"type":197,"name":274,"callback":275,"priority":187,"file":268,"line":201},"posts_where","get_posts_where",{"type":197,"name":277,"callback":278,"priority":187,"file":268,"line":174},"getarchives_where","get_archiveposts_where",{"type":197,"name":280,"callback":281,"priority":187,"file":268,"line":210},"posts_join","get_posts_join",{"type":197,"name":283,"callback":284,"priority":187,"file":268,"line":213},"get_next_post_where","get_adjacent_post_where",{"type":197,"name":286,"callback":284,"priority":187,"file":268,"line":287},"get_previous_post_where",25,{"type":197,"name":289,"callback":290,"priority":187,"file":268,"line":217},"get_next_post_join","get_adjacent_post_join",{"type":197,"name":292,"callback":290,"priority":187,"file":268,"line":221},"get_previous_post_join",{"type":167,"name":294,"callback":294,"file":268,"line":295},"template_redirect",30,{"type":197,"name":297,"callback":297,"priority":187,"file":268,"line":178},"comments_open",{"type":197,"name":299,"callback":300,"priority":187,"file":268,"line":230},"comments_clauses","comments_query_clauses",{"type":197,"name":302,"callback":303,"priority":187,"file":268,"line":195},"wp_count_comments","count_comments",{"type":197,"name":305,"callback":306,"file":268,"line":235},"comment_feed_join","get_comment_feed_join",{"type":197,"name":308,"callback":278,"priority":187,"file":268,"line":238},"comment_feed_where",{"type":197,"name":310,"callback":310,"priority":187,"file":268,"line":311},"edit_post_link",40,{"type":197,"name":313,"callback":313,"priority":187,"file":268,"line":314},"post_class",41,{"type":197,"name":316,"callback":316,"priority":187,"file":268,"line":137},"map_meta_cap",{"type":197,"name":318,"callback":318,"priority":187,"file":268,"line":246},"user_has_cap",{"type":167,"name":320,"callback":321,"priority":187,"file":322,"line":238},"update_option_wpaa_enable_assign_cap","enable_assign_cap","inc\\class-wpaa_settings.php",{"type":197,"name":324,"callback":325,"priority":187,"file":322,"line":326},"pre_update_option_wpaa_enable_assign_cap","assign_role_cap",39,{"type":167,"name":168,"callback":328,"file":322,"line":314},"create_menu",{"type":167,"name":223,"callback":330,"file":322,"line":331},"register_settings",42,{"type":167,"name":333,"callback":261,"file":322,"line":137},"load-settings_page_wpaa_settings",{"type":167,"name":335,"callback":336,"file":322,"line":337},"admin_notices","selftest",46,{"type":167,"name":223,"callback":339,"file":322,"line":252},"selfrepair",{"type":167,"name":223,"callback":223,"file":341,"line":14},"inc\\class-wpaa_users.php",{"type":197,"name":343,"callback":344,"file":341,"line":201},"wpmu_users_columns","add_userlabels_column",{"type":197,"name":346,"callback":344,"file":341,"line":207},"manage_users_columns",{"type":197,"name":348,"callback":349,"priority":187,"file":341,"line":210},"manage_users_custom_column","manage_userlabels_column",{"type":167,"name":351,"callback":352,"file":341,"line":287},"restrict_manage_users","bulk_grant_access_dropdown",{"type":167,"name":351,"callback":354,"file":341,"line":217},"bulk_revoke_access_dropdown",{"type":167,"name":356,"callback":357,"file":341,"line":221},"load-users.php","bulk_edit_access",{"type":167,"name":359,"callback":359,"priority":187,"file":341,"line":360},"add_user_to_blog",29,{"type":167,"name":362,"callback":362,"priority":187,"file":341,"line":238},"profile_update",{"type":167,"name":364,"callback":365,"file":341,"line":326},"edit_user_profile","personal_options",{"type":167,"name":367,"callback":365,"file":341,"line":311},"show_user_profile",{"type":167,"name":356,"callback":261,"file":341,"line":242},{"type":167,"name":370,"callback":261,"file":341,"line":137},"load-profile.php",{"type":167,"name":372,"callback":261,"file":341,"line":246},"load-user-edit.php",{"type":167,"name":370,"callback":264,"file":341,"line":249},{"type":167,"name":372,"callback":264,"file":341,"line":252},{"type":197,"name":376,"callback":377,"file":341,"line":378},"views_users","table_views",54,{"type":197,"name":380,"callback":381,"file":341,"line":382},"additional_capabilities_display","__return_false",56,[384,389],{"action":385,"nopriv":386,"callback":387,"hasNonce":388,"hasCapCheck":388,"file":200,"line":360},"get_accessarea_values",false,"ajax_get_accessarea_values",true,{"action":390,"nopriv":386,"callback":391,"hasNonce":388,"hasCapCheck":388,"file":341,"line":255},"add_accessarea","ajax_add_access_area",[],[],[],{"dangerousFunctions":396,"sqlUsage":397,"outputEscaping":433,"fileOperations":29,"externalRequests":29,"nonceChecks":48,"capabilityChecks":230,"bundledLibraries":443},[],{"prepared":171,"raw":398,"locations":399},15,[400,403,405,408,411,413,415,417,419,421,423,426,428,430,432],{"file":401,"line":195,"context":402},"inc\\class-wpaa_install.php","$wpdb->get_col() with variable interpolation",{"file":401,"line":404,"context":402},63,{"file":401,"line":406,"context":407},105,"$wpdb->get_results() with variable interpolation",{"file":401,"line":409,"context":410},107,"$wpdb->query() with variable