[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fj6lZVjVrWMxv9CZPDFSkJ8orSat564GvX5CZ1tICY6I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":127,"fingerprints":293},"av-2fa","AV 2FA","1.2.0","Avrasys","https:\u002F\u002Fprofiles.wordpress.org\u002Favrasys\u002F","\u003Cp>AV 2FA adds a crucial layer of security to your WordPress login process. After a user successfully enters their password, this plugin sends a unique, time-sensitive verification code to their registered email address. The user must then enter this code to complete the login, effectively protecting their account even if their password is compromised.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be lightweight, easy to use, and seamlessly integrated into the WordPress experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email-Based 2FA:\u003C\u002Fstrong> Sends a 6-digit verification code to the user’s email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide your login page by setting a custom login slug. The default wp-login.php becomes inaccessible, protecting against brute force attacks and bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting & Account Lockout:\u003C\u002Fstrong> Protects against brute force attacks on 2FA codes with configurable thresholds and temporary lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive Lockout:\u003C\u002Fstrong> Automatically increases lockout duration for repeat offenders (2x, 4x, 8x multiplier).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-Based Protection:\u003C\u002Fstrong> Tracks failed attempts by IP address to prevent distributed attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications:\u003C\u002Fstrong> Alerts users when their account is locked due to suspicious activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Controls:\u003C\u002Fstrong> View and manually unlock locked accounts from the settings page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Code Validity:\u003C\u002Fstrong> Admin can set how long the code is valid for (default is 60 seconds).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Exclusion List:\u003C\u002Fstrong> Easily bypass 2FA for specific users (e.g., admin or integration accounts) by adding their User ID to an exclusion list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Countdown Timer:\u003C\u002Fstrong> The verification screen displays a countdown timer to show the user how much time is left.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure & Reliable:\u003C\u002Fstrong> Uses WordPress’s built-in mailer and secure practices for code generation and verification.\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and secure Two-Factor Authentication plugin that sends a verification code to your email.",0,290,100,1,"","6.9.4","5.2","7.4",[20,21,22,23],"2fa","secure-login","security","two-factor-authentication","https:\u002F\u002Favrasys.hu\u002Fletoltes\u002Fav-2fa-wordpress-ketfaktoros-hitelesites-bovitmeny","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fav-2fa.1.2.0.zip",null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"avrasys",30,94,"2026-04-03T21:28:13.046Z",[35,57,77,97,112],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":15,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[20,52,53,22,23],"captcha","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,"2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"rublon","Rublon Multi-Factor Authentication (MFA)","4.4.5","Rublon","https:\u002F\u002Fprofiles.wordpress.org\u002Frublon\u002F","\u003Cp>Rublon MFA is a multi-factor authentication (MFA) solution that protects your organization’s data and access to networks, servers, and applications. Rublon MFA provides MFA for cloud apps, VPNs, servers, and Microsoft technologies using authentication methods like \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fmobile-push\u002F\" rel=\"nofollow ugc\">Mobile Push\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsms-passcodes\u002F\" rel=\"nofollow ugc\">SMS Passcode\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fqr-codes\u002F\" rel=\"nofollow ugc\">QR Code\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsecurity-keys\u002F\" rel=\"nofollow ugc\">WebAuthn\u002FU2F Security Keys\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>Rublon MFA is easy to use, affordable, and scalable. It helps reduce compliance risk, improve user experience, and reduce costs. Rublon MFA is compatible with a variety of technologies, including