[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSh36KeBZ5ukqF96ANNvPrUZBj4GEYN_QP7np_Dz0vQ0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":141,"fingerprints":286},"dovedi","Dovedi","1.1.1","Eric Mann","https:\u002F\u002Fprofiles.wordpress.org\u002Fericmann\u002F","\u003Cp>Add support for \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FTime-based_One-time_Password_Algorithm\" rel=\"nofollow ugc\">time-based one-time-password authentication\u003C\u002Fa> to WordPress. Once enabled, you can use an application on your phone (\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2&hl=en\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fstore\u002Fapps\u002Fauthenticator\u002F9wzdncrfj3rj\" rel=\"nofollow ugc\">Windows Authenticator\u003C\u002Fa>, etc) to generate TOTP tokens and protect your account from prying eyes.\u003C\u002Fp>\n","Time-based One Time Password authentication for WordPress.",10,3514,0,"2017-03-27T23:18:00.000Z","4.7.32","4.3.1","",[19,20,21],"2fa","authentication","login","https:\u002F\u002Fgithub.com\u002Fericmann\u002Fdovedi","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdovedi.1.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":32,"computed_at":34},"ericmann",6,2480,81,30,"2026-04-06T09:26:56.616Z",[36,59,86,105,122],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":17,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[19,53,54,55,56],"captcha","login-security","security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":13,"last_vuln_date":85,"fetched_at":26},"wp-sms","WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce","7.2","VeronaLabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fveronalabs\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwsms.io\u002F?utm_source=wporg&utm_medium=link&utm_campaign=website\" rel=\"nofollow ugc\">WSMS\u003C\u002Fa> lets you send SMS\u002FMMS notifications, one-time passwords (OTP), and two-factor authentication (2FA) messages straight from WordPress. It supports a wide range of SMS gateways and integrates with popular e-commerce and form builder plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use WSMS to:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Keep customers updated on WooCommerce orders\u003Cbr \u002F>\n– Collect subscribers with SMS newsletter forms\u003Cbr \u002F>\n– Secure logins with OTP & 2FA\u003Cbr \u002F>\n– Alert admins about new users, logins, or updates\u003Cbr \u002F>\n– Run marketing campaigns with scheduled or bulk SMS\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fdemo.wsms.io\u002Fwp-login.php\" rel=\"nofollow ugc\">Check out the demo\u003C\u002Fa> | \u003Ca href=\"#screenshots\" rel=\"nofollow ugc\">View screenshots\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwsms.io\u002Fgateways?utm_source=wporg&utm_medium=link&utm_campaign=gateways\" rel=\"nofollow ugc\">See supported gateways\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwsms.io\u002Fintegrations?utm_source=wporg&utm_medium=link&utm_campaign=integrations\" rel=\"nofollow ugc\">Explore integrations\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwsms.io\u002Fdocs\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Send SMS\u002FMMS:\u003C\u002Fstrong> Send messages through your choice of supported SMS gateways.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-Commerce & Form Integration:\u003C\u002Fstrong> Seamlessly integrates with popular e-commerce platforms and form builders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OTP & 2FA:\u003C\u002Fstrong> Add extra login security with one-time passwords and two-factor authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Login:\u003C\u002Fstrong> Let users log in with their mobile number.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Alerts:\u003C\u002Fstrong> Get notified when new users register, posts are published, or WordPress updates are available.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Newsletters & Widgets:\u003C\u002Fstrong> Build SMS newsletter forms with shortcodes, widgets, or Gutenberg blocks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Way SMS (All-in-One):\u003C\u002Fstrong> Receive and reply to SMS messages inside WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk & Scheduled SMS:\u003C\u002Fstrong> Send to multiple recipients at once, immediately or on schedule.