[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frJKHvCoNKZa5UGnZWCtXfpda3Dy8PTzMFW7YF791dG0":3,"$fo80ycvcWJdW8o_QVsHaE7ow1a7HRz5DRcmX-fG-wLks":271,"$f8SeZtfa0Aib9KbKY_FUQBeGn0H6_nuIr01W0_wmMs6s":275},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":37,"analysis":118,"fingerprints":250},"beyond-identity-passwordless","Beyond Identity Passwordless","1.0.0","Anna Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Fannagarcia\u002F","\u003Cp>Are you or your customers tired of remembering passwords?\u003C\u002Fp>\n\u003Cp>This plugin provides a secure and convenient solution to log into your WordPress website. With Beyond Identity, you can say goodbye to password fatigue and improve your website’s security.\u003C\u002Fp>\n\u003Cp>Once activated, you will see:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Passwordless UI that integrates seamlessly on with the WordPress login page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity Settings page for WordPress admins to configure their Beyond Identity account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity filter on the WordPress Dashboard’s Users page to view which users use passkeys.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Before you begin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You will need a Beyond Identity account to configure this plugin.\u003Cbr \u002F>\nBeyond Identity currently uses “Universal Passkeys,” which are specific to Beyond Identity and have two benefits over your average FIDO2 passkeys.\u003Cbr \u002F>\n1. Universal Passkeys never leave the device on which they are created. This makes them much more secure.\u003Cbr \u002F>\n2. Universal Passkeys work everywhere. Some browsers (Firefox) do not support passkeys. Universal Passkeys work everywhere, even on Firefox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming soon:\u003C\u002Fstrong> Vanilla WebAuthn FIDO2 passkeys. These passkeys allow syncing between devices and work with passkey managers.\u003C\u002Fp>\n\u003Cp>As a Beyond Identity admin, you will have several configuration options including selecting passkey flavors and customizing the login page.\u003C\u002Fp>\n\u003Ch3>Admin Set Up\u003C\u002Fh3>\n\u003Cp>First, sign up for a free developer account by visiting: https:\u002F\u002Fwww.beyondidentity.com\u002Fdevelopers\u003C\u002Fp>\n\u003Cp>Once you have a developer account you will need to set several values for the OIDC server. Follow the steps below to configure a Beyond Identity application. Most defaults are fine. However make sure the following are set:\u003C\u002Fp>\n\u003Col>\n\u003Cli>In your Beyond Identity Console, navigate to the \u003Cstrong>Apps\u003C\u002Fstrong> tab under Authentication\u003C\u002Fli>\n\u003Cli>Tap \u003Cstrong>Add an application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Protocol\u003C\u002Fstrong> to \u003Cstrong>OIDC\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Client Type\u003C\u002Fstrong> to \u003Cstrong>Confidential\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>PKCE\u003C\u002Fstrong> to \u003Cstrong>Disabled\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Redirect URIs\u003C\u002Fstrong> to include \u003Ccode>https:\u002F\u002F${your-website-domain.com}\u002Fwp-admin\u002Fadmin-ajax.php?action=openid-connect-authorize\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Token Configuration\u003C\u002Fstrong> > \u003Cstrong>Subject\u003C\u002Fstrong> to \u003Cstrong>id\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>At the top of the page, navigate to your application’s \u003Cstrong>Authenticator Config\u003C\u002Fstrong> tab\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Configuration Type\u003C\u002Fstrong> to \u003Cstrong>Hosted Web\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The recommended defaults for \u003Cstrong>Authentication Profile\u003C\u002Fstrong> are fine but feel free to modify\u003C\u002Fli>\n\u003Cli>Tap the \u003Cstrong>Submit\u003C\u002Fstrong> button to save your changes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Finally, go to your WordPress dashboard and find the Beyond Identity Settings page. You will need three generated values from your newly created application. You can find the \u003Cstrong>Issuer URL\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong> in the Beyond Identity Console’s application that you just created.