[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIjRc-iA4362dL5NsRQwlYXZNbQ0sezlZ4uWbGs9KVtk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":60,"crawl_stats":36,"alternatives":68,"analysis":187,"fingerprints":498},"wp-remote-users-sync","WP Remote Users Sync","2.1.5","Alexandre Froger","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrogerme\u002F","\u003Cp>If you run multiple websites and want to keep users separated, but synchronise them automatically and securely for specific user operations, then WP Remote Users Sync is the plugin to use.\u003C\u002Fp>\n\u003Ch3>Overview\u003C\u002Fh3>\n\u003Cp>This plugin adds the following major features to WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP Remote Users Sync admin page:\u003C\u002Fstrong> a settings page under “Settings > WP Remote Users Sync” to manage remote sites, security settings, import\u002Fexport users, and view activity logs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote Sites:\u003C\u002Fstrong> manage an unlimited amount of connected sites with configuration for incoming and outgoing User Actions (Login, Logout, Create, Update, Delete, Password, Role and Metadata).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security:\u003C\u002Fstrong> WP Remote Users Sync is the \u003Cstrong>only\u003C\u002Fstrong> plugin available allowing users to be synchronised with true layers of security in place. All communications are OpenSSL AES-256-CBC encrypted, HMAC SHA256 signed, token-validated and IP-validated.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import and Export Users:\u003C\u002Fstrong> connected websites’ existing user base can be synchronised manually first thanks to the provided import\u002Fexport tool.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logs:\u003C\u002Fstrong> when enabled, all communications between connected sites are logged for admin review and troubleshooting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronise all user data:\u003C\u002Fstrong> compatible out of the box with WooCommerce, Ultimate Membership, Theme My Login, Gravity Forms, and all user-related plugins as long as they rely on WordPress user metadata and manipulate users with the WordPress user functions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable:\u003C\u002Fstrong> developers can add their own User Actions using action and filter hooks, and more – see the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffroger-me\u002Fwp-remote-users-sync\" rel=\"nofollow ugc\">developers documentation\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited websites, unlimited features:\u003C\u002Fstrong> there are no restrictions in the number of websites to connect together, and no premium version feature restrictions shenanigans – WP Remote Users Sync is fully-featured right out of the box.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cp>Please read the plugin FAQ, there is a lot that may help you there!\u003C\u002Fp>\n\u003Cp>WP Remote Users Sync is regularly updated for compatibility, and bug reports are welcome, preferably on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffroger-me\u002Fwp-remote-users-sync\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. Pull Requests from developers following the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa> (\u003Ccode>WordPress-Extra\u003C\u002Fcode> ruleset) are highly appreciated and will be credited upon merge.\u003C\u002Fp>\n\u003Cp>In case the plugin has not been updated for a while, no panic: it simply means the compatibility flag has not been changed, and it very likely remains compatible with the latest version of WordPress. This is because it was designed with long-term compatibility in mind from the ground up.\u003C\u002Fp>\n\u003Cp>Each \u003Cstrong>bug\u003C\u002Fstrong> report will be addressed in a timely manner if properly documented – previously unanswered general inquiries and issues reported on the WordPress forum may take significantly longer to receive a response (if any).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Only issues occurring with included plugin features mentioned in “Synchronise all user data”, core WordPress and default WordPress themes (incl. WooCommerce Storefront) will be considered.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Troubleshooting involving 3rd-party plugins or themes will not be addressed on the WordPress support forum\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Integrations\u003C\u002Fh3>\n\u003Cp>Although WP Remote Users Sync works out of the box with most combinations of WordPress plugins and themes, there are some edge cases necessitating integration, with code included in the core files of WP Remote Users Sync executing under certain conditions.\u003C\u002Fp>\n\u003Cp>Integrations added to core are limited to popular plugins and themes: any extra code specific to a handful of installations require a separate custom plugin not shared with the community (created and maintained by a third-party developer).\u003C\u002Fp>\n\u003Cp>A typical example necessitating custom integration includes plugins or themes relying on their own custom tables, directly updating the database with SQL queries instead of using WordPress built-in functions, destroying sessions with low-level functions instead of using the built-in WordPress method, etc.