[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgCHvpB1jzDA6g6qptlOM7PEMJeTouK2J4lOEvbCbyO0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":133,"fingerprints":251},"apoyl-qq","[凹凸曼]一键QQ登录","1.9.2","apoyl","https:\u002F\u002Fprofiles.wordpress.org\u002Fapoyl\u002F","\u003Cp>这是一款实现QQ互联一键登录网站，让用户不在繁琐去注册用户，一键实现QQ登录，极大的方便用户登录网站.\u003C\u002Fp>\n\u003Ch3>插件功能\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>支持登录一键QQ登录\u003C\u002Fli>\n\u003Cli>支持自动同步QQ昵称到网站用户名,前提满足wp用户的注册要求\u003C\u002Fli>\n\u003Cli>支持一键QQ登录用户，自定义角色：订阅者，贡献者，作者，编辑，管理员，这个站点没有任何用户角色\u003C\u002Fli>\n\u003Cli>支持绑定记录管理\u003C\u002Fli>\n\u003Cli>支持已登录账号可以绑定QQ\u003C\u002Fli>\n\u003Cli>支持解绑账号\u003C\u002Fli>\n\u003Cli>支持中文名称\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>以上功能部分免费,点击购买付费版：\u003Ca href=\"http:\u002F\u002Fwww.girltm.com\u002F\" rel=\"nofollow ugc\">凹凸曼插件\u003C\u002Fa>\u003Cbr \u002F>\n也可以加开发者QQ：3201361925 email: 3201361925@qq.com\u003C\u002Fp>\n","这是一款实现QQ互联一键登录网站，让用户不在繁琐去注册用户，一键实现QQ登录，极大的方便用户登录网站.",10,2263,0,"2026-01-15T07:44:00.000Z","6.9.4","6.0","7.4",[19,20,21,22,23],"%e7%99%bb%e5%bd%95","%e9%80%9a%e8%a1%8c%e8%af%81","oauth2","qq","qqlogin","http:\u002F\u002Fwww.girltm.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-qq.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},27,710,30,94,"2026-04-04T18:07:23.134Z",[37,51,70,87,109],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":24,"download_link":50,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"apoyl-weixin","[凹凸曼]一键微信登录","2.4.0","\u003Cp>这是一款实现微信互联一键登录网站，让用户不在繁琐去注册用户，一键实现微信登录，可以让电脑版网站扫描登录和手机微信登录，多个公众号，甚至以后需要移动APP应用微信登录，统一用户账号的需求，极大的方便用户登录网站.\u003C\u002Fp>\n\u003Ch3>插件功能\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>支持登录一键微信登录,可以实现手机快捷登录和PC扫描登录微信\u003C\u002Fli>\n\u003Cli>支持自动同步微信昵称到网站用户名,前提满足wordpress用户的注册要求\u003C\u002Fli>\n\u003Cli>支持一键微信登录用户，自定义角色：订阅者，贡献者，作者，编辑，管理员，这个站点没有任何用户角色\u003C\u002Fli>\n\u003Cli>支持查看管理绑定记录管理+\u003C\u002Fli>\n\u003Cli>支持已登录账号可以绑定微信\u003C\u002Fli>\n\u003Cli>支持管理员解绑账号\u003C\u002Fli>\n\u003Cli>支持微信账户中文昵称自动注册wordpress昵称\u003C\u002Fli>\n\u003Cli>支持你想实现电脑版网站扫描登录和手机微信登录，多个公众号，甚至以后需要移动APP应用微信登录，统一用户账号的需求，此插件也满足\u003C\u002Fli>\n\u003Cli>支持微信头像同步到用户并显示\u003C\u002Fli>\n\u003Cli>支持其他插件或者模板页面调用微信登录，需要手动部署（如woocommerce的页面实现微信登录）\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>以上功能部分免费,点击购买付费版：\u003Ca href=\"http:\u002F\u002Fwww.girltm.com\u002F\" rel=\"nofollow ugc\">凹凸曼插件\u003C\u002Fa>\u003Cbr \u002F>\n也可以加开发者QQ：3201361925 email: 3201361925@qq.com\u003C\u002Fp>\n","这是一款实现微信互联一键登录网站，让用户不在繁琐去注册用户，一键实现微信登录，可以让电脑版网站扫描登录和手机微信登录，多个公众号，甚至以后需要移动APP应用微信登录，统一用户账号的需求，极大的方便用户登录网站.",20,3796,"2025-12-25T08:57:00.000Z",[19,21,47,48,49],"wechat","weixin","%e5%be%ae%e4%bf%a1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-weixin.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":13,"num_ratings":13,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":67,"download_link":68,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"qqconnect","QQ登录","1.0.1","qlwz","https:\u002F\u002Fprofiles.wordpress.org\u002Fqlwz\u002F","\u003Cp>一个直接使用QQ登录的WP的插件\u003C\u002Fp>\n","一个直接使用QQ登录的WP的插件",6867,"2012-03-18T03:39:00.000Z","3.3.2","3.0.0","",[65,55,52,66],"94qing-com","qq%e7%99%bb%e5%bd%95","http:\u002F\u002Fwww.94qing.com\u002Fqqconnect.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqqconnect.zip",85,{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":34,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":63,"tags":83,"homepage":85,"download_link":86,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"qqworld-passport","QQWorld通行证 \u002F QQWorld Passport","1.2.1","Michael Wang","https:\u002F\u002Fprofiles.wordpress.org\u002Fqqworld\u002F","\u003Cp>QQWorld通行证，支持多种第三方登录，目前支持QQ，微信和微博。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>子付费插件：QQWorld同步器 \u002F QQWorld Synchronizer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>作为QQWorld通行证的扩展插件，将提供各模块的扩展功能。