[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVkWJrSnntkVuA5oJTOqFgKVd_ZzZOXB9TICFjDsgfq0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":132,"fingerprints":234},"wp-posts-password-batch-manager","WP Posts Password Batch Manager","1.1","suifengtec","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuifengtec\u002F","\u003Cp>This plugin allows you to add\u002Fdelete password for all your posts or some sepcial posts.\u003C\u002Fp>\n","Batch managing your posts password with me.",10,1367,0,"","4.0.38","3.6",[18,19],"password","posts","http:\u002F\u002Fsuoling.net\u002Fwp-posts-password-batch-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-posts-password-batch-manager.1.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},12,1260,88,30,86,"2026-04-05T02:02:31.381Z",[34,59,78,97,116],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":14,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":13,"last_vuln_date":57,"fetched_at":58},"protected-posts-logout-button","Protected Posts Logout Button","1.4.6","Nate Reist","https:\u002F\u002Fprofiles.wordpress.org\u002Fnatereist\u002F","\u003Cp>This plugin simply adds a logout button to the content of any password protected post. Sometimes clients want a password protected page to share information with privileged individuals and the default 10 days for the cookie to expire is too long for their liking. So I wrote a little plugin to do this with AJAX and set the cookie to expire immediately, well actually 10 days in the past.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works logged in or out as a WordPress user.\u003C\u002Fli>\n\u003Cli>Uses the same functionality WordPress uses to set post cookies.\u003C\u002Fli>\n\u003Cli>Has a simple settings page to make everything easier.\u003C\u002Fli>\n\u003Cli>Allows you to alert user they have logged out.\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically adds a logout button to your password protected content.",1000,33408,98,13,"2023-02-16T00:46:00.000Z","6.1.10","2.8",[50,51,52],"logout","password-protected-posts-logout-button","wordpress-security","http:\u002F\u002Fmindutopia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-posts-logout-button.1.4.6.zip",84,3,"2023-02-20 00:00:00","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":22,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":14,"tags":73,"homepage":14,"download_link":76,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":58},"p5","p5 : Plenty of Perishable Passwords for Protected Posts","1.4","Cyril Batillat","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyrilbatillat\u002F","\u003Cp>By default, WordPress can protect each post with one and only password. This plugin gives you the possibility to assign multiple passwords on each post, with an expiration date.\u003C\u002Fp>\n","Specify multiple passwords for pages \u002F posts \u002F custom post  types. An expiration date can be set for each password.",50,3354,5,"2014-05-20T09:45:00.000Z","3.9.40","3.5",[74,18,75],"expiration","protected-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fp5.1.4.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":30,"downloaded":86,"rating":22,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":14,"tags":91,"homepage":95,"download_link":96,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":58},"protected-post-personalizer","Protected Post Personalizer","0.6","Orin","https:\u002F\u002Fprofiles.wordpress.org\u002Forin\u002F","\u003Cp>This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.\u003C\u002Fp>\n\u003Ch3>Prefixes:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>customize prefix for password-protected posts from default “Protected: “\u003C\u002Fli>\n\u003Cli>customize prefix for private posts from “Private: “\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Custom Previews:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>ability to use the post’s excerpt (if one is saved) when no password is given\u003C\u002Fli>\n\u003Cli>ability to show custom text for all password-protected posts\u003C\u002Fli>\n\u003Cli>if no saved excerpt, show the default OR use custom site-wide text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Password Form:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>change text before the password input box\u003C\u002Fli>\n\u003Cli>change text of submit button\u003C\u002Fli>\n\u003Cli>add custom CSS; set class or ID for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Change Log\u003C\u002Fh4>\n\u003Cp>0.6 – corrected for WordPress 2.7, which handles protected and private posts differently.\u003Cbr \u002F>\n0.5 – initial public release\u003C\u002Fp>\n","This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.",5781,2,"2009-01-24T20:49:00.000Z","2.7","2.3",[92,18,19,93,94],"formatting","title","titles","http:\u002F\u002Fglot.homepie.org\u002Fplugins\u002Fprotected-post-personalizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-post-personalizer.0.6.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":22,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":89,"requires_php":14,"tags":110,"homepage":114,"download_link":115,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":58},"protected-post-password-hint","Protected Post Password Hint","2.0.2","Nobody","https:\u002F\u002Fprofiles.wordpress.org\u002Fabelcheung\u002F","\u003Cp>Traditionally all password protected posts contain a boiler-plate password form without any hints. Without any capability to change the string, one must provide the hint in another post, which is a bit clumsy. Not to mention, people viewing the single protected post only will be unable to see the hint at all. With this plugin protected posts are more usable.\u003C\u002Fp>\n\u003Cp>The password hint is taken from a certain custom field within the protected post, with key name ‘password_hint’. If this key is present, the value of key is immediately taken as the password hint. Without the key, the standard password form is shown again.