\u003C\u002Fp>\n\u003Cp>If such need for plugin integration arises, website administrators \u003Cstrong>MUST\u003C\u002Fstrong> contact a third-party developer. The plugin author currently does not have the bandwidth to take on custom work for WPRUS.\u003C\u002Fp>\n","Synchronise WordPress Users across Multiple Sites.",7000,138536,98,73,"2025-10-29T02:37:00.000Z","6.8.5","4.9.5","8.0",[20,21,22],"multiple-sites","share-login","sync","https:\u002F\u002Fgithub.com\u002Ffroger-me\u002Fwp-remote-users-sync","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-remote-users-sync.2.1.5.zip",99,2,0,"2023-08-15 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2023-3958","wp-remote-users-sync-authenticated-subscriber-server-side-request-forgery","WP Remote Users Sync \u003C= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery","The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.",null,"\u003C=1.2.12","1.2.13","high",8.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=api-prod",161,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":28,"updated_date":43,"references":58,"days_to_patch":46},"CVE-2023-4374","wp-remote-users-sync-missing-authorization-to-authenticated-subscriber-log-view","WP Remote Users Sync \u003C= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View","The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.","\u003C=1.2.11","1.2.12","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=api-prod",{"slug":61,"display_name":7,"profile_url":8,"plugin_count":62,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},"frogerme",11,8130,88,110,71,"2026-04-04T11:04:09.289Z",[69,94,114,137,163],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":91,"download_link":92,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":93,"fetched_at":29},"sync-post-with-other-site","Sync Post With Other Site","1.9.1","Kamlesh Parmar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkp4coder\u002F","\u003Cp>Allows user to sync Posts, Pages and Custom Post Type with multiple websites.\u003C\u002Fp>\n\u003Cp>If you run multiple websites and want to synchronise them automatically and securely for specific post operations, then Sync Post With Other Site is the plugin to use.\u003C\u002Fp>\n\u003Cp>You just need to enter website URL & login credentials of other website to sync the post from there.\u003C\u002Fp>\n\u003Ch3>OVERVIEW\u003C\u002Fh3>\n\u003Cp>This plugin adds the following major features to WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>admin page:\u003C\u002Fstrong> a “Sync Post” menu to manage remote sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Import and Export:\u003C\u002Fstrong> Connected sites’ present posts base can be synchronised manually thanks to the provided import\u002Fexport tool.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cp>Development takes place on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkp4coder\u002Fsync-post-with-other-site\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Patches welcome.\u003C\u002Fp>\n","Allows user to sync Posts, Pages and Custom Post Type with multiple websites.",3000,45082,82,27,"2025-07-12T10:20:00.000Z","6.6.5","4.5","",[86,87,88,89,90],"migrate-post-content","post-content-sync","sync-post-with-multiple-sites","synchronization-post","wp-sync-post","https:\u002F\u002Fkp4coder.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-post-with-other-site.1.9.1.zip","2024-08-02 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":27,"num_ratings":27,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":84,"download_link":112,"security_score":113,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"same-user-credentials","SUC – same user credentials","1.0.0","giuliopanda","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuliopanda\u002F","\u003Cp>The plugin synchronizes users with a main site, allowing you to access all sites where the plugin is installed with the same credentials.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One website must be configured as a server, while the other sites must be configured as clients.\u003C\u002Fli>\n\u003Cli>Users registered on the server site can now access client sites using the same login credentials.\u003C\u002Fli>\n\u003Cli>In the client site, if the user does not exist, a new user is created with the data coming from the server. You can customize the data to be saved on the client site through several hooks described later.\u003C\u002Fli>\n\u003Cli>If the user already exists (checks the username) then the plugin updates the user information.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If the user exists on the client, but not on the server, the plugin blocks access by changing the password to the user saved on the client.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For security reasons the plugin does not synchronize administrators.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>When you click on recover password from a client site you are redirected to the server site to recover your password. Once you have recovered the password you return to the client site login. When you try to register a user from a client site you are redirected to the server site to register the user.