but not limited to \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdocs\u002F#vpn\" rel=\"nofollow ugc\">VPN\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Frds\u002F\" rel=\"nofollow ugc\">Remote Desktop Services (RDS)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fowa\u002F\" rel=\"nofollow ugc\">Outlook Web App (OWA)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fldap-mfa\u002F\" rel=\"nofollow ugc\">LDAP\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fradius-mfa\u002F\" rel=\"nofollow ugc\">RADIUS\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fwordpress\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Start your \u003Ca href=\"https:\u002F\u002Fadmin.rublon.net\u002Fauth\u002Fregister\" rel=\"nofollow ugc\">Free 30-Day Trial\u003C\u002Fa> and see how easy it is to get started with Rublon MFA.\u003C\u002Fh3>\n\u003Ch3>To learn more, visit \u003Ca href=\"https:\u002F\u002Frublon.com\u002F\" rel=\"nofollow ugc\">www.rublon.com\u003C\u002Fa>.\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Ch4>Recommended by Security Experts and Industry Professionals\u003C\u002Fh4>\n\u003Cp>\u003Cem>“The fact that I could speak instantly with tech support while evaluating was super important. Connecting with Rublon technicians via remote sessions was SUPER handy to assist with setting things up.” — \u003Cstrong>Chris D., Manager of GIS\u002FIT\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“We were able to get Rublon MFA installed, tested, and in use in under a day across all offices.” — \u003Cstrong>Ethan M. Hospital & Health Care\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“Product was absolutely superb for integrating MFA into our RDS solution very easy to use and the moblie app was brilliant for our end users.” — \u003Cstrong>Scott L., IT Network Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“we tested a trial version, it was very easy to set up. we got the pricing immediately. other suppliers did not even replied to my email yet and i already implemented Rublon” — \u003Cstrong>Mihail B., Logistics Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“I searched for a tool for a very specific security need and Rublon filled that need perfectly. Not only does it work every single time as expected, the support and setup are amazing! Highly recommended.” — \u003Cstrong>Charles D., Financial Services\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fcustomers\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>In What Languages Is Rublon For WordPress Available?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Japanese (translated by \u003Ca href=\"https:\u002F\u002Fen.digitalcube.jp\" rel=\"nofollow ugc\">Digital Cube\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Turkish (translated by Mehmet Emre Baş, proofread by Tarık Çayır)\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Ch4>Follow Us\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FRublonApp\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002F2772205\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Frublon\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Legal notice\u003C\u002Fh3>\n\u003Cp>I have read and agree to the \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Ftos\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> before installing the Rublon WordPress Plugin.\u003C\u002Fp>\n","Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn\u002FU2F Security Keys, and more.",500,116338,84,88,"2025-12-04T13:45:00.000Z","5.0","5.5.1",[20,73,74,22,23],"mfa","multi-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Frublon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frublon.4.4.5.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"passclip-auth-for-wordpress","PassClip Auth for WordPress","1.0.5","Passlogy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpasslogy\u002F","\u003Cp>You need strong password to protect your site. However, how do you remember it or is it really strong?\u003Cbr \u002F>\n“PassClip Auth” provides really strong password that is also easy to remember.\u003Cbr \u002F>\nOnce you make your “pattern”, you can get your password using “PassClip”. And the password will change every 30 seconds(at the shortest).\u003C\u002Fp>\n\u003Ch4>Get and sign up for PassClip\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fwww.passclip.com\u002F\" rel=\"nofollow ugc\">the page about PassClip\u003C\u002Fa> and install PassClip on your smart phone.