[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJAPGDziIjhHd1lk2H3rjtp_rMdr4itSSwdyPsbDmoCE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":130,"fingerprints":526},"ejabberd-account-tools","Ejabberd Account Tools","2.11","Beherit","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeherit\u002F","\u003Cp>Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces of websites running on the WordPress engine. You will be able to place on any page e.g. new account registration form, account password reset form, webpresence support. From the administration panel side you will gain access to e.g. blocking accounts, unblocking IP addresses from the fail2ban database and sending system messages to specific users. The plugin for communication with the ejabberd server uses the ReST API from the mod_http_api module, you only need to properly configure the ejabberd server in accordance with the guidelines from the plugin settings, type the url address of the ejabberd server ReST API and insert shortcodes on any page.\u003C\u002Fp>\n","Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces",10,16239,100,2,"2025-02-12T15:54:00.000Z","6.6.5","5.9","8.0",[20,21,22],"ejabberd","jabber","xmpp","https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Fejabberd-account-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fejabberd-account-tools.2.11.zip",92,0,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"beherit",7,420,87,30,85,"2026-04-05T03:23:50.720Z",[39,53,75,92,111],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":26,"num_ratings":26,"last_updated":46,"tested_up_to":16,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":50,"download_link":51,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":52},"xmpp-statistics","XMPP Statistics","1.12","\u003Cp>Displays the statistics from ejabberd XMPP server through ReST API (by using module mod_http_api). The plugin is useful when the XMPP server is located on another machine. Easy to configure and use – just need to type ReST API url and insert shortcodes on the page. Plugin can save the server statistics to the database and show them in a graph just like Munin.\u003C\u002Fp>\n\u003Ch4>Live demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjix.im\u002Fen\u002Finformations\u002Fstatistics\u002F\" rel=\"nofollow ugc\">Here\u003C\u002Fa> you can see the statistics, generated by this plugin, from my own XMPP server.\u003C\u002Fp>\n\u003Ch4>Other Notes\u003C\u002Fh4>\n\u003Cp>This plugin is using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fflot\u002Fflot\" rel=\"nofollow ugc\">Flot\u003C\u002Fa> (Javascript plotting library for jQuery) and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkallookoo\u002Fwp-color-picker-alpha\" rel=\"nofollow ugc\">wp-color-picker-alpha\u003C\u002Fa> (automatically overwrite Iris for enabled Alpha Channel in wpColorPicker).\u003C\u002Fp>\n","Displays the statistics from ejabberd XMPP server through ReST API.",6474,"2024-10-27T18:56:00.000Z","4.4","7.0",[20,21,22],"https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Fxmpp-statistics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmpp-statistics.1.12.zip","2026-03-15T15:16:48.613Z",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":11,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":72,"download_link":73,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":74},"conversejs","ConverseJS","4.2.0","brjhcxnnwqjevwc","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrjhcxnnwqjevwc\u002F","\u003Cp>Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.\u003C\u002Fp>\n\u003Cp>It’s similar to Facebook chat, but also supports multi-user chatrooms.\u003C\u002Fp>\n\u003Cp>Converse.js can connect to any accessible XMPP\u002FJabber server, either from a public provider such as chatme.im, or to one you have set up yourself.