[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmtQ-6TPqCG-n42ceYngixAnJSIQZiKjKcSGz6u0-GR8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":58,"fingerprints":159},"wpsite-limit-posts","Limit Posts by 99 Robots","2.1.3","DraftPress Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fdraftpress\u002F","\u003Cp>Limit the number of posts that your users(non-admins with edit post capability) can publish. This plugin by https:\u002F\u002F99robots.com allows you to limit the number of posts that can be published based on role or user.\u003C\u002Fp>\n\u003Cp>It allows for the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit number of posts by role (non-admins with edit post capability)\u003C\u002Fli>\n\u003Cli>Limit number of posts by user (i.e., John Doe can be limited to 5 posts)\u003C\u002Fli>\n\u003Cli>Posts submitted after user has exceeded their limits will have a new post status of ‘Limited’\u003C\u002Fli>\n\u003Cli>Limit number of posts by post type (coming soon…)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also please check out our other \u003Ca href=\"https:\u002F\u002F99robots.com\u002Fproducts\u002F?utm_source=wprepo&utm_medium=content-resharer&utm_campaign=desc\" rel=\"nofollow ugc\">plugins\u003C\u002Fa> 🙂\u003C\u002Fp>\n","Limit the number of posts or custom post types that can be published based on role (i.e, author) or user.",10,4148,38,8,"","6.0.11","4.9",[19,20,21,22,23],"custom-post-limits","limit-author-posts","limit-number-of-posts","limit-posts","post-creation-limits","https:\u002F\u002Fdraftpress.com\u002Fproducts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpsite-limit-posts.2.1.3.zip",100,0,null,"2026-03-15T10:48:56.248Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"draftpress",12,612840,87,1011,70,"2026-04-04T17:04:00.835Z",[40],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":27,"num_ratings":27,"last_updated":49,"tested_up_to":50,"requires_at_least":50,"requires_php":15,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":57},"wp-post-limiter","WP Post Limiter","1.0","s a","https:\u002F\u002Fprofiles.wordpress.org\u002Fosexpertnet\u002F","\u003Cp>This Plugin will limit the number of posts a user can make.\u003Cbr \u002F>\nIt removes the “new post options” if the maximum number of posts are achieved and moreover the Dashboard overview to prevent that a user can use the QuickPress Widget.\u003C\u002Fp>\n","Restrict the number of possible posts for a Wordpress user.",2744,"2011-02-18T19:58:00.000Z","3.0.5",[22,52,53],"maximum-posts","restrict-posts","http:\u002F\u002Fsaquery.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-limiter.1.0.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":59,"codeSignals":87,"taintFlows":121,"riskAssessment":150,"analyzedAt":158},{"hooks":60,"ajaxHandlers":83,"restRoutes":84,"shortcodes":85,"cronEvents":86,"entryPointCount":27,"unprotectedCount":27},[61,67,71,75,79],{"type":62,"name":63,"callback":64,"file":65,"line":66},"action","plugins_loaded","load_plugin_textdomain","wpsite-limit-posts.php",118,{"type":62,"name":68,"callback":69,"file":65,"line":70},"init","register_post_status",119,{"type":62,"name":72,"callback":73,"file":65,"line":74},"wp_insert_post_data","stop_publish_post",120,{"type":62,"name":76,"callback":77,"file":65,"line":78},"admin_menu","register_pages",127,{"type":62,"name":80,"callback":81,"file":65,"line":82},"admin_notices","posts_notice",128,[],[],[],[],{"dangerousFunctions":88,"sqlUsage":89,"outputEscaping":91,"fileOperations":27,"externalRequests":27,"nonceChecks":118,"capabilityChecks":119,"bundledLibraries":120},[],{"prepared":27,"raw":27,"locations":90},[],{"escaped":92,"rawEcho":33,"locations":93},6,[94,97,99,100,102,104,105,107,110,112,114,116],{"file":95,"line":13,"context":96},"admin\\dashboard.php","raw output",{"file":95,"line":98,"context":96},40,{"file":95,"line":98,"context":96},{"file":95,"line":101,"context":96},65,{"file":95,"line":103,"context":96},67,{"file":95,"line":103,"context":96},{"file":106,"line":14,"context":96},"admin\\header.php",{"file":108,"line":109,"context":96},"admin\\sidebar.php",58,{"file":65,"line":111,"context":96},300,{"file":65,"line":113,"context":96},304,{"file":65,"line":115,"context":96},376,{"file":65,"line":117,"context":96},383,1,4,[],[122,140],{"entryPoint":123,"graph":124,"unsanitizedCount":118,"severity":139},"posts_notice (wpsite-limit-posts.php:286)",{"nodes":125,"edges":136},[126,131],{"id":127,"type":128,"label":129,"file":65,"line":130},"n0","source","$_GET",293,{"id":132,"type":133,"label":134,"file":65,"line":111,"wp_function":135},"n1","sink","echo() [XSS]","echo",[137],{"from":127,"to":132,"sanitized":138},false,"medium",{"entryPoint":141,"graph":142,"unsanitizedCount":27,"severity":149},"\u003Cwpsite-limit-posts> (wpsite-limit-posts.php:0)",{"nodes":143,"edges":146},[144,145],{"id":127,"type":128,"label":129,"file":65,"line":130},{"id":132,"type":133,"label":134,"file":65,"line":111,"wp_function":135},[147],{"from":127,"to":132,"sanitized":148},true,"low",{"summary":151,"deductions":152},"The \"wpsite-limit-posts\" v2.1.3 plugin exhibits a generally good security posture, with no known vulnerabilities or critical issues identified in the static analysis. The plugin demonstrates strong adherence to best practices by utilizing prepared statements for all SQL queries and incorporating both nonce and capability checks. The absence of external HTTP requests and file operations further reduces the attack surface.\n\nHowever, a concern arises from the output escaping analysis, where only 33% of outputs are properly escaped. This suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled meticulously before being displayed. While no critical or high severity taint flows were found, one flow with an unsanitized path warrants attention, as it could potentially be exploited in certain scenarios, though its severity is not explicitly defined.\n\nGiven the lack of historical vulnerabilities, the plugin appears well-maintained and developed with security in mind. The strengths lie in its limited attack surface and robust data handling for database operations. The primary weakness identified is the incomplete output escaping, which is a common but significant security risk. Overall, the plugin is relatively secure, but the output escaping issue requires immediate attention.",[153,155],{"reason":154,"points":14},"Insufficient output escaping",{"reason":156,"points":157},"Taint flow with unsanitized path",5,"2026-03-16T23:19:04.274Z",{"wat":160,"direct":165},{"assetPaths":161,"generatorPatterns":162,"scriptPaths":163,"versionParams":164},[],[],[],[],{"cssClasses":166,"htmlComments":168,"htmlAttributes":169,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":173},[167],"wpsite-limit-posts-wrap",[],[170],"data-wpsite-limit-posts",[],[],[]]