[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFFl4XwLI1zaIZhwzIWe4Rnv3d218Y_q--oikCnvaE6U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":58,"crawl_stats":38,"alternatives":65,"analysis":161,"fingerprints":252},"wp-edit-username","WP Edit Username","2.0.5","Sajjad Hossain Sagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjad67\u002F","\u003Cp>This plugin adds feature to edit\u002Fchange user username.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Edit Username: Allows editing of usernames.\u003C\u002Fli>\n\u003Cli>Only users with the \u003Ccode>edit_other_users()\u003C\u002Fcode> capability can change usernames.\u003C\u002Fli>\n\u003Cli>If the “Send Email” option is enabled, the user will receive a notification email when their username is changed.\u003C\u002Fli>\n\u003Cli>You can customize the email subject and body text in the admin dashboard or via filter hooks.\u003C\u002Fli>\n\u003Cli>Modify the email subject using the filter: \u003Ccode>wpeu_email_subject\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Modify the email headers using the filter: \u003Ccode>wpeu_email_headers\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Adjust the email body content using the filter \u003Ccode>wpeu_email_body\u003C\u002Fcode>. (Note: \u003Ccode>$new_username\u003C\u002Fcode> and \u003Ccode>$old_username\u003C\u002Fcode> are automatically prepended to the email content).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Hooks Usage:\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php\n\nadd_filter( 'wp_username_changed_email_subject', 'change_email_subject' );\n\nfunction change_email_subject( $subject )\n{\n    $subject = 'Your customized subject';\n\n    return $subject;\n}\n\nadd_filter( 'wp_username_changed_email_body', 'change_email_body' );\n\nfunction change_email_body( $old_username, $new_username )\n{\n    $email_body = \"Your custom email text body.\";\n\n    return $email_body;\n}\n\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Easily Edit User Profile Username clicking a button.",2000,24886,100,5,"2025-12-08T15:37:00.000Z","6.9.4","5.6","8.0",[20,21,22,23,24],"ajax","change-username","profile-edit","user-profile","username","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-edit-username\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-edit-username.2.0.5.zip",99,2,0,"2023-12-19 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-47527","wp-edit-username-authenticated-administrator-stored-cross-site-scripting-via-settings","WP Edit Username \u003C= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings","The WP Edit Username plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.5","1.0.6","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-09-23 17:26:17",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff445de97-b6fd-4180-b63e-5b8da40dae6a?source=api-prod",280,{"id":50,"url_slug":51,"title":52,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":53,"updated_date":54,"references":55,"days_to_patch":57},"CVE-2023-47528","wp-edit-username-authenticated-administrator-stored-cross-site-scripting","WP Edit Username \u003C= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting","2023-11-07 00:00:00","2024-03-22 15:36:46",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F47461b7b-e986-4048-88aa-175242305795?source=api-prod",137,{"slug":59,"display_name":7,"profile_url":8,"plugin_count":60,"total_installs":61,"avg_security_score":13,"avg_patch_time_days":62,"trust_score":63,"computed_at":64},"sajjad67",32,10230,139,79,"2026-04-04T06:47:27.762Z",[66,87,104,124,143],{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":13,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":85,"download_link":86,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admin-credentials-editor","Admin Credentials Editor","1.0.0","Luqman Safay","https:\u002F\u002Fprofiles.wordpress.org\u002Fluqmansafay\u002F","\u003Cp>The Admin Credentials Editor plugin allows site administrators to quickly update their login details without touching the database.\u003Cbr \u002F>\nYou can change the username, email address, or password of your admin account (individually or together) directly from the dashboard.\u003C\u002Fp>\n","Easily change your admin credentials (username, email, password) from the dashboard.",10,695,1,"2025-09-12T09:59:00.000Z","6.8.5","5.0","7.0",[82,21,83,22,84],"admin-username","email-change","username-editor","https:\u002F\u002Fpoetrypashto.