[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffomZlqLdGpJhSgHm8SLiPryEc-zz2pKCVDzsCaPqkck":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":53,"analysis":158,"fingerprints":484},"wp-user-profiles","WP User Profiles","2.6.2","John James Jacoby","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnjamesjacoby\u002F","\u003Cp>WP User Profiles is a sophisticated way to edit users in WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Includes all functionality from WordPress itself\u003C\u002Fli>\n\u003Cli>Includes 4 top-level “Sections”\u003C\u002Fli>\n\u003Cli>Includes an “Other” section to automatically work with third-party plugins\u003C\u002Fli>\n\u003Cli>Each section includes 1 or more meta-boxes\u003C\u002Fli>\n\u003Cli>Status meta-box allows easily changing user status\u003C\u002Fli>\n\u003Cli>Works great with multisite Network and User Dashboards\u003C\u002Fli>\n\u003Cli>Works great with WP User Groups and WP User Avatars plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cp>If you like this plugin, you’ll probably like these!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-profiles\u002F\" title=\"A sophisticated way to edit users in WordPress.\" rel=\"ugc\">WP User Profiles\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-activity\u002F\" title=\"The best way to log activity in WordPress.\" rel=\"ugc\">WP User Activity\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatars\u002F\" title=\"Allow users to upload avatars or choose them from your media library.\" rel=\"ugc\">WP User Avatars\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-groups\u002F\" title=\"Group users together with taxonomies & terms.\" rel=\"ugc\">WP User Groups\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-signups\u002F\" title=\"The best way to manage user & site sign-ups in WordPress.\" rel=\"ugc\">WP User Signups\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-authors\u002F\" title=\"Authors for categories, tags, and other taxonomy terms.\" rel=\"ugc\">WP Term Authors\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-colors\u002F\" title=\"Pretty colors for categories, tags, and other taxonomy terms.\" rel=\"ugc\">WP Term Colors\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-families\u002F\" title=\"Associate taxonomy terms with other taxonomy terms.\" rel=\"ugc\">WP Term Families\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-icons\u002F\" title=\"Pretty icons for categories, tags, and other taxonomy terms.\" rel=\"ugc\">WP Term Icons\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-images\u002F\" title=\"Pretty images for categories, tags, and other taxonomy terms.\" rel=\"ugc\">WP Term Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-locks\u002F\" title=\"Protect categories, tags, and other taxonomy terms from being edited or deleted.\" rel=\"ugc\">WP Term Locks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-order\u002F\" title=\"Sort taxonomy terms, your way.\" rel=\"ugc\">WP Term Order\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-term-visibility\u002F\" title=\"Visibilities for categories, tags, and other taxonomy terms.\" rel=\"ugc\">WP Term Visibility\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-media-categories\u002F\" title=\"Add categories to media & attachments.\" rel=\"ugc\">WP Media Categories\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-pretty-filters\u002F\" title=\"Makes post filters better match what's already in Media & Attachments.\" rel=\"ugc\">WP Pretty Filters\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-chosen\u002F\" title=\"Make long, unwieldy select boxes much more user-friendly.\" rel=\"ugc\">WP Chosen\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","WP User Profiles is a sophisticated way to edit users in WordPress.",300,33407,86,19,"2024-08-27T15:22:00.000Z","6.6.5","5.2","7.2",[20,21,22,23],"edit","metabox","profile","user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-profiles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-profiles.zip",68,1,"2025-04-08 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-31524","wp-user-profiles-authenticated-subscriber-privilege-escalation","WP User Profiles \u003C= 2.6.2 - Authenticated (Subscriber+) Privilege Escalation","The WP User Profiles plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their privileges to that of an administrator.",null,"\u003C=2.6.