\u003C\u002Fli>\n\u003Cli>Activate your PassClip by registering your “pattern” and email address.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Sign up for PassClip Auth(PCA)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Input PassClip Code “paauth” in your PassClip. That makes a new slot in your PassClip.\u003C\u002Fli>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fmember.passclip.com\u002Fmember\u002Fui\u002F\" rel=\"nofollow ugc\">PassClip Auth member’s page\u003C\u002Fa> and log in with your email address and password which the slot shows you.\u003C\u002Fli>\n\u003Cli>Make your “PassClip Code”. And then you get your “PassClip Auth app service id(PCA app service id)”. You need both “code” and “id” to use this plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to apply PassClip Auth to your site\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin to your WordPress.\u003C\u002Fli>\n\u003Cli>Go to PassClip Auth Options Setting from the menu.\u003C\u002Fli>\n\u003Cli>Input the PassClip Auth app service id(PCA app service id), PassClip Code and other items in the setting page and click the “Save Change” button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to log in to WordPress site with PassClip Auth\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Users register PassClip Code of your site in their PassClip. That makes a new slot to get password to log in to your site.\u003C\u002Fli>\n\u003Cli>Show the password in PassClip (tap the new slot).\u003C\u002Fli>\n\u003Cli>In login form of your site, users enter email address and password in the slot. (\u003Cstrong>Users do not need general WordPress password.\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Click the “Log in” button.\u003C\u002Fli>\n\u003C\u002Fol>\n","\"PassClip Auth\" provides strong and easy authentication. \"PassClip Auth for WordPress\" is the plugin to launch PassClip Auth to Wo …",10,2199,"2019-12-27T07:42:00.000Z","5.3.21","4.5","5.3.3",[20,92,93,22,23],"login","otp","https:\u002F\u002Fwww.passclip.com\u002Fja\u002Fpca\u002Fpca_for_wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassclip-auth-for-wordpress.1.0.6.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":15,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":110,"download_link":111,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"4login-for-secure-and-smart-access","4Login for Secure And Smart Access","0.1.0","4login","https:\u002F\u002Fprofiles.wordpress.org\u002F4login\u002F","\u003Cp>Secure your site with a strong password — without the hassle of remembering it.\u003Cbr \u002F>\nWith 4Login, you get simple yet powerful authentication that connects to an external server.\u003Cbr \u002F>\nSimply create your own pattern to generate a dynamic password that updates every 60 minutes.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002F\" rel=\"nofollow ugc\">operation Instructions \u003C\u002Fa> for instructions on how to use 4Login.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external API to enable 4Login authentication.\u003Cbr \u002F>\nWhen logging in with 4Login, the plugin sends the 4Login App Service ID, the user’s email address, and a dynamic password .\u003Cbr \u002F>\nThese credentials are entered directly within the WordPress login interface.\u003C\u002Fp>\n\u003Cp>This authentication service is provided by Passlogy.\u003Cbr \u002F>\nFor more information, please review our\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fen\u002Fauto_terms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fprivacy-policy\u002F?en=app\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","4Login will give you an easy and powerful authentication (connect to an external server for authentication).",431,"6.8.5","6.7","8.0",[20,92,93,22,23],"https:\u002F\u002Fwww.4login.jp\u002F4login-for-secure-and-smart-access\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F4login-for-secure-and-smart-access.0.1.0.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":11,"num_ratings":11,"last_updated":121,"tested_up_to":16,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":15,"download_link":126,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"cloudusk-2fa-two-factor-authentication","Cloudusk 2FA – Two Factor Authentication","0.0.1","cloudusk","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudusk\u002F","\u003Cp>Cloudusk 2FA – Two Factor Authentication is a free and easy-to-use two-factor authentication (2FA) plugin for WordPress.