[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhBpGEPdGMmw7_nnc_4bnzDEF3hmwL56rg6-YtySq6zE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":157,"fingerprints":512},"authorizer","Authorizer","3.13.4","Paul Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Ffigureone\u002F","\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> restricts access to a WordPress site to specific users, typically students enrolled in a university course. It maintains a list of approved users that you can edit to determine who has access. It also replaces the default WordPress login\u002Fauthorization system with one relying on an external server, such as Google, CAS, LDAP, or an OAuth2 provider. Finally, \u003Cem>Authorizer\u003C\u002Fem> lets you limit invalid login attempts to prevent bots from compromising your users’ accounts.\u003C\u002Fp>\n\u003Cp>View or contribute to the plugin source on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> requires the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>CAS server\u003C\u002Fstrong> (2.x, 3.x, 4.x, 5.x, 6.x, or 7.x) or \u003Cstrong>LDAP server\u003C\u002Fstrong> (plugin needs the URL)\u003C\u002Fli>\n\u003Cli>PHP extensions: php-ldap, php-curl, php-dom\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> provides the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: WordPress accounts; Google accounts; CAS accounts; LDAP accounts; OAuth2 accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Access\u003C\u002Fstrong>: All authenticated users (all local and all external can log in); Only specific users (all local and approved external users can log in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View Access\u003C\u002Fstrong>: Everyone (open access); Only logged in users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: Progressively increase the amount of time required between invalid login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode\u003C\u002Fstrong>: Use the \u003Ccode>[authorizer_login_form]\u003C\u002Fcode> shortcode to embed a wp_login_form() outside of wp-login.php.\u003C\u002Fli>\n\u003C\u002Ful>\n","Authorizer limits login attempts, restricts access to specific users, and authenticates against external sources (OAuth2, Google, LDAP, or CAS).",5000,181710,100,19,"2025-12-19T20:52:00.000Z","6.9.4","5.5","7.4",[20,21,22,23,24],"authentication","cas","ldap","login","oauth","https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthorizer.3.13.4.zip",99,1,0,"2022-11-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-39369","phpcas-authentication-library-service-hostname-discovery-exploitation","phpCAS authentication library \u003C 1.6.0 - Service Hostname Discovery Exploitation","The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to \"^(https):\u002F\u002F.*\") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied.\r\n\r\nThis vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. WordPress plugins containing a vulnerable copy of this library may or may not be vulnerable to exploitation.",null,"\u003C1.6.0","1.6.0","high",8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Validation of Specified Type of Input","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7d8365a6-dfa2-4753-b655-3c2bcadeae75?source=api-prod",448,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"figureone",5,45200,95,961,76,"2026-04-04T02:38:48.450Z",[58,79,98,120,141],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":17,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":78,"fetched_at":31},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",10000,661543,92,64,"2025-05-08T16:01:00.000Z","6.8.5","7.2",[20,74,23,24,75],"google","sso","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip","2022-12-01 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":96,"download_link":97,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,117533,90,15,"2026-02-20T14:59:00.000Z","6.7.5",[20,94,24,95,75],"google-login","sign-in","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":96,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":28,"unpatched_count":29,"last_vuln_date":119,"fetched_at":31},"simple-ldap-login","Simple LDAP Login","1.6.1","Clifton Griffin","https:\u002F\u002Fprofiles.wordpress.org\u002Fclifgriffin\u002F","\u003Cp>Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributing\u003C\u002Fstrong>\u003Cbr \u002F>\nThis is a community project now. Most development is done by users like you who find bugs and fix them, or find new ways to make the plugin more powerful for everyone.