[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiO3uvZRQKsa5Zz6IBANp6rRmq4pIsENj3foSEuT5Eag":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":57,"fingerprints":117},"wp-private","Wp-Private","1.6.1","Namith Jawahar","https:\u002F\u002Fprofiles.wordpress.org\u002Fnamithjawahar\u002F","\u003Cp>We often wish to provide some teaser content to visitors while keeping a part of the content reserved for registered users so that they will be lured to register on our site. This plugin helps you achieve exactly this. You will be able to mark a part of your post as private and the rest will be available to public and a login form OR a register and login will appear where your privatized content is supposed to appear. Once the user logs in they will be able to see the whole content (Great for membership sites). Now you can show off parts of your site to visitors and reserve parts for registered users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Privatize multiple parts of your post\u002Fpages.\u003C\u002Fli>\n\u003Cli>Provision to prevent ban specific users.\u003C\u002Fli>\n\u003Cli>Ability to customize the login form \u002F login links which appear in place of premium content for non-logged in users.\u003C\u002Fli>\n\u003Cli>Ability to show custom message to banned users.\u003C\u002Fli>\n\u003Cli>Provision for Custom Login Page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Privatize parts of posts from unauthorized users. Begin protected content with [protected] and end hidden content with [\u002Fprotected].",200,28776,100,3,"2022-01-19T09:39:00.000Z","5.4.19","5.4","",[20],"private-posts","https:\u002F\u002Fwww.smartlogix.co.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-private.1.6.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"namithjawahar",5,30220,982,69,"2026-04-04T00:35:15.685Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":24,"num_ratings":24,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"constellation-client-portal","Constellation Client Portal","2.7.0","ARS","https:\u002F\u002Fprofiles.wordpress.org\u002Farstudios\u002F","\u003Cp>A professional client portal for WordPress that helps you organize clients, customers, groups, and teams. Create unlimited client pages and securely share private pages, posts, and files.\u003C\u002Fp>\n\u003Cp>Upgrade to the \u003Ca href=\"https:\u002F\u002Fconstellationclientportal.com\u002F?utm_source=wporg\" title=\"Get Constellation Client Portal Pro\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> and integrate with WooCommerce to accept payments for invoices and services.\u003C\u002Fp>\n\u003Cp>Whether you are a veteran of high-level business or just starting out, Constellation Client Portal gives you the tools that you need to manage your operations efficiently and professionally, so that you can do business with confidence.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create unlimited private pages for your clients, customers, and team members.\u003C\u002Fli>\n\u003Cli>Create private invoice and file posts for your clients and display them on private client pages, with simple to use shortcodes.\u003C\u002Fli>\n\u003Cli>Attach private files (example: pdf, jpg, docx, xlsx, etc) to invoice and file posts.\u003C\u002Fli>\n\u003Cli>Prevent direct access to client files by users, search engines, and bots.\u003C\u002Fli>\n\u003Cli>Assign WordPress users to Companies.\u003C\u002Fli>\n\u003Cli>Assign users (example: consultants) to multiple companies to allow them to access files that are assigned to different companies.\u003C\u002Fli>\n\u003Cli>Easily add curated lists of invoices and documents to client pages via simple to use shortcodes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect clients to their private client page at login (optional login redirect setting).\u003C\u002Fli>\n\u003Cli>Integrate your invoices with WooCommerce and add a pay button to your unpaid invoices, and accept payments from your customers and clients (requires WooCommerce).\u003C\u002Fli>\n\u003Cli>Change the Client Page, Client File, and Client Invoice URL base names (“accp-client-page,” “accp-clientfile,” and “accp-clientinvoice) to names of your choosing.\u003C\u002Fli>\n\u003Cli>Automatically send email notifications to clients when a new File or Invoice post is created.\u003C\u002Fli>\n\u003Cli>Automatically send reminder email notifications on a schedule.\u003C\u002Fli>\n\u003Cli>Easily customize the look of client-facing lists and pages.\u003C\u002Fli>\n\u003Cli>Display client-facing lists in list or grid layout.\u003C\u002Fli>\n\u003Cli>Easily generate, save, and edit file and invoice shortcodes within the plugin settings.