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n        \u003Cstrong>腾讯QQ\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>暂无\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n        \u003Cstrong>微信\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>自动同步Woocommerce收货地址\u003C\u002Fli>\n\u003Cli>微信自定义菜单\u003C\u002Fli>\n\u003Cli>自动登录\u003C\u002Fli>\n\u003Cli>自动同步文章到微信公众号\u003C\u002Fli>\n\u003Cli>对于未关注公众号的用户，自动显示关注链接\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n        \u003Cstrong>腾讯微博\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>暂无\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>购买地址：\u003Ca href=\"http:\u002F\u002Fwww.qqworld.org\u002Fproducts\u002Fqqworld-synchronizer\" rel=\"nofollow ugc\">QQWorld同步器 \u002F QQWorld Synchronizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>联系方式:\u003C\u002Fp>\n\u003Cp>邮箱: admin@qqworld.org\u003C\u002Fp>\n\u003Cp>QQ: 172269588\u003C\u002Fp>\n","QQWorld通行证，支持多种第三方登录，目前支持QQ，微信和微博。尤其是支持多个网站使用同一个微信服务号oauth2登录。",10727,3,"2020-10-10T01:28:00.000Z","5.5.18","3.5",[84,21,22],"login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fqqworld-passport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqqworld-passport.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":26,"num_ratings":43,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":17,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":107,"unpatched_count":13,"last_vuln_date":108,"fetched_at":28},"daggerhart-openid-connect-generic","OpenID Connect Generic Client","3.11.3","Jonathan Daggerhart","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaggerhart\u002F","\u003Cp>This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.\u003Cbr \u002F>\nOnce installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”\u003Cbr \u002F>\nbutton on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while\u003Cbr \u002F>\nnew users are created in WordPress database.\u003C\u002Fp>\n\u003Cp>Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.\u003C\u002Fp>\n\u003Cp>Please submit issues to the Github repo: https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic\u003C\u002Fp>\n","A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.",10000,177319,"2026-02-13T04:36:00.000Z","6.9.0","5.0",[101,84,21,102,103],"apps","openidconnect","security","https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaggerhart-openid-connect-generic.3.11.3.zip",98,2,"2025-12-17 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":98,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":13,"last_vuln_date":132,"fetched_at":28},"oauth2-provider","WP OAuth Server (OAuth Authentication)","4.5.0","Jayson T Cote","https:\u002F\u002Fprofiles.wordpress.org\u002Faskjayson\u002F","\u003Cp>Connect your app to WordPress or use SSO to connect multiple websites with the same username and passwords. No 3rd party servers are needed with WP OAuth Server. Everything you need is in this plugin.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZOUsY4Kp_6U?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WP REST API Authentication. Provides ability to make authorized calls to protected REST API endpoints.\u003C\u002Fli>\n\u003Cli>WP REST API Lock Down. Prevent any calls to the REST API unless authorized\u003C\u002Fli>\n\u003Cli>Unlimited OAuth 2.0 Clients\u003C\u002Fli>\n\u003Cli>Support for Implicit Flow\u003C\u002Fli>\n\u003Cli>Built-In Resource Server\u003C\u002Fli>\n\u003Cli>Automated Authorization Flow (User does not have to see authorization screen)\u003C\u002Fli>\n\u003Cli>Easily Extend\u002F Modify the Endpoints\u003C\u002Fli>\n\u003Cli>OAuth 2.0 PKCE\u003C\u002Fli>\n\u003Cli>Modern and Legacy JWT authorization support. OAuth 2.0 JSON Web Token Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Grant Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Authentication Code w\u002FImplicit\u003C\u002Fli>\n\u003Cli>User Credentials (Pro)\u003C\u002Fli>\n\u003Cli>Client Credentials (Pro)\u003C\u002Fli>\n\u003Cli>Refresh Token (Pro)\u003C\u002Fli>\n\u003Cli>OpenID Connect (Pro)\u003C\u002Fli>\n\u003Cli>OpenID Discovery\u003C\u002Fli>\n\u003Cli>Public Clients (Pro)\u003C\u002Fli>\n\u003Cli>Public Client Proof of Key Exchange (PKCE)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supports\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Connecting any Custom Mobile and Desktop Application to WordPress’s Backend.