\u003C\u002Fp>\n\u003Cp>The easiest way to contribute to this plugin is to submit a GitHub pull request. Here’s the repo:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fclifgriffin\u002Fsimple-ldap-login\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need support, file an issue here:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fclifgriffin\u002Fsimple-ldap-login\u002Fissues\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special Requests\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail: clifgriffin[at]gmail.com\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)\u003C\u002Fli>\n\u003Cli>Supports TLS\u003C\u002Fli>\n\u003Cli>Uses up-to-date methods for WordPress authentication routines.\u003C\u002Fli>\n\u003Cli>Authenticates existing WordPress usernames against LDAP.\u003C\u002Fli>\n\u003Cli>Can be configured to automatically create WordPress users for valid LDAP logins.\u003C\u002Fli>\n\u003Cli>You can restrict logins based on one or more LDAP groups.\u003C\u002Fli>\n\u003Cli>Intuitive control panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Architecture\u003C\u002Fh4>\n\u003Cp>Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can the provided credentials be authenticated against LDAP?\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>If so, is the LDAP user a member of the required LDAP groups (if any)?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>Does a matching WordPress user exist?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>If so, log the user in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>If not, is user creation enabled?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>Create the user and log them in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won’t.)\u003C\u002Fp>\n","Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.",1000,110171,86,18,"2024-09-26T15:41:00.000Z","6.6.5","3.4",[114,115,20,22,23],"active-directory","adldap","https:\u002F\u002Fobjectiv.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ldap-login.1.6.1.zip",91,"2024-09-27 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":96,"tags":135,"homepage":138,"download_link":139,"security_score":140,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wpdirauth","wpDirAuth","1.10.7","Paul Gilzow","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilzow\u002F","\u003Cp>Please see the Changelog (Development tab above) for recent updates\u002Fchanges.\u003C\u002Fp>\n\u003Cp>wpDirAuth shifts authentication from the local WordPress instance to a central directory (LDAP) server(s).\u003C\u002Fp>\n\u003Cp>wpDirAuth allows users of central directory (LDAP) servers to login to authorized WordPress instances without having to register. The plugin creates a new account for each directory user on first login so that they have full access to preferences and functions, as any WP user would. Activating the plugin will not restrict you to using directory authentication and you will still be able to both create new WP-only users as well as turn on public registration in WordPress. You can also assign any privilege levels to your directory users, and the those users will be referred to their institutional password policy whenever they would normally able to update their WP passwords (on the profile screen, in user edit, etc).\u003C\u002Fp>\n\u003Ch4>LDAP\u002FLDAPS\u003C\u002Fh4>\n\u003Cp>Authentication should work with most LDAP enabled directory services, such as OpenLDAP, Apache Directory, Microsoft Active Directory, Novell eDirectory, Sun Java System Directory Server, and more. wpDirAuth supports LDAP and LDAPS (SSL) connectivity and can force SSL for WordPress authentication if it is available on the Web server. It also supports server connection pools, for pseudo load balancing and fault tolerance, or multiple source directory authentication. Because the key used to locate a user’s profile in the LDAP server is not always the same, depending on your LDAP server type and institutional choices, you can define your own through the wpDirAuth administration tool. When logging in as a directory user, the WP “remember me” feature is downgraded from 6 months for regular WP users to only 1 hour, so that institutional passwords are not overly endangered when accessing WP from public terminals.