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third-Party Integration:\u003C\u002Fstrong> Connect with external services and automation platforms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Messaging Button:\u003C\u002Fstrong> Let visitors reach you instantly via messaging channels.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliant:\u003C\u002Fstrong> Built with privacy and compliance in mind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WSMS All-in-One\u003C\u002Fh3>\n\u003Cp>Unlock additional features with \u003Cstrong>All-in-One\u003C\u002Fstrong> — the plan that gives you access to all premium add-ons in one package.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With All-in-One you get:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure login & registration with OTP & 2FA\u003Cbr \u002F>\n– Scheduled & recurring SMS\u002FMMS\u003Cbr \u002F>\n– Two-way SMS inbox\u003Cbr \u002F>\n– Enhanced e-commerce features (login, checkout verification, order updates)\u003Cbr \u002F>\n– Membership platform integrations\u003Cbr \u002F>\n– Advanced form builder SMS capabilities\u003Cbr \u002F>\n– Marketing automation integrations\u003Cbr \u002F>\n– Booking system compatibility\u003Cbr \u002F>\n– URL shortening service integration\u003Cbr \u002F>\n– All future add-ons included\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwsms.io\u002Fpricing\u002F?utm_source=wporg&utm_medium=link&utm_campaign=pricing\" rel=\"nofollow ugc\">See All-in-One details & compare features\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🐞 Report Bugs & Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Found a bug? \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-sms\u002Fwp-sms\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">Open an issue on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Security concerns? Report them via the \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fwordpress\u002Fplugin\u002Fwp-sms\u002Fvdp\" rel=\"nofollow ugc\">Patchstack VDP program\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📝 Trademark Notice\u003C\u002Fh3>\n\u003Cp>WooCommerce, GravityForms, Elementor, Contact Form 7, Twilio, WhatsApp, Clickatell, BulkSMS, Plivo, Zapier, Bitly, and other product names mentioned are trademarks of their respective owners. WSMS is not affiliated with, endorsed by, or sponsored by these companies.\u003C\u002Fp>\n\u003Ch3>Source Code and Build Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin works out of the box — no build steps required for regular users. This section is for developers who want to modify or contribute to the source code. See the \u003Ca href=\"https:\u002F\u002Fwsms.io\u002Fdocs\u002F\" rel=\"nofollow ugc\">full documentation\u003C\u002Fa> for user guides.\u003C\u002Fp>\n\u003Cp>All source code for minified JavaScript and CSS is included in the plugin under the \u003Ccode>resources\u002F\u003C\u002Fcode> directory. Build instructions and full source are available on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-sms\u002Fwp-sms\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Third-Party Libraries\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchartjs\u002FChart.js\" rel=\"nofollow ugc\">Chart.js\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fflatpickr\u002Fflatpickr\" rel=\"nofollow ugc\">flatpickr\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjackocnr\u002Fintl-tel-input\" rel=\"nofollow ugc\">intlTelInput\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDubFriend\u002Fjquery.repeater\" rel=\"nofollow ugc\">jquery.repeater\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fqwertypants\u002FjQuery-Word-and-Character-Counter-Plugin\" rel=\"nofollow ugc\">jQuery Word and Character Counter\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffacebook\u002Freact\" rel=\"nofollow ugc\">React\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fselect2\u002Fselect2\" rel=\"nofollow ugc\">Select2\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftailwindlabs\u002Ftailwindcss\" rel=\"nofollow ugc\">Tailwind CSS\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcalebjacob\u002Ftooltipster\" rel=\"nofollow ugc\">Tooltipster\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fveronalabs\u002Fwp-scoper\" rel=\"nofollow ugc\">WP Scoper\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Repository\u003C\u002Fh4>\n\u003Cp>Full source code: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-sms\u002Fwp-sms\" rel=\"nofollow ugc\">github.com\u002Fwp-sms\u002Fwp-sms\u003C\u002Fa>\u003C\u002Fp>\n","Send SMS\u002FMMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.",9000,730389,82,105,"2026-03-08T08:32:00.000Z","6.9.4","4.1","7.4",[76,77,78,79,80],"2fa-authentication","bulk-sms","otp-login","sms-notifications","woocommerce-sms","https:\u002F\u002Fwsms.