[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWPyfmjEVp-oslSBmVx7ckRbhW7nGnTE5fjRY1_WWZC4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":152,"fingerprints":360},"wpnamedusers","wpNamedUsers","0.5","andriassundskard","https:\u002F\u002Fprofiles.wordpress.org\u002Fandriassundskard\u002F","\u003Cp>Intranet \u002F Extranet plugin for WordPress that allows users to specify which users and\u002For groups can access specific posts or pages.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select users and\u002For groups who will have access to posts\u002Fpages when writing\u002Fediting.\u003C\u002Fli>\n\u003Cli>Hide content of protected posts\u002Fpages.\u003C\u002Fli>\n\u003Cli>Exclude protected posts\u002Fpages from appearing in the menu.\u003C\u002Fli>\n\u003Cli>Exclude protected posts\u002Fpages from appearing in feeds.\u003C\u002Fli>\n\u003Cli>Copy permissions from one user to another.\u003C\u002Fli>\n\u003Cli>Quickly set\u002Fclear permissions of many posts\u002Fpages without opening each one.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Screenshots ==.\u003C\u002Fh3>\n\u003Col>\n\u003Cli>You can select which users or groups can access the content while writing a post or page.\u003C\u002Fli>\n\u003Cli>You can quickly set permissions for all your content without editing every single post or page.\u003C\u002Fli>\n\u003Cli>You can create new groups and add or remove users from groups.\u003C\u002Fli>\n\u003C\u002Fol>\n","Intranet \u002F Extranet plugin for Wordpress that allows users to specify which users and\u002For groups can access specific posts or pages.",50,14070,0,"2011-03-03T20:34:00.000Z","2.9.2","2.6","",[19,20,21,22,23],"extranet","intranet","page","post","protect","http:\u002F\u002Fwordpress.sundskard.dk\u002Farchives\u002Fcategory\u002Fwpnamedusers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpnamedusers.zip",63,1,"2025-10-13 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-48083","wpnamedusers-cross-site-request-forgery","wpNamedUsers \u003C= 0.5 - Cross-Site Request Forgery","The wpNamedUsers plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=0.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-10-22 20:42:43",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b8372e0-ab18-4817-b293-b75f4855620d?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,68,"2026-04-04T00:34:35.678Z",[50,73,89,111,131],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":70,"download_link":71,"security_score":60,"vuln_count":27,"unpatched_count":13,"last_vuln_date":72,"fetched_at":29},"multiple-post-passwords","Multiple Post Passwords","1.1.4","Andreas Münch","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreasmuench\u002F","\u003Cp>This is a simple Plugin that lets you set multiple passwords for your password protected posts and pages.\u003C\u002Fp>\n\u003Cp>On posts\u002Fpages with password protection it will show an extra Metabox with a field to input additional passwords, one in each line.\u003C\u002Fp>\n\u003Cp>Note that if you just changed a post\u002Fpage to password protection you have to save once so that the extra field appears.\u003C\u002Fp>\n\u003Ch4>Expire passwords\u003C\u002Fh4>\n\u003Cp>You can also make passwords expire after x hours when being used. You can find the settings under Settings -> Multiple Post Passwords.\u003C\u002Fp>\n\u003Cp>Note that the actual deletion of the passwords is triggered by a cronjob which is run every 30 minutes. So even if you set your expiry time to very short, it may still take 30 minutes until the password really expires.\u003C\u002Fp>\n\u003Cp>Also note that the expiration only works for the additional passwords, not for the standard WordPress page\u002Fpost password.\u003C\u002Fp>\n\u003Ch4>Using lots of passwords on one page\u003C\u002Fh4>\n\u003Cp>If you are using lots of passwords on one page and the password check takes a long time, you should activate the alternative password check in the settings to speed up the password check.