[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9dqFZXmsFeFbZw5QJPogMbJmWGWigtTNY_pqS_5V0xM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":112,"crawl_stats":38,"alternatives":119,"analysis":229,"fingerprints":1117},"heateor-social-login","Heateor Social Login WordPress","1.1.39","Heateor Support","https:\u002F\u002Fprofiles.wordpress.org\u002Fheateor\u002F","\u003Cp>Integrate Facebook login, Twitter login, Linkedin login, Google login, Vkontakte login, Steam login, Line login, Instagram login, Microsoft login (Windows Live login), WordPress login, Yahoo login, Dribbble login, Spotify login, Dropbox login, Foursquare login, Disqus login, Reddit login, Kakao login, Discord login, Amazon login, Stack Overflow login, Github login, Mail.ru login, Odnoklassniki login, Yandex login and Youtube login buttons with the login page, register page and comment form of your WordPress website within a few minutes\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Plugin will not work on local server. You should have an online website for the plugin to function properly.\u003Cbr \u002F>\n2. If you want to integrate Facebook Comments, you should install \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffancy-facebook-comments\u002F\" rel=\"ugc\">Fancy Comments\u003C\u002Fa>\u003Cbr \u002F>\n3. If you want to integrate only Facebook Login button, you should install \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fheateor-login\u002F\" rel=\"ugc\">Heateor Login\u003C\u002Fa>\u003Cbr \u002F>\n4. If you want to integrate Social Share icons, you should install \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsassy-social-share\" rel=\"ugc\">Sassy Social Share\u003C\u002Fa>\u003Cbr \u002F>\n5. If you want to integrate Social Share icons and Social Commenting along with Social Login, you should install \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsuper-socializer\" rel=\"ugc\">Super Socializer\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Feature list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Integrate Facebook login, Twitter login, Linkedin login, Google login, Vkontakte login, Steam login, Line login, Instagram login, Microsoft login (Windows Live login), WordPress login, Yahoo login, Dribbble login, Spotify login, Kakao login, Twitch login, Dropbox login, Foursquare login, Disqus login, Reddit login, Discord login, Amazon login, Stack Overflow login, Github login, Mail.ru login, Odnoklassniki login, Yandex login and Youtube login buttons with login page, register page and comment form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fsupport.heateor.com\u002Fgdpr-and-our-plugins\u002F\" rel=\"nofollow ugc\">GDPR Compliant\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Compatible with Gutenberg editor\u003C\u002Fli>\n\u003Cli>Compatible with WPML\u003C\u002Fli>\n\u003Cli>Syncs user’s basic social profile data with WordPress profile\u003C\u002Fli>\n\u003Cli>Enable Social Login at WooCommerce checkout page and customer login form\u003C\u002Fli>\n\u003Cli>Syncs user’s basic social profile data with WooCommerce profile\u003C\u002Fli>\n\u003Cli>Use user’s social profile avatar as profile picture at your website\u003C\u002Fli>\n\u003Cli>Customizable login\u002Fpost-registration redirection\u003C\u002Fli>\n\u003Cli>Widget and shortcode\u003C\u002Fli>\n\u003Cli>Compatible with BuddyPress, BBPress, WooCommerce\u003C\u002Fli>\n\u003Cli>Multisite Compatible\u003C\u002Fli>\n\u003Cli>Supports HTTPS enabled websites\u003C\u002Fli>\n\u003Cli>24\u002F7 quickest customer support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Detailed Overview:\u003C\u002Fp>\n\u003Ch4>Social Login\u003C\u002Fh4>\n\u003Cp>Enables users to login to your website via their social media accounts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Rapid signup\u002Flogin\u003C\u002Fstrong>: When using Social network for login, users do not need to type anything (most of the users are already logged into their social accounts) . It helps in boosting signup\u002Flogin rate at your blog.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Profile Data\u003C\u002Fstrong>: User’s profile data will be saved in your blog database. This data also includes users’ email, enabling you to communicate with them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Spam Reduction\u003C\u002Fstrong>: Because social networks authenticate individuals and generally don’t allow multiple accounts, the likelihood of false identities and spammers goes down.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>What makes this plugin different and why should I choose this plugin when there are many other social plugins?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Free\u003C\u002Fstrong>: Yea, right. It is a free plugin. You need not pay single penny to use the features of this plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No need to register anywhere\u003C\u002Fstrong>: Unlike other third party Social plugins, you do not need to create an account at third party website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Absolutely Simple\u003C\u002Fstrong>: Plugin configuration is kept dead simple. Screenshots are provided with options wherever required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trendy Icon Theme\u003C\u002Fstrong>: Trendy theme is used for social login icon which also complies with the branding guidelines of social networks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimal performance\u003C\u002Fstrong>: Plugin just does what it’s supposed to do. It does not contain any tracking or advertisement scripts.