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"https:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">conversejs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmotostorie.blog\u002F\" rel=\"nofollow ugc\">MotoStorie\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Special Thanks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>To my sister for having tolerated\u003C\u002Fli>\n\u003Cli>My work for the economic support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Single-user chat\u003C\u002Fli>\n\u003Cli>Multi-user chatrooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0045.html\" rel=\"nofollow ugc\">XEP 45\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Direct invitations to chat rooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0249.html\" rel=\"nofollow ugc\">XEP 249\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>vCard support \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0054.html\" rel=\"nofollow ugc\">XEP 54\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Service discovery \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0030.html\" rel=\"nofollow ugc\">XEP 30\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>In-band registration \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0077.html\" rel=\"nofollow ugc\">XEP 77\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact rosters and groups\u003C\u002Fli>\n\u003Cli>Contact subscriptions\u003C\u002Fli>\n\u003Cli>Roster item exchange \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Ftmp\u002Fxep-0144-1.1.html\" rel=\"nofollow ugc\">XEP 144\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chat statuses (online, busy, away, offline)\u003C\u002Fli>\n\u003Cli>Custom status messages\u003C\u002Fli>\n\u003Cli>Typing and chat state notifications \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0085.html\" rel=\"nofollow ugc\">XEP 85\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Desktop notification messages\u003C\u002Fli>\n\u003Cli>Messages appear in all connected chat clients \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0280.html\" rel=\"nofollow ugc\">XEP 280\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Third person “\u002Fme” messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0245.html\" rel=\"nofollow ugc\">XEP 245\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>XMPP Ping \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0199.html\" rel=\"nofollow ugc\">XEP 199\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Server-side archiving of messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0313.html\" rel=\"nofollow ugc\">XEP 313\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Client state indication \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0352.html\" rel=\"nofollow ugc\">XEP 352\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Off-the-record encryption\u003C\u002Fli>\n\u003Cli>Translated into 16 languages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hand-crafted, and made with love, in Padova, Italy.\u003C\u002Fp>\n\u003Cp>Based on \u003Ca href=\"http:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">Converse.js\u003C\u002Fa>.\u003C\u002Fp>\n","Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.",17379,72,5,"","6.4.8","4.6","7.3",[69,70,71,21,22],"chat","converse","irc","https:\u002F\u002Fconversejs.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconversejs.4.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":11,"downloaded":83,"rating":26,"num_ratings":26,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":64,"tags":87,"homepage":90,"download_link":91,"security_score":36,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":52},"p3chat","P3chat","1.2.1","Sergey.S.Betke","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeysbetkenovgaroru\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fabout\" rel=\"nofollow ugc\">Sergey S. Betke\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\" rel=\"nofollow ugc\">http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides support for \u003Ca href=\"http:\u002F\u002Fp3chat.com\" rel=\"nofollow ugc\">online chat p3chat service\u003C\u002Fa> (online chat, offline messages)\u003Cbr \u002F>\non Your wordpress website.