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-credentials-editor.1.0.3.zip",{"slug":88,"name":89,"version":69,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":29,"downloaded":94,"rating":29,"num_ratings":29,"last_updated":95,"tested_up_to":78,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":102,"download_link":103,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"profile-lab","Profile Lab – Username & Display Name Editor","SuitePress","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuitepress\u002F","\u003Cp>Profile Lab gives you a simple, secure way to modify WordPress usernames and display names without touching the database or writing custom code.\u003Cbr \u002F>\nBy default, WordPress does not allow usernames to be changed, causing problems for membership sites, client dashboards, and community platforms. This plugin fixes that limitation.\u003C\u002Fp>\n\u003Cp>With User Profile Customizer, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Let users safely update their username\u003C\u002Fli>\n\u003Cli>Allow frontend editing of display names\u003C\u002Fli>\n\u003Cli>Integrate updates into external or custom forms\u003C\u002Fli>\n\u003Cli>Improve user experience by giving users control over their profile\u003C\u002Fli>\n\u003Cli>Reduce administrator workload and manual edits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Membership websites\u003C\u002Fli>\n\u003Cli>Online communities and forums\u003C\u002Fli>\n\u003Cli>Client portals\u003C\u002Fli>\n\u003Cli>eCommerce users\u003C\u002Fli>\n\u003Cli>Agencies and custom dashboards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Any website where users maintain their own profiles\u003C\u002Fp>\n\u003Cp>📌 USEFUL LINKS\u003Cbr \u002F>\nOfficial Website: https:\u002F\u002Fsuitepress.org\u002Fprofile-lab\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>✏️ Update WordPress usernames using external\u002Fthird-party forms\u003Cbr \u002F>\n👤 Change display names from custom frontend inputs\u003Cbr \u002F>\n🔒 Validated, secure update process\u003Cbr \u002F>\n🎨 Works seamlessly with form builders and custom forms\u003Cbr \u002F>\n🧩 Developer-friendly filters and hooks\u003Cbr \u002F>\n🚀 Lightweight, fast, and reliable\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Build a form where users can enter a new username or display name.\u003C\u002Fli>\n\u003Cli>Map the form fields to the plugin using shortcodes, hooks, or direct integration.\u003C\u002Fli>\n\u003Cli>When submitted, User Profile Customizer updates the user’s profile instantly and securely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Contribution\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fgithub.com\u002FSuite-Press\u002Fprofile-lab\u003C\u002Fp>\n","Allow users to update their WordPress username, display name, and more — directly from external forms.",123,"2025-11-28T17:55:00.000Z","5.2","7.4",[99,21,100,101,23],"account-update","edit-profile","user-display-name","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofile-lab","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprofile-lab.1.0.0.zip",{"slug":105,"name":106,"version":69,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":29,"downloaded":111,"rating":13,"num_ratings":76,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":121,"download_link":122,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-quick-username-update","Quick User Profile Update","webman technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Foremtech\u002F","\u003Cp>Quick User Profile Update will give admin authority of user profile quick update from admin panel\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Quick edit the user\u003C\u002Fli>\n\u003Cli>Update Username\u003C\u002Fli>\n\u003C\u002Ful>\n","Quick User Profile Update will give admin authority of user profile quick update from admin panel",1008,"2018-06-05T11:11:00.000Z","4.9.29","4.7","5.2.4",[117,118,24,119,120],"login","quick-user-profile-edit","username-update","users","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-quick-username-update.zip",85,{"slug":125,"name":126,"version":40,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":78,"requires_at_least":136,"requires_php":121,"tags":137,"homepage":121,"download_link":141,"security_score":27,"vuln_count":76,"unpatched_count":29,"last_vuln_date":142,"fetched_at":31},"username-updater","Easy Username Updater","Yogesh Pant","https:\u002F\u002Fprofiles.wordpress.org\u002Fyogeshpant\u002F","\u003Cp>Easy Username updater is a plugin which allows administrators to change usernames on their site. It provide list of users with their email address,username and role. It changes display name as well.