[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUhQrz7U0x9MTKPKWN_vVn3yqNaB0tgQRjqeYaNECkag":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":140,"fingerprints":315},"wp-userlogin","WP-UserLogin","16.01","Jerry Stephens","https:\u002F\u002Fprofiles.wordpress.org\u002Fleftville\u002F","\u003Cp>Front page login\u002Flogout and control panel.\u003C\u002Fp>\n","Front page login\u002Flogout and control panel.",20,44730,0,"2016-01-27T00:48:00.000Z","4.*","3.0","",[19,20,21,22,4],"login","userlogin","users","userslogin","http:\u002F\u002Fwayofthegeek.org\u002Fdownloads\u002Fwp-userlogin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-userlogin.16.01.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"leftville",2,30,84,"2026-04-04T05:06:09.185Z",[36,60,82,103,122],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":46,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":27},"disable-user-login","Disable User Login","1.3.12","Saint Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaintsystems\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the user’s account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want freelance writers to still show up in the authors box, but you don’t want them to be able to login.\u003C\u002Fli>\n\u003Cli>You have former employees who have authored posts and you don’t want to delete them or reassign their posts to other users, but still need them to show up in the “Authors box.”\u003C\u002Fli>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsaintsystems\u002Fdisable-user-login\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","Provides the ability to disable user accounts and prevent them from logging in.",5000,60770,100,4,"2025-09-08T14:13:00.000Z","6.8.5","4.7.0","5.6",[53,54,19,55,21],"account","disable","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-login.1.3.12.zip",1,"2023-11-15 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":44,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":13,"last_vuln_date":81,"fetched_at":27},"simple-login-log","Simple Login Log","2.0.0","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>Simple log of user logins. Tracks user name, time of login, IP address and browser user agent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>ability to filter by user name, successful\u002Ffailed logins, month and year;\u003C\u002Fli>\n\u003Cli>export into CSV file;\u003C\u002Fli>\n\u003Cli>log auto-truncation;\u003C\u002Fli>\n\u003Cli>option to record failed login attempts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian [fa_IR] by \u003Ca href=\"http:\u002F\u002Ftaktaweb.ir\u002F\" rel=\"nofollow ugc\">MohammadHadi Nasiri\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German [de_DE] by Philipp Moore\u003C\u002Fli>\n\u003Cli>Russian [ru_RU]\u003C\u002Fli>\n\u003Cli>Ukrainian [ua_UA]\u003C\u002Fli>\n\u003Cli>Chinese [zh_CN] by \u003Ca href=\"http:\u002F\u002Fwww.mihuwa.com\u002F\" rel=\"nofollow ugc\">Mihuwa\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French [fr_FR] by Mehdi Hamida\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Author: Max Chirkov\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Author: Joris Le Blansch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, the POT file is available in the \u003Cem>languages\u003C\u002Fem> folder. Translation file name convention is \u003Cem>sll-{locale}.mo\u003C\u002Fem>, where {locale} is the locale of your language. Fore example, Russian file name would be \u003Cem>sll-ru_RU.po\u003C\u002Fem>.\u003C\u002Fp>\n","This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.",137544,90,27,"2025-12-31T17:24:00.000Z","6.9.4","6.5","8.2",[76,19,21],"log","https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-log.2.0.0.zip",89,3,"2025-08-17 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":49,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":101,"download_link":102,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","5.4","7.4",[98,19,99,100,21],"expire","password","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":33,"num_ratings":113,"last_updated":114,"tested_up_to":72,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":17,"download_link":121,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,5,"2026-02-17T09:27:00.000Z","4.0","8.1",[19,118,119,120,21],"membership","passwords","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":17,"tags":137,"homepage":138,"download_link":139,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-users","Disable Users","1.0.5","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the users account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaredatch\u002FDisable-Users\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","This plugin gives you the ability to disable specific user accounts via a profile setting.",2000,40108,94,18,"2017-11-28T19:50:00.000Z","4.3.34","4.0.0",[54,19,21],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fdisable-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-users.zip",{"attackSurface":141,"codeSignals":178,"taintFlows":265,"riskAssessment":303,"analyzedAt":314},{"hooks":142,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":13,"unprotectedCount":13},[143,149,153,157,162,166,170],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","wp_enqueue_scripts","wpul_scripts","userlogin.php",56,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_init","wpul_init",416,{"type":144,"name":154,"callback":155,"file":147,"line":156},"admin_menu","wpul_option_page",417,{"type":158,"name":159,"callback":160,"file":147,"line":161},"filter","get_avatar","change_avatar_css",418,{"type":158,"name":163,"callback":164,"file":147,"line":165},"login_form_middle","openid_call",419,{"type":144,"name":167,"callback":168,"file":147,"line":169},"widgets_init","register_wpul",420,{"type":144,"name":171,"callback":172,"file":147,"line":173},"plugins_loaded","wpul_widget_userlogin_init",428,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":188,"fileOperations":263,"externalRequests":13,"nonceChecks":13,"capabilityChecks":70,"bundledLibraries":264},[],{"prepared":13,"raw":31,"locations":181},[182,186],{"file":183,"line":184,"context":185},"wpul-bootstrap.php",19,"$wpdb->get_var() with