[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGWNX6Iw0qzvoYUl5RMfqxMIwiju097hibM9jOH9pnXQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":36,"analysis":133,"fingerprints":230},"forumial-sso","Forumial – Cloud Forum Platform – SSO","1.1","chuyenim","https:\u002F\u002Fprofiles.wordpress.org\u002Fchuyenim\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fforumial.com?ref=wordpress\" rel=\"nofollow ugc\">Forumial\u003C\u002Fa> is a modern cloud forum built for better user engagement.\u003Cbr \u002F>\n“Forumial – Cloud Forum Platform – SSO” plugin allows you to integrate this forum with your wordpress website.\u003Cbr \u002F>\nIt uses SSO, this means, users once logged into your website will be automatically logged into Forumial.\u003C\u002Fp>\n\u003Ch3>User Data\u003C\u002Fh3>\n\u003Cp>This plugin helps you to share user information from your WordPress site with your \u003Ca href=\"https:\u002F\u002Fforumial.com\u002F?ref=wordpress\" rel=\"nofollow ugc\">Forumial forum\u003C\u002Fa>.\u003Cbr \u002F>\nMake sure you understand the terms of use here: https:\u002F\u002Fforumial.com\u002Fterms-conditions.html\u003C\u002Fp>\n","Integrates Forumial forum software with WordPress using SSO (Single Sign On)",10,1921,20,1,"2021-07-22T09:09:00.000Z","5.6.17","3.1","",[20,21,22,23,24],"cloud-forum","forum","forum-platform","forumail","sso","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforumial-sso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforumial-sso.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,84,"2026-04-04T18:41:08.662Z",[37,61,74,90,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":28,"last_vuln_date":60,"fetched_at":30},"wp-discourse","WP Discourse","2.6.1","scossar","https:\u002F\u002Fprofiles.wordpress.org\u002Fscossar\u002F","\u003Cp>The WP Discourse plugin acts as an interface between your WordPress site and your\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.discourse.org\u002F\" rel=\"nofollow ugc\">Discourse\u003C\u002Fa> community.\u003C\u002Fp>\n\u003Ch3>Use Discourse for comments:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically creates a forum topic for discussion when a new blog post is published.\u003C\u002Fli>\n\u003Cli>Associates WP author accounts with their respective Discourse accounts. Does not require DiscourseConnect.\u003C\u002Fli>\n\u003Cli>Replies from the forum discussion can be embedded in the WP blog post. Select which replies to display\u003Cbr \u002F>\nbased on post score and commenter “trust level” — see docs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>See it live\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.discourse.org\u002F\" rel=\"nofollow ugc\">blog.discourse.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fboingboing.net\u002F\" rel=\"nofollow ugc\">boingboing.net\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>DiscourseConnect\u003C\u002Fh3>\n\u003Cp>The plugin also comes with optional DiscourseConnect functionality which lets you use your WordPress site as the\u003Cbr \u002F>\nDiscourseConnect provider for your Discourse forum.\u003C\u002Fp>\n\u003Cp>This will override Discourse’s native (and powerful) login flow and is only recommended for use cases\u003Cbr \u002F>\nthat strictly require such a setup, e.g. a site that is already using WordPress for large scale user management.\u003C\u002Fp>\n\u003Ch3>Authentication from Discourse to WordPress\u003C\u002Fh3>\n\u003Cp>The plugin allows you to use Discourse as an authentication provider for your WordPress site.\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>The WP Discourse plugin requires PHP version 5.4.0 and greater. If >=PHP-5.4.0 is not available, the plugin installation\u003Cbr \u002F>\nwill fail.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>The plugin is being developed by \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fu\u002FSimon_Cossar\u002Fsummary\" rel=\"nofollow ugc\">Simon Cossar\u003C\u002Fa> on behalf of the Discourse team.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bug reports and other developer inquiries should be directed at our GitHub Issues:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Please post support requests to our \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fc\u002Fsupport\u002Fwordpress\" rel=\"nofollow ugc\">dedicated support forum\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to use Discourse as a community engine for your WordPress website. The plugin is not a substitute for Disqus type commenting sy &hellip;",1000,124484,90,8,"2026-01-29T20:10:00.000Z","6.9.0","5.1","5.6",[54,55,21,24],"comments","discourse","https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-discourse.2.6.1.zip",98,2,"2025-10-31 16:59:07",{"slug":62,"name":62,"version":6,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":68,"num_ratings":14,"last_updated":69,"tested_up_to":70,"requires_at_least":17,"requires_php":18,"tags":71,"homepage":18,"download_link":73,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"codoforum-sso","evnix","https:\u002F\u002Fprofiles.wordpress.org\u002Fevnix\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodoforum.com\" rel=\"nofollow ugc\">Codoforum\u003C\u002Fa> is a modern forum software built for better user engagement.