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Privilege Management","2025-04-16 20:57:06",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2c69dec6-4988-4760-8dc0-a11044dde406?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"johnjamesjacoby",28,331580,87,1401,70,"2026-04-04T15:10:08.098Z",[54,82,104,124,140],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":80,"last_vuln_date":81,"fetched_at":29},"wp-edit-username","WP Edit Username","2.0.5","Sajjad Hossain Sagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjad67\u002F","\u003Cp>This plugin adds feature to edit\u002Fchange user username.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Edit Username: Allows editing of usernames.\u003C\u002Fli>\n\u003Cli>Only users with the \u003Ccode>edit_other_users()\u003C\u002Fcode> capability can change usernames.\u003C\u002Fli>\n\u003Cli>If the “Send Email” option is enabled, the user will receive a notification email when their username is changed.\u003C\u002Fli>\n\u003Cli>You can customize the email subject and body text in the admin dashboard or via filter hooks.\u003C\u002Fli>\n\u003Cli>Modify the email subject using the filter: \u003Ccode>wpeu_email_subject\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Modify the email headers using the filter: \u003Ccode>wpeu_email_headers\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Adjust the email body content using the filter \u003Ccode>wpeu_email_body\u003C\u002Fcode>. (Note: \u003Ccode>$new_username\u003C\u002Fcode> and \u003Ccode>$old_username\u003C\u002Fcode> are automatically prepended to the email content).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Hooks Usage:\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php\n\nadd_filter( 'wp_username_changed_email_subject', 'change_email_subject' );\n\nfunction change_email_subject( $subject )\n{\n    $subject = 'Your customized subject';\n\n    return $subject;\n}\n\nadd_filter( 'wp_username_changed_email_body', 'change_email_body' );\n\nfunction change_email_body( $old_username, $new_username )\n{\n    $email_body = \"Your custom email text body.\";\n\n    return $email_body;\n}\n\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Easily Edit User Profile Username clicking a button.",2000,24886,100,5,"2025-12-08T15:37:00.000Z","6.9.4","5.6","8.0",[71,72,73,74,75],"ajax","change-username","profile-edit","user-profile","username","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-edit-username\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-edit-username.2.0.5.zip",99,2,0,"2023-12-19 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":64,"num_ratings":65,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":102,"download_link":103,"security_score":64,"vuln_count":80,"unpatched_count":80,"last_vuln_date":36,"fetched_at":29},"wp-user-profile-restriction","WP User Profile Restriction","2.0.0","Shawon C.","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawon786\u002F","\u003Cp>\u003Cstrong>WP User Profile Restriction\u003C\u002Fstrong> is a powerful yet simple plugin that allows you to restrict profile editing capabilities for specific user roles. Perfect for demo sites, membership websites, or any WordPress installation where you need to maintain control over user profile modifications.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Granular Role-Based Restrictions\u003C\u002Fstrong> – Choose exactly which user roles should be restricted from editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Options\u003C\u002Fstrong> – Redirect restricted users to a specific URL instead of showing an error message\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Menu Hiding\u003C\u002Fstrong> – Profile links are automatically hidden from admin bar and dashboard menu for restricted users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Settings Page\u003C\u002Fstrong> – Configure all options from a user-friendly settings page in WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backward Compatible\u003C\u002Fstrong> – Maintains default security by restricting Subscribers and Contributors by default\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Coding Required\u003C\u002Fstrong> – Simple checkbox interface for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Install and Activate\u003C\u002Fstrong> – The plugin works immediately with secure defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure Settings\u003C\u002Fstrong> – Go to Settings > Profile Restriction to customize\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select Roles\u003C\u002Fstrong> – Check which user roles should be restricted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Redirect\u003C\u002Fstrong> – Set a custom redirect URL if desired\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Done!