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sms.7.2.zip",95,15,"2026-02-10 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":33,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":17,"tags":98,"homepage":102,"download_link":103,"security_score":104,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1177,"2025-11-24T22:55:00.000Z","6.8.5","3.9",[19,20,99,100,101],"passwordless","secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",100,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":11,"downloaded":113,"rating":46,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":120,"download_link":121,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"llavero-io","Llavero.io","0.1.4","davidnoguera","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidnoguera\u002F","\u003Cp>Llavero.io es un servicio creado por Webempresa.com con el propósito de facilitar en WordPress una protección extra en momento de hacer login.\u003C\u002Fp>\n\u003Cp>El plugin crea un segundo factor de autenticación que permite vincular la cuenta de tu blog WordPress a tu dispositivo móvil, de forma que nadie pueda hacer login en tu cuenta sin antes validar el acceso desde tu móvil, a través e una notificación Push a tu dispositivo.\u003C\u002Fp>\n\u003Cp>Llavero.io permite definir horarios de autocierre de forma que a esas horas nadie pueda loguearse aunque tenga tu contraseña correcta, por ejemplo mientras estás durmiendo o de vacaciones.\u003C\u002Fp>\n\u003Cp>El administrador del blog podrá sobreescribir los valores de los usuarios y obligar a que cada usuario solo pueda acceder durante unos horarios específicos definidos por él.\u003C\u002Fp>\n\u003Cp>Puedes ver una guía de inicio rápido para empezar a usar Llavero.io en este enlace: https:\u002F\u002Fllavero.io\u002Fempieza-a-usar-llavero-wordpress\u002F\u003C\u002Fp>\n\u003Cp>El plugin no rastrea ningún tipo de información de los usuarios, el uso de APIs externas es tan solo para establecer un estado de abierto y cerrado de la cuenta asociada, en ningún momento se obtiene información de WordPress para almacenarla en serviores externos.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spanish – default, always included\u003C\u002Fli>\n\u003C\u002Ful>\n","Este plugin permite vincular las cuentas de usuario de WordPress con Llavero.io para tener un segundo factor de authenticación (2FA) en el login de lo &hellip;",1991,4,"2018-03-03T04:21:00.000Z","4.9.29","4.6","5.3",[19,20,21,55],"https:\u002F\u002Fllavero.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fllavero-io.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":11,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":140},"loginshield","LoginShield for WordPress","1.0.16","Cryptium","https:\u002F\u002Fprofiles.wordpress.org\u002Fcryptium\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">LoginShield\u003C\u002Fa> is an authentication system that features one-tap login, digital signatures, strong multi-factor authentication, and phishing protection. This is a passwordless login solution. Login with one tap instead of a password!\u003C\u002Fp>\n\u003Cp>LoginShield for WordPress replaces the login page with the following secure sequence:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Prompt for username\u003C\u002Fli>\n\u003Cli>If user exists and has LoginShield enabled, use LoginShield; otherwise, prompt for password\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The LoginShield app is available for Android and iOS. \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fsoftware\u002F\" rel=\"nofollow ugc\">Get the app\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Eliminate password and phishing attacks on user accounts\u003C\u002Fli>\n\u003Cli>Quick and secure way to log in with one-tap, passwordless login\u003C\u002Fli>\n\u003Cli>Don’t need to remember a password\u003C\u002Fli>\n\u003Cli>Don’t need to rotate passwords for safety\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Self-service activation\u003C\u002Fh4>\n\u003Cp>After you install and set up the LoginShield plugin, users can easily activate LoginShield for themselves in their profile settings page.