\u003Cbr \u002F>\nwordpress-codoforum-sso plugin allows you to integrate this forum with your wordpress website.\u003Cbr \u002F>\nIt uses SSO, this means, users once logged into your website will be automatically logged into codoforum.\u003C\u002Fp>\n","Integrates Codoforum forum software with WordPress using SSO(Single Sign On)",4854,100,"2020-09-29T14:26:00.000Z","5.5.18",[72,21,24],"codoforum","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodoforum-sso.1.1.0.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":68,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":88,"download_link":89,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"pt-wp-discourse-sso","PrimeTime WordPress + Discourse SSO","0.2.3","etcio","https:\u002F\u002Fprofiles.wordpress.org\u002Fetcio\u002F","\u003Cp>Discourse is a fantastic new forum that can add another layer to your WordPress community. This plugin allows you to create a fluid experience by using your WordPress installation as the authentication server, creating a single-sign-on (SSO) for your users!\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Discourse option “Staff must approve all new user accounts before they are allowed to access the site.” needs to be disabled for this to work properly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Seamless integration into almost any WordPress installation.\u003C\u002Fli>\n\u003Cli>Get setup within minutes through 3 easy steps. Anyone can do it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Coming Soon:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only allow access with certain capabilities or roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Request processing adapted from Adam Capirola : https:\u002F\u002Fgist.github.com\u002Fadamcapriola\u002F11300529\u003C\u002Fli>\n\u003Cli>SSO methods adapted from ArmedGuy : https:\u002F\u002Fgithub.com\u002FArmedGuy\u002Fdiscourse_sso_php\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides single sign-on capabilities for Discourse using WordPress user authentication.",6411,6,"2015-05-04T20:03:00.000Z","4.2.39","3.6",[55,21,24],"http:\u002F\u002Fetc.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpt-wp-discourse-sso.0.2.3.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":83,"unpatched_count":28,"last_vuln_date":113,"fetched_at":30},"bbpress","bbPress","2.6.14","John James Jacoby","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnjamesjacoby\u002F","\u003Cp>Are you looking for a timeless, elegant, and streamlined discussion board? bbPress is easy to integrate, easy to use, and is built to scale with your growing community.\u003C\u002Fp>\n\u003Cp>bbPress is intentionally simple yet infinitely powerful forum software, built by contributors to WordPress.\u003C\u002Fp>\n","bbPress is forum software for WordPress.",100000,9266210,78,343,"2025-07-02T15:44:00.000Z","6.9.4","6.0","5.6.20",[107,21,108,109],"discussion","forums","support","https:\u002F\u002Fbbpress.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress.2.6.14.zip",91,"2025-03-04 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":68,"num_ratings":83,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":68,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"blossomthemes-toolkit","BlossomThemes Toolkit","2.2.7","Blossom Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fblossomthemes\u002F","\u003Cp>BlossomThemes Toolkit is a lightweight and safe plugin that generates 12 much-necessary custom widgets. This plugin is optimized for BlossomTheme’s themes but also works great with other themes.\u003C\u002Fp>\n\u003Ch4>Widgets included in  BlossomThemes Toolkit\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blossom: Advertisement– This widget lets you add advertisements on your website.\u003C\u002Fli>\n\u003Cli>Blossom: Author Bio– You can place the author bio on sidebars using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Custom Categories– You can add images to the categories and also display post counts of the selected category using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Facebook Page– This widget allows you to show your Facebook page on your WordPress website.\u003C\u002Fli>\n\u003Cli>Blossom: Image Text– You can add your favorite image with caption and link with this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Pinterest– This widget lets you show your latest pins on your WordPress website.\u003C\u002Fli>\n\u003Cli>Blossom: Popular Post- This widget helps you show popular posts of your website.\u003C\u002Fli>\n\u003Cli>Blossom: Posts Category Slider– You can display the posts of selected category in a slider using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Recent Post– This widget helps you display recent posts of your website.\u003C\u002Fli>\n\u003Cli>Blossom: Snapchat Snapcode– You can show your Snapchat’s snapcode using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Social Media– This widget allows you to add social media links on your website.