\u003C\u002Fstrong> – Restricted users can no longer edit their profiles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Default Behavior\u003C\u002Fh4>\n\u003Cp>By default, the plugin restricts \u003Cstrong>Subscribers\u003C\u002Fstrong> and \u003Cstrong>Contributors\u003C\u002Fstrong> from editing their profiles. This maintains security while allowing Editors, Authors, and Administrators full access. You can customize this behavior at any time from the settings page.\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Demo and staging websites\u003C\u002Fli>\n\u003Cli>Membership sites\u003C\u002Fli>\n\u003Cli>Multi-author blogs\u003C\u002Fli>\n\u003Cli>Educational institutions\u003C\u002Fli>\n\u003Cli>Client websites\u003C\u002Fli>\n\u003Cli>Any site requiring profile editing restrictions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What Gets Restricted\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Direct access to profile.php page\u003C\u002Fli>\n\u003Cli>Profile link in admin bar\u003C\u002Fli>\n\u003Cli>Profile submenu in dashboard\u003C\u002Fli>\n\u003Cli>All profile editing capabilities for selected roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Administrator Protection\u003C\u002Fh4>\n\u003Cp>Administrators always retain full access to edit any profile, regardless of plugin settings. This ensures you never lock yourself out of critical functionality.\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support, feature requests, or bug reports, please visit the plugin’s support forum on WordPress.org.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect, store, or transmit any user data. All settings are stored locally in your WordPress database.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Developed by Shawon C for TheInnovs LLC\u003C\u002Fp>\n","Restrict user profile editing with granular role-based controls, custom redirects, and automatic menu hiding for enhanced WordPress security.",400,3430,"2025-11-10T01:02:00.000Z","6.8.5","4.0.3","",[97,98,99,100,101],"disable-editing-user-profile","disable-updating-my-profile","my-profile-restriction","profile-php-restriction","user-profile-restriction","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-profile-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-profile-restriction.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":64,"num_ratings":114,"last_updated":115,"tested_up_to":67,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":95,"download_link":123,"security_score":64,"vuln_count":80,"unpatched_count":80,"last_vuln_date":36,"fetched_at":29},"classic-visual-editor-options","Classic Visual Editor Options","1.0.2","DVeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupracorona\u002F","\u003Cp>💬\u003Cbr \u002F>\n\u003Cem>Dear and respected members of the WordPress community, especially those who still believe that “Code is Poetry” — believe it or not, there are people like me for whom this removed feature still matters.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin restores the classic\u003Cbr \u002F>\n\u003Cstrong>“Visual Editor Options”\u003C\u002Fstrong>\u003Cbr \u002F>\nsection to the user profile screen.\u003C\u002Fp>\n\u003Cp>It’s a clean, dependable tweak — made for those who prefer writing in plain text, without distraction, without visual clutter.\u003C\u002Fp>\n\u003Cp>No extra settings. No noise. Just the option that once was.\u003C\u002Fp>\n\u003Cp>Perfect for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>writers who live in the HTML tab,\u003C\u002Fli>\n\u003Cli>developers who avoid visual editors,\u003C\u002Fli>\n\u003Cli>or anyone who simply misses that checkbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It works with both the Classic and Block editors,\u003Cbr \u002F>\nand doesn’t require any additional plugins.\u003C\u002Fp>\n\u003Cp>Just install, and enjoy the silence of plain text.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>A checkbox labeled \u003Cstrong>“Disable the visual editor when writing”\u003C\u002Fstrong> is added to each user’s profile page.