[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXMOKPY3K22n4eiS-vJZ7XtuvQYkhVHo1V0GBATEqlEo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":139,"fingerprints":469},"blaatschaap-sso-vatsim","BlaatSchaap SSO: VATSIM","0.4.0","GromBeestje","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrombeestje\u002F","\u003Cp>The VATSIM plugin for WordPress allows you to provide authentication against VATSIM SSO.\u003C\u002Fp>\n","This plugin allows your users to sign in with VATSIM. VATSIM uses a modified OAuth protocol. The modifications cause the generic OAuth plugin not to w &hellip;",10,1660,0,"2015-04-06T22:17:00.000Z","4.1.42","3.0.0","",[19,20,21],"authentication","sso","vatsim","http:\u002F\u002Fcode.blaatschaap.be","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblaatschaap-sso-vatsim.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"grombeestje",2,20,93,30,89,"2026-04-04T07:20:14.399Z",[37,62,81,102,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":26},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",10000,661543,92,64,"2025-05-08T16:01:00.000Z","6.8.5","5.5","7.2",[19,54,55,56,20],"google","login","oauth","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip",100,1,"2022-12-01 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":51,"requires_php":76,"tags":77,"homepage":17,"download_link":80,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,117533,90,15,"2026-02-20T14:59:00.000Z","6.7.5","7.4",[19,78,56,79,20],"google-login","sign-in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":17,"tags":96,"homepage":100,"download_link":101,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"next-active-directory-integration","Next Active Directory Integration","3.2.1","neosit","https:\u002F\u002Fprofiles.wordpress.org\u002Fneosit\u002F","\u003Cp>\u003Cem>Next Active Directory Integration\u003C\u002Fem> allows WordPress to authenticate, authorize, create and update users against Microsoft Active Directory. \u003Cem>NADI\u003C\u002Fem> ist a complete rewrite of its predecessor Active Directory Integration and therefore an own plugin.\u003Cbr \u002F>\nYou can easily import users from your Active Directory into your WordPress instance and keep both synchronized through \u003Cem>Next Active Directory Integration’s\u003C\u002Fem> features.\u003C\u002Fp>\n\u003Cp>Even if \u003Cem>NADI\u003C\u002Fem> is available for free we hope you purchase a plan to let us continue the work on Next Active Directory Integration.\u003Cbr \u002F>\nYou can purchase commercial support plans at \u003Ca href=\"https:\u002F\u002Fwww.active-directory-wp.com\u002Fshop-overview\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.active-directory-wp.com\u002Fshop-overview\u002F\u003C\u002Fa>. The support plans give you access to our premium extensions and guarantee an ongoing development of the plug-in.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Authenticating WordPress users against one or multiple AD Server\u003C\u002Fli>\n\u003Cli>Authorizing users by Active Directory group memberships\u003C\u002Fli>\n\u003Cli>Managing Active Directory authentication for WordPress Multisite installations\u003C\u002Fli>\n\u003Cli>Single Sign On with Kerberos sponsored by \u003Ca href=\"http:\u002F\u002Fcolt.net\" rel=\"nofollow ugc\">Colt Technology Services\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fapp.digitalelite.co.uk\u002F\" rel=\"nofollow ugc\">Digital Elite\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Automatically create and update WordPress users based upon their Active Directory membership\u003C\u002Fli>\n\u003Cli>Mapping of Active Directory security groups to WordPress roles\u003C\u002Fli>\n\u003Cli>Protection against brute force password hacking attacks\u003C\u002Fli>\n\u003Cli>User and\u002For admin e-mail notification on failed login attempts\u003C\u002Fli>\n\u003Cli>Multi-language support (at the moment only English is included)\u003C\u002Fli>\n\u003Cli>Determining WordPress display name from Active Directory attributes\u003C\u002Fli>\n\u003Cli>Synchronizing Active Directory attributes and WordPress user meta information in both ways\u003C\u002Fli>\n\u003Cli>Embed customized Active Directory attributes in WordPress user’s profile\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable password changes for local (non-Active Directory) WordPress users\u003C\u002Fli>\n\u003Cli>Disable user accounts in WordPress if they are disabled in Active Directory.