\u003C\u002Fli>\n\u003Cli>If a user has logged in to a client site and logs in again through cookies, then without logging in again the system updates the user data with the server data once a day. If the user no longer exists on the server, he or she is logged out of the client site.\u003C\u002Fli>\n\u003Cli>Client users are never deleted even if they are no longer present on the server.\u003C\u002Fli>\n\u003Cli>Be careful if a user already exists on the client with the same email, but different user login, the user is not logged in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>Communications take place via APIs protected through an encrypted token system. Usernames and passwords are never passed in clear text or through a basic authentication system.\u003C\u002Fp>\n\u003Cp>Synchronizing administrators is not allowed, administrators must be managed locally.\u003C\u002Fp>\n\u003Cp>Some user metadata is not passed because it is specific to the configuration of each individual site.\u003C\u002Fp>\n\u003Ch3>Logs\u003C\u002Fh3>\n\u003Cp>All operations are logged both on the client site and on the server.\u003C\u002Fp>\n\u003Ch3>Customizations\u003C\u002Fh3>\n\u003Cp>By default the plugin synchronizes all user except administrators. By default The plugin synchronizes all user data, roles, and metadata.\u003C\u002Fp>\n\u003Cp>However, you can customize who and what to sync through many specially created filters and hooks.\u003C\u002Fp>\n\u003Cp>First you may want to choose which users you want to sync and which you don’t.   You can choose which user roles you want to sync. This way if the user has a certain role it will be synchronized, otherwise not. You can do this through the sucw-roles-exclude-all-sync-except filter placed in the client site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-roles-exclude-all-sync-except’, [‘subscriber’]);\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> Excludes all roles from synchronization except those specified\u003Cbr \u002F>\nThis overrides the filter ‘sucw-roles-to-exclude-sync’!\u003Cbr \u002F>\nparam array $array_exclude the list of default roles [‘subscriber’]\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>Otherwise you can choose to sync all users except those who have a certain role.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-roles-to-exclude-sync’, [‘administrator’])\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> These are the roles that do not need to synchronize\u003Cbr \u002F>\nIf active The filter ‘sucw-roles-exclude-all-sync-except’ will be ignored\u003Cbr \u002F>\nparam array $array_exclude the list of default roles [‘administrator’]\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>The same role configuration entered in the client sites should be placed in the server site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>add_filter(‘sucw-roles-exclude-all-sync-except’, []);\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(SERVER)\u003C\u002Fem> Exclude all roles from synchronization except those specified\u003Cbr \u002F>\nIf active the ‘sucw-block-user-roles’ filter will be ignored\u003Cbr \u002F>\nparam array $array_exclude the list of default roles []\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>add_filter(‘sucw-block-user-roles’, [‘administrator’]);\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(SERVER)\u003C\u002Fem> If the user has one of the blocked roles I won’t let them through\u003Cbr \u002F>\nvar array $block_user_roles\u003Cbr \u002F>\nreturn array\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Ch3>Below are the other filters and hooks you can use to customize your plugin configuration.\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-update-roles’, $roles)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> The list of roles to save in the user profile when creating or updating the user. if it is an empty array it does not update the roles.\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>do_action( ‘sucw-update-user’, $user_id, $user_data )\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> It is called after updating or creating a user\u003Cbr \u002F>\nparam: int $user_id the user id\u003Cbr \u002F>\nobject $user_data user data\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-remote-args’, $args)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> These are the arguments for the client to call the server\u003Cbr \u002F>\nparam array $args Default [‘method’:’POST’, ‘timeout’:$timeout, ‘redirection’:2, ‘httpversion’:’1.0′, ‘blocking’:true, ‘headers’:$headers, ‘cookies’:[]]\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-remote-timeout’, 15)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> The server call times out\u003Cbr \u002F>\nparam int $timeout Default 15\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-allow-metadata’, true)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> Allows you to update metadata\u003Cbr \u002F>\nparam bool $allow_metadata Allows you to update metadata\u003Cbr \u002F>\nif false it does not update the metadata, if it is an array it only updates the metadata present in the array\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw_register_url’, $url)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> Manages the registration link\u003Cbr \u002F>\nparam string $url il link di default\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-lostpassword-url’, url)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> Manages