\u003C\u002Fli>\n\u003Cli>When checked, the plugin disables visual editing features and saves the preference (\u003Ccode>rich_editing = false\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Both TinyMCE and Gutenberg are bypassed — only the plain text editor is shown.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Additional behaviors (enabled by default):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevents loading of unnecessary editor scripts and styles for users who opt out.\u003C\u002Fli>\n\u003Cli>Removes visual editor metaboxes when not needed.\u003C\u002Fli>\n\u003Cli>Displays a dismissible admin notice if visual editing is disabled but the plugin is no longer active.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works with both Classic and Block (Gutenberg) editors.\u003C\u002Fli>\n\u003Cli>Compatible with the Genesis Framework and most modern themes.\u003C\u002Fli>\n\u003Cli>Functions independently — does \u003Cstrong>not\u003C\u002Fstrong> require the Classic Editor plugin.\u003C\u002Fli>\n\u003Cli>Honors native WordPress capabilities like \u003Ccode>user_can_richedit\u003C\u002Fcode> and \u003Ccode>use_block_editor_for_post\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>This plugin is translation-ready.\u003Cbr \u002F>\nCurrently available in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Japanese (thanks to @kimipooh)  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to contribute a translation, please visit:\u003Cbr \u002F>\nhttps:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fclassic-visual-editor-options\u002F\u003C\u002Fp>\n","Restores the “Visual Editor Options” section in user profiles.",200,1199,4,"2025-12-03T23:40:00.000Z","5.0","7.4",[119,120,121,74,122],"classic-editor","disable-editor","plain-text","visual-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassic-visual-editor-options.1.0.2.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":64,"num_ratings":27,"last_updated":134,"tested_up_to":67,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":95,"download_link":139,"security_score":64,"vuln_count":80,"unpatched_count":80,"last_vuln_date":36,"fetched_at":29},"edit-usernames","Edit Usernames","1.3.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fedit-usernames\" rel=\"nofollow ugc\">Edit Usernames on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The Edit Usernames plugin allows WordPress admins and WooCommerce managers to edit the users’ usernames through the admin dashboard. All references to previous username are changed after editing, including comment author.\u003C\u002Fp>\n\u003Cp>Note: Editing of your own username and those of Super Admins are currently disallowed.\u003C\u002Fp>\n\u003Ch3>Localizations\u003C\u002Fh3>\n\u003Cp>This plugin is available in the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Request\u003C\u002Fh3>\n\u003Cp>If you find that a part of this plugin isn’t working, let us know what’s broken in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fedit-usernames\u002F\" rel=\"ugc\">its support forum\u003C\u002Fa> so we can make it better. Thanks!\u003C\u002Fp>\n","The Edit Usernames plugin allows WordPress admins and WooCommerce managers to edit the users' usernames through the admin dashboard. Simple!",90,3936,"2026-02-17T09:26:00.000Z","3.0","8.1",[20,22,75,138],"users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedit-usernames.1.3.2.zip",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":64,"num_ratings":27,"last_updated":150,"tested_up_to":93,"requires_at_least":116,"requires_php":151,"tags":152,"homepage":156,"download_link":157,"security_score":64,"vuln_count":80,"unpatched_count":80,"last_vuln_date":36,"fetched_at":29},"admin-credentials-editor","Admin Credentials Editor","1.0.0","Luqman Safay","https:\u002F\u002Fprofiles.wordpress.org\u002Fluqmansafay\u002F","\u003Cp>The Admin Credentials Editor plugin allows site administrators to quickly update their login details without touching the database.\u003Cbr \u002F>\nYou can change the username, email address, or password of your admin account (individually or together) directly from the dashboard.\u003C\u002Fp>\n","Easily change your admin credentials (username, email, password) from the dashboard.",10,695,"2025-09-12T09:59:00.000Z","7.0",[153,72,154,73,155],"admin-username","email-change","username-editor","https:\u002F\u002Fpoetrypashto.