\u003C\u002Fli>\n\u003Cli>Set users local WordPress password on first and\u002For on every successful login\u003C\u002Fli>\n\u003Cli>Option to disable fallback to local (WordPress) authentication.\u003C\u002Fli>\n\u003Cli>Support for Active Directory forest environments.\u003C\u002Fli>\n\u003Cli>and much much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Extensions\u003C\u002Fh4>\n\u003Cp>As an owner of a valid support plan you have access to the following premium extensions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Profile Pictures: Synchronize profile photos from Active Directory to WordPress without a 3rd party plug-in\u003C\u002Fli>\n\u003Cli>BuddyPress profile photo: Synchronize profile photos from Active Directory to BuddyPress\u003C\u002Fli>\n\u003Cli>Buddy Press simple attributes: Synchronize attributes from Active Directory\u002FNADI to BuddyPress’ custom profiles\u003C\u002Fli>\n\u003Cli>Login with Ultimate Member: Let UM users log in by using NADI\u003C\u002Fli>\n\u003Cli>Login with WooCommerce: Let WooCommerce users log in by using NADI\u003C\u002Fli>\n\u003Cli>WP-CLI: Execute common NADI tasks (Sync to WordPress, Sync to AD) with help of WP-CLI\u003C\u002Fli>\n\u003Cli>Active Directory Forest: Be able to use one WordPress instance with your whole Active Directory forest environment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress since 5.6\u003C\u002Fli>\n\u003Cli>PHP >= 8.1\u003C\u002Fli>\n\u003Cli>LDAP support\u003C\u002Fli>\n\u003Cli>OpenSSL Support for TLS (recommended)\u003C\u002Fli>\n\u003C\u002Ful>\n","Next Active Directory Integration allows WordPress to authenticate, authorize, create and update users against Microsoft Active Directory.",2000,159243,96,16,"2025-11-28T09:08:00.000Z","6.9.4","5.6",[97,19,98,20,99],"active-directory","ldap","windows","https:\u002F\u002Fwww.active-directory-wp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnext-active-directory-integration.3.2.1.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":30,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":17,"download_link":120,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"maestro-connector","Maestro Connector","1.2.0","Bluehost","https:\u002F\u002Fprofiles.wordpress.org\u002Fbluehost\u002F","\u003Cp>As a web professional, managing multiple clients and sites can become cumbersome as your business grows. Keeping track of usernames, passwords, themes, plugins, patches, and updates across a fleet of websites often requires a variety of software, tools, and dashboards. So many moving parts can quickly become time-consuming and deplete you of your efficiency and take precious time away from helping you expand your business.\u003C\u002Fp>\n\u003Cp>Bluehost’s Maestro platform is designed to help the modern Web Pro organize their web development business on a single dashboard, so that they can focus on their clients and growing their business, without the administrative overheads.\u003C\u002Fp>\n\u003Cp>With the Maestro account, you can organize your clients and their WordPress sites onto a single dashboard, and get one-click access to the WP Admin of all the sites you manage. You no longer need to log in separately into each of your clients sites – a secure one-click login to WP Admin allows you to quickly access multiple sites from a central hub, making it easier to track, develop, design and update.\u003C\u002Fp>\n\u003Cp>Your Maestro account is free, and is separate from any existing account you might have with Bluehost.\u003C\u002Fp>\n","Give trusted web professionals admin access to your WordPress account. Revoke anytime.",500,15458,60,"2023-02-06T17:13:00.000Z","6.1.10","5.7","7.0",[19,118,119,20],"security","site-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmaestro-connector.1.2.0.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":31,"downloaded":129,"rating":13,"num_ratings":13,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":52,"tags":133,"homepage":17,"download_link":138,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"memberclicks-professional-authentication","MC Professional Authentication and User Sync","1.0.2","MemberClicks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmemberclicks\u002F","\u003Cp>The MC Professional Authentication and User Sync plugin allows you to offer exclusive member content on your WordPress site by restricting access to some or all areas of your site. As the administrator, you have control over permissions with the flexibility to set content access based on the member types and group affiliations that are already set up within your MC Professional system.