lost password link\u003Cbr \u002F>\nparam string $url il link di default\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters( ‘sucw-htaccess’, true )\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(CLIENT)\u003C\u002Fem> If the server uses htaccess or you need to make the call to the API via \u002F?rest_route (false)\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-api-response’, $response, ‘login|check-user’)\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>(SERVER)\u003C\u002Fem> The server’s response to the login client api call\u003Cbr \u002F>\nparam array $response [‘response_status’=>’ok’, ‘user’=>$user] | [‘response_status’=>’error’, ‘message’=>’…’]\u003Cbr \u002F>\nparam string $type login | check-user\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Cp>\u003Cstrong>apply_filters(‘sucw-log-limit’, 1000)\u003C\u002Fstrong>\u003Cbr \u002F>\n(SERVER & CLIENT) The number of logs to keep on both server and client\u003Cbr \u002F>\nparam int $log_limit Default 1000\u003Cbr \u002F>\nsince 1.0.0\u003C\u002Fp>\n\u003Ch3>TIPS & TRICKS\u003C\u002Fh3>\n\u003Cp>If the user misspells the password, it may appear as an error message that the user does not exist. To make the error messages more generic you can use the following code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('login_errors', 'login_message', 10, 1);\nfunction login_message($error ) {\n    if ($error != '') {\n        $error = \"Incorrect username or password\";\n    }\n    return $error;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To add a new role you need to create code like this on both the client and server sites\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_role('my_custom_role', \n    __( 'My Custom Role' ), \n    array( 'read' => true, 'read_private_posts' => true, )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Same user credentials as started in 2024 by Giulio Pandolfelli\u003Cbr \u002F>\nThanks to \u003Ca href=\"https:\u002F\u002Fwww.ekebu.com\" rel=\"nofollow ugc\">Ekebu\u003C\u002Fa> for the supports.\u003C\u002Fp>\n","It allows you to log in to two or more of your websites using the same credentials.",10,1383,"2024-05-24T13:38:00.000Z","6.5.8","6.0","7.4",[109,110,21,111],"authentication","multisite-user","users-sync","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsame-user-credentials.1.0.0.zip",92,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":113,"num_ratings":124,"last_updated":125,"tested_up_to":16,"requires_at_least":126,"requires_php":84,"tags":127,"homepage":133,"download_link":134,"security_score":13,"vuln_count":135,"unpatched_count":27,"last_vuln_date":136,"fetched_at":29},"worker","ManageWP Worker","4.9.31","Vladimir Prelovac","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreediver\u002F","\u003Cp>So you’re looking for a better way to manage WordPress websites? We have you covered! \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002F\" title=\"Manage Multiple WordPress Websites\" rel=\"nofollow ugc\">ManageWP\u003C\u002Fa> is a dashboard that helps you save time and nerves by automating your workflow, so you could focus on things that matter. It is fast, secure and free for an unlimited number of websites.\u003C\u002Fp>\n\u003Ch4>Everything in One Place\u003C\u002Fh4>\n\u003Cp>Just the hassle of logging into each of your websites is enough to ruin your day. ManageWP compiles the data from all of your sites on one dashboard, so you can check up on your websites in a single glance. And if you need to take a better look at a particular website, you’re just a click away. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002F1-click-login\" title=\"1-click login\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Bulk actions\u003C\u002Fh4>\n\u003Cp>57 updates on 12 sites? Update them all with a single click. And it’s not just updates. Clean spam, database overhead, run security checks and more – with just one click you can do these things on all your websites at once. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fmanage-plugins-and-themes\" title=\"Manage plugins & themes\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Cloud Backup that just works\u003C\u002Fh4>\n\u003Cp>A reliable backup is the backbone of any business. And we have a free monthly backup for all of your websites. It’s, incremental, reliable, and works where other backup solutions fail. The free Backup includes monthly scheduled backup, off-site storage, 1-click restore, US\u002FEU storage choice and the option to exclude files and folders. The premium Backup gives you on-demand backups, weekly\u002Fdaily\u002Fhourly backup cycles & \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fbackup\" title=\"ManageWP Backup\" rel=\"nofollow ugc\">more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Safe updates\u003C\u002Fh4>\n\u003Cp>Updating plugins & themes is a huge pain, so we came with this: a backup is automatically created before each update. After the update, the system checks the website and rolls back automatically if something’s wrong. And the best part is that you can set these updates to run at 3am, when the website traffic as its lowest.