\u003C\u002Fp>\n\u003Ch3>ToDo\u003C\u002Fh3>\n\u003Cp>The next version or later:\u003C\u002Fp>\n\u003Col>\n\u003Cli>images for buttons\u003C\u002Fli>\n\u003Cli>auto registration at p3chat.com (by open-id)\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin provides support for p3chat.com online chat service on Your wordpress website.",3182,"2011-09-08T10:40:00.000Z","3.2.1","3.0.0",[69,21,88,89,22],"msn","msnp","http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fp3chat.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":11,"downloaded":100,"rating":13,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":64,"tags":105,"homepage":109,"download_link":110,"security_score":36,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":52},"xmpp-auth","XMPP Authentication","0.6","Jehan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjehan\u002F","\u003Cp>This plugin has two main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>any reader on your website can comment if one has an Instant Messaging\u003Cbr \u002F>\naddress (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal\u003Cbr \u002F>\naccount for instance are such standard IM identifiers as well);\u003C\u002Fli>\n\u003Cli>a subscribed user (whatever its role) can authenticate with one’s IM\u003Cbr \u002F>\naddress if they set their IM address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is still in experimental state but is usable.\u003C\u002Fp>\n\u003Ch4>Detailed Process\u003C\u002Fh4>\n\u003Cp>The authentication part is something like openID, except that it uses your\u003Cbr \u002F>\nexisting IM address: you ask for authentication on a website, and it pops-up a\u003Cbr \u002F>\nconfirmation via IM (that you can accept, or refuse).\u003C\u002Fp>\n\u003Cp>Considering that the IM protocol (XMPP) is very secure,\u003Cbr \u002F>\nall the infrastructure to securely exchange an authentication request is\u003Cbr \u002F>\nthere. No need to make any new account, no need a special client, nor a\u003Cbr \u002F>\nidentity third party provider, and that’s really instantaneous (as \u003Cem>instant\u003C\u002Fem>\u003Cbr \u002F>\nmessaging) and more secure than HTTP or SMTP protocols.\u003C\u002Fp>\n\u003Ch4>Spam Protection\u003C\u002Fh4>\n\u003Cp>It adds an additional layer to protect against Spam by verifying an\u003Cbr \u002F>\nidentity using a very secure and modern protocol (XMPP), which also is instant,\u003Cbr \u002F>\nhence much more reliable in any way than email for instance.\u003C\u002Fp>\n\u003Ch4>Secure and Easy Login\u003C\u002Fh4>\n\u003Cp>Many reasons to use such a plugin for login:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>not to have to remember a new password (password-login can be disabled in\u003Cbr \u002F>\nyour profile, on a per-user choice);\u003C\u002Fli>\n\u003Cli>you are in a very insecure environment (for instance a cybercafe) and consider\u003Cbr \u002F>\nonly your IM account to be a minimum securized. Or better, you run an IM\u003Cbr \u002F>\nclient on your smartphone (or a similar tool), so you would receive the query\u003Cbr \u002F>\non this personal item while never typing any kind of password on the insecure\u003Cbr \u002F>\nplatform where you log.\u003C\u002Fli>\n\u003Cli>And so on.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Publishing Account\u003C\u002Fh4>\n\u003Cp>This section contains the connection parameters of the account which will be\u003Cbr \u002F>\nused as a wordpress bot. I would personnaly advice to create a dedicated account\u003Cbr \u002F>\njust for it (you may also use your personal account of course, as the plugin’s\u003Cbr \u002F>\nbot will create a resource identifier unique for every connection) and to\u003Cbr \u002F>\nconfigure it to refuse any contact and communication (as noone will have to\u003Cbr \u002F>\nadd it to one’s roster, except you maybe for test or debugging purpose?).