[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZkie-zQQO6pOkcdkZtjrnTFCmERQ4WsAv9r6hs-lHyY":3,"$f5t3QLKQzYS06S_MaYyd0o2q3Esa02FsuFtgjbtFYOWk":262,"$fw-aQ8hwLMnWP8I7Y0WqEP0Y3NH7paXKQ8esJq7FwaQ0":266},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":130,"fingerprints":238},"asd-passkey-login","ASD Passkey Login","1.0.1","Bobby karsono","https:\u002F\u002Fprofiles.wordpress.org\u002Fbkarsono\u002F","\u003Cp>ASD Passkey for WordPress, known as JWT EAuth outside the WordPress ecosystem, is a cutting-edge authentication service designed to enhance online security by replacing traditional passwords with advanced methods like biometrics (fingerprint, facial recognition) or hardware security keys. As cyber threats become increasingly sophisticated, password-based systems are more vulnerable to attacks such as phishing, credential stuffing, and data breaches.\u003C\u002Fp>\n\u003Cp>With JWT EAuth, businesses can adopt a modern, secure solution that not only protects data but also improves user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Enhanced security with passwordless login.\u003Cbr \u002F>\n* Improved user experience with biometric and hardware key support.\u003Cbr \u002F>\n* Builds trust through advanced encryption and anti-phishing technology.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Major features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Seamless integration without additional API settings.\u003Cbr \u002F>\n* Standard passkey and asymmetric encryption support.\u003Cbr \u002F>\n* Corporate SMTP support for email notifications (pro).\u003Cbr \u002F>\n* Customizable email templates (pro).\u003Cbr \u002F>\n* Supports login using FedCM (pro).\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin respects user privacy and follows best practices for data protection. Below are the details regarding how user data is handled when using this plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Data Collected\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email or username: Used to initiate the passkey-based authentication process.\u003C\u002Fli>\n\u003Cli>Public key: Generated by the user’s device during registration and stored securely on the server.\u003C\u002Fli>\n\u003Cli>Authentication challenge: Temporarily generated for login verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>External Servers\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin communicates with the server at \u003Ccode>https:\u002F\u002Fpasswordless.alciasolusidigital.com\u002Flanding\u002FprivacyPolicy\u003C\u002Fcode> for the purpose of authentication and verification. No sensitive data such as passwords are sent or stored on external servers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Consent\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin requires explicit user consent before any data is processed or sent. This is done via an opt-in method during registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Third-Party Services\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin does not share data with unauthorized third parties.\u003C\u002Fli>\n\u003Cli>Any third-party integrations are optional and clearly documented.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For detailed information on the plugin’s privacy practices, please visit:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpasswordless.alciasolusidigital.com\u002Flanding\u002FprivacyPolicy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Advanced passkey and passwordless platform with anti-phishing features, offering secure authentication for WordPress and WooCommerce (pro).",0,396,"2025-08-05T17:41:00.000Z","6.8.5","6.7","8.2",[18,19,20,21,22],"anti-phising","login","passkey","passwordless","webauthn","https:\u002F\u002Fpasswordless.alciasolusidigital.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasd-passkey-login.1.0.1.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"bkarsono",1,30,94,"2026-05-20T02:56:49.412Z",[37,61,83,99,116],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":32,"unpatched_count":11,"last_vuln_date":59,"fetched_at":60},"secure-passkeys","Secure Passkeys","1.2.4","Mohamed Endisha","https:\u002F\u002Fprofiles.wordpress.org\u002Fendisha\u002F","\u003Cp>Secure Passkeys is a powerful WordPress plugin that enables seamless passwordless authentication using WebAuthn technology. By eliminating the need for traditional passwords, it enhances security and improves the user login experience. With support for biometric authentication, security keys, and device-bound credentials, Secure Passkey provides a robust and user-friendly solution for modern authentication.\u003C\u002Fp>\n\u003Cp>Unlike traditional password-based authentication, Secure Passkey leverages cryptographic key pairs to ensure secure logins. The private key remains securely stored on the user’s device, while the public key is registered with the WordPress site. This method protects against phishing attacks and password breaches, ensuring that only authorized users can gain access.