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fsafe-updates\" title=\"Safe Updates\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Client Report\u003C\u002Fh4>\n\u003Cp>Summarize your hard work in a professional looking report and send it to your clients to showcase your work. The free Client Report includes basic customization and on-demand reports. The premium Client Report lets you white label and automate your reports. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fclient-report\" title=\"Client Report\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Performance and Security Checks\u003C\u002Fh4>\n\u003Cp>Slow or infected websites are bad for business. Luckily, you can now keep tabs on your websites with regular performance & security checks. The free \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fsecurity-check\" title=\"security check\" rel=\"nofollow ugc\">Security Check\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fperformance-scan\" title=\"performance check\" rel=\"nofollow ugc\">Performance Check\u003C\u002Fa> come with fully functional checks and logging. Premium versions let you fully automate the checks, and get an SMS or an email if something’s wrong.\u003C\u002Fp>\n\u003Ch4>Google Analytics integration\u003C\u002Fh4>\n\u003Cp>Connect multiple Google Analytics accounts, and keep track of all the important metrics from one place.  \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fanalytics\" title=\"Google Analytics integration\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Uptime Monitor (premium add-on)\u003C\u002Fh4>\n\u003Cp>Be the first to know when your website is down with both email and SMS notifications, and get your website back online before anyone else notices. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fuptime-monitor\" title=\"Uptime Monitor\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Cloning & Migration (bundled with premium Backup add-on)\u003C\u002Fh4>\n\u003Cp>What used to take you hours of work and nerves of steel is now a one-click operation. Pick a source website, pick a destination website, click Go. Within minutes, your website will be alive and kicking on a new server. Yeah, it’s that easy. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fclone\" title=\"Cloning & migration\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>SEO Ranking (premium add-on)\u003C\u002Fh4>\n\u003Cp>Be on top of your website rankings and figure out which keywords work best for you, as well as keeping on eye on your competitors. This way you will know how well you stack up against them. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fseo-ranking\" title=\"SEO Ranking\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>White Label (premium add-on)\u003C\u002Fh4>\n\u003Cp>Rename or completely hide the ManageWP Worker plugin. Clients don’t need to know what you are using to manage their websites. \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\u002Fwhite-label\" title=\"White Label\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Is This All?\u003C\u002Fh4>\n\u003Cp>No way! We’ve got a bunch of other awesome features, both free and premium, you can check out on our \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Ffeatures\" title=\"ManageWP Features\" rel=\"nofollow ugc\">ManageWP features page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fvimeo.com\u002F220647227\" rel=\"nofollow ugc\">ManageWP promo video\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Manage Explainer Video\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F220647227?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of ManageWP Worker.\u003C\u002Fp>\n\u003Cp>ManageWP Worker is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>ManageWP Worker is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with ManageWP Worker. If not, see \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","A better way to manage dozens of WordPress websites.",1000000,26746793,676,"2026-03-11T16:11:00.000Z","3.1",[128,129,130,131,132],"backup","manage-multiple-sites","migrate","performance","security","https:\u002F\u002Fmanagewp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fworker.4.9.31.zip",1,"2020-02-11 00:00:00",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":147,"num_ratings":148,"last_updated":149,"tested_up_to":150,"requires_at_least":151,"requires_php":107,"tags":152,"homepage":158,"download_link":159,"security_score":160,"vuln_count":161,"unpatched_count":27,"last_vuln_date":162,"fetched_at":29},"facebook-for-woocommerce","Meta for WooCommerce","3.6.0","Facebook","https:\u002F\u002Fprofiles.wordpress.org\u002Ffacebook\u002F","\u003Cp>This is the official Meta for WooCommerce plugin that connects your WooCommerce website to Facebook, Instagram and WhatsApp. With this plugin, you can install the Facebook pixel, upload your online store catalog, enabling you to easily run dynamic ads and connect your WhatsApp Business account to automatically update customers about their orders.\u003C\u002Fp>\n\u003Cp>Marketing on Meta platforms helps your business build lasting relationships with people, find new customers, and increase sales for your online store. With this Facebook ad extension, reaching the people who matter most to your business is simple. This extension will track the results of your advertising across devices. It will also help you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maximize your campaign performance. By setting up the Facebook pixel and building your audience, you will optimize your ads for people likely to buy your products, and reach people with relevant ads on Facebook after they’ve visited your website.