\u003C\u002Fp>\n\u003Ch4>Branding & Notifications\u003C\u002Fh4>\n\u003Cp>You can define notifications addressed to your directory users in key WordPress areas, such as the login screen and the profile edit screen. Since these admin-editable values support HTML (admin, coders, beware of xss!), you can point your directory users to central support information related to functions such as changing their institutional password, a WordPress usage related policy, etc. There is also a simple and optional terms of services concept, only implemented for directory users, which will simply record a one-time acceptance date when agreed upon. Note that agreeing to the TOS has no effect on the user’s level of access in the system, fact which could change in future version if there is a demand for it, or through direct code contribution to that effect.\u003C\u002Fp>\n\u003Ch3>Using wpDirAuth\u003C\u002Fh3>\n\u003Cp>Once installed and activated, you will be able to administer your directory settings through the dedicated plugin configuration tool found under the \u003Ccode>wpDirAuth\u003C\u002Fcode> menu found in the WordPress \u003Ccode>Settings\u003C\u002Fcode> admin section. Directory Authenticated users can now be pre-added to your wordpress system and granted roles by going to the \u003Ccode>Add Dir Auth User\u003C\u002Fcode> menu found in the WordPress \u003Ccode>Users\u003C\u002Fcode> admin section. Contextual help for this section is available for this section within WordPress’ built-in help menu. See the inline help found in the tool for more information on the settings. There is a secondary activation toggle, so you can install and activate the plugin, check out the options panel, but not immediately accept directory authentication, or even simply turn the feature on or off at any time.\u003C\u002Fp>\n\u003Ch3>Help and Support\u003C\u002Fh3>\n\u003Cp>Please post questions, request for help to the WordPress plugins forum or email \u003Ca href=\"mailto:wpdirauth@gilzow.com\" rel=\"nofollow ugc\">wpdirauth@gilzow.com\u003C\u002Fa>. Please be sure to include ‘wpdirauth’ in the subject line.\u003C\u002Fp>\n\u003Ch3>TO-DO’s\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Internationalization\u003C\u002Fli>\n\u003Cli>Refactor to a class\u003C\u002Fli>\n\u003Cli>More action\u002Ffilter hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Source and Development\u003C\u002Fh3>\n\u003Cp>wpDirAuth welcomes friendly contributors wanting to lend a hand, be it in the form of code through SVN patches, user support, platform portability testing, security consulting, localization help, etc. The [current] goal is to keep the plugin self-contained (ie: no 3rd-party lib) for easier security maintenance, while keeping the code clean and extensible. Focus is on security, features, security, and let’s not forget, security. Unit tests will hopefully be developed and constant security audit performed. Recurring quality patch contributions will lead to commit privileges to the project source repository. Please post questions\u002Frequests for help to the wordpress forums and\u002For email \u003Ca href=\"mailto:wpdirauth@gilzow.com\" rel=\"nofollow ugc\">wpdirauth@gilzow.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.html\" rel=\"nofollow ugc\">General Public License\u003C\u002Fa>\u003Cbr \u002F>\nCopyrights are listed in chronological order, by contributions.\u003Cbr \u002F>\nwpDirAuth: WordPress Directory Authentication, original author\u003Cbr \u002F>\nCopyright (c) 2007 Stephane Daury – http:\u002F\u002Fstephane.daury.org\u002F\u003Cbr \u002F>\nwpDirAuth and wpLDAP Patch Contributions\u003Cbr \u002F>\nCopyright (c) 2007 PKR Internet, LLC – http:\u002F\u002Fwww.pkrinternet.com\u002F\u003C\u002Fp>\n\u003Cp>wpDirAuth Patch Contributions\u003Cbr \u002F>\nCopyright (c) 2007 Todd Beverly\u003Cbr \u002F>\nwpLDAP: WordPress LDAP Authentication\u003Cbr \u002F>\nCopyright (c) 2007 Ashay Suresh Manjure – http:\u002F\u002Fashay.org\u002F\u003Cbr \u002F>\nwpDirAuth Patch Contribution and current maintainer\u003Cbr \u002F>\nCopyright (c) 2010-2017 Paul Gilzow – http:\u002F\u002Fgilzow.com\u002F\u003Cbr \u002F>\nwpDirAuth is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation.\u003Cbr \u002F>\nwpDirAuth is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003Cbr \u002F>\nYou should have received a copy of the GNU General Public License along with this program. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Project History\u003C\u002Fh3>\n\u003Cp>Originally started from a patched version of wpLDAP (1.02+patch), wpDirAuth has\u003Cbr \u002F>\nsince then been heavily overhauled and features have been modified and added.\u003Cbr \u002F>\nIn other words, a classic case of \u003Ccode>pimp my lib'\u003C\u002Fcode> (hopefully for the better).\u003Cbr \u002F>\n* Current: wpDirAuth: \u003Ca href=\"http:\u002F\u002Fwpdirauth.gilzow.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwpdirauth.gilzow.com\u002F\u003C\u002Fa>\u003Cbr \u002F>\n* Original: wpLDAP: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpldap\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpldap\u002F\u003C\u002Fa>\u003Cbr \u002F>\n* wpLDAP Patch: \u003Ca href=\"https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20100731020249\u002Fhttp:\u002F\u002Fwww.pkrinternet.com\u002F~rbulling\u002Fprivate\u002FwpLDAP-1.02-ssl.patch\" rel=\"nofollow ugc\">https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20100731020249\u002Fhttp:\u002F\u002Fwww.pkrinternet.com\u002F~rbulling\u002Fprivate\u002FwpLDAP-1.02-ssl.patch\u003C\u002Fa>\u003C\u002Fp>\n","WordPress directory authentication plugin through LDAP and LDAPS (SSL).",600,47307,94,12,"2023-08-18T20:10:00.000Z","6.3.8","2.2",[20,136,22,137,23],"directory","ldaps","http:\u002F\u002Fwpdirauth.gilzow.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpdirauth.1.10.7.zip",85,{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":13,"num_ratings":28,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":96,"tags":154,"homepage":155,"download_link":156,"security_score":140,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"active-directory-authentication-integration","Active Directory Authentication Integration","0.6","Curtiss Grymala","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgrymala\u002F","\u003Cp>This plugin allows WordPress to authenticate, authorize, create and update against an Active Directory domain. This plugin is based heavily on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-integration\u002F\" rel=\"ugc\">Active Directory Integration\u003C\u002Fa> plugin, but has been modified to work with Multi Site and even Multi Network installations of WordPress.\u003C\u002Fp>\n\u003Cp>Some of the features included in this plugin are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>authenticate against more than one AD Server (for balanced load)\u003C\u002Fli>\n\u003Cli>authorize users by Active Directory group memberships\u003C\u002Fli>\n\u003Cli>auto create and update users that can authenticate against AD\u003Cbr \u002F>\nmapping of AD groups to WordPress roles\u003C\u002Fli>\n\u003Cli>use TLS (or LDAPS) for secure communication to AD Servers (recommended)\u003C\u002Fli>\n\u003Cli>use non standard port for communication to AD Servers\u003C\u002Fli>\n\u003Cli>protection against brute force attacks\u003C\u002Fli>\n\u003Cli>user and\u002For admin e-mail notification on failed login attempts\u003C\u002Fli>\n\u003Cli>determine WP display name from AD attributes (sAMAccountName, displayName, description, SN, CN, givenName or mail)\u003C\u002Fli>\n\u003Cli>enable\u002Fdisable password changes for local (non AD) WP users\u003C\u002Fli>\n\u003Cli>WordPress 3.0\u002F3.1 compatibility, including Multi Site and Multi Network\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-integration\u002F\" rel=\"ugc\">glatze’s Active Directory Integration\u003C\u002Fa> plugin, which is based upon \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-authentication\u002F\" rel=\"ugc\">Jonathan Marc Bearak’s Active Directory Authentication\u003C\u002Fa> plugin and \u003Ca href=\"http:\u002F\u002Fadldap.sourceforge.net\u002F\" rel=\"nofollow ugc\">Scott Barnett’s adLDAP\u003C\u002Fa>, a very useful PHP class.