\u003C\u002Fli>\n\u003Cli>We promise to provide \u003Cstrong>best quality\u003C\u002Fstrong> among other similar plugins. If you find our plugin is lacking some feature, you can email us and we will do our best to include that feature in our plugin as soon as possible.\u003C\u002Fli>\n\u003Cli>Our \u003Cstrong>support team is working 24\u002F7\u003C\u002Fstrong> to answer your queries and assist you. You will find us the quickest to respond.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Important links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fheateor\" rel=\"nofollow ugc\">Our Facebook Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fheateor\" rel=\"nofollow ugc\">Our Twitter Page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fsupport.heateor.com\" rel=\"nofollow ugc\">Support Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.heateor.com\u002Fadd-ons\" rel=\"nofollow ugc\">Add-ons\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can provide your feedback at hello[at]heateor[dot]com\u003C\u002Fp>\n","One click login and registration via Facebook, Twitter, Linkedin, Google and 23 others.",1000,34565,88,18,"2025-09-17T08:22:00.000Z","6.8.5","2.5.0","",[20,21,22,23,24],"facebook-login","linkedin-login","twitter-login","x","x-login","https:\u002F\u002Fwww.heateor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheateor-social-login.1.1.39.zip",62,6,1,"2025-12-26 00:00:00","2026-03-15T15:16:48.613Z",[33,47,63,78,88,100],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-68998","heateor-social-login-cross-site-request-forgery","Heateor Social Login \u003C= 1.1.39 - Cross-Site Request Forgery","The Heateor Social Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.39. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1.39","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-01-05 19:02:51",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F227c8700-6e53-4f06-9620-5dde2ffc4fde?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-10020","heateor-social-login-wordpress-authentication-bypass-via-disqus-oauth-provider","Heateor Social Login WordPress \u003C= 1.1.35 - Authentication Bypass via Disqus OAuth provider","The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login.","\u003C=1.1.35","1.1.36","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Authentication","2024-11-05 00:00:00","2025-02-19 17:42:08",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6b1d212b-75fe-4285-9c22-62b040e5a36c?source=api-prod",107,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":54,"cvss_score":70,"cvss_vector":71,"vuln_type":72,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"CVE-2024-35706","heateor-social-login-wordpress-unauthenticated-stored-cross-site-scripting","Heateor Social Login WordPress \u003C= 1.1.32 - Unauthenticated Stored Cross-Site Scripting","The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.1.32","1.1.33",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-06-06 00:00:00","2024-06-13 13:35:09",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F10101e3f-8c8a-4a62-bf41-809983a3b610?source=api-prod",8,{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":83,"cvss_vector":84,"vuln_type":72,"published_date":73,"updated_date":85,"references":86,"days_to_patch":77},"CVE-2024-35707","heateor-social-login-wordpress-authenticated-contributor-stored-cross-site-scripting-2","Heateor Social Login WordPress \u003C= 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-06-13 13:34:00",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F755a2c02-f442-46ca-9b45-644b7098b1e3?source=api-prod",{"id":89,"url_slug":90,"title":91,"description":92,"plugin_slug":4,"theme_slug":38,"affected_versions":93,"patched_in_version":94,"severity":40,"cvss_score":83,"cvss_vector":84,"vuln_type":72,"published_date":95,"updated_date":96,"references":97,"days_to_patch":99},"CVE-2024-32674","heateor-social-login-wordpress-authenticated-contributor-stored-cross-site-scripting","Heateor Social Login WordPress \u003C= 1.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.1.31","1.1.32","2024-05-08 00:00:00","2024-05-16 12:40:31",[98],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F15edf742-61e4-4b4f-915d-99e6b3332f5f?source=api-prod",9,{"id":101,"url_slug":102,"title":103,"description":104,"plugin_slug":4,"theme_slug":38,"affected_versions":105,"patched_in_version":106,"severity":40,"cvss_score":83,"cvss_vector":84,"vuln_type":72,"published_date":107,"updated_date":108,"references":109,"days_to_patch":111},"CVE-2024-24712","heateor-social-login-authenticatedcontributor-stored-cross-site-scripting-via-shortcode","Heateor Social Login \u003C= 1.1.30 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode","The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to and including 1.1.