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-credentials-editor.1.0.3.zip",{"attackSurface":159,"codeSignals":325,"taintFlows":380,"riskAssessment":470,"analyzedAt":483},{"hooks":160,"ajaxHandlers":310,"restRoutes":321,"shortcodes":322,"cronEvents":323,"entryPointCount":324,"unprotectedCount":324},[161,167,170,173,176,178,181,184,187,191,193,196,200,203,207,210,213,216,219,223,228,232,236,240,244,248,252,255,259,263,267,271,276,280,284,288,292,296,299,302,305],{"type":162,"name":163,"callback":164,"file":165,"line":166},"action","init","wp_user_profiles_set_constants","wp-user-profiles\\includes\\hooks.php",13,{"type":162,"name":163,"callback":168,"file":165,"line":169},"wp_user_profiles_register_profile_section",16,{"type":162,"name":163,"callback":171,"file":165,"line":172},"wp_user_profiles_register_account_section",17,{"type":162,"name":163,"callback":174,"file":165,"line":175},"wp_user_profiles_register_options_section",18,{"type":162,"name":163,"callback":177,"file":165,"line":14},"wp_user_profiles_register_other_section",{"type":162,"name":163,"callback":179,"file":165,"line":180},"wp_user_profiles_register_permissions_section",20,{"type":162,"name":163,"callback":182,"file":165,"line":183},"wp_user_profiles_register_sites_section",21,{"type":162,"name":163,"callback":185,"file":165,"line":186},"wp_user_profiles_admin_register_scripts",24,{"type":162,"name":188,"callback":189,"file":165,"line":190},"admin_menu","wp_user_profiles_admin_menus",27,{"type":162,"name":192,"callback":189,"file":165,"line":47},"network_admin_menu",{"type":162,"name":194,"callback":189,"file":165,"line":195},"user_admin_menu",29,{"type":162,"name":197,"callback":198,"file":165,"line":199},"wp_user_profiles_do_admin_head","wp_user_profiles_admin_enqueue_scripts",32,{"type":162,"name":197,"callback":201,"file":165,"line":202},"wp_user_profiles_admin_menu_highlight",33,{"type":162,"name":204,"callback":205,"file":165,"line":206},"wp_user_profiles_do_admin_load","wp_user_profiles_add_meta_boxes",34,{"type":162,"name":204,"callback":208,"file":165,"line":209},"wp_user_profiles_add_contextual_help",35,{"type":162,"name":204,"callback":211,"file":165,"line":212},"wp_user_profiles_show_screen_options",36,{"type":162,"name":205,"callback":214,"priority":148,"file":165,"line":215},"wp_user_profiles_add_status_meta_box",39,{"type":162,"name":217,"callback":217,"file":165,"line":218},"wp_user_profiles_admin_notices",42,{"type":162,"name":220,"callback":221,"file":165,"line":222},"admin_init","wp_user_profiles_save_user",45,{"type":224,"name":225,"callback":226,"file":165,"line":227},"filter","wp_user_profiles_save","wp_user_profiles_save_user_status",46,{"type":162,"name":229,"callback":230,"file":165,"line":231},"wp_user_profiles_get_admin_notices","wp_user_profiles_save_user_notices",47,{"type":224,"name":233,"callback":234,"file":165,"line":235},"wp_user_profiles_save_permissions_section","wp_user_profiles_save_user_super_admin",48,{"type":224,"name":237,"callback":238,"priority":148,"file":165,"line":239},"map_meta_cap","wp_user_profiles_map_meta_cap",51,{"type":224,"name":241,"callback":242,"file":165,"line":243},"load-profile.php","wp_user_profiles_old_profile_redirect",54,{"type":224,"name":245,"callback":246,"file":165,"line":247},"load-user-edit.php","wp_user_profiles_old_user_edit_redirect",55,{"type":224,"name":249,"callback":250,"priority":148,"file":165,"line":251},"edit_profile_url","wp_user_profiles_edit_user_url_filter",58,{"type":224,"name":253,"callback":250,"priority":148,"file":165,"line":254},"get_edit_user_link",59,{"type":224,"name":256,"callback":257,"file":165,"line":258},"wp_user_profiles_show_other_section","wp_user_profiles_has_profile_actions",67,{"type":162,"name":260,"callback":261,"priority":262,"file":165,"line":51},"wp_user_profiles_nav_actions","wp_user_profiles_admin_nav",12,{"type":162,"name":260,"callback":264,"priority":265,"file":165,"line":266},"wp_user_profiles_admin_subnav",14,71,{"type":162,"name":268,"callback":269,"file":165,"line":270},"bp_init","wp_user_profiles_unhook_bp_profile_nav",74,{"type":224,"name":272,"callback":273,"file":274,"line":275},"ms_sites_list_table_query_args","wp_user_profiles_filter_sites_table_query_args","wp-user-profiles\\includes\\metaboxes\\sites-list.php",38,{"type":224,"name":277,"callback":278,"file":274,"line":279},"views_network-sites","wp_user_profiles_filter_views",63,{"type":224,"name":281,"callback