\u003C\u002Fp>\n\u003Cp>For more information on how Beyond Identity works, visit the \u003Ca href=\"http:\u002F\u002Fdeveloper.beyondidentity.com\" rel=\"nofollow ugc\">developer documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For help, reach out on \u003Ca href=\"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fbyndid\u002Fshared_invite\u002Fzt-1anns8n83-NQX4JvW7coi9dksADxgeBQ\" rel=\"nofollow ugc\">Slack\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>This plugin also provides shortcodes that can be used on any page or post. These include:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_login_button]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates a button to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_auth_url]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates the authorize URL to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cp>For information on shortcode customization attributes, please refer to the documentation available in the Settings > Beyond Identity dashboard page after activating the plugin.\u003C\u002Fp>\n","A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.",0,721,40,1,"2023-10-16T21:38:00.000Z","6.3.8","4.9","7.2",[20,21,22,23,24],"authentication","login","passkeys","passwordless","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeyond-identity-passwordless.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"annagarcia",30,84,"2026-05-20T01:28:02.250Z",[38,56,74,91,104],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":11,"num_ratings":11,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","6.9.4","5.0",[20,22,23,24,52],"webauthn","https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":55,"num_ratings":14,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",10,2480,"2022-08-29T22:06:00.000Z","5.8.13","5.5.1","7.3",[20,21,71,23,24],"magiclink","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":11,"num_ratings":11,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":89,"download_link":90,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"dolutech-passwordless-login","Dolutech Passwordless Login","1.1.0","Lucas Catão Moraes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdolutech\u002F","\u003Cp>Este plugin substitui o formulário de login padrão do WordPress por um sistema de autenticação sem senha mais seguro.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursos principais:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Login sem senha via link seguro enviado por e-mail\u003Cbr \u002F>\n* Autenticação de dois fatores (2FA) via TOTP (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Códigos de backup para recuperação de acesso\u003Cbr \u002F>\n* Verificação de IP para segurança adicional\u003Cbr \u002F>\n* Rate limiting para prevenir ataques de força bruta\u003Cbr \u002F>\n* Painel de configurações completo no wp-admin\u003Cbr \u002F>\n* Opção de tornar 2FA obrigatório para perfis específicos\u003C\u002Fp>\n\u003Cp>O link de login expira imediatamente após o primeiro uso ou após o tempo configurado (padrão 15 minutos). A autenticação só é permitida pelo mesmo IP que solicitou o login.\u003C\u002Fp>\n","Permite login seguro sem senha com tecnologia passwordless e autenticação de dois fatores (2FA) via TOTP.",423,"2025-09-02T19:34:00.000Z","6.8.5","6.5","8.2",[88,20,21,23,24],"2fa","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdolutech-passwordless-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolutech-passwordless-login.1.1.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":11,"num_ratings":11,"last_updated":100,"tested_up_to":49,"requires_at_least":50,"requires_php":25,"tags":101,"homepage":25,"download_link":103,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"elevation-magic-link","Elevation Magic Link Login","1.2.2","Elevation Team","https:\u002F\u002Fprofiles.wordpress.org\u002Felevation1support\u002F","\u003Cp>Elevation Magic Link Login allows your users to sign in without remembering a password. By simply entering their username or email address, they receive a secure, time-sensitive link via email that logs them in instantly.