\u003Cbr \u002F>\nThe fields are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The bot address (bare jid form: mybotname@myserveraddress);\u003C\u002Fli>\n\u003Cli>the password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Connection Parameters\u003C\u002Fh4>\n\u003Cp>By default xmpp-auth can use SRV records which is a recommended way to\u003Cbr \u002F>\nadvertize server and port from a domain name (see for instance\u003Cbr \u002F>\nhttp:\u002F\u002Fdns.vanrein.org\u002Fsrv\u002F for details).\u003C\u002Fp>\n\u003Cp>This is an advanced section in case your server does not use SRV AND uses a server\u003Cbr \u002F>\nwhich is not the same as the domain from the jid or a port different from the\u003Cbr \u002F>\ndefault one (5222).\u003C\u002Fp>\n\u003Cp>Hence there will be very very few cases where you will have to fill this\u003Cbr \u002F>\nsection and if you don’t understand all what I say here, just don’t fill\u003Cbr \u002F>\nanything there (if you fill even only one field, then it will be used instead\u003Cbr \u002F>\nof SRV and default values).\u003C\u002Fp>\n\u003Cp>The default values will be used if the fields are empty and no SRV is configured on\u003Cbr \u002F>\nthe Jabber server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the XMPP server (often the same as ‘myseveraddress’ of the jid);\u003C\u002Fli>\n\u003Cli>the XMPP port (usually 5222).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Features I am considering:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>check quickstart (http:\u002F\u002Fxmpp.org\u002Fextensions\u002Finbox\u002Fquickstart.html). In\u003Cbr \u002F>\nparticular, I should at least cache DNS lookups now.\u003C\u002Fli>\n\u003Cli>deactivate IM features when plugin not configured.\u003C\u002Fli>\n\u003Cli>For comments, use the IM avatar of the commenter instead of gravatar;\u003C\u002Fli>\n\u003Cli>Make various notifications usually done by email be done by IM instead (if\u003Cbr \u002F>\nadequate);\u003C\u002Fli>\n\u003Cli>Display the comment’s JID on the admin page (as we display the email\u003Cbr \u002F>\naddress, obviously only for administrators);\u003C\u002Fli>\n\u003Cli>Add Scram-* to SASL package;\u003C\u002Fli>\n\u003Cli>Make the generic XMPP part a PEAR package.\u003C\u002Fli>\n\u003Cli>Subscribe with XMPP JID.\u003C\u002Fli>\n\u003Cli>Login with JID or username (both possible).\u003C\u002Fli>\n\u003Cli>If password is disabled, it also cannot be resetted.\u003C\u002Fli>\n\u003Cli>Make user choose to receive password reset or other notification through IM\u003Cbr \u002F>\ninstead of email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>XMPP Features\u003C\u002Fh3>\n\u003Cp>Full Secure XML Stream with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>TLS (with real certificate verification, so confidentiality and\u003Cbr \u002F>\nauthentication);\u003C\u002Fli>\n\u003Cli>SASL (Digest-MD5, CRAM-MD5 and PLAIN only for now);\u003C\u002Fli>\n\u003Cli>SRV records “randomization” algorithm.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contacts\u003C\u002Fh3>\n\u003Cp>You can have some news about this plugin on \u003Ca href=\"http:\u002F\u002Fjehan.zemarmot.net\" title=\"my public diary\" rel=\"nofollow ugc\">my freedom\u003Cbr \u002F>\nhaven\u003C\u002Fa>.\u003Cbr \u002F>\nYou can also drop me an instant message on “hysseo” at zemarmot.net.\u003C\u002Fp>\n\u003Cp>Have a nice life!\u003C\u002Fp>\n","Allows users to authenticate without password via XMPP and for visitors to be filtered by XMPP verification.",2799,1,"2016-01-15T14:33:00.000Z","4.4.34","3.2.0",[106,107,21,108,22],"authentication","comments","xep-0070","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmpp-auth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmpp-auth.0.6.zip",{"slug":112,"name":113,"version":78,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":11,"downloaded":118,"rating":119,"num_ratings":101,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":64,"tags":123,"homepage":128,"download_link":129,"security_score":36,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":52},"custom-google-talk-chatback","Custom Google Talk Chatback","MrVictor","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrvictor\u002F","\u003Cp>Embed links to your Google Talk Chatback. Display different things when online or offline. The plugin is made to be highly customizable.