\u003C\u002Fli>\n\u003Cli>Add due dates and past due notices to invoices and files.\u003C\u002Fli>\n\u003Cli>Further restrict file and invoice access within a company by user and role.\u003C\u002Fli>\n\u003Cli>Restrict file and invoice category access by user and role.\u003C\u002Fli>\n\u003Cli>Add internal notes to File and Invoice posts.\u003C\u002Fli>\n\u003Cli>Export file and invoice lists to CSV.\u003C\u002Fli>\n\u003Cli>Create \u003Ca href=\"https:\u002F\u002Fconstellationclientportal.com\u002F2023\u002F05\u002F16\u002Fhow-to-utilize-global-pages\u002F\" title=\"Client Portal Global Pages\" rel=\"nofollow ugc\">global client pages\u003C\u002Fa> that can be accessed by multiple companies.\u003C\u002Fli>\n\u003Cli>Create global client files that can be accessed by more than one company.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Constellation Client Portal is your portal for everything, and helps you interface with clients, customers, teams, and groups.  It’s professional, extendable, versatile, and is designed to sit at the heart of your organization to save time and lower costs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Example Use Case Areas\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Businesses and Professionals – Interface with clients, customers, employees, contractors, and vendors.\u003C\u002Fli>\n\u003Cli>Freelancers – Interface with clients, customers, contractors, and vendors.\u003C\u002Fli>\n\u003Cli>Project Managers \u002F Teams – Interface with stake holders, contractors, project members, and vendors.\u003C\u002Fli>\n\u003Cli>Teams – Interface with team members, staff, affiliates, vendors, and contractors.\u003C\u002Fli>\n\u003Cli>Groups and Organizations – Interface with group members, and other affiliates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes (Core)\u003C\u002Fh3>\n\u003Cp>The shortcode parameters, below, are for use with the core version of the plugin.  The pro version allows for file and invoice shortcodes to be easily generated, saved, and edited within the plugin settings.\u003C\u002Fp>\n\u003Ch4>Unpaid Invoice List\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[accp_clientinvoices invoice_status=\"unpaid\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Paid Invoice List\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[accp_clientinvoices invoice_status=\"paid\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Invoice Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>invoice_status\u003C\u002Fstrong> this is the payment status of the invoice. Accepted Values: “paid” or “unpaid”. Default: “unpaid”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>display_number\u003C\u002Fstrong> this is the number of posts per page. Accepted Values: any positive whole number. Default: -1 (which displays all posts returned in a query).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order_by\u003C\u002Fstrong> this allows for lists to be sorted by post title instead of date. Accepted Values: “title” or “date”. Default: “date”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> this allows the sort order to be changed. Accepted Values: “ASC” or “DESC”. Default: “DESC”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_excerpt\u003C\u002Fstrong> this allows for a post excerpt to be displayed with each list item. Accepted Values: “true” or “false”. Default: “false”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>excerpt_length\u003C\u002Fstrong> this allows you to constrain the number of words, “show_excerpt” is set to “true”. Accepted Values: any positive whole number. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_thumbnail\u003C\u002Fstrong> this allows the featured image to be displayed with each list item (if a featured image is set). Accepted Values: “true” or “false”. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>thumbnail_size\u003C\u002Fstrong> this allows you to choose an image size if the “show_thumbnail” attribute is set to “true”. Accepted Values: any valid thumbnail slug that is available in your theme (ex. “full”). Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>align_thumbnail\u003C\u002Fstrong> this allows the thumbnail image alignment to be set if the “show_thumbnail” attribute is set to “true”. Accepted Values: “center”, “left”, “right”, “float-left”, or “float-right”. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_post_date\u003C\u002Fstrong> this allows for the WordPress post date to be displayed with each item in a list. Accepted Values: “true” or “false”. Default: “false”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>categories\u003C\u002Fstrong> Accepted Values: this can be entered as an Invoice Category Slug or ID, or a combination of those. Separate multiple values with a comma (ex. “21, category-a”). Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_title\u003C\u002Fstrong> Accepted Values: “nolink”.  Adding this parameter and setting the value to “nolink” will remove the href from post titles in the list and make them unclickable. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Document\u002FFile List\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[accp_clientfiles]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>File Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>categories\u003C\u002Fstrong> Accepted Values: this can be entered as a File Category Slug or ID, or a combination of those. Separate multiple values with a comma (ex. “21, category-a”). Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>display_number\u003C\u002Fstrong> this is the number of posts per page. Accepted Values: any positive whole number. Default: -1 (which displays all posts returned in a query).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order_by\u003C\u002Fstrong> this allows for lists to be sorted by post title instead of date. Accepted Values: “title” or “date”. Default: “date”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>order\u003C\u002Fstrong> this allows the sort order to be changed. Accepted Values: “ASC” or “DESC”. Default: “DESC”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_excerpt\u003C\u002Fstrong> this allows for a post excerpt to be displayed with each list item. Accepted Values: “true” or “false”. Default: “false”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>excerpt_length\u003C\u002Fstrong> this allows you to constrain the number of words, “show_excerpt” is set to “true”. Accepted Values: any positive whole number. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_thumbnail\u003C\u002Fstrong> this allows the featured image to be displayed with each list item (if a featured image is set). Accepted Values: “true” or “false”. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>thumbnail_size\u003C\u002Fstrong> this allows you to choose an image size if the “show_thumbnail” attribute is set to “true”. Accepted Values: any valid thumbnail slug that is available in your theme (ex. “full”). Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>align_thumbnail\u003C\u002Fstrong> this allows the thumbnail image alignment to be set if the “show_thumbnail” attribute is set to “true”. Accepted Values: “center”, “left”, “right”, “float-left”, or “float-right”. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_post_date\u003C\u002Fstrong> this allows for the WordPress post date to be displayed with each item in a list. Accepted Values: “true” or “false”. Default: “false”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>link_title\u003C\u002Fstrong> Accepted Values: “nolink”.  Adding this parameter and setting the value to “nolink” will remove the href from post titles in the list and make them unclickable. Default: null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Global Files (Pro)\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[accp_global_files]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Company Menu (Pro)\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[accp_company_menu]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Company Menu Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>excluded_page_ids\u003C\u002Fstrong> – this allows for pages that are assigned to a given company to be excluded from the company menu.  Accepts a comma separated list of Client Page ID’s. Default = null.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>list_style\u003C\u002Fstrong> – this allows the UL orientation to be changed.  Accepts ‘vertical’ or ‘horizontal.’ Default = horizontal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>align\u003C\u002Fstrong> – this allows for the menu alignment to be set.  Accepts ‘left,’ ‘right,’ or ‘center.’ Default = left.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fconstellationclientportal.com\u002Fdocumentation-constellation-client-portal\u002F#quick-start\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa> – Follow the quick start guide to quickly set up the initial foundation for your client portal.