\u003C\u002Fp>\n\u003Ch4>One-tap login\u003C\u002Fh4>\n\u003Cp>You and your users can log in to your WordPress site with just one tap.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fone-tap-login\u002F\" rel=\"nofollow ugc\">one-tap login\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Digital signatures\u003C\u002Fh4>\n\u003Cp>Some of the most common ways that accounts are hacked are weak passwords and stolen passwords. This is why so many sites require users to come up with passwords that have special characters, and to change their passwords periodically (in case a current password was reused somewhere and cracked). But this is annoying to users and doesn’t guarantee they will actually pick a secure password.\u003C\u002Fp>\n\u003Cp>LoginShield uses digital signatures for authentication instead of passwords. This makes LoginShield a passwordless authentication system.\u003C\u002Fp>\n\u003Cp>Digital signatures are far stronger protection for an account than passwords, and they don’t require the user to come up with anything or remember anything. LoginShield automatically generates and uses a separate credential for each website, so you can use the same LoginShield app to login to multiple sites.\u003C\u002Fp>\n\u003Cp>LoginShield uses strong, modern cryptographic algorithms and parameters to ensure your accounts get the best protection available.\u003C\u002Fp>\n\u003Ch4>Strong multi-factor authentication\u003C\u002Fh4>\n\u003Cp>The LoginShield app itself can be protected by a password (which never leaves the mobile device) or a fingerprint. This is far better protection than the standard two-factor authentication that many sites use.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fauthentication-factors\u002F\" rel=\"nofollow ugc\">authentication factors\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Phishing protection\u003C\u002Fh4>\n\u003Cp>LoginShield is the ONLY authentication solution to offer phishing protection.\u003C\u002Fp>\n\u003Cp>Many data breaches start with a phishing email, tricking the user to log in to the attacker’s website that is impersonating the real website. Any website that uses passwords to log in is vulnerable to this.\u003C\u002Fp>\n\u003Cp>Websites that use standard two-factor authentication codes are also vulnerable — whether they send the code via SMS or use an OTP app to display it, the fact that you enter that code into the website after the password prompt means a phishing attacker will also get the code.\u003C\u002Fp>\n\u003Cp>Websites that use an authenticator app with push notifications are ALSO vulnerable to this, because they don’t confirm that you’re at the correct website when you tap the “login” button in the app.\u003C\u002Fp>\n\u003Cp>Only LoginShield is able to detect that the user is not at a trusted website and route the user to the correct website, completely circumventing a credential-theft phishing attack.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fphishing-protection\u002F\" rel=\"nofollow ugc\">phishing protection\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Pricing\u003C\u002Fh3>\n\u003Cp>For current pricing and free trial details, \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fpricing\u002Fwordpress\u002F\" rel=\"nofollow ugc\">visit our website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Managing your LoginShield subscription\u003C\u002Fh3>\n\u003Cp>You can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to manage your LoginShield subscription.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The plugin shares the following information with \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">LoginShield\u003C\u002Fa>. For more information, see our \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fnotice\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Site Name, Site Icon, and Site URL\u003C\u002Fh4>\n\u003Cp>When you activate and set up the plugin, it sends the site name, icon, and URL to LoginShield. This information is later displayed in the LoginShield app during login. If you deactivate or uninstall the plugin, and want to delete this information, you can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete your LoginShield account where this information is stored.