\u003C\u002Fp>\n\u003Cp>It adds an extra layer of security to your WordPress login by requiring a time-based one-time password (TOTP) in addition to a username and password. This helps protect WordPress user accounts from unauthorized access caused by weak or compromised passwords, brute-force attacks, and automated login attempts.\u003C\u002Fp>\n\u003Cp>Cloudusk 2FA uses industry-standard TOTP (RFC 6238) and works with popular authenticator apps such as Google Authenticator, Authy, and Microsoft Authenticator. No SMS, email codes, or third-party services are required.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be lightweight and user-friendly, with a simple setup process that can be completed directly from the user profile screen.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>TOTP-based two-factor authentication for WordPress\u003C\u002Fli>\n\u003Cli>Compatible with Google Authenticator, Authy, Microsoft Authenticator, and other TOTP apps\u003C\u002Fli>\n\u003Cli>QR code-based setup\u003C\u002Fli>\n\u003Cli>Backup recovery codes to prevent lockouts\u003C\u002Fli>\n\u003Cli>No SMS, email, or external services required\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login flow\u003C\u002Fli>\n\u003Cli>Fully free to use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>Cloudusk 2FA does not send any data to external services. All authentication is handled locally within your WordPress installation.\u003C\u002Fp>\n","A free and lightweight two-factor authentication (2FA) plugin for WordPress using TOTP and authenticator apps.",103,"2026-01-29T13:47:00.000Z","6.0","8.1",[20,125,22,23],"google-authenticator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudusk-2fa-two-factor-authentication.0.0.1.zip",{"attackSurface":128,"codeSignals":242,"taintFlows":251,"riskAssessment":289,"analyzedAt":292},{"hooks":129,"ajaxHandlers":225,"restRoutes":236,"shortcodes":237,"cronEvents":238,"entryPointCount":241,"unprotectedCount":11},[130,136,139,143,148,152,155,161,165,169,173,177,181,185,189,193,197,201,206,210,213,216,221],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","add_admin_menu","includes\\class-av-2fa-admin.php",29,{"type":131,"name":137,"callback":138,"file":134,"line":31},"admin_init","register_settings",{"type":131,"name":140,"callback":141,"file":134,"line":142},"admin_enqueue_scripts","enqueue_admin_scripts",31,{"type":131,"name":144,"callback":145,"priority":14,"file":146,"line":147},"init","handle_custom_login_request","includes\\class-av-2fa-custom-login.php",163,{"type":131,"name":149,"callback":150,"priority":14,"file":146,"line":151},"wp_loaded","block_admin_access",166,{"type":131,"name":149,"callback":153,"priority":14,"file":146,"line":154},"block_default_login",169,{"type":156,"name":157,"callback":158,"priority":159,"file":146,"line":160},"filter","login_url","filter_login_url",9999,172,{"type":156,"name":162,"callback":163,"priority":159,"file":146,"line":164},"logout_url","filter_logout_url",173,{"type":156,"name":166,"callback":167,"priority":159,"file":146,"line":168},"lostpassword_url","filter_lostpassword_url",174,{"type":156,"name":170,"callback":171,"priority":159,"file":146,"line":172},"register_url","filter_register_url",175,{"type":156,"name":174,"callback":175,"priority":159,"file":146,"line":176},"site_url","filter_site_url",178,{"type":156,"name":178,"callback":179,"priority":159,"file":146,"line":180},"network_site_url","filter_network_site_url",179,{"type":156,"name":182,"callback":183,"priority":159,"file":146,"line":184},"login_form_action","filter_login_form_action",182,{"type":156,"name":186,"callback":187,"priority":159,"file":146,"line":188},"lostpassword_redirect","filter_lostpassword_redirect",185,{"type":156,"name":190,"callback":191,"priority":159,"file":146,"line":192},"wp_redirect","filter_wp_redirect",188,{"type":156,"name":194,"callback":195,"priority":159,"file":146,"line":196},"wp_safe_redirect_fallback","filter_safe_redirect_fallback",191,{"type":156,"name":198,"callback":199,"priority":159,"file":146,"line":200},"retrieve_password_message","filter_retrieve_password_message",194,{"type":156,"name":202,"callback":203,"priority":31,"file":204,"line":205},"authenticate","initiate_2fa_check","includes\\class-av-2fa-login.php",27,{"type":156,"name":207,"callback":208,"priority":85,"file":204,"line":209},"login_redirect","handle_2fa_redirect",28,{"type":131,"name":211,"callback":212,"file":204,"line":135},"login_init","handle_2fa_verification_page",{"type":131,"name":214,"