\u003C\u002Fli>\n\u003Cli>Find more customers. Connecting your product catalog automatically creates carousel ads that showcase the products you sell and attract more shoppers to your website.\u003C\u002Fli>\n\u003Cli>Generate sales among your website visitors. When you set up the Facebook pixel and connect your product catalog, you can use dynamic ads to reach shoppers when they’re on Facebook with ads for the products they viewed on your website. This will be included in a future release of Meta for WooCommerce.\u003C\u002Fli>\n\u003Cli>Engage with customers on WhatsApp by updating your customers about their orders at every step, freeing up more time for you to focus on your business.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Before raising a question with Meta Support, please first take a look at the Meta \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fbusiness\u002Fhelp\" rel=\"nofollow ugc\">helpcenter docs\u003C\u002Fa>, by searching for keywords like ‘WooCommerce’ here. If you didn’t find what you were looking for, you can go to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fbusiness-support-home\" rel=\"nofollow ugc\">Meta Direct Support\u003C\u002Fa> and ask your question.\u003C\u002Fp>\n\u003Cp>When reporting an issue on Meta Direct Support, please give us as many details as possible.\u003Cbr \u002F>\n* Symptoms of your problem\u003Cbr \u002F>\n* Screenshot, if possible\u003Cbr \u002F>\n* Your Facebook page URL\u003Cbr \u002F>\n* Your website URL\u003Cbr \u002F>\n* Current version of Facebook-for-WooCommerce, WooCommerce, WordPress, PHP\u003C\u002Fp>\n\u003Cp>To suggest technical improvements, you can raise an issue on our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffacebook\u002Ffacebook-for-woocommerce\u002Fissues\" rel=\"nofollow ugc\">Github repository\u003C\u002Fa>.\u003C\u002Fp>\n","Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.",500000,48379215,44,474,"2026-03-12T09:56:00.000Z","6.9.4","5.6",[153,154,155,156,157],"catalog-sync","conversions-api","facebook","meta","whatsapp","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Ffacebook-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-for-woocommerce.3.6.0.zip",93,3,"2025-10-29 00:00:00",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":173,"num_ratings":174,"last_updated":175,"tested_up_to":176,"requires_at_least":177,"requires_php":84,"tags":178,"homepage":183,"download_link":184,"security_score":185,"vuln_count":26,"unpatched_count":27,"last_vuln_date":186,"fetched_at":29},"async-javascript","Async JavaScript","2.21.08.31","David Clough","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloughit\u002F","\u003Cp>Eliminate Render-blocking Javascript in above-the-fold content with Async Javascript.\u003C\u002Fp>\n\u003Cp>Render-blocking Javascript prevents above-the-fold content on your page from being rendered until the javascript has finished loading. This can impact on your page speed and ultimately your ranking within search engines. It can also impact your user’s experience.\u003C\u002Fp>\n\u003Cp>Async JavaScript gives you full control of which scripts to add an ‘async’ or ‘defer’ attribute to or to exclude to help increase the performance of your WordPress website.\u003C\u002Fp>\n","Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres &hellip;",80000,2047749,94,102,"2023-06-22T08:00:00.000Z","6.2.9","4.6",[179,180,181,131,182],"async","javascript","pagespeed","render-blocking","https:\u002F\u002Fautoptimize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasync-javascript.2.21.08.31.zip",84,"2021-06-13 00:00:00",{"attackSurface":188,"codeSignals":415,"taintFlows":453,"riskAssessment":486,"analyzedAt":497},{"hooks":189,"ajaxHandlers":386,"restRoutes":407,"shortcodes":408,"cronEvents":409,"entryPointCount":414,"unprotectedCount":26},[190,196,199,202,205,208,213,217,221,225,228,231,234,237,240,244,249,252,255,257,260,263,267,271,275,279,282,285,288,290,292,295,297,299,301,303,307,311,314,316,319,323,325,329,332,335,339,341,342,345,348,352,356,360,363,366,370,373,374,377,381],{"type":191,"name":192,"callback":193,"file":194,"line":195},"action","init","init_remote_hooks_authorization","inc\\api\\class-wprus-api-abstract.php",122,{"type":191,"name":192,"callback":197,"file":194,"line":198},"init_remote_hooks",123,{"type":191,"name":192,"callback":200,"file":194,"line":201},"init_local_hooks",125,{"type":191,"name":192,"callback":203,"file":194,"line":204},"set_pending_async_actions_user_id",136,{"type":191,"name":192,"callback":206,"file":194,"line":207},"init_async_hooks",139,{"type":209,"name":210,"callback":211,"priority":102,"file":194,"line":212},"filter","wprus_wp_endpoints","add_action_endpoints",143,{"type":191,"name":214,"callback":215,"priority":102,"file":194,"line":216},"wprus_api_token","handle_token_request",300,{"type":209,"name":218,"callback":219,"priority":102,"file":194,"line":220},"wprus_api_needs_redirect","needs_redirect",350,{"type":191,"name":222,"callback":223,"file":194,"line":224},"wp_head","fire_async_actions",473,{"type":191,"name":226,"callback":223,"file":194,"line":227},"admin_head