\u003C\u002Fp>\n\u003Cp>This plugin is built with security as a priority, utilizing WordPress best practices such as nonces, input sanitization, output escaping, hashed tokens, and HMAC signatures to ensure your site and users remain protected.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Adds a “Send Me a Magic Link” button to the default WP login form.\u003C\u002Fp>\n\u003Cp>New: Toggle-based UI that hides the password field when requesting a link for a cleaner experience.\u003C\u002Fp>\n\u003Cp>Secure, high-entropy token generation.\u003C\u002Fp>\n\u003Cp>Tokens are hashed before storage for maximum security.\u003C\u002Fp>\n\u003Cp>Cross-device support: Uses stateless HMAC signatures to validate links even if opened on a different device than requested.\u003C\u002Fp>\n\u003Cp>One-time use links that expire after 15 minutes (filterable).\u003C\u002Fp>\n\u003Cp>No-password fallback for users who forget their credentials.\u003C\u002Fp>\n\u003Cp>Lightweight and developer-friendly.\u003C\u002Fp>\n\u003Cp>Filterable redirect URL after successful login.\u003C\u002Fp>\n","Add a secure, passwordless login option to the default WordPress login form.",144,"2026-01-23T18:34:00.000Z",[20,21,102,23,24],"magic-link","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felevation-magic-link.1.2.2.zip",{"slug":105,"name":106,"version":77,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":11,"num_ratings":11,"last_updated":112,"tested_up_to":49,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":25,"download_link":116,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":117},"loginease","LoginEase","Killian Santos","https:\u002F\u002Fprofiles.wordpress.org\u002Fkilliansantos\u002F","\u003Cp>LoginEase lets your users log in without passwords by sending a secure “magic login link” to their email.\u003Cbr \u002F>\nIt integrates seamlessly with the standard WordPress login form, supports a custom login URL slug, and optionally disables classic password login.\u003C\u002Fp>\n","Passwordless login via secure magic links on the WordPress login form.",266,"2026-01-15T17:39:00.000Z","6.0","8.0",[20,21,102,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginease.1.1.0.zip","2026-04-06T09:54:40.288Z",{"attackSurface":119,"codeSignals":228,"taintFlows":236,"riskAssessment":237,"analyzedAt":249},{"hooks":120,"ajaxHandlers":199,"restRoutes":208,"shortcodes":215,"cronEvents":225,"entryPointCount":226,"unprotectedCount":227},[121,127,134,138,142,146,150,154,158,163,166,169,174,178,182,187,191,195],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","rest_api_init","closure","beyond-identity-passwordless.php",32,{"type":128,"name":129,"callback":130,"priority":131,"file":132,"line":133},"filter","allowed_redirect_hosts","update_allowed_redirect_hosts",99,"openid-connect\u002Fincludes\u002Fopenid-connect-generic-client-wrapper.php",66,{"type":128,"name":135,"callback":136,"priority":131,"file":132,"line":137},"logout_redirect","get_end_session_logout_redirect_url",67,{"type":128,"name":139,"callback":140,"priority":64,"file":132,"line":141},"beyond-identity-passwordless-alter-request","alter_request",71,{"type":122,"name":143,"callback":144,"file":132,"line":145},"parse_request","alternate_redirect_uri_parse_request",86,{"type":122,"name":147,"callback":148,"file":132,"line":149},"wp_loaded","ensure_tokens_still_fresh",91,{"type":122,"name":151,"callback":151,"file":152,"line":153},"init","openid-connect\u002Fopenid-connect-generic.php",256,{"type":122,"name":155,"callback":156,"priority":11,"file":152,"line":157},"template_redirect","enforce_privacy_redirect",259,{"type":128,"name":159,"callback":160,"priority":161,"file":152,"line":162},"the_content_feed","enforce_privacy_feeds",999,260,{"type":128,"name":164,"callback":160,"priority":161,"file":152,"line":165},"the_excerpt_rss",261,{"type":128,"name":167,"callback":160,"priority":161,"file":152,"line":168},"comment_text_rss",262,{"type":128,"name":170,"callback":171,"file":172,"line":173},"login_message","add_plugin_to_login_form","src\u002Flogin-form.php",17,{"type":122,"name":175,"callback":176,"file":177,"line":34},"admin_menu","add_settings_page","src\u002Fsettings.php",{"type":122,"name":179,"callback":180,"file":177,"line":181},"admin_init","configure_settings",33,{"type":128,"name":183,"callback":184,"file":185,"line":186},"manage_users_columns","show_user_bi_id_meta_data","src\u002Fusers-page.php",14,{"type":128,"name":188,"callback":189,"priority":64,"file":185,"line":190},"manage_users_custom_column","custom_user_column_content",15,{"type":128,"name":192,"callback":193,"priority":64,"file":185,"line":194},"views_users","passwordless_user_count",16,{"type":122,"name":196,"callback":197,"file":185,"line":198},"pre_get_users","filter_users_by_meta_data",19,[200,205],{"action":201,"nopriv":202,"callback":203,"hasNonce":202,"hasCapCheck":202,"file":132,"line":204},"openid-connect-authorize",false,"authentication_request_callback",78,{"action":201,"nopriv":206,"callback":203,"hasNonce":202,"hasCapCheck":202,"file":132,"line":207},true,79,[209],{"namespace":210,"route":211,"methods":212,"callback":214,"permissionCallback":28,"file":125,"line":181},"beyondidentity\u002Fv1","\u002FpasskeySuccess",[213],"GET","getPasskeySuccess",[216,221],{"tag":217,"callback":218,"file":219,"line":220},"beyond_identity_login_button","make_login_button","openid-connect\u002Fincludes\u002Fopenid-connect-generic-login-form.php",37,{"tag":222,"callback":223,"file":152,"line":224},"beyond_identity_auth_url","get_authentication_url",130,[],5,3,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":232,"fileOperations":11,"externalRequests":227,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":235},[],{"prepared":14,"raw":11,"locations":231},[],{"escaped":233,"rawEcho":11,"locations":234},68,[],[],[],{"summary":238,"deductions":239},"The \"beyond-identity-passwordless\" plugin v1.0.0 exhibits several security concerns despite a lack of recorded vulnerabilities. The static analysis reveals an attack surface with 3 out of 5 entry points lacking proper authentication or permission checks. Specifically, 2 AJAX handlers and 1 REST API route are exposed without these critical security measures. While the code signals indicate a good practice of using prepared statements for SQL queries and proper output escaping, the absence of nonce checks and capability checks on AJAX requests is a significant weakness.  The taint analysis showing no flows is positive, but it may be limited by the depth of the analysis. The complete absence of recorded vulnerabilities in the history is a strength, suggesting either good development practices or that the plugin hasn't been a target. However, the exposed entry points present a clear risk of unauthorized access or manipulation if exploited.",[240,242,244,247],{"reason":241,"points":64},"AJAX handlers without auth checks",{"reason":243,"points":64},"REST API routes without permission callbacks",{"reason":245,"points":246},"Nonce checks missing on AJAX handlers",7,{"reason":248,"points":246},"Capability checks missing on AJAX handlers","2026-04-16T14:43:56.388Z",{"wat":251,"direct":260},{"assetPaths":252,"generatorPatterns":255,"scriptPaths":256,"versionParams":257},[253,254],"\u002Fwp-content\u002Fplugins\u002Fbeyond-identity-passwordless\u002Fcss\u002Fbeyond-identity-passwordless.css","\u002Fwp-content\u002Fplugins\u002Fbeyond-identity-passwordless\u002Fjs\u002Fbeyond-identity-passwordless.js",[],[254],[258,259],"beyond-identity-passwordless\u002Fcss\u002Fbeyond-identity-passwordless.css?ver=","beyond-identity-passwordless\u002Fjs\u002Fbeyond-identity-passwordless.js?ver=",{"cssClasses":261,"htmlComments":263,"htmlAttributes":264,"restEndpoints":265,"jsGlobals":267,"shortcodeOutput":269},[262],"beyond_identity_passkey_form",[],[],[266],"\u002Fbeyondidentity\u002Fv1\u002FpasskeySuccess",[268],"BYNDID_OpenID_Connect_Generic",[270],"[beyond_identity_auth_url]",{"error":206,"url":272,"statusCode":273,"statusMessage":274,"message":274},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbeyond-identity-passwordless\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":276},[277],{"version":6,"download_url":26,"svn_tag_url":278,"released_at":28,"has_diff":202,"diff_files_changed":279,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":280,"is_current":206},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbeyond-identity-passwordless\u002Ftags\u002F1.0.0\u002F",[],[]]