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.1.30","1.1.31","2024-01-31 00:00:00","2024-02-02 15:29:02",[110],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1a3ebfba-7523-48a4-a315-4395be2cebef?source=api-prod",3,{"slug":113,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":114,"avg_security_score":115,"avg_patch_time_days":116,"trust_score":117,"computed_at":118},"heateor",106810,92,174,73,"2026-04-03T23:07:51.593Z",[120,144,164,188,205],{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":139,"download_link":140,"security_score":141,"vuln_count":29,"unpatched_count":142,"last_vuln_date":143,"fetched_at":31},"oa-social-login","Social Login","5.10.0","Claude","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudeschlesser\u002F","\u003Ch4>Social Login Plugin\u003C\u002Fh4>\n\u003Cp>Social Login is a \u003Cstrong>professionally developed\u003C\u002Fstrong> and free WordPress plugin that allows your visitors to \u003Cstrong>comment, login and register with 40+ Social Networks\u003C\u002Fstrong> like for example Facebook, Twitter \u002F X, TikTok, Google, LinkedIn, PayPal, LiveJournal, Instagram, Вконтакте or Yahoo amongst other.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Protection Guarantee\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is fully compliant with all European and U.S. data protection laws. As required by the General Data Protection Regulation (GDPR) the OneAll Terms of Service include a Data Processing Agreement that we can countersign on request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Seamless Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is fully customizable and seamlessly integrates with your existing login\u002Fregistration system so that your users don’t have to start from scratch. Existing existing accounts can add\u002Fremove their social network accounts in their WordPress profile settings and then also use the linked social networks to login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Eliminates Spam and Bot Registrations\u003C\u002Fstrong>\u003Cbr \u002F>\nGet rid of long and complicated forms, improve your data quality and instantly eliminate spam and bot registrations. Social Login increases registration rates by up to 50% and provides permission-based access to users’ social network profile data, allowing you to start delivering a personalized experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maintenance Free\u003C\u002Fstrong>\u003Cbr \u002F>\nDo not take the risk of losing any users or customers due to outdated social network integrations. Unlike other Social Login providers we monitor the APIs and technologies of the different social networks and update our service as soon as changes arise.\u003C\u002Fp>\n\u003Cp>By using OneAll you can be sure that your social media integration will always run smoothly and with the most up-to-date calls.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fully Customizable\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can easily configure which social accounts to enable\u002Fdisable for social login and on which areas of the website the social login icons should be displayed:\u003Cbr \u002F>\n* On the comment formular\u003Cbr \u002F>\n* On the login page\u003Cbr \u002F>\n* On the registration page\u003Cbr \u002F>\n* In your sidebar\u003Cbr \u002F>\n* With a shortcode\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fully Compatible With Other Plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login uses standard WordPress hooks and is compatible with all plugins that follow WordPress coding conventions,\u003Cbr \u002F>\nlike per example BuddyPress or WooCommerce amongst others.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Export\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily export your users or automatically push data of users that login using Social Login to Mailchimp or Campaign Monitor.\u003Cbr \u002F>\nThis feature is available in the premium version of Social Login and can be enabled in your OneAll account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>45+ Social Networks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>Amazon\u003C\u002Fli>\n\u003Cli>Battle.net\u003C\u002Fli>\n\u003Cli>Blogger\u003C\u002Fli>\n\u003Cli>Discord\u003C\u002Fli>\n\u003Cli>Draugiem\u003C\u002Fli>\n\u003Cli>Dribbble\u003C\u002Fli>\n\u003Cli>Epic Games\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Foursquare\u003C\u002Fli>\n\u003Cli>Github.com\u003C\u002Fli>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>Line\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>LiveJournal\u003C\u002Fli>\n\u003Cli>Mail.ru\u003C\u002Fli>\n\u003Cli>Meetup\u003C\u002Fli>\n\u003Cli>Mixer\u003C\u002Fli>\n\u003Cli>Odnoklassniki\u003C\u002Fli>\n\u003Cli>OpenID\u003C\u002Fli>\n\u003Cli>Patreon\u003C\u002Fli>\n\u003Cli>PayPal\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>PixelPin \u003C\u002Fli>\n\u003Cli>Reddit\u003C\u002Fli>\n\u003Cli>Skyrock.com\u003C\u002Fli>\n\u003Cli>SoundCloud        \u003C\u002Fli>\n\u003Cli>Spotify\u003C\u002Fli>\n\u003Cli>StackExchange\u003C\u002Fli>\n\u003Cli>Steam\u003C\u002Fli>\n\u003Cli>Strava\u003C\u002Fli>\n\u003Cli>TikTok\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003Cli>Twitch.tv\u003C\u002Fli>\n\u003Cli>Twitter \u002F X\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>VKontakte\u003C\u002Fli>\n\u003Cli>Weibo\u003C\u002Fli>\n\u003Cli>Windows Live\u003C\u002Fli>\n\u003Cli>WordPress.com\u003C\u002Fli>\n\u003Cli>XING\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Yandex\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Social Login Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR compliant\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Link\u003C\u002Fstrong> – Users can use social login to link multiple social network accounts to their WordPress account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce Connect\u003C\u002Fstrong> – Automatic integration of the social login icons on the Woocommerce checkout, login and registration pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce Profile\u003C\u002Fstrong> – Fill the user’s billing address with the first name, last name and email address received from the social network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress Connect\u003C\u002Fstrong> – Automatic integration of the social login icons on the BuddyPress account and registration pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress Profile\u003C\u002Fstrong> – Use the social network avatar as BuddyPress avatar and fill out custom fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Insights\u003C\u002Fstrong> – Access the analytics dashboard to discover which social networks your users prefer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Emails\u003C\u002Fstrong> – Send emails to users that register using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Notifications\u003C\u002Fstrong> – Send notifications to admins for every users that registers using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment Approval\u003C\u002Fstrong> – Automatically approve comments left by users that connected by using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Retrieval\u003C\u002Fstrong>  – Ask users to enter their email when social login did not receive it from the social network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirections\u003C\u002Fstrong> – Fully customize the page to redirect user to after having connected using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrated Widget\u003C\u002Fstrong> – Simply use the social login widget to display the icons wherever you want.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ShortCodes\u003C\u002Fstrong> – Easily embed social login anywhere by using the available shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook\u003C\u002Fstrong> – Customize the social login behaviour by using the integrated hooks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon Themes\u003C\u002Fstrong> – Choose amongst three different social login icon themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Documentation\u003C\u002Fstrong> – Access a \u003Ca href=\"https:\u002F\u002Fdocs.oneall.com\u002Fplugins\u002Fguide\u002Fsocial-login-wordpress\u002F\" rel=\"nofollow ugc\">complete documentation\u003C\u002Fa> on the available Social Login hooks and filters for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support\u003C\u002Fstrong> – Any questions about Social Login? Our support team is there to assist you. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Social Login Premium Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication Filters\u003C\u002Fstrong> – Use customisable filters to restrict which users may login with social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Export\u003C\u002Fstrong> – Automatically export social login data to Campaign Monitor or MailChimp or export as CSV.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Insights\u003C\u002Fstrong> – Access analytics and get demographic information about your social login users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon Themes\u003C\u002Fstrong> – Choose amongst twenty different social login icon themes or use you own icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Professionally Developed and Maintained\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is maintained by \u003Ca href=\"https:\u002F\u002Fwww.oneall.com\" rel=\"nofollow ugc\">OneAll\u003C\u002Fa>, a technology company offering a set of web-delivered tools to simplify the integration of 40+ social networks into business and personal websites and apps.\u003C\u002Fp>\n\u003Cp>The OneAll API unifies 40+ Social Networks and consolidates the most powerful social network features in a single solution. You can work with multiple social networks at once and you will obtain a standardized field structure for data received from any of the social networks. Save time and development resources and focus on your core business.\u003C\u002Fp>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Used by thousands of users around the world!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The plugin in is one of the best I’ve seen so far. Extremely easy to implement and run. The support is great too.\u003Cbr \u002F>\nNo concerns on my side. Keep it up!