",477,{"type":191,"name":229,"callback":223,"file":194,"line":230},"login_head",481,{"type":191,"name":232,"callback":223,"file":194,"line":233},"wp_footer",503,{"type":191,"name":235,"callback":223,"file":194,"line":236},"admin_footer",507,{"type":191,"name":238,"callback":223,"file":194,"line":239},"login_footer",511,{"type":191,"name":241,"callback":242,"priority":102,"file":194,"line":243},"shutdown","save_async_actions",518,{"type":191,"name":245,"callback":246,"file":247,"line":248},"user_register","notify_remote","inc\\api\\class-wprus-api-create.php",14,{"type":191,"name":250,"callback":246,"file":251,"line":248},"delete_user","inc\\api\\class-wprus-api-delete.php",{"type":191,"name":253,"callback":246,"file":254,"line":248},"set_logged_in_cookie","inc\\api\\class-wprus-api-login.php",{"type":191,"name":253,"callback":246,"file":254,"line":256},25,{"type":191,"name":258,"callback":246,"file":259,"line":248},"clear_auth_cookie","inc\\api\\class-wprus-api-logout.php",{"type":191,"name":241,"callback":246,"file":261,"line":262},"inc\\api\\class-wprus-api-meta.php",15,{"type":209,"name":264,"callback":265,"file":261,"line":266},"update_user_metadata","track_user_meta_update",17,{"type":209,"name":268,"callback":269,"file":261,"line":270},"add_user_metadata","track_user_meta_add",18,{"type":209,"name":272,"callback":273,"file":261,"line":274},"delete_user_metadata","track_user_meta_delete",19,{"type":191,"name":276,"callback":277,"file":278,"line":248},"password_reset","schedule_shutdown","inc\\api\\class-wprus-api-password.php",{"type":191,"name":280,"callback":281,"priority":102,"file":278,"line":262},"wprus_password","handle_password_creation",{"type":191,"name":283,"callback":281,"file":278,"line":284},"wp_set_password",16,{"type":191,"name":286,"callback":287,"file":278,"line":266},"wp_update_user","handle_password_update",{"type":191,"name":241,"callback":246,"file":278,"line":289},145,{"type":191,"name":241,"callback":246,"file":291,"line":262},"inc\\api\\class-wprus-api-update.php",{"type":191,"name":293,"callback":294,"file":291,"line":284},"profile_update","track_updates",{"type":191,"name":296,"callback":294,"file":291,"line":266},"add_user_role",{"type":191,"name":298,"callback":294,"file":291,"line":270},"remove_user_role",{"type":191,"name":300,"callback":294,"file":291,"line":274},"set_user_role",{"type":191,"name":286,"callback":294,"file":291,"line":302},20,{"type":209,"name":304,"callback":305,"priority":102,"file":291,"line":306},"pre_user_login","remove_set_user_role_action",23,{"type":191,"name":308,"callback":308,"priority":102,"file":309,"line":310},"parse_request","inc\\class-wprus-import-export.php",13,{"type":191,"name":312,"callback":313,"file":309,"line":248},"wp","register_files_cleanup",{"type":191,"name":315,"callback":315,"file":309,"line":262},"wprus_files_cleanup",{"type":209,"name":317,"callback":318,"priority":102,"file":309,"line":302},"wprus_init_notification_hooks","init_notification_hooks",{"type":191,"name":192,"callback":320,"file":321,"line":322},"register_log_types","inc\\class-wprus-logger.php",26,{"type":191,"name":312,"callback":324,"file":321,"line":80},"register_logs_cleanup",{"type":191,"name":326,"callback":327,"file":321,"line":328},"wprus_logs_cleanup","clear_logs",28,{"type":191,"name":312,"callback":330,"file":331,"line":270},"register_nonce_cleanup","inc\\class-wprus-nonce.php",{"type":191,"name":333,"callback":334,"file":331,"line":274},"wprus_nonce_cleanup","clear_nonces",{"type":191,"name":192,"callback":336,"file":337,"line":338},"load_textdomain","inc\\class-wprus-settings.php",24,{"type":191,"name":192,"callback":340,"file":337,"line":256},"set_cache_policy",{"type":191,"name":192,"callback":192,"file":337,"line":322},{"type":191,"name":343,"callback":344,"priority":102,"file":337,"line":80},"admin_menu","plugin_options_menu_main",{"type":191,"name":346,"callback":347,"priority":102,"file":337,"line":328},"add_meta_boxes","add_settings_meta_boxes",{"type":209,"name":349,"callback":350,"priority":102,"file":337,"line":351},"pre_update_option_wprus","require_flush",30,{"type":209,"name":353,"callback":354,"priority":102,"file":337,"line":355},"wprus_settings","sanitize_settings",31,{"type":209,"name":357,"callback":358,"priority":102,"file":337,"line":359},"plugin_action_links_wp-remote-users-sync\u002Fwprus.php","plugin_action_links",32,{"type":191,"name":361,"callback":362,"file":337,"line":65},"admin_notices","missing_config",{"type":191,"name":364,"callback":364,"priority":102,"file":337,"line":365},"admin_enqueue_scripts",144,{"type":209,"name":367,"callback":368,"priority":102,"file":337,"line":369},"screen_layout_columns","screen_layout_column",146,{"type":191,"name":192,"callback":371,"file":372,"line":270},"add_endpoints","inc\\class-wprus.php",{"type":191,"name":308,"callback":308,"priority":102,"file":372,"line":302},{"type":209,"name":375,"callback":376,"priority":102,"file":372,"line":306},"query_vars","add_query_vars",{"type":191,"name":378,"callback":379,"priority":102,"file":380,"line":274},"wprus_ready","run","inc\\integration\\class-wprus-integration.php",{"type":191,"name":382,"callback":383,"priority":102,"file":384,"line":385},"plugins_loaded","wprus_run","wprus.php",124,[387,390,394,397,400,404],{"action":388,"nopriv":389,"callback":246,"hasNonce":389,"hasCapCheck":389,"file":259,"line":