interpolation",{"file":401,"line":412,"context":410},110,{"file":401,"line":414,"context":410},112,{"file":401,"line":416,"context":407},125,{"file":401,"line":418,"context":410},127,{"file":401,"line":420,"context":410},130,{"file":401,"line":422,"context":410},132,{"file":401,"line":424,"context":425},184,"$wpdb->get_var() with variable interpolation",{"file":401,"line":427,"context":425},203,{"file":401,"line":429,"context":410},204,{"file":268,"line":431,"context":407},171,{"file":322,"line":382,"context":407},{"escaped":434,"rawEcho":435,"locations":436},121,3,[437,439,441],{"file":200,"line":111,"context":438},"raw output",{"file":322,"line":440,"context":438},249,{"file":322,"line":442,"context":438},267,[],[445,463,471,480,488],{"entryPoint":446,"graph":447,"unsanitizedCount":29,"severity":462},"_put_message (inc\\class-wpaa_caps.php:275)",{"nodes":448,"edges":460},[449,454],{"id":450,"type":451,"label":452,"file":170,"line":453},"n0","source","$_REQUEST",291,{"id":455,"type":456,"label":457,"file":170,"line":458,"wp_function":459},"n1","sink","echo() [XSS]",307,"echo",[461],{"from":450,"to":455,"sanitized":388},"low",{"entryPoint":464,"graph":465,"unsanitizedCount":29,"severity":462},"\u003Cclass-wpaa_caps> (inc\\class-wpaa_caps.php:0)",{"nodes":466,"edges":469},[467,468],{"id":450,"type":451,"label":452,"file":170,"line":453},{"id":455,"type":456,"label":457,"file":170,"line":458,"wp_function":459},[470],{"from":450,"to":455,"sanitized":388},{"entryPoint":472,"graph":473,"unsanitizedCount":29,"severity":462},"ajax_get_accessarea_values (inc\\class-wpaa_editpost.php:68)",{"nodes":474,"edges":478},[475,477],{"id":450,"type":451,"label":476,"file":200,"line":54},"$_POST",{"id":455,"type":456,"label":457,"file":200,"line":111,"wp_function":459},[479],{"from":450,"to":455,"sanitized":388},{"entryPoint":481,"graph":482,"unsanitizedCount":29,"severity":462},"\u003Cclass-wpaa_editpost> (inc\\class-wpaa_editpost.php:0)",{"nodes":483,"edges":486},[484,485],{"id":450,"type":451,"label":476,"file":200,"line":54},{"id":455,"type":456,"label":457,"file":200,"line":111,"wp_function":459},[487],{"from":450,"to":455,"sanitized":388},{"entryPoint":489,"graph":490,"unsanitizedCount":29,"severity":462},"\u003Cclass-wpaa_users> (inc\\class-wpaa_users.php:0)",{"nodes":491,"edges":496},[492,494],{"id":450,"type":451,"label":476,"file":341,"line":493},78,{"id":455,"type":456,"label":457,"file":341,"line":495,"wp_function":459},442,[497],{"from":450,"to":455,"sanitized":388},{"summary":499,"deductions":500},"The \"wp-access-areas\" plugin v1.5.22 exhibits a generally good security posture, with a low attack surface and a strong emphasis on code hardening. The static analysis reveals a significant number of capability checks and properly escaped outputs, indicating diligent development practices. The absence of file operations and external HTTP requests further reduces potential attack vectors.  Taint analysis also shows no critical or high severity vulnerabilities related to unsanitized input, which is a positive sign.\n\nHowever, there are a few areas that warrant attention. The presence of 33 SQL queries with 45% not using prepared statements, while not outright critical, represents a potential risk for SQL injection vulnerabilities if input is not handled meticulously in those specific queries.  Although there are no unpatched CVEs currently, the plugin has a history of a medium severity Cross-Site Scripting (XSS) vulnerability, indicating that input sanitization and output escaping, particularly for user-generated content, should be a continued focus. The past vulnerability suggests that while efforts are made to secure outputs, subtle flaws can still emerge.\n\nIn conclusion, the plugin is reasonably secure due to robust capability checks and output escaping. The main concerns stem from the percentage of raw SQL queries and the historical XSS vulnerability. While the immediate risk appears low due to the lack of unpatched CVEs and critical taint flows, ongoing vigilance in securing all SQL queries and thoroughly sanitizing user input for rendering is recommended.",[501,504],{"reason":502,"points":503},"SQL queries without prepared statements",7,{"reason":505,"points":187},"Past medium severity XSS vulnerability","2026-03-16T19:46:06.808Z",{"wat":508,"direct":519},{"assetPaths":509,"generatorPatterns":512,"scriptPaths":513,"versionParams":515},[510,511],"\u002Fwp-content\u002Fplugins\u002Fwp-access-areas\u002Fcss\u002Fwpaa-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-access-areas\u002Fcss\u002Fwpaa-frontend.css",[],[514],"\u002Fwp-content\u002Fplugins\u002Fwp-access-areas\u002Fjs\u002Fwpaa-admin.js",[516,517,518],"wp-access-areas\u002Fcss\u002Fwpaa-admin.css?ver=","wp-access-areas\u002Fcss\u002Fwpaa-frontend.css?ver=","wp-access-areas\u002Fjs\u002Fwpaa-admin.js?ver=",{"cssClasses":520,"htmlComments":524,"htmlAttributes":525,"restEndpoints":527,"jsGlobals":528,"shortcodeOutput":531},[521,522,523],"wpaa-access-area-","wpaa-access-area-form","wpaa-access-area-table",[],[526],"data-wpaa-access-area-id",[],[529,530],"WPAA_AccessArea","wpaa_access_areas_vars",[]]