\u003C\u002Fp>\n","Set multiple passwords for your protected pages so you can give them to different users.",2000,24287,100,11,"2026-01-17T16:46:00.000Z","6.8.5","4.7.0","5.6",[67,21,68,22,69],"multiple","password","protected","https:\u002F\u002Fwww.andreasmuench.de\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-post-passwords.1.1.4.zip","2023-11-28 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":60,"num_ratings":83,"last_updated":84,"tested_up_to":63,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":17,"download_link":88,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"password-passthrough","Password Passthrough","2.0.0","KaeruCT","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaeruct\u002F","\u003Cp>This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.\u003C\u002Fp>\n\u003Cp>The query string parameter that should contain the password is \u003Ccode>pw\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>For example, if the URL of your post is \u003Ccode>http:\u002F\u002Fmyblog.com\u002Fpassword-protected-page\u002F\u003C\u002Fcode> and the password is \u003Ccode>PASSWORD\u003C\u002Fcode>,\u003Cbr \u002F>\nthen just append \u003Ccode>?pw=PASSWORD\u003C\u002Fcode> to it.\u003C\u002Fp>\n\u003Cp>If the URL already contains a query string (for example, \u003Ccode>http:\u002F\u002Fmyblog.com\u002F?p=5\u003C\u002Fcode>), then be sure to append \u003Ccode>&pw=PASSWORD\u003C\u002Fcode> instead.\u003C\u002Fp>\n","This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.",600,6589,6,"2025-06-21T19:23:00.000Z","5.4",[21,68,22,69,87],"url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-passthrough.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":13,"num_ratings":13,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":17,"tags":102,"homepage":108,"download_link":109,"security_score":110,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"authpro","AuthPro","1.3.0","yuryk","https:\u002F\u002Fprofiles.wordpress.org\u002Fyuryk\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.authpro.com\" rel=\"nofollow ugc\">AuthPro.com\u003C\u002Fa> is remotely hosted password protection and membership site management service for your website.\u003Cbr \u002F>\nWith this plugin you can easily add AuthPro protection code to your WordPress blog.\u003C\u002Fp>\n\u003Cp>You can select to protect whole website or selected pages or posts.\u003Cbr \u002F>\nYou can also disable protection code on all pages page if you need.\u003C\u002Fp>\n\u003Cp>PS: You’ll need an active AuthPro account to use this plugin.\u003Cbr \u002F>\nIf you do not have AuthPro account you can \u003Ca href=\"https:\u002F\u002Fwww.authpro.com\u002Fsignup.shtml\" rel=\"nofollow ugc\">signup\u003C\u002Fa> for new one on authpro.com website.\u003C\u002Fp>\n","Adds AuthPro.com remotely hosted service support to your WordPress website.",10,2502,"2022-11-23T13:08:00.000Z","6.1.10","4.1.0",[103,104,105,106,107],"category-protection","login","page-protection","password-protection","post-protection","https:\u002F\u002Fwww.authpro.com\u002Fintegrations\u002Fwordpress.shtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthpro.1.3.0.zip",85,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":97,"downloaded":119,"rating":60,"num_ratings":27,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":110,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"login-logout-shortcode-simple","Login Logout Shortcode Simple","1.0","clodoaldoevangelista","https:\u002F\u002Fprofiles.wordpress.org\u002Fclodoaldoevangelista\u002F","\u003Cp>Protect your pages by just adding the shortcode [login-logout-shortcode-simple]. No need to know programming. You can now choose which levels of users can access protected content. Install the new version and configure your preferences.\u003C\u002Fp>\n","Protect your pages by just adding a shortcode. No need to know programming. [login-logout-shortcode-simple] only!",1958,"2020-10-11T23:38:00.000Z","5.6.17","4.3","5.3",[104,125,126,127,128],"login-logout","post-protect","protec-post","protect-your-pages","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flogin-logout-shortcode-simple\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-logout-shortcode-simple.1.0.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":13,"downloaded":139,"rating":13,"num_ratings":13,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":149,"download_link":150,"security_score":151,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"advanced-post-password","Advanced Post Password","1.1.2","Chema","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeambulando\u002F","\u003Cp>This plugin offers advanced security features for password-protected posts\u002Fpages.