callback":215,"file":204,"line":31},"login_enqueue_scripts","enqueue_login_scripts",{"type":131,"name":217,"callback":218,"file":219,"line":220},"av_2fa_daily_cleanup","cleanup_old_data","includes\\class-av-2fa-security.php",75,{"type":131,"name":137,"callback":222,"file":223,"line":224},"maybe_upgrade","includes\\class-av-2fa.php",87,[226,232],{"action":227,"nopriv":228,"callback":229,"hasNonce":230,"hasCapCheck":230,"file":134,"line":231},"av_2fa_generate_slug",false,"ajax_generate_slug",true,32,{"action":233,"nopriv":228,"callback":234,"hasNonce":230,"hasCapCheck":230,"file":134,"line":235},"av_2fa_unlock_user","ajax_unlock_user",33,[],[],[239],{"hook":217,"callback":217,"file":219,"line":240},79,2,{"dangerousFunctions":243,"sqlUsage":244,"outputEscaping":246,"fileOperations":11,"externalRequests":11,"nonceChecks":249,"capabilityChecks":241,"bundledLibraries":250},[],{"prepared":85,"raw":11,"locations":245},[],{"escaped":247,"rawEcho":11,"locations":248},66,[],4,[],[252,278],{"entryPoint":253,"graph":254,"unsanitizedCount":11,"severity":277},"render_2fa_form (includes\\class-av-2fa-login.php:243)",{"nodes":255,"edges":274},[256,261,267,271],{"id":257,"type":258,"label":259,"file":204,"line":260},"n0","source","$_GET (x2)",327,{"id":262,"type":263,"label":264,"file":204,"line":265,"wp_function":266},"n1","sink","echo() [XSS]",355,"echo",{"id":268,"type":258,"label":269,"file":204,"line":270},"n2","$_REQUEST",265,{"id":272,"type":263,"label":264,"file":204,"line":273,"wp_function":266},"n3",381,[275,276],{"from":257,"to":262,"sanitized":230},{"from":268,"to":272,"sanitized":230},"low",{"entryPoint":279,"graph":280,"unsanitizedCount":11,"severity":277},"\u003Cclass-av-2fa-login> (includes\\class-av-2fa-login.php:0)",{"nodes":281,"edges":286},[282,283,284,285],{"id":257,"type":258,"label":259,"file":204,"line":260},{"id":262,"type":263,"label":264,"file":204,"line":265,"wp_function":266},{"id":268,"type":258,"label":269,"file":204,"line":270},{"id":272,"type":263,"label":264,"file":204,"line":273,"wp_function":266},[287,288],{"from":257,"to":262,"sanitized":230},{"from":268,"to":272,"sanitized":230},{"summary":290,"deductions":291},"The \"av-2fa\" plugin v1.2.0 exhibits a strong security posture based on the provided static analysis.  The absence of any identified dangerous functions, raw SQL queries, file operations, or external HTTP requests is commendable. Furthermore, 100% of SQL queries utilize prepared statements, and all identified output is properly escaped, significantly mitigating common web application vulnerabilities like SQL injection and cross-site scripting (XSS). The presence of nonce and capability checks on all identified entry points (AJAX handlers) indicates a robust defense against unauthorized actions.\n\nThe vulnerability history for this plugin is clean, with zero recorded CVEs across all severity levels and no common vulnerability types identified. This suggests a history of secure development and maintenance.  However, while the current version appears secure, it is crucial to maintain vigilance. The absence of any identified vulnerabilities in the past does not guarantee future immunity, and ongoing security audits and updates are always recommended for any plugin.\n\nIn conclusion, \"av-2fa\" v1.2.0 is a well-secured plugin. Its adherence to secure coding practices, evident in its handling of SQL, output escaping, and authentication mechanisms, along with a clean vulnerability history, makes it a low-risk option. The minimal attack surface and the fact that all entry points are protected further bolster its security. No deductions are warranted based on the provided data.",[],"2026-03-17T06:05:25.976Z",{"wat":294,"direct":303},{"assetPaths":295,"generatorPatterns":298,"scriptPaths":299,"versionParams":300},[296,297],"\u002Fwp-content\u002Fplugins\u002Fav-2fa\u002Fassets\u002Fjs\u002Fav-2fa-admin.js","\u002Fwp-content\u002Fplugins\u002Fav-2fa\u002Fassets\u002Fcss\u002Fav-2fa-admin.css",[],[296],[301,302],"av-2fa\u002Fassets\u002Fjs\u002Fav-2fa-admin.js?ver=","av-2fa\u002Fassets\u002Fcss\u002Fav-2fa-admin.css?ver=",{"cssClasses":304,"htmlComments":307,"htmlAttributes":308,"restEndpoints":310,"jsGlobals":314,"shortcodeOutput":316},[305,306],"av-2fa-settings-wrap","av-2fa-field",[],[309],"data-av-2fa-nonce",[311,312,313],"\u002Fwp-json\u002Fav-2fa\u002Fv1\u002Fvalidate-code","\u002Fwp-json\u002Fav-2fa\u002Fv1\u002Fsend-code","\u002Fwp-json\u002Fav-2fa\u002Fv1\u002Fgenerate-slug",[315],"av2fa_admin_params",[]]