variable interpolation",{"file":187,"line":184,"context":185},"wpul-nostrap.php",{"escaped":13,"rawEcho":189,"locations":190},35,[191,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261],{"file":192,"line":193,"context":194},"diff.php",228,"raw output",{"file":147,"line":196,"context":194},107,{"file":147,"line":198,"context":194},121,{"file":147,"line":200,"context":194},123,{"file":147,"line":202,"context":194},125,{"file":147,"line":204,"context":194},131,{"file":147,"line":206,"context":194},135,{"file":147,"line":208,"context":194},138,{"file":147,"line":210,"context":194},174,{"file":147,"line":212,"context":194},177,{"file":147,"line":214,"context":194},181,{"file":147,"line":216,"context":194},182,{"file":147,"line":218,"context":194},183,{"file":147,"line":220,"context":194},184,{"file":147,"line":222,"context":194},185,{"file":147,"line":224,"context":194},186,{"file":147,"line":226,"context":194},187,{"file":147,"line":228,"context":194},188,{"file":147,"line":230,"context":194},189,{"file":147,"line":232,"context":194},197,{"file":147,"line":234,"context":194},198,{"file":147,"line":236,"context":194},201,{"file":147,"line":238,"context":194},202,{"file":147,"line":240,"context":194},205,{"file":147,"line":242,"context":194},206,{"file":147,"line":244,"context":194},209,{"file":147,"line":246,"context":194},210,{"file":147,"line":248,"context":194},213,{"file":147,"line":250,"context":194},214,{"file":147,"line":252,"context":194},216,{"file":147,"line":254,"context":194},246,{"file":147,"line":256,"context":194},251,{"file":183,"line":258,"context":194},172,{"file":187,"line":260,"context":194},103,{"file":187,"line":262,"context":194},169,6,[],[266,292],{"entryPoint":267,"graph":268,"unsanitizedCount":31,"severity":291},"wpul_style_editor (userlogin.php:232)",{"nodes":269,"edges":287},[270,275,281,283],{"id":271,"type":272,"label":273,"file":147,"line":274},"n0","source","$_POST",234,{"id":276,"type":277,"label":278,"file":147,"line":279,"wp_function":280},"n1","sink","file_put_contents() [File Write]",237,"file_put_contents",{"id":282,"type":272,"label":273,"file":147,"line":274},"n2",{"id":284,"type":277,"label":285,"file":147,"line":256,"wp_function":286},"n3","echo() [XSS]","echo",[288,290],{"from":271,"to":276,"sanitized":289},false,{"from":282,"to":284,"sanitized":289},"medium",{"entryPoint":293,"graph":294,"unsanitizedCount":31,"severity":291},"\u003Cuserlogin> (userlogin.php:0)",{"nodes":295,"edges":300},[296,297,298,299],{"id":271,"type":272,"label":273,"file":147,"line":274},{"id":276,"type":277,"label":278,"file":147,"line":279,"wp_function":280},{"id":282,"type":272,"label":273,"file":147,"line":274},{"id":284,"type":277,"label":285,"file":147,"line":256,"wp_function":286},[301,302],{"from":271,"to":276,"sanitized":289},{"from":282,"to":284,"sanitized":289},{"summary":304,"deductions":305},"The 'wp-userlogin' v16.01 plugin exhibits a mixed security posture. On the positive side, there are no known CVEs associated with this plugin, indicating a potentially stable history.  Furthermore, the static analysis shows a promising lack of attack surface through typical vectors like AJAX, REST API, shortcodes, and cron events. The presence of a significant number of capability checks (27) suggests an awareness of user role management.\n\nHowever, the code analysis reveals several concerning areas. The most significant risk stems from the fact that 100% of the SQL queries are not using prepared statements, posing a high risk of SQL injection vulnerabilities. Additionally, a complete absence of output escaping (0%) for 35 identified output points is a critical flaw, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks.  While taint analysis found no critical or high severity flows, the presence of two flows with unsanitized paths warrants attention, especially in conjunction with the unescaped output. The lack of nonce checks on AJAX handlers (though there are no AJAX handlers in this version) and the file operations without explicit security context also represent potential, albeit currently theoretical, weaknesses.\n\nIn conclusion, while the plugin has a clean vulnerability history and a limited attack surface, the critical findings regarding SQL and output handling are major security concerns that significantly outweigh the strengths. The plugin requires immediate attention to address the lack of prepared statements and proper output escaping to mitigate severe risks.",[306,309,312],{"reason":307,"points":308},"Raw SQL queries without prepared statements",10,{"reason":310,"points":311},"Lack of output escaping",8,{"reason":313,"points":113},"Taint flows with unsanitized paths","2026-03-16T22:56:35.489Z",{"wat":316,"direct":322},{"assetPaths":317,"generatorPatterns":319,"scriptPaths":320,"versionParams":321},[318],"\u002Fwp-content\u002Fplugins\u002Fwp-userlogin\u002Fcss\u002Fwpul.css",[],[],[],{"cssClasses":323,"htmlComments":325,"htmlAttributes":326,"restEndpoints":329,"jsGlobals":330,"shortcodeOutput":332},[324],"thumbnail",[],[327,328],"data-toggle","data-target",[],[331],"wpul_settings",[333],"[wp_user_login]"]