\u003C\u002Fli>\n\u003Cli>Any software or web platform utilizing OAuth 2.0.\u003C\u002Fli>\n\u003Cli>Allows RocketChat to use WordPress as a Backend.\u003C\u002Fli>\n\u003Cli>Connects Moodle LMS and use WordPress users.\u003C\u002Fli>\n\u003Cli>Alexa Skills Authentication\u003C\u002Fli>\n\u003Cli>Tribe.so Community OAuth 2 SSO Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to Use\u003C\u002Fh4>\n\u003Cp>Visit https:\u002F\u002Fwp-oauth.com\u002Fsupport\u002Fdocumentation\u002F for detailed documentation on installing, configuring and using\u003Cbr \u002F>\nWordPress OAuth Server.\u003C\u002Fp>\n\u003Ch4>Licensing\u003C\u002Fh4>\n\u003Cp>WP OAuth Server is free to use. Please support the project by licensing. You can view more information at\u003Cbr \u002F>\nhttps:\u002F\u002Fwp-oauth.com.\u003C\u002Fp>\n\u003Ch4>Minimum Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP 5.6.4 or greater \u003Cem>(latest version recommended)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>OpenSSL installed and enabled if you plan on using OpenID Connect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Other Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>NOTE: As of 3.0.0, there are no backward compatibility for any version older than 3.0.0\u003C\u002Fli>\n\u003Cli>NOTE: Due to IIS’s inability play nice, WP OAuth Server may work but is very limited for Windows OS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Support requests should be made by opening a support request at https:\u002F\u002Fwp-oauth.com\u002Fsupport\u002Fsubmit-ticket\u002F.\u003C\u002Fp>\n","Adds Authentication through OAuth 2. Provides the ability for Single Sign On for websites & Mobile Applications.",3000,174039,76,41,"2026-01-24T02:08:00.000Z","4.7.2",[124,125,21,126,127],"oauth","oauth-provider","oauth2-service","provider","http:\u002F\u002Fwp-oauth.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foauth2-provider.4.5.0.zip",92,7,"2024-04-05 00:00:00",{"attackSurface":134,"codeSignals":172,"taintFlows":194,"riskAssessment":242,"analyzedAt":250},{"hooks":135,"ajaxHandlers":155,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":171,"unprotectedCount":171},[136,142,145,148,152],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","plugins_loaded","anonymous","includes\\qq.php",46,{"type":137,"name":143,"callback":139,"file":140,"line":144},"admin_menu",52,{"type":137,"name":146,"callback":139,"file":140,"line":147},"wp_before_admin_bar_render",53,{"type":149,"name":150,"callback":139,"file":140,"line":151},"filter","sanitize_user",64,{"type":137,"name":153,"callback":139,"file":140,"line":154},"login_form",66,[156,160,163,166],{"action":157,"nopriv":158,"callback":139,"hasNonce":158,"hasCapCheck":158,"file":140,"line":159},"apoyl_qq_ajax",false,68,{"action":161,"nopriv":158,"callback":139,"hasNonce":158,"hasCapCheck":158,"file":140,"line":162},"apoyl_qq_callback",69,{"action":157,"nopriv":164,"callback":139,"hasNonce":158,"hasCapCheck":158,"file":140,"line":165},true,71,{"action":161,"nopriv":164,"callback":139,"hasNonce":158,"hasCapCheck":158,"file":140,"line":167},72,[],[],[],4,{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":181,"fileOperations":13,"externalRequests":175,"nonceChecks":171,"capabilityChecks":13,"bundledLibraries":193},[],{"prepared":107,"raw":175,"locations":176},1,[177],{"file":178,"line":179,"context":180},"includes\\activator.php",32,"$wpdb->get_var() with variable