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>livia\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Loving the service, seen a massive increase in painless signups to my blog. Thanks!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Richard B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>You have no idea how it THRILLED me to integrate oneall. It was SO amazingly easy, your team has simplified the whole process of signing up for\u003Cbr \u002F>\nauthorization on multiple social media sites. I HAD NO QUESTIONS\u002FSTEPS THAT YOU HADN’T ALREADY ANTICIPATED. It saved me HOURS of work!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Kelly C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>This is cool. Nice work. I’m VERY impressed. You’ve made this about as painless as it gets and the value it adds is incredible.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Jason M.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>This service is simply remarkable, I’ve tried integrating logins before and it has never been this easy!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Andrew C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I found it extremely straightforward. I just figured it out easily and make my website capable of connecting\u003Cbr \u002F>\nto many social networks by your plugin.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Deha K.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Just wanted to let you know how happy i am that i stumbled onto your service. This was the 6 Facebook\u002FTwitter integration\u003Cbr \u002F>\ni tried and was starting to lose hope that i could actually find one that worked for me.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Kyle L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I would like to thank YOU! Seriously, the WordPress plugin has been a huge life saver for me.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Piero B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Thank you for the wonderful plugin\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Martin P.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The service is excellent for what i need, simple to set up. All situations about seting up are well explained, so\u003Cbr \u002F>\nthere are no difficulties\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Facundo S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I really like the plugin, the capabilities you provide for management and your prompt reply for support.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Tom B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>It was extremely easy to set up and use.  The documentation to set up the FB and twitter API\u003Cbr \u002F>\nwas easy to follow and implement. I was struggling with a couple of other plugins till I stumbled on this one.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Deepa V.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Works like a charm!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Fredrik L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Not sure how you can improve it’s a Damn! Good product. 100% User friendly easy to setup. Thanks!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Cody L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>So far oneall.com is the perfect solution for my site and works flawlessly.  I am extremely impressed and grateful.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Terry P.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I’ve gone in and tweaked it, tested it and it’s good to go now! Wonderful, I feel like a grown up blogger now.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Brian J.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I am really impressed with your product! Its very dynamic and its gives me the flexibility I need for integration into my own business.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Braxton D.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Your delivery is superb. You should change your name to WONall because you won it all with me. You are awesome, stay that way please.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Nicholas L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I especially enjoy the step by step process that guides you through the Social website App creation process. In the end I would like to thank you\u003Cbr \u002F>\nfor putting together such a great product that so many users can implement with ease.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Stefan C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Thanks for a such a great plugin! I was really impressed with the simplicity of the installation directions and the clean design.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Janae S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I love your service the way it is, it’s amazing how easy the logging-in-via-social-network is integrated into a wordpress website!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Martin S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The site and the plugin are working magnificently. Thank you one million times for making your products\u002Fservices available in the manner that you have.