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n– Access multiple posts\u002Fpages without entering passwords repeatedly.\u003Cbr \u002F>\n– Admins can bypass password entry for protected pages.\u003Cbr \u002F>\n– Set a master URL to access all password-protected posts.\u003Cbr \u002F>\n– Option to remove WordPress-added prefixes from private and password-protected pages.\u003C\u002Fp>\n\u003Cp>To use, simply install and activate the plugin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For assistance or queries, please reach out to us at wordpress forums. https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadvanced-post-password\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later.\u003C\u002Fp>\n","Enhance the security of password-protected posts\u002Fpages with this plugin.",1740,"2024-11-15T16:45:00.000Z","6.7.5","6.0","7.4",[145,146,68,147,148],"cookie","page-title","post-password","remove-protected","https:\u002F\u002Fgarridodiaz.com\u002Fcategory\u002Fwp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-post-password.1.1.2.zip",92,{"attackSurface":153,"codeSignals":186,"taintFlows":281,"riskAssessment":348,"analyzedAt":359},{"hooks":154,"ajaxHandlers":182,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":13,"unprotectedCount":13},[155,160,163,166,169,172,175,179],{"type":156,"name":157,"callback":157,"file":158,"line":159},"action","init","wpNamedUsers.php",808,{"type":156,"name":161,"callback":161,"file":158,"line":162},"admin_menu",810,{"type":156,"name":164,"callback":164,"priority":27,"file":158,"line":165},"save_post",811,{"type":156,"name":167,"callback":167,"file":158,"line":168},"delete_post",812,{"type":156,"name":170,"callback":170,"file":158,"line":171},"user_register",813,{"type":156,"name":173,"callback":173,"file":158,"line":174},"delete_user",814,{"type":176,"name":177,"callback":177,"file":158,"line":178},"filter","wp_list_pages_excludes",816,{"type":176,"name":180,"callback":180,"file":158,"line":181},"posts_where",817,[],[],[],[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":213,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":189,"bundledLibraries":280},[],{"prepared":189,"raw":97,"locations":190},20,[191,194,196,199,201,203,205,207,209,211],{"file":158,"line":192,"context":193},335,"$wpdb->get_results() with variable interpolation",{"file":158,"line":195,"context":193},336,{"file":158,"line":197,"context":198},463,"$wpdb->get_col() with variable interpolation",{"file":158,"line":200,"context":193},500,{"file":158,"line":202,"context":193},501,{"file":158,"line":204,"context":193},590,{"file":158,"line":206,"context":198},591,{"file":158,"line":208,"context":193},615,{"file":158,"line":210,"context":198},616,{"file":158,"line":212,"context":198},730,{"escaped":13,"rawEcho":214,"locations":215},38,[216,219,221,223,225,227,228,230,231,233,234,235,237,238,240,241,242,244,245,246,248,250,252,254,256,258,259,261,262,263,265,266,268,270,272,274,276,278],{"file":158,"line":217,"context":218},210,"raw output",{"file":158,"line":220,"context":218},309,{"file":158,"line":222,"context":218},326,{"file":158,"line":224,"context":218},340,{"file":158,"line":226,"context":218},356,{"file":158,"line":226,"context":218},{"file":158,"line":229,"context":218},369,{"file":158,"line":229,"context":218},{"file":158,"line":232,"context":218},381,{"file":158,"line":232,"context":218},{"file":158,"line":232,"context":218},{"file":158,"line":236,"context":218},390,{"file":158,"line":236,"context":218},{"file":158,"line":239,"context":218},417,{"file":158,"line":239,"context":218},{"file":158,"line":239,"context":218},{"file":158,"line":243,"context":218},428,{"file":158,"line":243,"context":218},{"file":158,"line":243,"context":218},{"file":158,"line":247,"context":218},457,{"file":158,"line":249,"context":218},478,{"file":158,"line":251,"context":218},491,{"file":158,"line":253,"context":218},497,{"file":158,"line":255,"context":218},505,{"file":158,"line":257,"context":218},531,{"file":158,"line":257,"context":218},{"file":158,"line":260,"context":218},542,{"file":158,"line":260,"context":218},{"file":158,"line":260,"context":218},{"file":158,"line":264,"context":218},566,{"file":158,"line":264,"context":218},{"file":158,"line":267,"context":218},587,{"file":158,"line":269,"context":218},588,{"file":158,"line":271,"context":218},595,{"file":158,"line":273,"context":218},604,{"file":158,"line":275,"context":218},613,{"file":158,"line":277,"context":218},620,{"file":158,"line":279,"context":218},629,[],[282,301,328],{"entryPoint":283,"graph":284,"unsanitizedCount":13,"severity":300},"permissions_page (wpNamedUsers.php:119)",{"nodes":285,"edges":297},[286,291],{"id":287,"type":288,"label":289,"file":158,"line":290},"n0","source","$_POST (x2)",314,{"id":292,"type":293,"label":294,"file":158,"line":295,"wp_function":296},"n1","sink","query() [SQLi]",319,"query",[298],{"from":287,"to":292,"sanitized":299},true,"low",{"entryPoint":302,"graph":303,"unsanitizedCount":13,"severity":300},"\u003CwpNamedUsers> (wpNamedUsers.php:0)",{"nodes":304,"edges":324},[305,307,308,312,316,319],{"id":287,"type":288,"label":306,"file":158,"line":290},"$_POST (x14)",{"id":292,"type":293,"label":294,"file":158,"line":295,"wp_function":296},{"id":309,"type":288,"label":310,"file":158,"line":311},"n2","$_POST",460,{"id":313,"type":293,"label":314,"file":158,"line":197,"wp_function":315},"n3","get_col() [SQLi]","get_col",{"id":317,"type":288,"label":310,"file":158,"line":318},"n4",494,{"id":320,"type":293,"label":321,"file":158,"line":322,"wp_function":323},"n5","update_option() [Settings Manipulation]",496,"update_option",[325,326,327],{"from":287,"to":292,"sanitized":299},{"from":309,"to":313,"sanitized":299},{"from":317,"to":320,"sanitized":299},{"entryPoint":329,"graph":330,"unsanitizedCount":346,"severity":347},"groups_page (wpNamedUsers.php:446)",{"nodes":331,"edges":341},[332,335,337,338,339,340],{"id":287,"type":288,"label":333,"file":158,"line":334},"$_POST (x5)",452,{"id":292,"type":293,"label":294,"file":158,"line":336,"wp_function":296},456,{"id":309,"type":288,"label":310,"file":158,"line":311},{"id":313,"type":293,"label":314,"file":158,"line":197,"wp_function":315},{"id":317,"type":288,"label":310,"file":158,"line":318},{"id":320,"type":293,"label":321,"file":158,"line":322,"wp_function":323},[342,344,345],{"from":287,"to":292,"sanitized":343},false,{"from":309,"to":313,"sanitized":343},{"from":317,"to":320,"sanitized":343},7,"high",{"summary":349,"deductions":350},"The wpnamedusers plugin v0.5 presents a mixed security posture. On the positive side, the plugin demonstrates strong adherence to WordPress security best practices with a significant number of capability checks and a single nonce check, contributing to a robust defense against common attacks. The absence of direct file operations and external HTTP requests further minimizes its attack surface in these areas.  However, the static analysis reveals critical weaknesses. A concerning 100% of output is not properly escaped, posing a significant risk for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis indicates a flow with an unsanitized path, identified as high severity, which could potentially lead to data manipulation or unauthorized access if exploited.  The vulnerability history shows a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, and the presence of one unpatched CVE, though its severity isn't explicitly stated beyond being \"medium,\" is a significant concern. This history, combined with the current unescaped output and high-severity taint flow, suggests a pattern of overlooking critical output sanitization and potentially incomplete vulnerability remediation. While the plugin has strengths in authentication and input validation for certain entry points (which are currently zero, but this could change), the unaddressed output escaping and the lingering unpatched vulnerability are substantial risks that require immediate attention.",[351,354,356],{"reason":352,"points":353},"Unpatched CVE exists",15,{"reason":355,"points":97},"High severity taint flow found",{"reason":357,"points":358},"100% of output unescaped",8,"2026-03-16T21:55:36.242Z",{"wat":361,"direct":369},{"assetPaths":362,"generatorPatterns":364,"scriptPaths":365,"versionParams":366},[363],"\u002Fwp-content\u002Fplugins\u002Fwpnamedusers\u002Fcss\u002FwpNamedUsers.css",[],[],[367,368],"wpNamedUsers\u002Fstyle.css?ver=","wpNamedUsers.js?ver=",{"cssClasses":370,"htmlComments":371,"htmlAttributes":372,"restEndpoints":373,"jsGlobals":374,"shortcodeOutput":375},[],[],[],[],[],[]]