\u003C\u002Fp>\n","Replace boiler-plate password form shown in protected posts with a form containing hints taken from 'password_hint' custom field.",20,6117,1,"2012-06-26T21:23:00.000Z","3.4.2",[18,111,112,19,113],"password-form","post","protected-post","http:\u002F\u002Fme.abelcheung.org\u002Fdevel\u002Fprotected-post-password-hint\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-post-password-hint.RELEASE-2-0-2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":22,"num_ratings":107,"last_updated":14,"tested_up_to":125,"requires_at_least":48,"requires_php":14,"tags":126,"homepage":129,"download_link":130,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":131},"password-protect-all-posts","Password Protect All Posts","0.1","volmar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolmar\u002F","\u003Cp>This plugin puts a global password selected by you on all posts. Based on Matt Mullenwegs plugin “Protect old posts”\u003C\u002Fp>\n\u003Cp>I’ve looked for a plugin like this but couldn’t find one that fitted my needs so i this one. I hope it will be helpfull for someone else to.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BEWARE: This will write over all old passwords and replace it with the one you select.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin puts a global password selected by you on all posts. Based on Matt Mullenwegs plugin \"Protect old posts\"",2641,"3.0.5",[127,128],"password-protection","protect-posts","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpassword-protect-all-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-protect-all-posts.0.1.zip","2026-03-15T14:44:11.924Z",{"attackSurface":133,"codeSignals":158,"taintFlows":193,"riskAssessment":223,"analyzedAt":233},{"hooks":134,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":13,"unprotectedCount":13},[135,140,143,148,151],{"type":136,"name":137,"callback":137,"file":138,"line":139},"action","admin_enqueue_scripts","classes\\class.settings-api.php",17,{"type":136,"name":141,"callback":141,"priority":27,"file":142,"line":139},"admin_init","includes\\settings-api.php",{"type":136,"name":144,"callback":144,"priority":145,"file":146,"line":147},"plugins_loaded",11,"wp-posts-password-batch-manager.php",34,{"type":136,"name":149,"callback":149,"file":146,"line":150},"admin_menu",56,{"type":136,"name":141,"callback":152,"priority":145,"file":146,"line":153},"handle_general_bulk_actions",58,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":163,"outputEscaping":169,"fileOperations":13,"externalRequests":13,"nonceChecks":107,"capabilityChecks":107,"bundledLibraries":192},[160],{"fn":161,"file":138,"line":44,"context":162},"create_function","$callback = create_function('', 'echo \"'.str_replace('\"', '\\\"', $section['desc']).'\";');",{"prepared":87,"raw":107,"locations":164},[165],{"file":166,"line":167,"context":168},"classes\\class-wppbm-posts-table.php",198,"$wpdb->get_var() with variable interpolation",{"escaped":69,"rawEcho":11,"locations":170},[171,174,176,178,180,182,184,186,188,190],{"file":166,"line":172,"context":173},150,"raw output",{"file":166,"line":175,"context":173},178,{"file":138,"line":177,"context":173},148,{"file":138,"line":179,"context":173},164,{"file":138,"line":181,"context":173},181,{"file":138,"line":183,"context":173},202,{"file":138,"line":185,"context":173},212,{"file":138,"line":187,"context":173},294,{"file":138,"line":189,"context":173},307,{"file":146,"line":191,"context":173},75,[],[194,213],{"entryPoint":195,"graph":196,"unsanitizedCount":13,"severity":212},"\u003Cclass-wppbm-posts-table> (classes\\class-wppbm-posts-table.php:0)",{"nodes":197,"edges":209},[198,203],{"id":199,"type":200,"label":201,"file":166,"line":202},"n0","source","$_REQUEST",187,{"id":204,"type":205,"label":206,"file":166,"line":207,"wp_function":208},"n1","sink","get_results() [SQLi]",200,"get_results",[210],{"from":199,"to":204,"sanitized":211},true,"low",{"entryPoint":214,"graph":215,"unsanitizedCount":107,"severity":222},"prepare_items (classes\\class-wppbm-posts-table.php:183)",{"nodes":216,"edges":219},[217,218],{"id":199,"type":200,"label":201,"file":166,"line":202},{"id":204,"type":205,"label":206,"file":166,"line":207,"wp_function":208},[220],{"from":199,"to":204,"sanitized":221},false,"high",{"summary":224,"deductions":225},"The \"wp-posts-password-batch-manager\" v1.1 plugin exhibits a generally good security posture with no known CVEs and a relatively small attack surface. The static analysis indicates a deliberate effort to implement security best practices, as evidenced by the presence of nonce and capability checks, and a majority of SQL queries utilizing prepared statements. File operations and external HTTP requests are also absent, further reducing potential attack vectors.\n\nHowever, there are specific areas of concern that warrant attention. The use of the `create_function` is a significant red flag, as it can be a source of remote code execution vulnerabilities if user-supplied input is not strictly controlled. Additionally, the taint analysis revealed one flow with unsanitized paths of high severity. While the overall output escaping is not fully robust, the taint flow and the deprecated `create_function` are the most critical findings that could lead to exploitation.\n\nGiven the lack of historical vulnerabilities, it suggests that the plugin's developers have been diligent. The strengths lie in the limited attack surface and the majority of security checks implemented. The weaknesses, however, are critical: the presence of a dangerous function and a high-severity unsanitized path flow. These should be addressed to maintain a secure plugin.",[226,229,231],{"reason":227,"points":228},"Dangerous function detected (create_function)",15,{"reason":230,"points":27},"High severity taint flow with unsanitized paths",{"reason":232,"points":69},"Low percentage of properly escaped output","2026-03-16T23:19:25.953Z",{"wat":235,"direct":244},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Fwp-posts-password-batch-manager\u002Fcss\u002Fwppbm-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-posts-password-batch-manager\u002Fjs\u002Fwppbm-script.js",[],[238],[242,243],"wp-posts-password-batch-manager\u002Fcss\u002Fwppbm-style.css?ver=","wp-posts-password-batch-manager\u002Fjs\u002Fwppbm-script.js?ver=",{"cssClasses":245,"htmlComments":247,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":251},[246],"wppbm-wrap",[],[],[],[],[]]