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom “start chat link” and “offline text”. Use text or image.\u003C\u002Fli>\n\u003Cli>Display things depending on if the user is online or offline\u003C\u002Fli>\n\u003Cli>Widget, Shortcode and Template Tag support\u003C\u002Fli>\n\u003Cli>Translatable (send them to us if you make any)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Go to the \u003Ca href=\"http:\u002F\u002Fintervaro.se\u002Fcustom-google-talk-chatback-wordpress-plugin\" rel=\"nofollow ugc\">Plugin Home Page over at Intervaro Web Agency\u003C\u002Fa> to give feedback or propose a feature!\u003C\u002Fp>\n\u003Cp>Special thanks to \u003Ca href=\"http:\u002F\u002Fisraelwebdev.wordpress.com\u002F2009\u002F02\u002F05\u002Fgoogle-talk-status-api-in-php\" rel=\"nofollow ugc\">Israelwebdev\u003C\u002Fa> who made the script that makes it possible to check if a user is online or offline.\u003C\u002Fp>\n","Easily embed Goole Talk Chatback on your site for online chat support. Widget, Shortcode and Template Tag support!",9471,80,"2011-05-22T09:52:00.000Z","3.1.4","2.5",[124,125,126,127,21],"google","google-talk","google-talk-chatback","gtalk","http:\u002F\u002Fintervaro.se\u002Fcustom-google-talk-chatback-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-google-talk-chatback.1.2.1.zip",{"attackSurface":131,"codeSignals":357,"taintFlows":463,"riskAssessment":510,"analyzedAt":525},{"hooks":132,"ajaxHandlers":250,"restRoutes":251,"shortcodes":337,"cronEvents":352,"entryPointCount":355,"unprotectedCount":356},[133,139,143,147,151,154,158,162,167,171,176,179,182,186,190,192,195,198,202,205,208,211,215,218,221,224,227,229,232,235,238,241,244,247],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_init","ejabat_register_captcha_settings","includes\\admin-captcha.php",27,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_menu","ejabat_add_admin_captcha",39,{"type":134,"name":135,"callback":144,"file":145,"line":146},"ejabat_register_settings","includes\\admin-settings.php",51,{"type":134,"name":148,"callback":149,"file":145,"line":150},"admin_head","ejabat_admin_head_icon",65,{"type":134,"name":140,"callback":152,"file":145,"line":153},"ejabat_add_admin_settings",74,{"type":134,"name":155,"callback":156,"file":145,"line":157},"admin_notices","ejabat_admin_notices",184,{"type":134,"name":140,"callback":159,"file":160,"line":161},"ejabat_add_admin_tools","includes\\admin-tools.php",18,{"type":134,"name":163,"callback":164,"file":165,"line":166},"wp_print_footer_scripts","ejabat_enqueue_captcha_inline_scripts","includes\\captcha.php",169,{"type":134,"name":168,"callback":169,"file":165,"line":170},"rest_api_init","ejabat_route_captcha_reload",292,{"type":134,"name":172,"callback":173,"file":174,"line":175},"wp_enqueue_scripts","ejabat_enqueue_change_email_scripts","includes\\change_email.php",29,{"type":134,"name":168,"callback":177,"file":174,"line":178},"ejabat_route_change_email_form",54,{"type":134,"name":168,"callback":180,"file":174,"line":181},"ejabat_route_change_email",156,{"type":134,"name":183,"callback":183,"file":184,"line":185},"ejabat_cron","includes\\cron.php",33,{"type":134,"name":172,"callback":187,"file":188,"line":189},"ejabat_enqueue_delete_account_scripts","includes\\delete_account.php",26,{"type":134,"name":168,"callback":191,"file":188,"line":146},"ejabat_route_delete_account_form",{"type":134,"name":168,"callback":193,"file":188,"line":194},"ejabat_route_delete_account",138,{"type":134,"name":168,"callback":196,"file":188,"line":197},"ejabat_route_unregister_account",273,{"type":134,"name":168,"callback