\u003C\u002Fp>\n\u003Cp>To log in to your restricted WordPress site, your members can utilize convenient single sign-on (SSO) with their regular MC Professional credentials and will be able to access specific content and pages based on your settings. You even can customize the WordPress site login screen. Additionally, the plugin enables you to sync user records across your MC Professional system and WordPress site to ensure you have one consistent source of truth for user authentication.\u003C\u002Fp>\n\u003Cp>The plugin reaches out to MemberClicks Professional servers using the domain and API credentials that you enter in the plugin settings page. The plugin uses standard OAuth2 protocols to authenticate members, and data is transferred over secure connections. You can find Terms of Use, Privacy Policy and other legal documents in the \u003Ca href=\"https:\u002F\u002Fmemberclicks.com\u002Flegal\u002F\" rel=\"nofollow ugc\">Legal Center\u003C\u002Fa>.\u003C\u002Fp>\n","Provides SSO (Single Sign-On) with MemberClicks Professional to restrict content based on member group. Sync user records for consistent access.",2758,"2024-11-01T15:44:00.000Z","6.6.5","6.6",[134,135,136,20,137],"mc-professional","memberclicks","membership-management","user-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberclicks-professional-authentication.1.0.2.zip",{"attackSurface":140,"codeSignals":171,"taintFlows":291,"riskAssessment":452,"analyzedAt":468},{"hooks":141,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":13,"unprotectedCount":13},[142,148,153,158,162],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","anonymous","blaatvatim.php",46,{"type":149,"name":150,"callback":151,"file":146,"line":152},"filter","the_content","bsauth_display",48,{"type":143,"name":154,"callback":155,"file":156,"line":157},"deleted_user","bsauth_delete_user","bsauth.php",431,{"type":143,"name":159,"callback":160,"file":156,"line":161},"wp_logout","go_frontpage",526,{"type":143,"name":163,"callback":164,"file":165,"line":166},"admin_init","bsauth_register_options","bs_vatsimsso_config.php",435,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":182,"fileOperations":289,"externalRequests":60,"nonceChecks":13,"capabilityChecks":60,"bundledLibraries":290},[],{"prepared":174,"raw":30,"locations":175},19,[176,179],{"file":165,"line":177,"context":178},294,"$wpdb->get_results() with variable interpolation",{"file":180,"line":181,"context":178},"classes\\VatsimSSO.class.php",86,{"escaped":13,"rawEcho":183,"locations":184},53,[185,189,190,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,268,270,272,273,275,277,279,281,283,285,287],{"file":186,"line":187,"context":188},"blaat.php",57,"raw output",{"file":156,"line":181,"context":188},{"file":156,"line":47,"context":188},{"file":156,"line":192,"context":188},107,{"file":156,"line":194,"context":188},115,{"file":156,"line":196,"context":188},190,{"file":156,"line":198,"context":188},195,{"file":156,"line":200,"context":188},197,{"file":156,"line":202,"context":188},225,{"file":156,"line":204,"context":188},240,{"file":156,"line":206,"context":188},242,{"file":156,"line":208,"context":188},255,{"file":156,"line":210,"context":188},262,{"file":156,"line":212,"context":188},296,{"file":156,"line":214,"context":188},372,{"file":156,"line":216,"context":188},438,{"file":156,"line":218,"context":188},441,{"file":156,"line":220,"context":188},446,{"file":156,"line":222,"context":188},451,{"file":156,"line":224,"context":188},471,{"file":156,"line":226,"context":188},472,{"file":156,"line":228,"context":188},475,{"file":156,"line":230,"context":188},476,{"file":156,"line":232,"context":188},479,{"file":156,"line":234,"context":188},480,{"file":156,"line":236,"context":188},487,{"file":156,"line":238,"context":188},495,{"file":156,"line":240,"context":188},508,{"file":156,"line":242,"context":188},510,{"file":156,"line":244,"context":188},515,{"file":165,"line":246,"context":188},24,{"file":165,"line":248,"context":188},302,{"file":165,"line":250,"context":188},303,{"file":165,"line":252,"context":188},304,{"file":165,"line":254,"context":188},309,{"file":165,"line":256