\u003C\u002Fp>\n\u003Cp>Aside from the changes to make this plugin work more effectively with WordPress Multi Site, this version of the plugin also encrypts the password used to connect to the AD server when it is stored in the database.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fcgrymala\" rel=\"ugc\">Curtiss Grymala\u003C\u002Fa> for the \u003Ca href=\"http:\u002F\u002Fumw.edu\u002F\" rel=\"nofollow ugc\">University of Mary Washington\u003C\u002Fa>. It is licensed under the GPL2, which basically means you can take it, break it and change it any way you want, as long as the original credit and license information remains somewhere in the package.\u003C\u002Fp>\n\u003Ch3>Important Notice\u003C\u002Fh3>\n\u003Cp>Since I don’t currently have access to multiple AD servers, this plugin has only been tested on a single installation of WordPress with a single AD server. Therefore, it is entirely possible that there are major bugs.\u003C\u002Fp>\n\u003Cp>At this time, I am seeking people to test the plugin, so please report any issues you encounter.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>This plugin requires WordPress. It might work with versions older than 3.0, but it has not been tested with those.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin also requires PHP5. Some attempt has been made to make it compatible with PHP4, but it has not been tested in that environment.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin requires LDAP support to be compiled into PHP. If the \u003Ccode>ldap_connect()\u003C\u002Fcode> function is not available, this plugin will output an error message and will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>To Do\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add ability to validate against multiple AD servers (check one, then the other – rather than just load-balancing as the plugin currently does)\u003C\u002Fli>\n\u003Cli>DONE as of 0.4a – Update admin interface to utilize native meta box interface rather than custom layout\u003C\u002Fli>\n\u003Cli>DONE as of 0.3a – Separate the profile information from the role equivalent groups in the “auto update user” setting\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows WordPress to authenticate, authorize, create and update users through Active Directory",10,9961,"2011-08-30T16:36:00.000Z","3.2.1","3.0",[114,20,22,23],"http:\u002F\u002Fplugins.ten-321.com\u002Fcategory\u002Factive-directory-authentication-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factive-directory-authentication-integration.0.6.zip",{"attackSurface":158,"codeSignals":390,"taintFlows":423,"riskAssessment":498,"analyzedAt":511},{"hooks":159,"ajaxHandlers":350,"restRoutes":383,"shortcodes":384,"cronEvents":389,"entryPointCount":282,"unprotectedCount":42},[160,166,171,174,179,184,188,192,196,200,204,208,210,214,218,222,225,229,233,236,239,241,243,246,250,254,257,261,264,267,271,275,279,284,288,292,296,300,303,306,311,314,318,322,326,330,334,338,342,346],{"type":161,"name":162,"callback":163,"file":164,"line":165},"filter","authorizer_add_branding_option","my_authorizer_add_branding_option","sample-theme-add-branding\\functions.php",14,{"type":167,"name":168,"callback":168,"file":169,"line":170},"action","admin_notices","src\\authorizer\\class-admin-page.php",2106,{"type":167,"name":172,"callback":172,"file":169,"line":173},"admin_head",2107,{"type":161,"name":175,"callback":176,"file":177,"line":178},"cfturnstile_widget_disable","__return_true","src\\authorizer\\class-authentication.php",388,{"type":161,"name":180,"callback":181,"priority":28,"file":182,"line":183},"authenticate","custom_authenticate","src\\authorizer\\class-wp-plugin-authorizer.php",41,{"type":167,"name":185,"callback":186,"file":182,"line":187},"clear_auth_cookie","pre_logout",44,{"type":167,"name":189,"callback":190,"priority":149,"file":182,"line":191},"wp_logout","custom_logout",45,{"type":161,"name":193,"callback":194,"file":182,"line":195},"lostpassword_url","custom_lostpassword_url",52,{"type