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Herman G.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Very user friendly, there are guides and screenshot on how to set things up. Thank you so much for this awesome plugin!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Cebututs\u003C\u002Fstrong>\u003C\u002Fp>\n","With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs",5000,942142,86,364,"2024-12-02T15:57:00.000Z","6.7.5","3.0","5.4",[20,21,137,138,22],"social-login","tiktok-login","http:\u002F\u002Fwww.oneall.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foa-social-login.zip",89,0,"2024-11-22 15:08:42",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":157,"requires_at_least":158,"requires_php":18,"tags":159,"homepage":161,"download_link":162,"security_score":163,"vuln_count":142,"unpatched_count":142,"last_vuln_date":38,"fetched_at":31},"userswp-social-login","UsersWP – Social Login","1.5.6","Stiofan","https:\u002F\u002Fprofiles.wordpress.org\u002Fstiofansisland\u002F","\u003Cp>Social Login addon for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuserswp\u002F\" rel=\"ugc\">UsersWP\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This addon lets your user to register and login with popular sites like Facebook, Google, Twitter, LinkedIn, Instagram, Yahoo, WordPress, vkontakte etc.\u003C\u002Fp>\n\u003Cp>100% translatable.\u003C\u002Fp>\n","Social Login addon for UsersWP.",2000,129473,66,4,"2026-01-20T12:42:00.000Z","6.9.4","6.1",[20,160,21,137,22],"google-login","https:\u002F\u002Fuserswp.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserswp-social-login.1.5.6.zip",100,{"slug":165,"name":166,"version":167,"author":168,"author_profile":169,"description":170,"short_description":171,"active_installs":11,"downloaded":172,"rating":173,"num_ratings":174,"last_updated":175,"tested_up_to":16,"requires_at_least":176,"requires_php":177,"tags":178,"homepage":184,"download_link":185,"security_score":186,"vuln_count":29,"unpatched_count":142,"last_vuln_date":187,"fetched_at":31},"json-api-user","JSON API User","4.1.0","Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fparorrey\u002F","\u003Cp>JSON API User extends the JSON API Plugin with a new Controller to allow RESTful user registration, authentication, password reset, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile get and update methods. This plugin is for WordPress\u002FMobile app developers who want to use WordPress as mobile app data backend.\u003C\u002Fp>\n\u003Cp>JSON API Plugin, that is required, was closed on August 7, 2019 from WordPress repository. You can download \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api\" rel=\"nofollow ugc\">JSON API Plugin\u003C\u002Fa> from https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api until it is republished and available on WordPress.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin was created for mobile apps integration with the web app using WordPress as backend for all the data. WordPress helped in putting together the web app quickly and then Mobile iOS and Android apps were integrated via this plugin. There were some app specific customized methods which are not included but rest have been made generic for community usage.\u003C\u002Fp>\n\u003Cp>My other JSON API Auth plugin has also been integrated with this plugin from version 1.1 because most endpoints required user authentication via cookie for data update.\u003C\u002Fp>\n\u003Cp>Pro Version – JSON API User Plus\u003C\u002Fp>\n\u003Cp>A pro version of this plugin, \u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa>, is available here http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F that supports BuddyPress Messages component, BuddyPress avatar upload, BuddyPress Extended Profile, BuddyPress Groups, BuddyPress Friends, BuddyPress Activity, BuddyPress Notifications, BuddyPres Settings and other BuddyPress related functions to integrate BuddyPress features in your mobile app via REST api.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa> includes API key which protects and restricts the endpoint calls. This key can be updated from Settings > User Plus options page. Your app must include this key with every call to get the data from REST API. Please see documentation for calling endpoints examples for ‘JSON API User Plus’.\u003C\u002Fp>\n\u003Cp>JSON API User Plus features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get\u002FUpload Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003Cli>Add Post, Update Post, Delete Post\u003C\u002Fli>\n\u003Cli>Add\u002FEdit\u002FDelete Custom Post Type, Custom Fields\u003C\u002Fli>\n\u003Cli>Search User\u003C\u002Fli>\n\u003Cli>BuddyPress Activities\u003C\u002Fli>\n\u003Cli>BuddyPress Members\u003C\u002Fli>\n\u003Cli>BuddyPress Friends\u003C\u002Fli>\n\u003Cli>BuddyPress Notifications\u003C\u002Fli>\n\u003Cli>BuddyPress Settings\u003C\u002Fli>\n\u003Cli>& many more\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.",120913,78,21,"2025-07-29T11:54:00.000Z","3.0.1","5.3",[179,180,181,182,183],"authentication","json-api","restful-facebook-login","restful-user-meta-and-buddypress-xprofile","restful-user-registration","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-user.4.1.0.zip",97,"2024-07-10 