262},"destroy-sessions",false,{"action":391,"nopriv":389,"callback":392,"hasNonce":393,"hasCapCheck":389,"file":309,"line":284},"wprus_import_users","import",true,{"action":395,"nopriv":389,"callback":396,"hasNonce":393,"hasCapCheck":389,"file":309,"line":266},"wprus_export_users","export",{"action":398,"nopriv":389,"callback":399,"hasNonce":393,"hasCapCheck":389,"file":309,"line":270},"wprus_get_usernames","get_usernames_json",{"action":401,"nopriv":389,"callback":402,"hasNonce":393,"hasCapCheck":389,"file":321,"line":403},"wprus_refresh_logs","refresh_logs_async",29,{"action":405,"nopriv":389,"callback":406,"hasNonce":389,"hasCapCheck":389,"file":321,"line":351},"wprus_clear_logs","clear_logs_async",[],[],[410,411,413],{"hook":315,"callback":315,"file":309,"line":359},{"hook":326,"callback":326,"file":321,"line":412},52,{"hook":333,"callback":333,"file":331,"line":322},6,{"dangerousFunctions":416,"sqlUsage":417,"outputEscaping":429,"fileOperations":431,"externalRequests":26,"nonceChecks":431,"capabilityChecks":26,"bundledLibraries":449},[],{"prepared":418,"raw":419,"locations":420},21,4,[421,423,426,427],{"file":321,"line":13,"context":422},"$wpdb->get_var() with variable interpolation",{"file":321,"line":424,"context":425},172,"$wpdb->query() with variable interpolation",{"file":372,"line":79,"context":422},{"file":372,"line":428,"context":422},103,{"escaped":430,"rawEcho":431,"locations":432},129,7,[433,436,438,440,443,446,448],{"file":194,"line":434,"context":435},1242,"raw output",{"file":194,"line":437,"context":435},1280,{"file":439,"line":310,"context":435},"inc\\templates\\admin\\log-row.php",{"file":441,"line":442,"context":435},"inc\\templates\\admin\\logs-metabox.php",39,{"file":444,"line":445,"context":435},"inc\\templates\\redirect-processing-script.php",9,{"file":444,"line":447,"context":435},12,{"file":444,"line":262,"context":435},[450],{"name":451,"version":36,"knownCves":452},"Select2",[],[454,476],{"entryPoint":455,"graph":456,"unsanitizedCount":135,"severity":54},"import (inc\\class-wprus-import-export.php:210)",{"nodes":457,"edges":473},[458,463,467],{"id":459,"type":460,"label":461,"file":309,"line":462},"n0","source","$_FILES",288,{"id":464,"type":465,"label":466,"file":309,"line":462},"n1","transform","→ read_from_imported_file()",{"id":468,"type":469,"label":470,"file":309,"line":471,"wp_function":472},"n2","sink","fopen() [File Access]",401,"fopen",[474,475],{"from":459,"to":464,"sanitized":389},{"from":464,"to":468,"sanitized":389},{"entryPoint":477,"graph":478,"unsanitizedCount":135,"severity":54},"\u003Cclass-wprus-import-export> (inc\\class-wprus-import-export.php:0)",{"nodes":479,"edges":483},[480,481,482],{"id":459,"type":460,"label":461,"file":309,"line":462},{"id":464,"type":465,"label":466,"file":309,"line":462},{"id":468,"type":469,"label":470,"file":309,"line":471,"wp_function":472},[484,485],{"from":459,"to":464,"sanitized":389},{"from":464,"to":468,"sanitized":389},{"summary":487,"deductions":488},"The wp-remote-users-sync plugin v2.1.5 presents a mixed security posture. While it demonstrates good practices in areas like SQL prepared statements (84%) and output escaping (95%), and notably has no currently unpatched CVEs, there are significant concerns.  The presence of two AJAX handlers without authentication checks creates a direct attack surface, and the taint analysis revealing two flows with unsanitized paths, even if not rated as critical or high severity in this analysis, warrants caution. These unsanitized paths are a red flag, suggesting potential for vulnerabilities if exploited under specific conditions. The plugin's history of two CVEs, one high and one medium, specifically mentioning SSRF and Missing Authorization, further reinforces the importance of scrutinizing its access control and external interaction mechanisms.\n\nDespite the absence of currently exploitable known vulnerabilities and a generally good application of security measures like prepared statements and output escaping, the direct exposure of two AJAX endpoints and the identified unsanitized paths are concerning. The historical vulnerabilities also indicate a pattern that requires ongoing vigilance. While the plugin is not in an immediately critical state, its attack surface and past issues suggest that users should be aware of potential risks, especially regarding authorization bypass and SSRF. Continued monitoring and prompt updates for future versions are recommended to mitigate these risks.",[489,491,493,495],{"reason":490,"points":102},"AJAX handlers without auth checks",{"reason":492,"points":431},"Flows with unsanitized paths",{"reason":494,"points":262},"Known high severity vulnerability history",{"reason":496,"points":102},"Known medium severity vulnerability history","2026-03-16T18:01:14.908Z",{"wat":499,"direct":508},{"assetPaths":500,"generatorPatterns":503,"scriptPaths":504,"versionParams":505},[501,502],"\u002Fwp-content\u002Fplugins\u002Fwp-remote-users-sync\u002Fcss\u002Fwprus.css","\u002Fwp-content\u002Fplugins\u002Fwp-remote-users-sync\u002Fjs\u002Fwprus.js",[],[502],[506,507],"wp-remote-users-sync\u002Fcss\u002Fwprus.css?ver=","wp-remote-users-sync\u002Fjs\u002Fwprus.js?ver=",{"cssClasses":509,"htmlComments":511,"htmlAttributes":512,"restEndpoints":513,"jsGlobals":514,"shortcodeOutput":515},[510],"wprus-settings-wrap",[],[],[],[],[]]