\u003C\u002Fp>\n\u003Cp>Secure Passkeys integrates effortlessly into WordPress, allowing users to register and manage their passkeys from their profile settings. Once registered, users can log in using their fingerprint, face recognition, or a hardware security key without the need to remember or enter a password.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login:\u003C\u002Fstrong> Secure authentication via WebAuthn with biometric devices, security keys, Touch ID, Face ID, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced User Experience:\u003C\u002Fstrong>  Password-free login for a smoother user journey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration Support:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WooCommerce login page\u003C\u002Fli>\n\u003Cli>MemberPress login form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads login form\u003C\u002Fli>\n\u003Cli>Ultimate Member login form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Management:\u003C\u002Fstrong>  Administrators can delete, activate, or deactivate users directly from plugin settings or user profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkeys Reminder Notice:\u003C\u002Fstrong>  New option to enable or disable the passkeys reminder notice in the WordPress admin area for users who have not yet enabled passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging:\u003C\u002Fstrong>  Monitor activity logs and track last login\u002Fregistration of passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys:\u003C\u002Fstrong> Supports multiple passkey registrations per user, with the option to set a registration limit or allow unlimited registrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Restrictions:\u003C\u002Fstrong> Restrict and exclude specific user roles from using passkey authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Settings:\u003C\u002Fstrong>  Adjust timeout settings for passkey registration and login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Verification:\u003C\u002Fstrong> Enforce user verification for enhanced security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Customization:\u003C\u002Fstrong> Easily customize frontend themes or add your own with basic frontend skills.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Support:\u003C\u002Fstrong> Supports pre-built themes like YOOtheme (UIkit) for frontend shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Embed passkey login and registration forms on custom frontend pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkey Display:\u003C\u002Fstrong> Show passkey details in admin user lists and profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Supports WordPress Multisite and single-site installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Optimization:\u003C\u002Fstrong>  Option to allow or disallow automatic deletion of old challenge records and activity logs (configurable schedule).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.0 or newer.\u003C\u002Fli>\n\u003Cli>PHP version 7.4 or newer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Secure Passkeys is licensed under the GNU General Public License v2 or later.\u003C\u002Fp>\n","Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.",1000,5726,96,18,"2026-01-30T19:50:00.000Z","6.9.4","6.0","7.4",[19,54,21,55,22],"passkeys","secure","https:\u002F\u002Fendisha.ly\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-passkeys.1.2.4.zip",99,"2025-09-19 00:00:00","2026-04-16T10:56:18.058Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":50,"requires_at_least":74,"requires_php":52,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":32,"last_vuln_date":82,"fetched_at":60},"wp-webauthn","WP-WebAuthn","1.4.1","Axton","https:\u002F\u002Fprofiles.wordpress.org\u002Faxton\u002F","\u003Cp>WebAuthn is a new way for you to authenticate in web. It helps you replace your passwords with devices like Passkeys, USB Keys, fingerprint scanners, Windows Hello compatible cameras, FaceID\u002FTouchID and more. Using WebAuthn, you can login to your a website with a glance or touch.\u003C\u002Fp>\n\u003Cp>When using WebAuthn, you just need to click once and perform a simple verification on the authenticator, then you are logged in. \u003Cstrong>No password needed.\u003C\u002Fstrong> If your device supports Passkey, your authenticator can roam seamlessly across multiple devices for a more convenient login experience.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn is a plug-in for WordPress to enable WebAuthn on your site. Just download and install it, and you are in the future of web authentication.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn also supports usernameless authentication.\u003C\u002Fp>\n\u003Cp>This plugin has 4 built-in shortcodes and 4 built-in Gutenberg blocks, so you can add components like register form to frontend pages.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"http:\u002F\u002Fdoc.flyhigher.top\u002Fwp-webauthn\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> before using the plugin.