00:00:00",{"slug":189,"name":190,"version":191,"author":192,"author_profile":193,"description":194,"short_description":195,"active_installs":163,"downloaded":196,"rating":197,"num_ratings":198,"last_updated":199,"tested_up_to":133,"requires_at_least":200,"requires_php":201,"tags":202,"homepage":18,"download_link":204,"security_score":115,"vuln_count":142,"unpatched_count":142,"last_vuln_date":38,"fetched_at":31},"happy-social-login","Happy Social Login","1.5.0","WPFOLK","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfolk\u002F","\u003Cp>Let your users signup and login to your WordPress website using their favorite social media accounts Facebook, Google, LinkedIn, Github and 42+ more. Happy Social Login is a free, easy-to-use WordPress plugin that makes registration and login a breeze. With just its social profiles (like Facebook, Google, or X (formerly Twitter)), your visitors can quickly sign up and log in to your site. No lengthy forms, no waiting for validation emails, and no more forgotten passwords. It’s simple, fast, and user-friendly!\u003C\u002Fp>\n\u003Ch3>🔗 Useful Links\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpfolk.com\u002Fplugins\u002Fhappy-social-login\" rel=\"nofollow ugc\">Official Page\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fplayground.wordpress.net\u002F?plugin=happy-social-login\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fwpfolk.com\u002Fdocs\u002Fhappy-social-login\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Quick registration and login via Facebook, Google, LinkedIn, and Github\u003C\u002Fli>\n\u003Cli>Easy integration with WordPress user accounts\u003C\u002Fli>\n\u003Cli>Customizable redirect URLs after registration and login\u003C\u002Fli>\n\u003Cli>Display social profile pictures as avatars\u003C\u002Fli>\n\u003Cli>Simple setup and user-friendly interface\u003C\u002Fli>\n\u003Cli>Helpful support for any questions or issues\u003C\u002Fli>\n\u003Cli>Additional Features in the Pro Version:\u003C\u002Fli>\n\u003Cli>Compatibility with WooCommerce, BuddyPress, UserPro, and more\u003C\u002Fli>\n\u003Cli>Access to additional providers like Amazon, PayPal, and more\u003C\u002Fli>\n\u003Cli>Control over email and username collection during registration\u003C\u002Fli>\n\u003Cli>Different login layouts and button styles\u003C\u002Fli>\n\u003Cli>Role-based access control for social logins\u003C\u002Fli>\n\u003Cli>Automatic assignment of user roles based on social login provider\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>Happy Social Login is an independent plugin and is not affiliated with or endorsed by\u003Cbr \u002F>\nany of the third-party services mentioned in this documentation, including but not limited\u003Cbr \u002F>\nto Facebook, Google, Twitter, LinkedIn, GitHub, and others. All trademarks, service marks,\u003Cbr \u002F>\nand company names are the property of their respective owners. We do not hold any copyright\u003Cbr \u002F>\nover the APIs or services provided by these third parties. Any use of these services is subject\u003Cbr \u002F>\nto their respective terms of use and privacy policies. Users are responsible for complying with\u003Cbr \u002F>\nthe terms of the third-party services they choose to enable through this plugin.\u003C\u002Fp>\n\u003Cp>Happy Social Login relies on third-party services for authentication. When a user logs in using a\u003Cbr \u002F>\nsocial media account, their data is sent to the respective third-party service for authentication.\u003Cbr \u002F>\nBelow is a list of the services used, along with their respective links to privacy policies:\u003C\u002Fp>\n\u003Ch3>🔗 Privacy Policy Links\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fen\u002Fprivacy\" rel=\"nofollow ugc\">X\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n","Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.",10069,80,5,"2025-01-09T10:48:00.000Z","6.0","7.4",[20,203,160,21,137],"github-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhappy-social-login.1.5.0.zip",{"slug":206,"name":207,"version":208,"author":209,"author_profile":210,"description":211,"short_description":212,"active_installs":163,"downloaded":213,"rating":214,"num_ratings":215,"last_updated":216,"tested_up_to":217,"requires_at_least":218,"requires_php":18,"tags":219,"homepage":225,"download_link":226,"security_score":227,"vuln_count":29,"unpatched_count":29,"last_vuln_date":228,"fetched_at":31},"ultimate-ajax-login","Ultimate AJAX Login","1.2.1","Samer Bechara","https:\u002F\u002Fprofiles.wordpress.org\u002Farbet01\u002F","\u003Cp>After testing all of the AJAX plugins in the WordPress repository, I got frustrated. They’re all great, but it seems that they’re like 90% complete. They still need polishing.  This is why I decided to create this plugin\u003C\u002Fp>\n\u003Cp>How is this plugin different:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three different templates to choose from: Modal login form, Classic login form and popup login form (jQuery UI based)\u003C\u002Fli>\n\u003Cli>24 themes to choose from (jQuery UI based)  \u003C\u002Fli>\n\u003Cli>Fully customizable: Just copy the template you’re using from \u002Ftemplates\u002F directory in the plugin to the “ultimate_ajax_login” directory in your theme, and modify as you need to.