":282,"file":274,"line":283},"bulk_actions-network-sites","wp_user_profiles_filter_bulk_actions",64,{"type":224,"name":285,"callback":286,"priority":148,"file":274,"line":287},"manage_sites_custom_column","wp_user_profiles_filter_role_column",65,{"type":224,"name":289,"callback":290,"file":291,"line":14},"screen_options_show_screen","__return_true","wp-user-profiles\\includes\\screen-options.php",{"type":224,"name":225,"callback":293,"file":294,"line":295},"action_save","wp-user-profiles\\includes\\sections\\base.php",177,{"type":162,"name":205,"callback":297,"priority":148,"file":294,"line":298},"action_add_meta_boxes",180,{"type":162,"name":208,"callback":300,"file":294,"line":301},"add_contextual_help",183,{"type":162,"name":220,"callback":303,"file":304,"line":172},"closure","wp-user-profiles\\includes\\sponsor.php",{"type":162,"name":306,"callback":307,"file":308,"line":309},"plugins_loaded","_wp_user_profiles","wp-user-profiles.php",75,[311,316,319],{"action":312,"nopriv":313,"callback":314,"hasNonce":313,"hasCapCheck":313,"file":165,"line":315},"wp_user_profiles_common_roles",false,"wp_user_profiles_get_common_user_roles_ajax",62,{"action":317,"nopriv":313,"callback":318,"hasNonce":313,"hasCapCheck":313,"file":165,"line":279},"wp_user_profiles_export_roles","wp_user_profiles_export_user_roles_ajax",{"action":317,"nopriv":320,"callback":318,"hasNonce":313,"hasCapCheck":313,"file":165,"line":283},true,[],[],[],3,{"dangerousFunctions":326,"sqlUsage":327,"outputEscaping":329,"fileOperations":80,"externalRequests":27,"nonceChecks":79,"capabilityChecks":180,"bundledLibraries":379},[],{"prepared":80,"raw":80,"locations":328},[],{"escaped":330,"rawEcho":183,"locations":331},102,[332,336,338,340,342,344,346,348,350,352,355,357,359,362,364,367,368,371,373,375,377],{"file":333,"line":334,"context":335},"wp-user-profiles\\includes\\admin.php",477,"raw output",{"file":333,"line":337,"context":335},485,{"file":333,"line":339,"context":335},497,{"file":333,"line":341,"context":335},595,{"file":333,"line":343,"context":335},604,{"file":333,"line":345,"context":335},622,{"file":333,"line":347,"context":335},639,{"file":333,"line":349,"context":335},643,{"file":333,"line":351,"context":335},751,{"file":353,"line":354,"context":335},"wp-user-profiles\\includes\\metaboxes\\account-applications.php",61,{"file":353,"line":356,"context":335},85,{"file":358,"line":212,"context":335},"wp-user-profiles\\includes\\metaboxes\\options-contact.php",{"file":360,"line":361,"context":335},"wp-user-profiles\\includes\\metaboxes\\options-personal.php",113,{"file":360,"line":363,"context":335},123,{"file":365,"line":366,"context":335},"wp-user-profiles\\includes\\metaboxes\\other-all.php",43,{"file":365,"line":231,"context":335},{"file":369,"line":370,"context":335},"wp-user-profiles\\includes\\metaboxes\\permissions-capabilities.php",84,{"file":372,"line":218,"context":335},"wp-user-profiles\\includes\\metaboxes\\profile-about.php",{"file":274,"line":374,"context":335},76,{"file":274,"line":376,"context":335},185,{"file":274,"line":378,"context":335},187,[],[381,398,410,421,434,448,456],{"entryPoint":382,"graph":383,"unsanitizedCount":27,"severity":397},"wp_user_profiles_filter_role_column (wp-user-profiles\\includes\\metaboxes\\sites-list.php:166)",{"nodes":384,"edges":395},[385,390],{"id":386,"type":387,"label":388,"file":274,"line":389},"n0","source","$_GET",175,{"id":391,"type":392,"label":393,"file":274,"line":376,"wp_function":394},"n1","sink","echo() [XSS]","echo",[396],{"from":386,"to":391,"sanitized":313},"medium",{"entryPoint":399,"graph":400,"unsanitizedCount":80,"severity":409},"wp_user_profiles_admin_notices (wp-user-profiles\\includes\\admin.php:303)",{"nodes":401,"edges":407},[402,405],{"id":386,"type":387,"label":403,"file":333,"line":404},"$_REQUEST (x3)",308,{"id":391,"type":392,"label":393,"file":333,"line":406,"wp_function":394},323,[408],{"from":386,"to":391,"sanitized":320},"low",{"entryPoint":411,"graph":412,"unsanitizedCount":80,"severity":409},"wp_user_profiles_user_admin (wp-user-profiles\\includes\\admin.php:653)",{"nodes":413,"edges":419},[414,417],{"id":386,"type":387,"label":415,"file":333,"line":416},"$_SERVER",688,{"id":391,"type":392,"label":393,"file":333,"line":418,"wp_function":394},729,[420],{"from":386,"to":391,"sanitized":320},{"entryPoint":422,"graph":423,"unsanitizedCount":80,"severity":409},"\u003Cadmin> (wp-user-profiles\\includes\\admin.php:0)",{"nodes":424,"edges":431},[425,426,427,429],{"id":386,"type":387,"label":403,"file":333,"line":404},{"id":391,"type":392,"label":393,"file":333,"line":406,"wp_function":394},{"id":428,"type":387,"label":415,"file":333,"line":416},"n2",{"id":430,"type":392,"label":393,"file":333,"line":418,"wp_function":394},"n3",[432,433],{"from":386,"to":391,"sanitized":320},{"from":428,"to":430,"sanitized":320},{"entryPoint":435,"graph":436,"unsanitizedCount":80,"severity":409},"wp_user_profiles_save_user_super_admin (wp-user-profiles\\includes\\capabilities.php:199)",{"nodes":437,"edges":446},[438,442],{"id":386,"type":387,"label":439,"file":440,"line":441},"$_POST","wp-user-profiles\\includes\\capabilities.php",227,{"id":391,"type":392,"label":443,"file":440,"line":444,"wp_function":445},"call_user_func() [RCE]",232,"call_user_func",[447],{"from":386,"to":391,"sanitized":320},{"entryPoint":449,"graph":450,"unsanitizedCount":80,"severity":409},"\u003Ccapabilities> (wp-user-profiles\\includes\\capabilities.php:0)",{"nodes":451,"edges":454},[452,453],{"id":386,"type":387,"label":439,"file":440,"line":441},{"id":391,"type":392,"label":443,"file":440,"line":444,"wp_function":445},[455],{"from":386,"to":391,"sanitized":320},{"entryPoint":457,"graph":458,"unsanitizedCount":80,"severity":409},"\u003Csites-list> (wp-user-profiles\\includes\\metaboxes\\sites-list.php:0)",{"nodes":459,"edges":467},[460,461,462,463],{"id":386,"type":387,"label":388,"file":274,"line":389},{"id":391,"type":392,"label":393,"file":274,"line":376,"wp_function":394},{"id":428,"type":387,"label":388,"file":274,"line":389},{"id":430,"type":392,"label":464,"file":274,"line":465,"wp_function":466},"call_user_func_array() [RCE]",313,"call_user_func_array",[468,469],{"from":386,"to":391,"sanitized":320},{"from":428,"to":430,"sanitized":320},{"summary":471,"deductions":472},"The wp-user-profiles plugin v2.6.2 exhibits a mixed security posture. On the positive side, the code demonstrates strong adherence to secure coding practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output.  Furthermore, it performs a reasonable number of capability checks and includes nonce checks for its entry points.  However, significant security concerns arise from the attack surface.  All three identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthorized actions. The single external HTTP request is also a potential area for vulnerability if not properly handled. The plugin's vulnerability history, specifically a high-severity, unpatched CVE related to Improper Privilege Management, is a critical red flag that overshadows the positive coding practices. This suggests a recurring pattern of security weaknesses that have not been fully addressed, increasing the risk of exploitation.",[473,476,478,481],{"reason":474,"points":475},"Unprotected AJAX handlers",15,{"reason":477,"points":180},"Unpatched High severity CVE",{"reason":479,"points":480},"Flow with unsanitized paths",8,{"reason":482,"points":324},"External HTTP request present","2026-03-16T19:57:06.207Z",{"wat":485,"direct":500},{"assetPaths":486,"generatorPatterns":492,"scriptPaths":493,"versionParams":494},[487,488,489,490,491],"\u002Fwp-content\u002Fplugins\u002Fwp-user-profiles\u002Fassets\u002Fcss\u002Fuser-profiles.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-profiles\u002Fassets\u002Fcss\u002Fmin\u002Fltr\u002Fuser-profiles.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-profiles\u002Fassets\u002Fcss\u002Fmin\u002Frtl\u002Fuser-profiles.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-profiles\u002Fassets\u002Fjs\u002Fuser-profiles.js","\u002Fwp-content\u002Fplugins\u002Fwp-user-profiles\u002Fassets\u002Fjs\u002Fapp-passwords.js",[],[490,491],[495,496,497,498,499],"wp-user-profiles\u002Fassets\u002Fcss\u002Fuser-profiles.css?ver=","wp-user-profiles\u002Fassets\u002Fcss\u002Fmin\u002Fltr\u002Fuser-profiles.css?ver=","wp-user-profiles\u002Fassets\u002Fcss\u002Fmin\u002Frtl\u002Fuser-profiles.css?ver=","wp-user-profiles\u002Fassets\u002Fjs\u002Fuser-profiles.js?ver=","wp-user-profiles\u002Fassets\u002Fjs\u002Fapp-passwords.js?ver=",{"cssClasses":501,"htmlComments":505,"htmlAttributes":506,"restEndpoints":509,"jsGlobals":510,"shortcodeOutput":512},[502,503,504],"wp-user-profiles-admin-wrap","wp-user-profiles-section","wp-user-profiles-metabox",[],[507,508],"data-wp-user-profiles-section","data-wp-user-profiles-metabox",[],[511],"wpUserProfile",[]]