":161,"name":197,"callback":198,"file":182,"line":199},"login_url","maybe_add_external_wordpress_to_log_in_links",55,{"type":161,"name":201,"callback":202,"file":182,"line":203},"login_errors","show_advanced_login_error",58,{"type":161,"name":205,"callback":206,"priority":149,"file":182,"line":207},"login_redirect","maybe_redirect_after_oauth2_login",61,{"type":161,"name":205,"callback":209,"priority":149,"file":182,"line":69},"maybe_redirect_after_oidc_login",{"type":167,"name":211,"callback":212,"file":182,"line":213},"plugins_loaded","auth_update_check",67,{"type":167,"name":215,"callback":216,"file":182,"line":217},"wp_login_failed","update_login_failed_count",70,{"type":167,"name":219,"callback":220,"priority":149,"file":182,"line":221},"wp_login","ensure_wordpress_user_in_approved_list_on_login",73,{"type":167,"name":223,"callback":224,"file":182,"line":55},"admin_menu","add_plugin_page",{"type":167,"name":226,"callback":227,"file":182,"line":228},"admin_init","page_init",79,{"type":167,"name":230,"callback":231,"priority":149,"file":182,"line":232},"set_user_role","set_user_role_sync_role",83,{"type":161,"name":234,"callback":235,"priority":149,"file":182,"line":108},"send_email_change_email","edit_user_profile_update_email",{"type":167,"name":237,"callback":238,"file":182,"line":89},"load-settings_page_authorizer","load_options_page",{"type":167,"name":240,"callback":238,"file":182,"line":118},"load-toplevel_page_authorizer",{"type":167,"name":242,"callback":238,"file":182,"line":68},"admin_head-index.php",{"type":167,"name":242,"callback":244,"file":182,"line":245},"widget_scripts",93,{"type":167,"name":247,"callback":248,"file":182,"line":249},"login_enqueue_scripts","login_enqueue_scripts_and_styles",96,{"type":167,"name":251,"callback":252,"file":182,"line":253},"login_footer","load_login_footer_js",97,{"type":167,"name":255,"callback":256,"file":182,"line":13},"login_form","login_form_add_external_service_links",{"type":161,"name":258,"callback":259,"priority":149,"file":182,"line":260},"wp_login_errors","wp_login_errors__maybe_redirect_to_cas",108,{"type":161,"name":258,"callback":262,"priority":149,"file":182,"line":263},"wp_login_errors__maybe_redirect_to_oauth2",116,{"type":161,"name":258,"callback":265,"priority":149,"file":182,"line":266},"wp_login_errors__maybe_redirect_to_oidc",117,{"type":161,"name":268,"callback":269,"file":182,"line":270},"lost_password_html_link","maybe_hide_lost_password_link",120,{"type":167,"name":272,"callback":273,"file":182,"line":274},"lost_password","maybe_hide_lost_password_form",121,{"type":161,"name":276,"callback":277,"file":182,"line":278},"lostpassword_errors","maybe_prevent_password_reset",122,{"type":167,"name":280,"callback":281,"priority":282,"file":182,"line":283},"parse_request","restrict_access",9,125,{"type":167,"name":285,"callback":286,"file":182,"line":287},"init","init__maybe_add_network_approved_user",126,{"type":167,"name":289,"callback":290,"priority":149,"file":182,"line":291},"pre_get_posts","remove_private_pages_from_search_and_archives",130,{"type":167,"name":293,"callback":294,"priority":149,"file":182,"line":295},"rest_authentication_errors","restrict_rest_api",134,{"type":167,"name":297,"callback":298,"file":182,"line":299},"wp_dashboard_setup","add_dashboard_widgets",160,{"type":167,"name":168,"callback":301,"file":182,"line":302},"show_advanced_admin_notice",163,{"type":167,"name":304,"callback":301,"file":182,"line":305},"network_admin_notices",164,{"type":167,"name":307,"callback":308,"priority":309,"file":182,"line":310},"wp_enqueue_scripts","auth_public_scripts",20,170,{"type":167,"name":312,"callback":312,"file":182,"line":313},"network_admin_menu",175,{"type":167,"name":315,"callback":316,"file":182,"line":317},"delete_user","remove_user_from_authorizer_when_deleted",179,{"type":167,"name":319,"callback":320,"priority":149,"file":182,"line":321},"remove_user_from_blog","remove_network_user_from_site_when_removed",182,{"type":167,"name":323,"callback":324,"file":182,"line":325},"wpmu_delete_user","remove_network_user_from_authorizer_when_deleted",183,{"type":167,"name":327,"callback":328,"priority":149,"file":182,"line":329},"invite_user","add_existing_user_to_authorizer_when