":199,"file":200,"line":201},"ejabat_route_validate_email","includes\\functions.php",94,{"type":134,"name":168,"callback":203,"file":200,"line":204},"ejabat_route_check_account",140,{"type":134,"name":168,"callback":206,"file":200,"line":207},"ejabat_route_login",211,{"type":134,"name":168,"callback":209,"file":200,"line":210},"ejabat_route_logout",291,{"type":134,"name":172,"callback":212,"file":213,"line":214},"ejabat_enqueue_register_scripts","includes\\register.php",49,{"type":134,"name":168,"callback":216,"file":213,"line":217},"ejabat_route_registration_form",81,{"type":134,"name":168,"callback":219,"file":213,"line":220},"ejabat_route_register",238,{"type":134,"name":172,"callback":222,"file":223,"line":142},"ejabat_enqueue_reset_password_scripts","includes\\reset_password.php",{"type":134,"name":168,"callback":225,"file":223,"line":226},"ejabat_route_reset_password_form",64,{"type":134,"name":168,"callback":228,"file":223,"line":194},"ejabat_route_reset_password",{"type":134,"name":168,"callback":230,"file":223,"line":231},"ejabat_route_change_password",293,{"type":134,"name":172,"callback":233,"file":234,"line":175},"ejabat_enqueue_webpresence_scripts","includes\\webpresence.php",{"type":134,"name":168,"callback":236,"file":234,"line":237},"ejabat_route_webpresence_form",55,{"type":134,"name":168,"callback":239,"file":234,"line":240},"ejabat_route_configure_webpresence",253,{"type":134,"name":168,"callback":242,"file":234,"line":243},"ejabat_route_webpresence_css",337,{"type":134,"name":168,"callback":245,"file":234,"line":246},"ejabat_route_webpresence_json",417,{"type":134,"name":168,"callback":248,"file":234,"line":249},"ejabat_route_webpresence_image",480,[],[252,260,264,269,274,279,284,289,294,299,304,309,314,318,323,328,332],{"namespace":253,"route":254,"methods":255,"callback":257,"permissionCallback":258,"file":165,"line":259},"ejabberd-account-tools\u002Fv1","\u002Fcaptcha",[256],"POST","ejabat_captcha_reload","__return_true",285,{"namespace":253,"route":261,"methods":262,"callback":263,"permissionCallback":258,"file":174,"line":142},"\u002Fchange-email-form",[256],"ejabat_change_email_form",{"namespace":253,"route":265,"methods":266,"callback":267,"permissionCallback":258,"file":174,"line":268},"\u002Fchange-email",[256],"ejabat_change_email",127,{"namespace":253,"route":270,"methods":271,"callback":272,"permissionCallback":258,"file":188,"line":273},"\u002Fdelete-account-form",[256],"ejabat_delete_account_form",36,{"namespace":253,"route":275,"methods":276,"callback":277,"permissionCallback":258,"file":188,"line":278},"\u002Fdelete-account",[256],"ejabat_delete_account",116,{"namespace":253,"route":280,"methods":281,"callback":282,"permissionCallback":258,"file":188,"line":283},"\u002Funregister-account",[256],"ejabat_unregister_account",251,{"namespace":253,"route":285,"methods":286,"callback":287,"permissionCallback":258,"file":200,"line":288},"\u002Fvalidate-email",[256],"ejabat_validate_email",79,{"namespace":253,"route":290,"methods":291,"callback":292,"permissionCallback":258,"file":200,"line":293},"\u002Fcheck-account",[256],"ejabat_check_account",118,{"namespace":253,"route":295,"methods":296,"callback":297,"permissionCallback":258,"file":200,"line":298},"\u002Flogin",[256],"ejabat_login",189,{"namespace":253,"route":300,"methods":301,"callback":302,"permissionCallback":258,"file":200,"line":303},"\u002Flogout",[256],"ejabat_logout",276,{"namespace":253,"route":305,"methods":306,"callback":307,"permissionCallback":258,"file":213,"line":308},"\u002Fregistration-form",[256],"ejabat_registration_form",59,{"namespace":253,"route":310,"methods":311,"callback":312,"permissionCallback":258,"file":213,"line":313},"\u002Fregister",[256],"ejabat_register",202,{"namespace":253,"route":315,"methods":316,"callback":317,"permissionCallback":258,"file":223,"line":214},"\u002Freset-password-form",[256],"ejabat_reset_password_form",{"namespace":253,"route":319,"methods":320,"callback":321,"permissionCallback":258,"file