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fconstellationclientportal.com\u002Fdocumentation-constellation-client-portal\u002F\" rel=\"nofollow ugc\">Plugin Documentation\u003C\u002Fa> – View the plugin documentation for other helpful information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Pro users, with active licenses, should open a support ticket by accessing their account on \u003Ca href=\"https:\u002F\u002Fconstellationclientportal.com\u002Fmy-account\u002F\" rel=\"nofollow ugc\">constellationclientportal.com\u003C\u002Fa> for help and support.\u003C\u002Fp>\n","A professional client portal for WordPress that helps you organize clients, customers, groups, and teams. Create unlimited client pages and securely s &hellip;",10,7956,"2026-03-02T13:32:00.000Z","6.9.4","6.0.0","7.4",[51,52,53,54,20],"client-portal","customer-portal","private-files","private-pages","https:\u002F\u002Fadrianrodriguezstudios.com\u002Fconstellation-client-portal\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconstellation-client-portal.2.7.0.zip",{"attackSurface":58,"codeSignals":82,"taintFlows":105,"riskAssessment":106,"analyzedAt":116},{"hooks":59,"ajaxHandlers":72,"restRoutes":73,"shortcodes":74,"cronEvents":81,"entryPointCount":65,"unprotectedCount":24},[60,66,69],{"type":61,"name":62,"callback":63,"priority":13,"file":64,"line":65},"action","admin_menu","closure","includes\\settings.php",2,{"type":61,"name":67,"callback":63,"file":64,"line":68},"admin_enqueue_scripts",7,{"type":61,"name":70,"callback":63,"file":64,"line":71},"add_meta_boxes",56,[],[],[75,78],{"tag":76,"callback":63,"file":77,"line":65},"protected","includes\\shortcodes.php",{"tag":79,"callback":63,"file":77,"line":80},"loginform",40,[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":104},[],{"prepared":24,"raw":24,"locations":85},[],{"escaped":87,"rawEcho":68,"locations":88},1,[89,92,94,96,98,100,102],{"file":64,"line":90,"context":91},82,"raw output",{"file":64,"line":93,"context":91},83,{"file":64,"line":95,"context":91},84,{"file":64,"line":97,"context":91},88,{"file":64,"line":99,"context":91},89,{"file":64,"line":101,"context":91},93,{"file":64,"line":103,"context":91},162,[],[],{"summary":107,"deductions":108},"The \"wp-private\" plugin v1.6.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no immediately obvious critical vulnerabilities such as dangerous functions, raw SQL queries, file operations, external HTTP requests, or the presence of bundled libraries that could pose a risk. The absence of known CVEs and a clean vulnerability history further contribute to a perception of a relatively secure plugin.  However, significant concerns arise from the lack of security checks in the analyzed code.\n\nSpecifically, the complete absence of nonce checks and capability checks, coupled with only 13% of output being properly escaped, presents substantial risks. While the attack surface is small, the lack of authentication and authorization mechanisms means that any interaction with the plugin's entry points (shortcodes in this case) could potentially be exploited by unauthenticated users.  The taint analysis showing zero flows is encouraging but may be due to the limited scope of the analysis or the plugin's functionality not exposing such flows. The lack of comprehensive output escaping is a critical weakness that could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled securely within the shortcode outputs.\n\nIn conclusion, while \"wp-private\" v1.6.1 benefits from a clean vulnerability history and a small attack surface, its security is severely undermined by a lack of fundamental security controls like nonce and capability checks, and insufficient output escaping. These omissions create significant potential for exploitation, particularly XSS, and warrant serious attention from developers to implement robust security measures.",[109,111,113],{"reason":110,"points":44},"Missing nonce checks",{"reason":112,"points":44},"Missing capability checks",{"reason":114,"points":115},"Low output escaping percentage",8,"2026-03-16T20:11:55.337Z",{"wat":118,"direct":123},{"assetPaths":119,"generatorPatterns":120,"scriptPaths":121,"versionParams":122},[],[],[],[],{"cssClasses":124,"htmlComments":127,"htmlAttributes":128,"restEndpoints":135,"jsGlobals":136,"shortcodeOutput":145},[125,126],"wp_private_settings_wrap","wp-private-box",[],[129,130,131,132,133,134],"id=\"wp-private-box\"","id=\"wp_private_form\"","id=\"poststuff\"","id=\"post-body\"","id=\"postbox-container-1\"","id=\"postbox-container-2\"",[],[137,138,139,140,141,142,143,144],"wp_private_settings","wp_private_replacement_type","wp_private_linkback_enable","wp_private_before_html","wp_private_after_html","wp_private_not_authorized_text","wp_private_selected_users","wp_private_custom_login_page_url",[146,147],"[protected]","[\u002Fprotected]"]