\u003C\u002Fp>\n\u003Ch4>User Name and Email\u003C\u002Fh4>\n\u003Cp>When a user activates LoginShield in their profile settings, their name and email address are sent to LoginShield to register the user.\u003C\u002Fp>\n\u003Cp>This information is later used by LoginShield for service-related communication with the user, such as our phishing protection feature. We DO NOT sell or share this information with anyone else, except as required by law. If the user deactivates LoginShield, and wants to delete this information, the user can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete their LoginShield account.\u003C\u002Fp>\n\u003Ch4>Client ID\u003C\u002Fh4>\n\u003Cp>When you activate the plugin, the plugin registers itself with LoginShield and receives a unique client ID. This client ID is then associated with the site name, icon, and URL, and is used to identify the WordPress site to LoginShield in all further backend communication, and is required so that users will be able to continue to log in even when you change the site name.\u003C\u002Fp>\n\u003Ch4>Realm-Scoped User ID\u003C\u002Fh4>\n\u003Cp>When a user activates LoginShield in their profile settings, a unique user id is generated and sent to LoginShield to register the user. This user id is NOT the same as the user’s WordPress user id, and is required so that a LoginShield user will be able to continue to log in even when they change their email address. If the user deactivates LoginShield, and wants to delete this information, the user can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete their LoginShield account.\u003C\u002Fp>\n","LoginShield for WordPress is the secure and convenient way to login to your WordPress site. It's easy to use and protects users against password  &hellip;",7744,"2022-02-07T16:57:00.000Z","5.9.13","4.4","5.2",[136,19,20,21,137],"2-factor","phishing","https:\u002F\u002Floginshield.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginshield.v1.0.16.zip","2026-03-15T14:54:45.397Z",{"attackSurface":142,"codeSignals":191,"taintFlows":202,"riskAssessment":280,"analyzedAt":285},{"hooks":143,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":13,"unprotectedCount":13},[144,150,152,155,158,161,163,166,169,172,175,178,181,184],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","init","anonymous","includes\\functions\\core.php",17,{"type":145,"name":146,"callback":147,"file":148,"line":151},18,{"type":145,"name":153,"callback":147,"priority":11,"file":148,"line":154},"wp_login",22,{"type":145,"name":156,"callback":147,"file":148,"line":157},"login_form_validate_totp",23,{"type":145,"name":159,"callback":147,"file":148,"line":160},"show_user_profile",24,{"type":145,"name":162,"callback":147,"file":148,"line":47},"edit_user_profile",{"type":145,"name":164,"callback":147,"file":148,"line":165},"personal_options_update",26,{"type":145,"name":167,"callback":147,"file":148,"line":168},"edit_user_profile_update",27,{"type":145,"name":170,"callback":147,"file":148,"line":171},"admin_notices",28,{"type":173,"name":174,"callback":147,"file":148,"line":33},"filter","manage_users_columns",{"type":173,"name":176,"callback":147,"priority":11,"file":148,"line":177},"manage_users_custom_column",31,{"type":173,"name":179,"callback":147,"file":148,"line":180},"wp_die_ajax_handler",589,{"type":173,"name":182,"callback":147,"file":148,"line":183},"wp_die_xmlrpc_handler",590,{"type":173,"name":185,"callback":147,"file":148,"line":186},"wp_die_handler",591,[],[],[],[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":13,"externalRequests":13,"nonceChecks":196,"capabilityChecks":13,"bundledLibraries":201},[],{"prepared":13,"raw":13,"locations":194},[],{"escaped":168,"rawEcho":196,"locations":197},1,[198],{"file":148,"line":199,"context":200},651,"raw output",[],[203,227,250],{"entryPoint":204,"graph":205,"unsanitizedCount":196,"severity":226},"show_two_factor_login (includes\\functions\\core.php:194)",{"nodes":206,"edges":222},[207,212,216],{"id":208,"type":209,"label":210,"file":148,"line":211},"n0","source","$_SERVER",210,{"id":213,"type":214,"label":215,"file":148,"line":211},"n1","transform","→ login_html()",{"id":217,"type":218,"label":219,"file":148,"line":220,"wp_function":221},"n2","sink","echo() [XSS]",239,"echo",[223,225],{"from":208,"to":213,"sanitized":224},false,{"from":213,"to":217,"sanitized":224},"medium",{"entryPoint":228,"graph":229,"unsanitizedCount":249,"severity":226},"validate_totp (includes\\functions\\core.php:261)",{"nodes":230,"edges":244},[231,234,235,237,240,242],{"id":208,"type":209,"label":232,"file":148,"line":233},"$_POST (x2)",286,{"id":213,"type":214,"label":215,"file":148,"line":233},{"id":217,"type":218,"label":219,"file":148,"line":236,"wp_function":221},237,{"id":238,"type":209,"label":239,"file":148,"line":233},"n3","$_REQUEST['redirect_to']",{"id":241,"type":214,"label":215,"file":148,"line":233},"n4",{"id":243,"type":218,"label":219,"file":148,"line":220,"wp_function":221},"n5",[245,246,247,248],{"from":208,"to":213,"sanitized":224},{"from":213,"to":217,"sanitized":224},{"from":238,"to":241,"sanitized":224},{"from":241,"to":243,"sanitized":224},3,{"entryPoint":251,"graph":252,"unsanitizedCount":114,"severity":226},"\u003Ccore> (includes\\functions\\core.php:0)",{"nodes":253,"edges":271},[254,256,257,258,259,260,261,263,265,267,269],{"id":208,"type":209,"label":210,"file":148,"line":255},208,{"id":213,"type":218,"label":219,"file":148,"line":220,"wp_function":221},{"id":217,"type":209,"label":210,"file":148,"line":211},{"id":238,"type":214,"label":215,"file":148,"line":211},{"id":241,"type":218,"label":219,"file":148,"line":220,"wp_function":221},{"id":243,"type":209,"label":232,"file":148,"line":233},{"id":262,"type":214,"label":215,"file":148,"line":233},"n6",{"id":264,"type":218,"label":219,"file":148,"line":236,"wp_function":221},"n7",{"id":266,"type":209,"label":239,"file":148,"line":233},"n8",{"id":268,"type":214,"label":215,"file":148,"line":233},"n9",{"id":270,"type":218,"label":219,"file":148,"line":220,"wp_function":221},"n10",[272,274,275,276,277,278,279],{"from":208,"to":213,"sanitized":273},true,{"from":217,"to":238,"sanitized":224},{"from":238,"to":241,"sanitized":224},{"from":243,"to":262,"sanitized":224},{"from":262,"to":264,"sanitized":224},{"from":266,"to":268,"sanitized":224},{"from":268,"to":270,"sanitized":224},{"summary":281,"deductions":282},"The \"dovedi\" v1.1.1 plugin exhibits a strong security posture based on the provided static analysis.  The plugin has no recorded vulnerabilities, which is a significant positive indicator. Furthermore, the code analysis reveals a clean bill of health: zero dangerous functions, all SQL queries utilizing prepared statements, a high percentage of properly escaped output, and a single nonce check, suggesting a conscious effort to implement basic security controls. The absence of file operations and external HTTP requests further minimizes potential attack vectors.\n\nHowever, the taint analysis reveals a potential concern. While no critical or high severity flows were identified, the presence of three flows with unsanitized paths warrants attention. Although these might not directly translate to exploitable vulnerabilities in this specific context, they represent a potential weakness if the plugin's functionality were to evolve or interact with external data in the future. The lack of any recorded historical vulnerabilities is reassuring, suggesting either a history of secure development or a relatively new\u002Fobscure plugin with less exposure to sophisticated attacks.\n\nIn conclusion, \"dovedi\" v1.1.1 appears to be a well-developed plugin with good security practices in place, particularly concerning SQL and output sanitization. The primary area for improvement lies in addressing the identified unsanitized paths from the taint analysis to further harden the plugin against potential future threats. The overall risk is assessed as low.",[283],{"reason":284,"points":30},"Unsanitized paths in taint analysis","2026-03-17T00:31:10.709Z",{"wat":287,"direct":296},{"assetPaths":288,"generatorPatterns":291,"scriptPaths":292,"versionParams":293},[289,290],"\u002Fwp-content\u002Fplugins\u002Fdovedi\u002Fassets\u002Fcss\u002Fdovedi.css","\u002Fwp-content\u002Fplugins\u002Fdovedi\u002Fassets\u002Fjs\u002Fdovedi.js",[],[290],[294,295],"dovedi\u002Fassets\u002Fcss\u002Fdovedi.css?ver=","dovedi\u002Fassets\u002Fjs\u002Fdovedi.js?ver=",{"cssClasses":297,"htmlComments":299,"htmlAttributes":300,"restEndpoints":305,"jsGlobals":306,"shortcodeOutput":308},[298],"totp-enable",[],[301,302,303,304],"name=\"totp-authcode\"","id=\"totp-authcode\"","name=\"totp-key\"","name=\"totp-on\"",[],[307],"jQuery",[]]