[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3drF8yW94h1wZaE4zcK40zrdZDZcUDO7ydL8qRhW80w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":140,"fingerprints":204},"wp-expire-passwords","WP Expire Passwords","1.1.1","rob.divincenzo","https:\u002F\u002Fprofiles.wordpress.org\u002Frobdivincenzo\u002F","\u003Cp>This plugin allows you to set passwords to expire every X amount of days (default is 90) and to expire all non-admin user passwords (requiring new unique passwords).\u003C\u002Fp>\n","This plugin allows you to set passwords to expire every X amount of days (default is 90) and to expire all non-admin user passwords (requiring new uni &hellip;",10,1708,0,"2013-09-03T18:20:00.000Z","3.6.1","3.3","",[19,20,21,22,23],"administration","expire","password","security","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-expire-passwords\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-expire-passwords.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"robdivincenzo",1,30,84,"2026-04-05T17:42:03.067Z",[37,60,83,102,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":59},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,176985,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[53,54,22,55,56],"accounts","passwords","users","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip","2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":79,"download_link":80,"security_score":81,"vuln_count":32,"unpatched_count":32,"last_vuln_date":82,"fetched_at":59},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","6.8.5","5.4","7.4",[20,77,21,78,55],"login","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",75,"2026-03-20 14:37:35",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":34,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":17,"download_link":100,"security_score":101,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":59},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[77,99,54,22,55],"membership","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",100,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":101,"num_ratings":32,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":75,"tags":115,"homepage":121,"download_link":122,"security_score":123,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":59},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",20,2924,"2024-11-03T13:58:00.000Z","6.6.5","5.0",[116,117,118,119,120],"admin-only-password-control","disable-password-reset","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",92,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":11,"downloaded":132,"rating":101,"num_ratings":32,"last_updated":133,"tested_up_to":73,"requires_at_least":114,"requires_php":17,"tags":134,"homepage":17,"download_link":139,"security_score":101,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":59},"admin-notify","Admin Notify","1.0.5","Eliyahna","https:\u002F\u002Fprofiles.wordpress.org\u002Feliyahna\u002F","\u003Cp>The \u003Cstrong>Admin Notify\u003C\u002Fstrong> plugin sends email notifications to the administrator whenever an \u003Cstrong>administrator account\u003C\u002Fstrong> is:\u003Cbr \u002F>\n– Added\u003Cbr \u002F>\n– Password is changed\u003Cbr \u002F>\n– Downgraded\u003Cbr \u002F>\n– Deleted\u003C\u002Fp>\n\u003Cp>This plugin helps keep your WordPress site secure by notifying the administrator of important changes to user accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Email notification when a new administrator is added.\u003Cbr \u002F>\n– Email notification when an administrator’s password is changed.\u003Cbr \u002F>\n– Email notification when an administrator is deleted.\u003Cbr \u002F>\n– Email notification when an administrator is downgraded.\u003Cbr \u002F>\n– Easily configurable via the plugin settings page.\u003C\u002Fp>\n\u003Cp>This plugin requires the administrator’s email to be configured in the plugin settings.\u003C\u002Fp>\n\u003Ch3>Acknowledgments\u003C\u002Fh3>\n\u003Cp>Special thanks to the contributors at WordPress.org for providing a platform for plugins and helping make WordPress an open and secure CMS.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin has been developed with security in mind and follows WordPress best practices for securing input and output. However, it is important to:\u003Cbr \u002F>\n– Ensure that your WordPress installation and all plugins are kept up to date.\u003Cbr \u002F>\n– Use strong passwords for your administrator accounts.\u003Cbr \u002F>\n– Regularly monitor your site’s user activity.\u003C\u002Fp>\n","Short Description: Admin Notify sends email notifications when administrator accounts are added, updated, or deleted.",733,"2025-04-16T18:58:00.000Z",[135,136,137,22,138],"admin-notification","admin-role-change","password-change","user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-notify.1.0.5.zip",{"attackSurface":141,"codeSignals":179,"taintFlows":189,"riskAssessment":190,"analyzedAt":203},{"hooks":142,"ajaxHandlers":170,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":32,"unprotectedCount":32},[143,149,152,156,158,161,166],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_init","EP_settings","wp-expire-passwords.php",22,{"type":144,"name":150,"callback":151,"file":147,"line":33},"admin_menu","EP_admin_actions",{"type":144,"name":153,"callback":154,"file":147,"line":155},"personal_options_update","EP_reset_password_expire",81,{"type":144,"name":157,"callback":154,"file":147,"line":34},"edit_user_profile_update",{"type":144,"name":159,"callback":154,"file":147,"line":160},"password_reset",87,{"type":162,"name":163,"callback":164,"priority":33,"file":147,"line":165},"filter","authenticate","EP_check_password_expire",110,{"type":144,"name":167,"callback":168,"file":147,"line":169},"admin_enqueue_scripts","EP_load_scripts",122,[171],{"action":172,"nopriv":173,"callback":174,"hasNonce":173,"hasCapCheck":173,"file":147,"line":175},"ep_expire_users",false,"EP_expire_users_passwords",138,[],[],[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":188},[],{"prepared":13,"raw":13,"locations":182},[],{"escaped":13,"rawEcho":32,"locations":184},[185],{"file":147,"line":186,"context":187},41,"raw output",[],[],{"summary":191,"deductions":192},"The wp-expire-passwords plugin version 1.1.1 exhibits a concerning security posture despite having a minimal attack surface and no recorded vulnerabilities. The static analysis reveals a significant weakness: one AJAX handler lacks any authentication checks. This unprotected entry point is a prime target for attackers, as it could potentially be exploited to perform unauthorized actions. Furthermore, the analysis indicates a complete absence of output escaping for all identified outputs, meaning sensitive data or malicious code could be injected and rendered directly in the user's browser. While the plugin avoids dangerous functions, raw SQL, and external requests, these positive aspects are heavily overshadowed by the critical lack of security measures for its exposed AJAX endpoint and output handling.",[193,196,199,201],{"reason":194,"points":195},"Unprotected AJAX handler",8,{"reason":197,"points":198},"No output escaping",6,{"reason":200,"points":93},"No nonce checks",{"reason":202,"points":93},"No capability checks","2026-03-16T23:37:39.978Z",{"wat":205,"direct":212},{"assetPaths":206,"generatorPatterns":208,"scriptPaths":209,"versionParams":211},[207],"\u002Fwp-content\u002Fplugins\u002Fwp-expire-passwords\u002Fjs\u002Fep-ajax.js",[],[210],"js\u002Fep-ajax.js",[],{"cssClasses":213,"htmlComments":216,"htmlAttributes":217,"restEndpoints":221,"jsGlobals":222,"shortcodeOutput":224},[214,215],"wrap","button-primary",[],[218,219,220],"name=\"days_until_expired\"","id=\"expire_passwords_form\"","name=\"pass1\"",[],[223],"window.jQuery",[]]