[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ11u3inQMA5shWhOB6dTw5arBhnxDVANbA-HVyGQVxM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":94},"wp-user-profile-restriction","WP User Profile Restriction","2.0.0","Shawon C.","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawon786\u002F","\u003Cp>\u003Cstrong>WP User Profile Restriction\u003C\u002Fstrong> is a powerful yet simple plugin that allows you to restrict profile editing capabilities for specific user roles. Perfect for demo sites, membership websites, or any WordPress installation where you need to maintain control over user profile modifications.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Granular Role-Based Restrictions\u003C\u002Fstrong> – Choose exactly which user roles should be restricted from editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Options\u003C\u002Fstrong> – Redirect restricted users to a specific URL instead of showing an error message\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Menu Hiding\u003C\u002Fstrong> – Profile links are automatically hidden from admin bar and dashboard menu for restricted users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Settings Page\u003C\u002Fstrong> – Configure all options from a user-friendly settings page in WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backward Compatible\u003C\u002Fstrong> – Maintains default security by restricting Subscribers and Contributors by default\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Coding Required\u003C\u002Fstrong> – Simple checkbox interface for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Install and Activate\u003C\u002Fstrong> – The plugin works immediately with secure defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure Settings\u003C\u002Fstrong> – Go to Settings > Profile Restriction to customize\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select Roles\u003C\u002Fstrong> – Check which user roles should be restricted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Redirect\u003C\u002Fstrong> – Set a custom redirect URL if desired\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Done!\u003C\u002Fstrong> – Restricted users can no longer edit their profiles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Default Behavior\u003C\u002Fh4>\n\u003Cp>By default, the plugin restricts \u003Cstrong>Subscribers\u003C\u002Fstrong> and \u003Cstrong>Contributors\u003C\u002Fstrong> from editing their profiles. This maintains security while allowing Editors, Authors, and Administrators full access. You can customize this behavior at any time from the settings page.\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Demo and staging websites\u003C\u002Fli>\n\u003Cli>Membership sites\u003C\u002Fli>\n\u003Cli>Multi-author blogs\u003C\u002Fli>\n\u003Cli>Educational institutions\u003C\u002Fli>\n\u003Cli>Client websites\u003C\u002Fli>\n\u003Cli>Any site requiring profile editing restrictions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What Gets Restricted\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Direct access to profile.php page\u003C\u002Fli>\n\u003Cli>Profile link in admin bar\u003C\u002Fli>\n\u003Cli>Profile submenu in dashboard\u003C\u002Fli>\n\u003Cli>All profile editing capabilities for selected roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Administrator Protection\u003C\u002Fh4>\n\u003Cp>Administrators always retain full access to edit any profile, regardless of plugin settings. This ensures you never lock yourself out of critical functionality.\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support, feature requests, or bug reports, please visit the plugin’s support forum on WordPress.org.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect, store, or transmit any user data. All settings are stored locally in your WordPress database.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Developed by Shawon C for TheInnovs LLC\u003C\u002Fp>\n","Restrict user profile editing with granular role-based controls, custom redirects, and automatic menu hiding for enhanced WordPress security.",400,3430,100,5,"2025-11-10T01:02:00.000Z","6.8.5","4.0.3","",[20,21,22,23,24],"disable-editing-user-profile","disable-updating-my-profile","my-profile-restriction","profile-php-restriction","user-profile-restriction","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-profile-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-profile-restriction.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"shawon786",2,410,93,30,89,"2026-04-05T02:07:30.835Z",[],{"attackSurface":41,"codeSignals":61,"taintFlows":85,"riskAssessment":86,"analyzedAt":93},{"hooks":42,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":27,"unprotectedCount":27},[43,49,53],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_init","init_settings","wp-upr.php",36,{"type":44,"name":50,"callback":51,"file":47,"line":52},"admin_menu","add_settings_page",37,{"type":44,"name":54,"callback":55,"file":47,"line":56},"load-profile.php","restrict_profile_access",38,[],[],[],[],{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":83,"bundledLibraries":84},[],{"prepared":27,"raw":27,"locations":64},[],{"escaped":66,"rawEcho":67,"locations":68},9,7,[69,72,74,76,77,79,81],{"file":47,"line":70,"context":71},354,"raw output",{"file":47,"line":73,"context":71},371,{"file":47,"line":75,"context":71},384,{"file":47,"line":34,"context":71},{"file":47,"line":78,"context":71},411,{"file":47,"line":80,"context":71},413,{"file":47,"line":82,"context":71},424,1,[],[],{"summary":87,"deductions":88},"The \"wp-user-profile-restriction\" v2.0.0 plugin exhibits a generally good security posture based on the provided static analysis.  There are no identified vulnerabilities in its history, no dangerous functions, no external HTTP requests, and no file operations, which are all positive indicators. The use of prepared statements for SQL queries is excellent, and the presence of capability checks is a basic security control. However, the lack of nonce checks and the relatively low percentage (56%) of properly escaped output are areas of concern. While the attack surface appears minimal with zero entry points, this could also indicate limited functionality, making it difficult to fully assess its security in a real-world context.  The absence of taint analysis results also prevents a thorough examination of data flow vulnerabilities.\n\nDespite the absence of known vulnerabilities and a seemingly limited attack surface, the 56% output escaping rate suggests potential for Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks, while not directly tied to an exposed entry point in this analysis, is a missed security best practice that could become an issue if functionality changes or is extended without proper security considerations. The plugin's history of zero vulnerabilities is a strong positive, but it's crucial to remember that a lack of historical issues doesn't guarantee future security, especially with observed weaknesses in output handling.  Overall, the plugin appears to be on solid ground regarding core security principles, but attention to output escaping and nonces would significantly strengthen its security.",[89,91],{"reason":90,"points":67},"Output escaping is only 56% proper",{"reason":92,"points":14},"Missing nonce checks","2026-03-16T19:49:55.447Z",{"wat":95,"direct":104},{"assetPaths":96,"generatorPatterns":99,"scriptPaths":100,"versionParams":101},[97,98],"\u002Fwp-content\u002Fplugins\u002Fwp-user-profile-restriction\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-profile-restriction\u002Fjs\u002Fadmin.js",[],[98],[102,103],"wp-user-profile-restriction\u002Fcss\u002Fstyle.css?ver=","wp-user-profile-restriction\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":105,"htmlComments":106,"htmlAttributes":107,"restEndpoints":108,"jsGlobals":109,"shortcodeOutput":110},[],[],[],[],[],[]]