,"context":188},315,{"file":165,"line":258,"context":188},321,{"file":165,"line":260,"context":188},327,{"file":165,"line":262,"context":188},333,{"file":165,"line":264,"context":188},354,{"file":165,"line":266,"context":188},363,{"file":165,"line":266,"context":188},{"file":165,"line":269,"context":188},367,{"file":165,"line":271,"context":188},369,{"file":165,"line":214,"context":188},{"file":165,"line":274,"context":188},380,{"file":165,"line":276,"context":188},386,{"file":165,"line":278,"context":188},391,{"file":165,"line":280,"context":188},403,{"file":180,"line":282,"context":188},25,{"file":180,"line":284,"context":188},54,{"file":180,"line":286,"context":188},282,{"file":180,"line":288,"context":188},285,3,[],[292,310,334,352,362,374,383,394,417,428,441],{"entryPoint":293,"graph":294,"unsanitizedCount":60,"severity":309},"bsauth_login_display (bsauth.php:38)",{"nodes":295,"edges":306},[296,301],{"id":297,"type":298,"label":299,"file":156,"line":300},"n0","source","$_SERVER['QUERY_STRING']",45,{"id":302,"type":303,"label":304,"file":156,"line":300,"wp_function":305},"n1","sink","header() [Header Injection]","header",[307],{"from":297,"to":302,"sanitized":308},false,"medium",{"entryPoint":311,"graph":312,"unsanitizedCount":60,"severity":309},"\u003Cbsauth> (bsauth.php:0)",{"nodes":313,"edges":329},[314,315,316,320,324],{"id":297,"type":298,"label":299,"file":156,"line":300},{"id":302,"type":303,"label":304,"file":156,"line":300,"wp_function":305},{"id":317,"type":298,"label":318,"file":156,"line":319},"n2","$_POST",332,{"id":321,"type":322,"label":323,"file":156,"line":319},"n3","transform","→ Unlink()",{"id":325,"type":303,"label":326,"file":180,"line":327,"wp_function":328},"n4","query() [SQLi]",382,"query",[330,331,332],{"from":297,"to":302,"sanitized":308},{"from":317,"to":321,"sanitized":308},{"from":321,"to":325,"sanitized":333},true,{"entryPoint":335,"graph":336,"unsanitizedCount":60,"severity":309},"bs_vatsimsso_add_process (bs_vatsimsso_config.php:115)",{"nodes":337,"edges":349},[338,340,342,345],{"id":297,"type":298,"label":318,"file":165,"line":339},128,{"id":302,"type":303,"label":326,"file":165,"line":341,"wp_function":328},140,{"id":317,"type":298,"label":343,"file":165,"line":344},"$_FILES",145,{"id":321,"type":303,"label":346,"file":165,"line":347,"wp_function":348},"file_get_contents() [SSRF\u002FLFI]",154,"file_get_contents",[350,351],{"from":297,"to":302,"sanitized":333},{"from":317,"to":321,"sanitized":308},{"entryPoint":353,"graph":354,"unsanitizedCount":60,"severity":309},"bs_vatsimsso_update_service (bs_vatsimsso_config.php:212)",{"nodes":355,"edges":360},[356,358],{"id":297,"type":298,"label":343,"file":165,"line":357},232,{"id":302,"type":303,"label":346,"file":165,"line":359,"wp_function":348},249,[361],{"from":297,"to":302,"sanitized":308},{"entryPoint":363,"graph":364,"unsanitizedCount":60,"severity":309},"bs_vatsimsso_list_services (bs_vatsimsso_config.php:287)",{"nodes":365,"edges":372},[366,369],{"id":297,"type":298,"label":367,"file":165,"line":368},"$_SERVER",291,{"id":302,"type":303,"label":370,"file":165,"line":250,"wp_function":371},"echo() [XSS]","echo",[373],{"from":297,"to":302,"sanitized":308},{"entryPoint":375,"graph":376,"unsanitizedCount":60,"severity":309},"process_login (classes\\VatsimSSO.class.php:388)",{"nodes":377,"edges":381},[378,380],{"id":297,"type":298,"label":299,"file":180,"line":379},400,{"id":302,"type":303,"label":304,"file":180,"line":379,"wp_function":305},[382],{"from":297,"to":302,"sanitized":308},{"entryPoint":384,"graph":385,"unsanitizedCount":13,"severity":393},"bsauth_link_display (bsauth.php:288)",{"nodes":386,"edges":390},[387,388,389],{"id":297,"type":298,"label":318,"file":156,"line":319},{"id":302,"type":322,"label":323,"file":156,"line":319},{"id":317,"type":303,"label":326,"file":180,"line":327,"wp_function":328},[391,392],{"from":297,"to":302,"sanitized":308},{"from":302,"to":317,"sanitized":333},"low",{"entryPoint":395,"graph":396,"unsanitizedCount":13,"severity":393},"\u003Cbs_vatsimsso_config> (bs_vatsimsso_config.php:0)",{"nodes":397,"edges":412},[398,400,401,403,404,406,408,410],{"id":297,"type":298,"label":399,"file":165,"line":339},"$_POST (x2)",{"id":302,"type":303,"label":326,"file":165,"line":341,"wp_function":328},{"id":317,"type":298,"label":402,"file":165,"line":344},"$_FILES (x2)",{"id":321,"type":303,"label":346,"file":165,"line":347,"wp_function":348},{"id":325,"type":298,"label":405,"file":165,"line":339},"$_POST (x17)",{"id":407,"type":303,"label":370,"file":165,"line":248,"wp_function":371},"n5",{"id":409,"type":298,"label":367,"file":165,"line":368},"n6",{"id":411,"type":303,"label":370,"file":165,"line":250,"wp_function":371},"n7",[413,414,415,416],{"from":297,"to":302,"sanitized":333},{"from":317,"to":321,"sanitized":333},{"from":325,"to":407,"sanitized":333},{"from":409,"to":411,"sanitized":333},{"entryPoint":418,"graph":419,"unsanitizedCount":60,"severity":427},"bs_vatsimsso_delete_service (bs_vatsimsso_config.php:192)",{"nodes":420,"edges":425},[421,423],{"id":297,"type":298,"label":318,"file":165,"line":422},198,{"id":302,"type":303,"label":326,"file":165,"line":424,"wp_function":328},199,[426],{"from":297,"to":302,"sanitized":308},"high",{"entryPoint":429,"graph":430,"unsanitizedCount":60,"severity":427},"process (classes\\VatsimSSO.class.php:178)",{"nodes":431,"edges":439},[432,435],{"id":297,"type":298,"label":433,"file":180,"line":434},"$_GET",218,{"id":302,"type":303,"label":436,"file":180,"line":437,"wp_function":438},"call_user_func() [RCE]",227,"call_user_func",[440],{"from":297,"to":302,"sanitized":308},{"entryPoint":442,"graph":443,"unsanitizedCount":30,"severity":427},"\u003CVatsimSSO.class> (classes\\VatsimSSO.class.php:0)",{"nodes":444,"edges":449},[445,446,447,448],{"id":297,"type":298,"label":433,"file":180,"line":434},{"id":302,"type":303,"label":436,"file":180,"line":437,"wp_function":438},{"id":317,"type":298,"label":299,"file":180,"line":379},{"id":321,"type":303,"label":304,"file":180,"line":379,"wp_function":305},[450,451],{"from":297,"to":302,"sanitized":308},{"from":317,"to":321,"sanitized":308},{"summary":453,"deductions":454},"The blaatschaap-sso-vatsim plugin version 0.4.0 presents a mixed security posture. On the positive side, there are no identified CVEs in its history, suggesting a generally stable release cycle. The absence of a significant attack surface, including AJAX handlers, REST API routes, shortcodes, and cron events without authentication or permission checks, is commendable. Furthermore, the majority of SQL queries (90%) utilize prepared statements, which is a strong defense against SQL injection vulnerabilities. The plugin also implements one capability check, indicating some level of access control is in place.\n\nHowever, several areas raise significant concerns. The most alarming finding is that 0% of the 53 total output operations are properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or internal data that is outputted to the browser could be manipulated to execute malicious scripts. Additionally, the taint analysis revealed 3 high-severity flows with unsanitized paths, indicating potential vulnerabilities where data from an untrusted source could be used in a sensitive operation without proper validation or sanitization. The presence of file operations (3) and an external HTTP request (1) also warrants careful scrutiny, especially in conjunction with the unescaped output and unsanitized paths.\n\nWhile the plugin's history is clean of known vulnerabilities, this does not negate the risks identified in the static analysis. The complete lack of proper output escaping and the presence of high-severity unsanitized taint flows are critical weaknesses that require immediate attention. The absence of nonce checks on any potential entry points (though the attack surface is listed as 0, this may be an oversight in reporting or an indication of unhandled internal pathways) is also a potential concern if any hidden or future entry points emerge.",[455,458,461,463,465],{"reason":456,"points":457},"Unescaped output detected",8,{"reason":459,"points":460},"High severity unsanitized taint flows",12,{"reason":462,"points":289},"File operations detected",{"reason":464,"points":289},"External HTTP request detected",{"reason":466,"points":467},"No nonce checks on any entry points",5,"2026-03-17T01:37:53.158Z",{"wat":470,"direct":477},{"assetPaths":471,"generatorPatterns":474,"scriptPaths":475,"versionParams":476},[472,473],"\u002Fwp-content\u002Fplugins\u002Fblaatschaap-sso-vatsim\u002Fcss\u002Fbs-auth-btn.css","\u002Fwp-content\u002Fplugins\u002Fblaatschaap-sso-vatsim\u002Fblaat_auth.css",[],[],[],{"cssClasses":478,"htmlComments":479,"htmlAttributes":480,"restEndpoints":481,"jsGlobals":482,"shortcodeOutput":483},[],[],[],[],[],[]]