_created",188,{"type":167,"name":331,"callback":332,"priority":149,"file":182,"line":333},"added_existing_user","add_existing_user_to_authorizer_when_created_noconfirmation",190,{"type":167,"name":335,"callback":336,"priority":149,"file":182,"line":337},"after_signup_user","add_new_user_to_authorizer_when_created",192,{"type":167,"name":339,"callback":340,"priority":149,"file":182,"line":341},"edit_user_created_user","add_new_user_to_authorizer_when_created_single_site",194,{"type":167,"name":343,"callback":344,"file":182,"line":345},"grant_super_admin","grant_super_admin__add_to_network_approved",198,{"type":167,"name":347,"callback":348,"file":182,"line":349},"revoke_super_admin","revoke_super_admin__remove_from_network_approved",201,[351,356,360,364,368,371,375,379],{"action":352,"nopriv":353,"callback":354,"hasNonce":353,"hasCapCheck":353,"file":182,"line":355},"update_auth_user",false,"ajax_update_auth_user",137,{"action":357,"nopriv":353,"callback":358,"hasNonce":353,"hasCapCheck":353,"file":182,"line":359},"save_auth_multisite_settings","ajax_save_auth_multisite_settings",140,{"action":361,"nopriv":353,"callback":362,"hasNonce":353,"hasCapCheck":353,"file":182,"line":363},"update_auth_usermeta","ajax_update_auth_usermeta",143,{"action":365,"nopriv":353,"callback":366,"hasNonce":353,"hasCapCheck":353,"file":182,"line":367},"process_google_login","ajax_process_google_login",146,{"action":365,"nopriv":369,"callback":366,"hasNonce":353,"hasCapCheck":353,"file":182,"line":370},true,147,{"action":372,"nopriv":353,"callback":373,"hasNonce":353,"hasCapCheck":353,"file":182,"line":374},"refresh_approved_user_list","ajax_refresh_approved_user_list",150,{"action":376,"nopriv":353,"callback":377,"hasNonce":353,"hasCapCheck":353,"file":182,"line":378},"auth_settings_ldap_test_user","ajax_auth_settings_ldap_test_user",153,{"action":380,"nopriv":353,"callback":381,"hasNonce":353,"hasCapCheck":353,"file":182,"line":382},"auth_settings_search_users","ajax_auth_settings_search_users",156,[],[385],{"tag":386,"callback":387,"file":182,"line":388},"authorizer_login_form","shortcode_authorizer_login_form",167,[],{"dangerousFunctions":391,"sqlUsage":397,"outputEscaping":403,"fileOperations":29,"externalRequests":28,"nonceChecks":282,"capabilityChecks":131,"bundledLibraries":413},[392],{"fn":393,"file":394,"line":395,"context":396},"unserialize","src\\authorizer\\options\\class-advanced.php",306,"$meta_value          = unserialize( $meta_value[0] );",{"prepared":28,"raw":28,"locations":398},[399],{"file":400,"line":401,"context":402},"src\\authorizer\\class-helper.php",228,"$wpdb->get_col() with variable interpolation",{"escaped":404,"rawEcho":405,"locations":406},740,2,[407,411],{"file":408,"line":409,"context":410},"src\\authorizer\\class-ajax-endpoints.php",451,"raw output",{"file":408,"line":412,"context":410},908,[414,417,420],{"name":415,"version":38,"knownCves":416},"jQuery",[],{"name":418,"version":38,"knownCves":419},"Guzzle",[],{"name":421,"version":38,"knownCves":422},"Select2",[],[424,448,458,477,490],{"entryPoint":425,"graph":426,"unsanitizedCount":28,"severity":447},"ajax_refresh_approved_user_list (src\\authorizer\\class-ajax-endpoints.php:322)",{"nodes":427,"edges":444},[428,433,437],{"id":429,"type":430,"label":431,"file":408,"line":432},"n0","source","$_REQUEST",437,{"id":434,"type":435,"label":436,"file":408,"line":432},"n1","transform","→ render_user_element()",{"id":438,"type":439,"label":440,"file":441,"line":442,"wp_function":443},"n2","sink","echo() [XSS]","src\\authorizer\\options\\class-access-lists.php",551,"echo",[445,446],{"from":429,"to":434,"sanitized":353},{"from":434,"to":438,"sanitized":353},"medium",{"entryPoint":449,"graph":450,"unsanitizedCount":28,"severity":447},"\u003Cclass-ajax-endpoints> (src\\authorizer\\class-ajax-endpoints.php:0)",{"nodes":451,"edges":455},[452,453,454],{"id":429,"type":430,"label":431,"file":408,"line":432},{"id":434,"type":435,"label":436,"file":408,"line":432},{"id":438,"type":439,"label":440,"file":441,"line":442,"wp_function":443},[456,457],{"from":429,"to":434,"sanitized":353},{"from":434,"to":438,"sanitized":353},{"entryPoint":459,"graph":460,"unsanitizedCount":28,"severity":447},"\u003Cclass-access-lists> (src\\authorizer\\options\\class-access-lists.php:0)",{"nodes":461,"edges":473},[462,465,467,469,471],{"id":429,"type":430,"label":463,"file":441,"line":464},"$_REQUEST (x14)",187,{"id":434,"type":439,"label":440,"file":441,"line":466,"wp_function":443},276,{"id":438,"type":430,"label":431,"file":441,"line":468},213,{"id":470,"type":435,"label":436,"file":441,"line":468},"n3",{"id":472,"type":439,"label":440,"file":441,"line":442,"wp_function":443},"n4",[474,475,476],{"from":429,"to":434,"sanitized":369},{"from":438,"to":470,"sanitized":353},{"from":470,"to":472,"sanitized":353},{"entryPoint":478,"graph":479,"unsanitizedCount":405,"severity":489},"check_user_access (src\\authorizer\\class-authorization.php:38)",{"nodes":480,"edges":487},[481,484],{"id":429,"type":430,"label":482,"file":483,"line":363},"$_REQUEST (x2)","src\\authorizer\\class-authorization.php",{"id":434,"type":439,"label":485,"file":483,"line":382,"wp_function":486},"update_option() [Settings Manipulation]","update_option",[488],{"from":429,"to":434,"sanitized":353},"low",{"entryPoint":491,"graph":492,"unsanitizedCount":29,"severity":489},"\u003Cclass-authorization> (src\\authorizer\\class-authorization.php:0)",{"nodes":493,"edges":496},[494,495],{"id":429,"type":430,"label":482,"file":483,"line":363},{"id":434,"type":439,"label":485,"file":483,"line":382,"wp_function":486},[497],{"from":429,"to":434,"sanitized":369},{"summary":499,"deductions":500},"The authorizer plugin v3.13.4 exhibits a mixed security posture. While it demonstrates strong output escaping practices and the use of nonces and capability checks, significant concerns arise from its attack surface. A substantial number of AJAX handlers, specifically 8 out of 8, lack authentication checks. This creates a broad entry point for potential exploitation. The presence of the `unserialize` function, a known vector for deserialization vulnerabilities, is also a critical point of attention, though the taint analysis did not reveal critical or high severity unsanitized paths. The plugin has a history of a high-severity vulnerability related to improper input validation, indicating a past weakness in sanitizing user-supplied data. The absence of recent unpatched CVEs is a positive sign, suggesting ongoing maintenance. However, the high proportion of unprotected AJAX endpoints combined with the historical vulnerability type warrants careful consideration.",[501,503,505,507,509],{"reason":502,"points":149},"8 AJAX handlers without auth checks",{"reason":504,"points":51},"Dangerous function: unserialize",{"reason":506,"points":90},"1 high severity vulnerability (past)",{"reason":508,"points":51},"50% SQL queries not using prepared statements",{"reason":510,"points":42},"4 unsanitized paths in taint analysis","2026-03-16T18:09:30.085Z",{"wat":513,"direct":526},{"assetPaths":514,"generatorPatterns":519,"scriptPaths":520,"versionParams":521},[515,516,517,518],"\u002Fwp-content\u002Fplugins\u002Fauthorizer\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fauthorizer\u002Fcss\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Fauthorizer\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fauthorizer\u002Fjs\u002Fsettings.js",[],[517,518],[522,523,524,525],"authorizer\u002Fcss\u002Fadmin.css?ver=","authorizer\u002Fcss\u002Fsettings.css?ver=","authorizer\u002Fjs\u002Fadmin.js?ver=","authorizer\u002Fjs\u002Fsettings.js?ver=",{"cssClasses":527,"htmlComments":533,"htmlAttributes":540,"restEndpoints":544,"jsGlobals":546,"shortcodeOutput":549},[528,529,530,531,532],"authorizer-login-access","authorizer-public-access","authorizer-access-lists","authorizer-external-options","authorizer-advanced-options",[534,535,536,537,538,539],"\u003C!-- Authorizer Settings -->","\u003C!-- Authorizer Login Access Settings -->","\u003C!-- Authorizer Public Access Settings -->","\u003C!-- Authorizer Access Lists Settings -->","\u003C!-- Authorizer External Authentication Settings -->","\u003C!-- Authorizer Advanced Settings -->",[541,542,543],"data-authorizer-role-select","data-authorizer-pending-user-notification","data-authorizer-pending-user-message",[545],"\u002Fwp-json\u002Fauthorizer\u002Fv1\u002Fsettings",[547,548],"AuthorizerAdmin","AuthorizerSettings",[]]