\u003C\u002Fp>\n\u003Cp>This plugin currently has \u003Cem>BETA\u003C\u002Fem> multisite support, if you find any issue in multisite, feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">open an issue\u003C\u002Fa> on GitHub.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP extensions gmp and mbstring are required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WebAuthn requires HTTPS connection or \u003Ccode>localhost\u003C\u002Fcode> to function normally.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can contribute to this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please note that this plugin does NOT support Internet Explorer (including IE 11). To use FaceID or TouchID, you need to use iOS\u002FiPadOS 14+.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Security and Privacy\u003C\u002Fh4>\n\u003Cp>WebAuthn has become a W3C Recommendation since March 2019, which enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users using hardware authenticators. WebAuthn focuses on both security and privacy, it offers the possibility to create a secure authentication process without having to transfer any private data such as recognition data and fingerprint data. It will be the future of web authentication.\u003C\u002Fp>\n\u003Ch4>GDPR Friendly\u003C\u002Fh4>\n\u003Cp>When authenticating with WebAuthn, no private data will leave user’s device and no third-party involvement. The credentials transferred are not associate to any user’s information but only for authentication. It’s GDPR Friendly.\u003C\u002Fp>\n","WP-WebAuthn enables passwordless login through FIDO2 and U2F devices like Passkey, FaceID or Windows Hello for your site.",2000,23690,90,17,"2026-04-15T17:57:00.000Z","5.0",[76,19,20,77,22],"fido","security","https:\u002F\u002Fflyhigher.top","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.4.1.zip",74,3,"2026-03-20 15:20:53",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":11,"num_ratings":11,"last_updated":93,"tested_up_to":50,"requires_at_least":74,"requires_php":94,"tags":95,"homepage":97,"download_link":98,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","7.2",[96,54,21,77,22],"authentication","https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":11,"downloaded":107,"rating":108,"num_ratings":32,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":94,"tags":112,"homepage":113,"download_link":114,"security_score":115,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"beyond-identity-passwordless","Beyond Identity Passwordless","1.0.0","Anna Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Fannagarcia\u002F","\u003Cp>Are you or your customers tired of remembering passwords?\u003C\u002Fp>\n\u003Cp>This plugin provides a secure and convenient solution to log into your WordPress website. With Beyond Identity, you can say goodbye to password fatigue and improve your website’s security.\u003C\u002Fp>\n\u003Cp>Once activated, you will see:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Passwordless UI that integrates seamlessly on with the WordPress login page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity Settings page for WordPress admins to configure their Beyond Identity account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity filter on the WordPress Dashboard’s Users page to view which users use passkeys.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Before you begin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You will need a Beyond Identity account to configure this plugin.\u003Cbr \u002F>\nBeyond Identity currently uses “Universal Passkeys,” which are specific to Beyond Identity and have two benefits over your average FIDO2 passkeys.\u003Cbr \u002F>\n1. Universal Passkeys never leave the device on which they are created. This makes them much more secure.\u003Cbr \u002F>\n2. Universal Passkeys work everywhere. Some browsers (Firefox) do not support passkeys. Universal Passkeys work everywhere, even on Firefox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming soon:\u003C\u002Fstrong> Vanilla WebAuthn FIDO2 passkeys. These passkeys allow syncing between devices and work with passkey managers.\u003C\u002Fp>\n\u003Cp>As a Beyond Identity admin, you will have several configuration options including selecting passkey flavors and customizing the login page.\u003C\u002Fp>\n\u003Ch3>Admin Set Up\u003C\u002Fh3>\n\u003Cp>First, sign up for a free developer account by visiting: https:\u002F\u002Fwww.beyondidentity.com\u002Fdevelopers\u003C\u002Fp>\n\u003Cp>Once you have a developer account you will need to set several values for the OIDC server. Follow the steps below to configure a Beyond Identity application. Most defaults are fine. However make sure the following are set:\u003C\u002Fp>\n\u003Col>\n\u003Cli>In your Beyond Identity Console, navigate to the \u003Cstrong>Apps\u003C\u002Fstrong> tab under Authentication\u003C\u002Fli>\n\u003Cli>Tap \u003Cstrong>Add an application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Protocol\u003C\u002Fstrong> to \u003Cstrong>OIDC\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Client Type\u003C\u002Fstrong> to \u003Cstrong>Confidential\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>PKCE\u003C\u002Fstrong> to \u003Cstrong>Disabled\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Redirect URIs\u003C\u002Fstrong> to include \u003Ccode>https:\u002F\u002F${your-website-domain.com}\u002Fwp-admin\u002Fadmin-ajax.php?action=openid-connect-authorize\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Token Configuration\u003C\u002Fstrong> > \u003Cstrong>Subject\u003C\u002Fstrong> to \u003Cstrong>id\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>At the top of the page, navigate to your application’s \u003Cstrong>Authenticator Config\u003C\u002Fstrong> tab\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Configuration Type\u003C\u002Fstrong> to \u003Cstrong>Hosted Web\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The recommended defaults for \u003Cstrong>Authentication Profile\u003C\u002Fstrong> are fine but feel free to modify\u003C\u002Fli>\n\u003Cli>Tap the \u003Cstrong>Submit\u003C\u002Fstrong> button to save your changes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Finally, go to your WordPress dashboard and find the Beyond Identity Settings page. You will need three generated values from your newly created application. You can find the \u003Cstrong>Issuer URL\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong> in the Beyond Identity Console’s application that you just created.\u003C\u002Fp>\n\u003Cp>For more information on how Beyond Identity works, visit the \u003Ca href=\"http:\u002F\u002Fdeveloper.beyondidentity.com\" rel=\"nofollow ugc\">developer documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For help, reach out on \u003Ca href=\"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fbyndid\u002Fshared_invite\u002Fzt-1anns8n83-NQX4JvW7coi9dksADxgeBQ\" rel=\"nofollow ugc\">Slack\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>This plugin also provides shortcodes that can be used on any page or post. These include:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_login_button]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates a button to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_auth_url]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates the authorize URL to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cp>For information on shortcode customization attributes, please refer to the documentation available in the Settings > Beyond Identity dashboard page after activating the plugin.\u003C\u002Fp>\n","A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.",721,40,"2023-10-16T21:38:00.000Z","6.3.8","4.9",[96,19,54,21,77],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeyond-identity-passwordless.1.0.0.zip",85,{"slug":117,"name":118,"version":102,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":11,"num_ratings":11,"last_updated":124,"tested_up_to":50,"requires_at_least":125,"requires_php":52,"tags":126,"homepage":128,"download_link":129,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"devch-passkey-login","Devch Passkey Login","Devansh Chaudhary","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevansh2002\u002F","\u003Cp>Devch Passkey Login provides secure passkey-based login while preserving existing WordPress password login.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passkey registration and authentication (WebAuthn\u002FFIDO2)\u003C\u002Fli>\n\u003Cli>WordPress Multisite network support\u003C\u002Fli>\n\u003Cli>Network admin settings and audit log\u003C\u002Fli>\n\u003Cli>User profile passkey management\u003C\u002Fli>\n\u003Cli>Secure REST API endpoints under \u003Ccode>\u002Fwp-json\u002Fdevch-passkey-login\u002Fv1\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Password login remains available\u003C\u002Fli>\n\u003C\u002Ful>\n","Passwordless passkey authentication (WebAuthn\u002FFIDO2) for WordPress and WordPress Multisite.",83,"2026-04-03T09:34:00.000Z","6.3",[19,127,20,77,22],"multisite","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevch-passkey-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevch-passkey-login.1.0.0.zip",{"attackSurface":131,"codeSignals":194,"taintFlows":204,"riskAssessment":231,"analyzedAt":237},{"hooks":132,"ajaxHandlers":150,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":193,"unprotectedCount":81},[133,138,142,147],{"type":134,"name":135,"callback":136,"file":137,"line":108},"action","admin_notices","showActivatedMessage","app\u002FControllers\u002FBaseController.php",{"type":134,"name":139,"callback":140,"file":141,"line":48},"login_form","addPasskeyLoginLink","app\u002FControllers\u002FLoginAdmin.php",{"type":134,"name":143,"callback":144,"file":145,"line":146},"admin_init","registerSettings","app\u002FControllers\u002FPasskeySettings.php",36,{"type":134,"name":135,"callback":136,"file":148,"line":149},"app\u002FControllers\u002FUpgradePackage.php",12,[151,158,162,165,166,170,171,175,179,182,186],{"action":152,"nopriv":153,"callback":154,"hasNonce":155,"hasCapCheck":153,"file":156,"line":157},"asd_passkey_register",false,"handleRegister",true,"app\u002FControllers\u002FCreatePasskeyAdmin.php",14,{"action":159,"nopriv":153,"callback":160,"hasNonce":155,"hasCapCheck":153,"file":156,"line":161},"asd_passkey_flagging","handleFlagging",15,{"action":163,"nopriv":153,"callback":164,"hasNonce":155,"hasCapCheck":153,"file":141,"line":157},"asd_passkey_login","handleLogin",{"action":163,"nopriv":155,"callback":164,"hasNonce":155,"hasCapCheck":153,"file":141,"line":161},{"action":167,"nopriv":153,"callback":168,"hasNonce":155,"hasCapCheck":153,"file":141,"line":169},"asd_google_check_token","handleGoogleLogin",16,{"action":167,"nopriv":155,"callback":168,"hasNonce":155,"hasCapCheck":153,"file":141,"line":72},{"action":172,"nopriv":153,"callback":173,"hasNonce":155,"hasCapCheck":153,"file":145,"line":174},"asd_passkey_settings","handlePasskeySettings",37,{"action":176,"nopriv":153,"callback":177,"hasNonce":153,"hasCapCheck":153,"file":145,"line":178},"asd_passkey_smtp_settings","handlePasskeySMTPSettings",39,{"action":180,"nopriv":153,"callback":181,"hasNonce":153,"hasCapCheck":153,"file":145,"line":108},"asd_passkey_smtp_test","handlePasskeySMTPTesting",{"action":183,"nopriv":153,"callback":184,"hasNonce":153,"hasCapCheck":153,"file":145,"line":185},"asd_push_notification_settings","handlePushNotificationSettings",42,{"action":187,"nopriv":153,"callback":188,"hasNonce":155,"hasCapCheck":153,"file":145,"line":189},"asd_push_notification_publickey","handlePushNotificationPublicKey",43,[],[],[],11,{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":199,"fileOperations":11,"externalRequests":32,"nonceChecks":202,"capabilityChecks":32,"bundledLibraries":203},[],{"prepared":197,"raw":11,"locations":198},7,[],{"escaped":200,"rawEcho":11,"locations":201},44,[],6,[],[205,223],{"entryPoint":206,"graph":207,"unsanitizedCount":11,"severity":222},"handlePasskeySettings (app\u002FControllers\u002FPasskeySettings.php:81)",{"nodes":208,"edges":220},[209,214],{"id":210,"type":211,"label":212,"file":145,"line":213},"n0","source","$_POST",103,{"id":215,"type":216,"label":217,"file":145,"line":218,"wp_function":219},"n1","sink","update_option() [Settings Manipulation]",104,"update_option",[221],{"from":210,"to":215,"sanitized":155},"low",{"entryPoint":224,"graph":225,"unsanitizedCount":11,"severity":222},"\u003CPasskeySettings> (app\u002FControllers\u002FPasskeySettings.php:0)",{"nodes":226,"edges":229},[227,228],{"id":210,"type":211,"label":212,"file":145,"line":213},{"id":215,"type":216,"label":217,"file":145,"line":218,"wp_function":219},[230],{"from":210,"to":215,"sanitized":155},{"summary":232,"deductions":233},"The \"asd-passkey-login\" plugin v1.0.1 presents a generally good security posture with some notable areas for improvement.  Its adherence to prepared statements for SQL queries and proper output escaping for all identified outputs are strong indicators of secure coding practices.  The absence of known CVEs and a clean vulnerability history further suggest a responsible development approach.  However, the presence of three AJAX handlers without authentication checks is a significant concern.  This creates a potential attack vector where unauthenticated users could interact with sensitive plugin functionalities, potentially leading to unintended actions or information disclosure, depending on the logic within these handlers. The plugin also has a relatively small attack surface in terms of entry points, which is positive.",[234],{"reason":235,"points":236},"AJAX handlers without authentication checks",10,"2026-04-16T13:14:02.423Z",{"wat":239,"direct":246},{"assetPaths":240,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[241],"\u002Fwp-content\u002Fplugins\u002Fasd-passkey-login\u002Fpublic\u002Fcss\u002Flogin-admin-condition.css",[],[],[245],"asd-passkey-login\u002Fpublic\u002Fcss\u002Flogin-admin-condition.css?ver=",{"cssClasses":247,"htmlComments":251,"htmlAttributes":252,"restEndpoints":258,"jsGlobals":260,"shortcodeOutput":261},[248,249,250],"asd-passkey-login-wrapper","asd-passkey-login-wrapper-hybrid","login-via-passkey",[],[253,254,255,256,257],"id=\"asd-passkey-login-wrapper\"","id=\"login-via-passkey\"","id=\"infoMessage\"","id=\"errorMessage\"","id=\"successMessage\"",[259],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers",[],[],{"error":155,"url":263,"statusCode":264,"statusMessage":265,"message":265},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fasd-passkey-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":267,"versions":268},2,[269,274],{"version":6,"download_url":24,"svn_tag_url":270,"released_at":26,"has_diff":153,"diff_files_changed":271,"diff_lines":26,"trac_diff_url":272,"vulnerabilities":273,"is_current":155},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fasd-passkey-login\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fasd-passkey-login%2Ftags%2F1.0.0&new_path=%2Fasd-passkey-login%2Ftags%2F1.0.1",[],{"version":102,"download_url":275,"svn_tag_url":276,"released_at":26,"has_diff":153,"diff_files_changed":277,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":278,"is_current":153},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasd-passkey-login.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fasd-passkey-login\u002Ftags\u002F1.0.0\u002F",[],[]]