":223,"line":322},"\u002Freset-password",[256],"ejabat_reset_password",123,{"namespace":253,"route":324,"methods":325,"callback":326,"permissionCallback":258,"file":223,"line":327},"\u002Fchange-password",[256],"ejabat_change_password",271,{"namespace":253,"route":329,"methods":330,"callback":331,"permissionCallback":258,"file":234,"line":142},"\u002Fwebpresence-form",[256],"ejabat_webpresence_form",{"namespace":253,"route":333,"methods":334,"callback":335,"permissionCallback":258,"file":234,"line":336},"\u002Fconfigure-webpresence",[256],"ejabat_configure_webpresence",157,[338,341,344,346,349],{"tag":267,"callback":339,"file":174,"line":340},"ejabat_change_email_shortcode",35,{"tag":277,"callback":342,"file":188,"line":343},"ejabat_delete_account_shortcode",32,{"tag":312,"callback":345,"file":213,"line":237},"ejabat_register_shortcode",{"tag":321,"callback":347,"file":223,"line":348},"ejabat_reset_password_shortcode",45,{"tag":350,"callback":351,"file":234,"line":340},"ejabat_webpresence","ejabat_webpresence_shortcode",[353],{"hook":183,"callback":183,"file":184,"line":354},13,22,17,{"dangerousFunctions":358,"sqlUsage":359,"outputEscaping":374,"fileOperations":460,"externalRequests":460,"nonceChecks":461,"capabilityChecks":26,"bundledLibraries":462},[],{"prepared":26,"raw":63,"locations":360},[361,364,366,369,372],{"file":145,"line":362,"context":363},573,"$wpdb->query() with variable interpolation",{"file":145,"line":365,"context":363},574,{"file":184,"line":367,"context":368},28,"$wpdb->get_col() with variable interpolation",{"file":370,"line":371,"context":363},"uninstall.php",68,{"file":370,"line":373,"context":363},69,{"escaped":375,"rawEcho":348,"locations":376},42,[377,380,381,383,385,387,389,391,393,394,395,397,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,439,441,443,444,446,447,449,451,453,455,456,458],{"file":137,"line":378,"context":379},110,"raw output",{"file":137,"line":278,"context":379},{"file":137,"line":382,"context":379},143,{"file":137,"line":384,"context":379},165,{"file":137,"line":386,"context":379},171,{"file":137,"line":388,"context":379},177,{"file":137,"line":390,"context":379},183,{"file":145,"line":392,"context":379},161,{"file":145,"line":384,"context":379},{"file":145,"line":166,"context":379},{"file":145,"line":396,"context":379},173,{"file":145,"line":388,"context":379},{"file":145,"line":399,"context":379},181,{"file":145,"line":401,"context":379},195,{"file":145,"line":403,"context":379},212,{"file":145,"line":405,"context":379},219,{"file":145,"line":407,"context":379},225,{"file":145,"line":409,"context":379},231,{"file":145,"line":411,"context":379},260,{"file":145,"line":413,"context":379},266,{"file":145,"line":415,"context":379},272,{"file":145,"line":417,"context":379},296,{"file":145,"line":419,"context":379},318,{"file":145,"line":421,"context":379},325,{"file":145,"line":423,"context":379},332,{"file":145,"line":425,"context":379},344,{"file":145,"line":427,"context":379},351,{"file":145,"line":429,"context":379},368,{"file":145,"line":431,"context":379},375,{"file":145,"line":433,"context":379},403,{"file":145,"line":435,"context":379},428,{"file":145,"line":437,"context":379},435,{"file":145,"line":437,"context":379},{"file":145,"line":440,"context":379},460,{"file":145,"line":442,"context":379},485,{"file":145,"line":442,"context":379},{"file":145,"line":445,"context":379},534,{"file":160,"line":237,"context":379},{"file":160,"line":448,"context":379},86,{"file":160,"line":450,"context":379},121,{"file":160,"line":452,"context":379},145,{"file":160,"line":454,"context":379},178,{"file":165,"line":204,"context":379},{"file":165,"line":457,"context":379},164,{"file":234,"line":459,"context":379},390,3,8,[],[464,481,493,501],{"entryPoint":465,"graph":466,"unsanitizedCount":14,"severity":480},"ejabat_settings_page (includes\\admin-settings.php:187)",{"nodes":467,"edges":477},[468,472],{"id":469,"type":470,"label":471,"file":145,"line":419},"n0","source","$_SERVER['SERVER_NAME'] (x2)",{"id":473,"type":474,"label":475,"file":145,"line":419,"wp_function":476},"n1","sink","echo() [XSS]","echo",[478],{"from":469,"to":473,"sanitized":479},false,"medium",{"entryPoint":482,"graph":483,"unsanitizedCount":101,"severity":480},"ejabat_captcha_verify (includes\\captcha.php:235)",{"nodes":484,"edges":491},[485,488],{"id":469,"type":470,"label":486,"file":165,"line":487},"$_SERVER",247,{"id":473,"type":474,"label":489,"file":165,"line":240,"wp_function":490},"wp_remote_post() [SSRF]","wp_remote_post",[492],{"from":469,"to":473,"sanitized":479},{"entryPoint":494,"graph":495,"unsanitizedCount":101,"severity":480},"\u003Ccaptcha> (includes\\captcha.php:0)",{"nodes":496,"edges":499},[497,498],{"id":469,"type":470,"label":486,"file":165,"line":487},{"id":473,"type":474,"label":489,"file":165,"line":240,"wp_function":490},[500],{"from":469,"to":473,"sanitized":479},{"entryPoint":502,"graph":503,"unsanitizedCount":14,"severity":509},"\u003Cadmin-settings> (includes\\admin-settings.php:0)",{"nodes":504,"edges":507},[505,506],{"id":469,"type":470,"label":471,"file":145,"line":419},{"id":473,"type":474,"label":475,"file":145,"line":419,"wp_function":476},[508],{"from":469,"to":473,"sanitized":479},"low",{"summary":511,"deductions":512},"The ejabberd-account-tools v2.11 plugin exhibits several concerning security practices, despite a clean vulnerability history. The most significant risk stems from a substantial attack surface of 17 unprotected REST API routes. This lack of proper authentication and authorization mechanisms on a significant portion of its entry points presents a high likelihood of unauthorized access and manipulation of the plugin's functionalities. Furthermore, the analysis reveals that 0% of its 5 SQL queries utilize prepared statements, indicating a strong potential for SQL injection vulnerabilities if any user-supplied input reaches these queries without adequate sanitization.\n\nWhile the plugin does not have any recorded CVEs, which is a positive indicator, this should not be relied upon as a sole measure of security. The static analysis strongly suggests inherent weaknesses in its code. The presence of 4 taint flows with unsanitized paths, although not classified as critical or high severity in this analysis, still points to potential risks related to how data is handled. The limited capability checks (0) and the significant percentage of outputs that are not properly escaped (52%) also contribute to a less secure posture. The 3 identified file operations and 3 external HTTP requests, without knowing their context or sanitization, also add to the potential attack surface.",[513,515,517,520,522],{"reason":514,"points":11},"Unprotected REST API routes",{"reason":516,"points":461},"Raw SQL queries without prepared statements",{"reason":518,"points":519},"Unescaped output percentage is high",6,{"reason":521,"points":63},"No capability checks",{"reason":523,"points":524},"Taint flows with unsanitized paths",4,"2026-03-16T23:37:36.224Z",{"wat":527,"direct":536},{"assetPaths":528,"generatorPatterns":531,"scriptPaths":532,"versionParams":533},[529,530],"\u002Fwp-content\u002Fplugins\u002Fejabberd-account-tools\u002Fcss\u002Fstyle.min.css","\u002Fwp-content\u002Fplugins\u002Fejabberd-account-tools\u002Fjs\u002Fjs.ejabat.form.min.js",[],[530],[534,535],"ejabberd-account-tools\u002Fcss\u002Fstyle.min.css?ver=","ejabberd-account-tools\u002Fjs\u002Fjs.ejabat.form.min.js?ver=",{"cssClasses":537,"htmlComments":546,"htmlAttributes":547,"restEndpoints":550,"jsGlobals":552,"shortcodeOutput":554},[538,539,540,541,542,543,544,545],"ejabat-spinner","ejabat-loader","ejabat-info","ejabat-error","ejabat-success","ejabat-blocked","ejabat-validate","ejabat-tip",[],[548,549],"data-action=\"change-email-form\"","data-action=\"change-email\"",[551],"\u002Fwp-json\u002Fejabberd-account-tools\u002Fv1\u002F",[553],"ejabat",[555,556],"\u003Cp data-action=\"change-email-form\" class=\"ejabat\">","\u003Cspan class=\"ejabat-loader\" title=\""]