\u003C\u002Fli>\n\u003Cli>Blossom: Twitter Feed– You can now show your twitter news feed right on your website using this widget\u003C\u002Fli>\n\u003C\u002Ful>\n","BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.",30000,944329,"2025-05-26T06:13:00.000Z","6.8.5","4.4.0","7.4",[129,130],"blossom","toolkit","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblossomthemes-toolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblossomthemes-toolkit.2.2.7.zip",{"attackSurface":134,"codeSignals":153,"taintFlows":179,"riskAssessment":217,"analyzedAt":229},{"hooks":135,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":28,"unprotectedCount":28},[136,142,145],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_init","forumial_sso_register_settings","forumial-sso.php",72,{"type":137,"name":143,"callback":144,"file":140,"line":100},"admin_menu","forumial_sso_register_options_page",{"type":137,"name":146,"callback":147,"file":140,"line":148},"init","init_forumial_sso",209,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":162,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":178},[],{"prepared":156,"raw":14,"locations":157},7,[158],{"file":159,"line":160,"context":161},"includes\\installation.php",23,"$wpdb->get_var() with variable interpolation",{"escaped":163,"rawEcho":156,"locations":164},3,[165,167,169,171,172,174,176],{"file":140,"line":34,"context":166},"raw output",{"file":140,"line":168,"context":166},94,{"file":140,"line":170,"context":166},95,{"file":140,"line":58,"context":166},{"file":140,"line":173,"context":166},99,{"file":140,"line":175,"context":166},102,{"file":140,"line":177,"context":166},103,[],[180,206],{"entryPoint":181,"graph":182,"unsanitizedCount":59,"severity":205},"init_forumial_sso (forumial-sso.php:128)",{"nodes":183,"edges":201},[184,189,194,198],{"id":185,"type":186,"label":187,"file":140,"line":188},"n0","source","$_SERVER['REQUEST_URI']",188,{"id":190,"type":191,"label":192,"file":140,"line":188,"wp_function":193},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",{"id":195,"type":186,"label":196,"file":140,"line":197},"n2","$_GET",134,{"id":199,"type":191,"label":192,"file":140,"line":200,"wp_function":193},"n3",204,[202,204],{"from":185,"to":190,"sanitized":203},false,{"from":195,"to":199,"sanitized":203},"medium",{"entryPoint":207,"graph":208,"unsanitizedCount":59,"severity":205},"\u003Cforumial-sso> (forumial-sso.php:0)",{"nodes":209,"edges":214},[210,211,212,213],{"id":185,"type":186,"label":187,"file":140,"line":188},{"id":190,"type":191,"label":192,"file":140,"line":188,"wp_function":193},{"id":195,"type":186,"label":196,"file":140,"line":197},{"id":199,"type":191,"label":192,"file":140,"line":200,"wp_function":193},[215,216],{"from":185,"to":190,"sanitized":203},{"from":195,"to":199,"sanitized":203},{"summary":218,"deductions":219},"The \"forumial-sso\" v1.1 plugin exhibits a generally good security posture based on the provided static analysis.  The absence of a significant attack surface with unprotected entry points (AJAX, REST API, shortcodes, cron jobs) is a strong positive indicator.  The code also shows good practices with a high percentage of SQL queries utilizing prepared statements and the absence of dangerous functions or file operations.\n\nHowever, there are areas for concern.  The taint analysis reveals two flows with unsanitized paths, which could potentially lead to vulnerabilities if these paths are ever exposed to user input.  Furthermore, a significant portion of output (70%) is not properly escaped, creating a risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks and capability checks, while not immediately indicative of a vulnerability given the current attack surface, represents a missed security layer that could become critical if new entry points are introduced or if existing ones are modified.\n\nThe plugin's vulnerability history is clean, with zero recorded CVEs. This suggests a lack of known exploitable issues, which is encouraging.  However, it's important to remember that a clean history doesn't guarantee future security, especially in light of the identified taint flows and unescaped outputs. The strengths lie in the limited attack surface and secure SQL handling, while the weaknesses stem from potential path sanitization issues and a critical lack of output escaping and authorization checks.",[220,222,224,227],{"reason":221,"points":11},"Unsanitized paths in taint analysis",{"reason":223,"points":156},"High percentage of unescaped output",{"reason":225,"points":226},"Missing nonce checks",5,{"reason":228,"points":226},"Missing capability checks","2026-03-17T00:31:47.665Z",{"wat":231,"direct":236},{"assetPaths":232,"generatorPatterns":233,"scriptPaths":234,"versionParams":235},[],[],[],[],{"cssClasses":237,"htmlComments":238,"htmlAttributes":239,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":243},[],[],[240],"readonly=\"readonly\"",[],[],[244],"\u003Ccode style=\"font-size:110%;\">home_url();\u003C\u002Fcode>"]