interpolation",{"escaped":182,"rawEcho":171,"locations":183},15,[184,188,190,191],{"file":185,"line":186,"context":187},"admin\\partials\\setting.php",26,"raw output",{"file":185,"line":189,"context":187},33,{"file":185,"line":167,"context":187},{"file":185,"line":192,"context":187},74,[],[195,218,229],{"entryPoint":196,"graph":197,"unsanitizedCount":175,"severity":217},"qq_callback (api\\qqapi\\QqConnect.class.php:55)",{"nodes":198,"edges":214},[199,204,208],{"id":200,"type":201,"label":202,"file":203,"line":159},"n0","source","$_GET","api\\qqapi\\QqConnect.class.php",{"id":205,"type":206,"label":207,"file":203,"line":159},"n1","transform","→ httpGet()",{"id":209,"type":210,"label":211,"file":203,"line":212,"wp_function":213},"n2","sink","wp_remote_get() [SSRF]",144,"wp_remote_get",[215,216],{"from":200,"to":205,"sanitized":158},{"from":205,"to":209,"sanitized":158},"medium",{"entryPoint":219,"graph":220,"unsanitizedCount":79,"severity":217},"\u003CQqConnect.class> (api\\qqapi\\QqConnect.class.php:0)",{"nodes":221,"edges":226},[222,224,225],{"id":200,"type":201,"label":223,"file":203,"line":159},"$_GET (x3)",{"id":205,"type":206,"label":207,"file":203,"line":159},{"id":209,"type":210,"label":211,"file":203,"line":212,"wp_function":213},[227,228],{"from":200,"to":205,"sanitized":158},{"from":205,"to":209,"sanitized":158},{"entryPoint":230,"graph":231,"unsanitizedCount":13,"severity":241},"\u003Csetting> (admin\\partials\\setting.php:0)",{"nodes":232,"edges":239},[233,236],{"id":200,"type":201,"label":234,"file":185,"line":235},"$_POST",17,{"id":205,"type":210,"label":237,"file":185,"line":43,"wp_function":238},"update_option() [Settings Manipulation]","update_option",[240],{"from":200,"to":205,"sanitized":164},"low",{"summary":243,"deductions":244},"The \"apoyl-qq\" plugin v1.9.2 presents a moderate security risk primarily due to its unprotected AJAX handlers. While the plugin demonstrates good practices in some areas, such as the absence of dangerous functions, file operations, and external HTTP requests, and a reasonable percentage of SQL queries using prepared statements, the significant number of unprotected entry points is a major concern.  All four identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these actions, leading to a wide attack surface.\n\nThe taint analysis indicates that while no critical or high-severity unsanitized flows were found, two flows with unsanitized paths were identified. This suggests a potential for injection-type vulnerabilities if the data processed by these paths is not properly validated and sanitized before use, though the severity was not deemed critical or high in this analysis. The plugin's history is clean, with no recorded CVEs, which is a positive sign. However, this lack of historical issues does not negate the immediate risks identified in the current static analysis.\n\nIn conclusion, the plugin has strengths in avoiding common pitfalls like dangerous functions and raw SQL, and its vulnerability history is excellent. Nevertheless, the unprotected AJAX handlers represent a significant weakness that attackers could exploit. Addressing these unprotected entry points should be the highest priority for improving the plugin's security posture.",[245,247],{"reason":246,"points":11},"Unprotected AJAX handlers",{"reason":248,"points":249},"Flows with unsanitized paths (non-critical)",5,"2026-03-17T00:15:17.323Z",{"wat":252,"direct":261},{"assetPaths":253,"generatorPatterns":256,"scriptPaths":257,"versionParams":258},[254,255],"\u002Fwp-content\u002Fplugins\u002Fapoyl-qq\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fapoyl-qq\u002Fadmin\u002Fjs\u002Fadmin.js",[],[255],[259,260],"apoyl-qq\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","apoyl-qq\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":262,"htmlComments":263,"htmlAttributes":264,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":267},[],[],[],[],[],[]]