\u003C\u002Fp>\n\u003Cp>This plugin also do following:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Search the user by username, email address, or role.\u003C\u002Fli>\n\u003Cli>Send the updated username to user by email.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>How to install?\u003C\u002Fp>\n\u003Col>\n\u003Cli>Unzip the downloaded ‘username-updater.zip’ file\u003C\u002Fli>\n\u003Cli>Upload the ‘username-updater’ folder to ‘\u002Fwp-content\u002Fplugins’ directory of your WordPress installation\u003C\u002Fli>\n\u003Cli>Activate the plugin via the WordPress Plugins page\u003C\u002Fli>\n\u003Cli>A new submenu will automatically create on users menu\u003C\u002Fli>\n\u003C\u002Fol>\n","A plugin to change registered username and display name.",10000,125946,86,39,"2025-07-03T12:54:00.000Z","4.0",[21,138,125,139,140],"easy-username-updater","wordpress-username-changer","wordpress-username-updater","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusername-updater.zip","2022-07-12 00:00:00",{"slug":21,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":14,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":156,"tags":157,"homepage":121,"download_link":159,"security_score":160,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Change Username","1.0.2","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Change usernames of your WordPress users effectively.\u003C\u002Fp>\n\u003Ch3>Change Username\u003C\u002Fh3>\n\u003Cp>This plugin allows you to change usernames of your WordPress users in an effective and safe way.\u003C\u002Fp>\n\u003Cp>By default, WordPress itself does not allow usernames to be changed. The other plugins for changing usernames do not scale all that well for sites with a large number of users.\u003C\u002Fp>\n\u003Cp>This plugin takes a different approach by simply enhancing the default “edit user” page and then processing the username change over AJAX, resulting in a much faster and user-friendly experience.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP version 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress version 4.1 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About the author\u003C\u002Fh3>\n\u003Cp>Danny van Kooten has been developing plugins for WordPress since version 3.0, all the way back in 2010. Read more about him on \u003Ca href=\"https:\u002F\u002Fwww.dannyvankooten.com\u002F\" rel=\"nofollow ugc\">his personal website\u003C\u002Fa> or have a look at his various other \u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Change usernames of your WordPress users effectively.",4000,27043,88,"2024-10-04T11:54:00.000Z","6.6.5","4.1","7.2",[158,21,117,24],"change-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-username.1.0.2.zip",92,{"attackSurface":162,"codeSignals":192,"taintFlows":202,"riskAssessment":243,"analyzedAt":251},{"hooks":163,"ajaxHandlers":184,"restRoutes":189,"shortcodes":190,"cronEvents":191,"entryPointCount":76,"unprotectedCount":76},[164,169,173,175,178,181],{"type":165,"name":166,"callback":166,"file":167,"line":168},"action","admin_enqueue_scripts","includes\\class-sajjad-dev-settings-api.php",324,{"type":165,"name":166,"callback":170,"file":171,"line":172},"anonymous","includes\\class-wp-edit-username.php",121,{"type":165,"name":166,"callback":170,"file":171,"line":174},122,{"type":165,"name":176,"callback":170,"file":171,"line":177},"admin_footer",126,{"type":165,"name":179,"callback":170,"file":171,"line":180},"admin_menu",127,{"type":165,"name":182,"callback":170,"file":171,"line":183},"admin_init",128,[185],{"action":186,"nopriv":187,"callback":170,"hasNonce":187,"hasCapCheck":187,"file":171,"line":188},"wpeu_update_user_name",false,130,[],[],[],{"dangerousFunctions":193,"sqlUsage":194,"outputEscaping":197,"fileOperations":29,"externalRequests":29,"nonceChecks":76,"capabilityChecks":200,"bundledLibraries":201},[],{"prepared":195,"raw":29,"locations":196},8,[],{"escaped":198,"rawEcho":29,"locations":199},71,[],4,[],[203,232],{"entryPoint":204,"graph":205,"unsanitizedCount":29,"severity":231},"update_username (admin\\class-wp-edit-username-admin.php:282)",{"nodes":206,"edges":227},[207,213,219,222],{"id":208,"type":209,"label":210,"file":211,"line":212},"n0","source","$_POST (x3)","admin\\class-wp-edit-username-admin.php",298,{"id":214,"type":215,"label":216,"file":211,"line":217,"wp_function":218},"n1","sink","query() [SQLi]",347,"query",{"id":220,"type":209,"label":221,"file":211,"line":212},"n2","$_POST",{"id":223,"type":215,"label":224,"file":211,"line":225,"wp_function":226},"n3","get_var() [SQLi]",360,"get_var",[228,230],{"from":208,"to":214,"sanitized":229},true,{"from":220,"to":223,"sanitized":229},"low",{"entryPoint":233,"graph":234,"unsanitizedCount":29,"severity":231},"\u003Cclass-wp-edit-username-admin> (admin\\class-wp-edit-username-admin.php:0)",{"nodes":235,"edges":240},[236,237,238,239],{"id":208,"type":209,"label":210,"file":211,"line":212},{"id":214,"type":215,"label":216,"file":211,"line":217,"wp_function":218},{"id":220,"type":209,"label":221,"file":211,"line":212},{"id":223,"type":215,"label":224,"file":211,"line":225,"wp_function":226},[241,242],{"from":208,"to":214,"sanitized":229},{"from":220,"to":223,"sanitized":229},{"summary":244,"deductions":245},"The \"wp-edit-username\" v2.0.5 plugin exhibits a mixed security posture. On the positive side, the code demonstrates good practices by exclusively using prepared statements for all SQL queries and ensuring all output is properly escaped. The absence of file operations and external HTTP requests also reduces potential attack vectors.  Furthermore, the static analysis did not reveal any critical or high severity taint flows, suggesting that the handling of user input for sensitive operations is generally robust. The plugin also includes a nonce check, indicating an awareness of cross-site request forgery prevention.\n\nHowever, a significant concern arises from the plugin's attack surface. It exposes one AJAX handler that lacks authentication checks, presenting a direct entry point for unauthorized actions. While the vulnerability history shows no currently unpatched CVEs, the presence of two past medium severity vulnerabilities, specifically Cross-Site Scripting (XSS), and the relatively recent occurrence of the last vulnerability in late 2023, suggests a pattern of past security weaknesses. This historical trend, coupled with the unprotected AJAX endpoint, warrants careful consideration.\n\nIn conclusion, while the plugin has strengths in its secure handling of database queries and output, the unprotected AJAX endpoint is a critical vulnerability. The past XSS vulnerabilities, although patched, indicate a potential for similar issues to re-emerge if input validation or sanitization is not consistently applied across all entry points. Users should be aware of the potential risks associated with the unauthenticated AJAX handler.",[246,248],{"reason":247,"points":74},"Unprotected AJAX handler",{"reason":249,"points":250},"Past medium severity XSS vulnerabilities",15,"2026-03-16T18:33:05.948Z",{"wat":253,"direct":262},{"assetPaths":254,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[255,256],"\u002Fwp-content\u002Fplugins\u002Fwp-edit-username\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fwp-edit-username\u002Fadmin\u002Fjs\u002Fadmin.js",[],[256],[260,261],"wp-edit-username\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","wp-edit-username\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":263,"htmlComments":270,"htmlAttributes":278,"restEndpoints":281,"jsGlobals":282,"shortcodeOutput":284},[264,265,266,267,268,269],"wp-edit-username-modal-wrapper","wpeu-edit-username-field","wpeu-username-input","wpeu-username-edit-btn","wpeu-save-username-btn","wpeu-username-edit-field-wrapper",[271,272,273,274,275,276,277],"\u003C!-- This file contains the definition of the WP_Edit_Username_Admin class, which\n * is used to load the plugin's admin-specific functionality. -->","\u003C!-- WP Edit Username Admin Class -->","\u003C!-- Start: Edit Username Modal -->","\u003C!-- End: Edit Username Modal -->","\u003C!-- Start: Edit Username Form Modal -->","\u003C!-- End: Edit Username Form Modal -->","\u003C!-- This file renders the plugin settings page form. -->",[279,280],"data-wpeu-user-id","data-wpeu-nonce",[],[283],"WPEditUsername",[]]