\u003C\u002Fli>\n\u003Cli>After a user is logged in, nothing shows up. I found this pretty frustrating with other plugins, there was no way to hide things.\u003C\u002Fli>\n\u003Cli>If you need to show anything after a user logs in, just copy the template widget-logged-in.php to your ultimate_ajax_login folder and add whatever you need. You can call any WP function from there.\u003C\u002Fli>\n\u003Cli>Has three templates, one an AJAX-based classic login form, and the other is a jQuery UI dialog box (Tested and works on mobile), and the third one is a popmodal dialog box\u003C\u002Fli>\n\u003Cli>Blocks the login form whenever a user is being logged in.\u003C\u002Fli>\n\u003Cli>Allows you to specify a global login redirect URL in your settings page, which applies to all of your widgets.\u003C\u002Fli>\n\u003Cli>Login redirect URL can be overridden on a per-widget basis from the widget options page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Shortcode Usage\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Instead of using the widget, you can insert the shortcode inside any post. If you’re a theme developer, you can use it with the do_shortcode() function. Here are the varius option\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using with classic template and no redirect url specified: \u003Cem>[ultimate_ajax_login]\u003C\u002Fem> \u003C\u002Fli>\n\u003Cli>Using the dialog box template: \u003Cem>[ultimate_ajax_login template=’dialog’]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Using the dialog box template and a jquery theme: \u003Cem>[ultimate_ajax_login template=’dialog’ theme=’cupertino’]\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n","Very flexible and easy to use AJAX Login plugin with redirects, customizable templates...",14301,90,2,"2015-01-15T09:48:00.000Z","4.1.42","3.1",[220,221,222,223,224],"admin","ajax","ajax-login","login","multi-site","http:\u002F\u002Fthoughtengineer.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-ajax-login.1.2.1.zip",63,"2025-09-05 00:00:00",{"attackSurface":230,"codeSignals":408,"taintFlows":888,"riskAssessment":1094,"analyzedAt":1116},{"hooks":231,"ajaxHandlers":391,"restRoutes":397,"shortcodes":398,"cronEvents":407,"entryPointCount":111,"unprotectedCount":29},[232,239,243,247,251,254,257,260,263,266,269,272,275,278,281,284,287,291,295,299,302,306,309,313,317,321,325,329,332,336,340,344,348,351,355,359,361,365,370,373,376,378,381,383,387],{"type":233,"name":234,"callback":235,"priority":236,"file":237,"line":238},"action","wpmu_new_blog","new_subsite_default_options",10,"heateor-social-login.php",137,{"type":233,"name":240,"callback":240,"file":241,"line":242},"admin_menu","includes\\class-heateor-social-login.php",132,{"type":233,"name":244,"callback":245,"file":241,"line":246},"admin_notices","addon_update_notification",133,{"type":233,"name":248,"callback":249,"file":241,"line":250},"admin_init","register_setting",134,{"type":233,"name":252,"callback":253,"file":241,"line":238},"login_form","buttons",{"type":233,"name":255,"callback":253,"file":241,"line":256},"bp_before_sidebar_login_form",138,{"type":233,"name":258,"callback":253,"file":241,"line":259},"register_form",141,{"type":233,"name":261,"callback":253,"file":241,"line":262},"after_signup_form",142,{"type":233,"name":264,"callback":253,"file":241,"line":265},"bp_before_account_details_fields",143,{"type":233,"name":267,"callback":253,"file":241,"line":268},"comment_form_must_log_in_after",148,{"type":233,"name":270,"callback":253,"file":241,"line":271},"comment_form_top",150,{"type":233,"name":273,"callback":253,"file":241,"line":274},"woocommerce_before_customer_login_form",154,{"type":233,"name":276,"callback":253,"file":241,"line":277},"woocommerce_login_form",157,{"type":233,"name":279,"callback":253,"file":241,"line":280},"woocommerce_register_form",160,{"type":233,"name":282,"callback":253,"file":241,"line":283},"woocommerce_checkout_before_customer_details",163,{"type":233,"name":285,"callback":253,"file":241,"line":286},"astra_checkout_login_field_before",165,{"type":233,"name":288,"callback":289,"file":241,"line":290},"plugins_loaded","update_options",167,{"type":233,"name":292,"callback":293,"file":241,"line":294},"plugin_action_links_heateor-social-login\u002Fheateor-social-login.php","add_settings_link",168,{"type":233,"name":296,"callback":297,"file":241,"line":298},"edit_user_profile","show_avatar_option",172,{"type":233,"name":300,"callback":297,"file":241,"line":301},"show_user_profile",173,{"type":233,"name":303,"callback":304,"file":241,"line":305},"personal_options_update","save_avatar",176,{"type":233,"name":307,"callback":304,"file":241,"line":308},"edit_user_profile_update",177,{"type":310,"name":311,"callback":311,"priority":236,"file":241,"line":312},"filter","sanitize_user",180,{"type":233,"name":314,"callback":315,"file":241,"line":316},"bp_include","bp_loaded",182,{"type":233,"name":318,"callback":319,"file":241,"line":320},"manage_users_columns","social_network_column_user_table",185,{"type":310,"name":322,"callback":323,"priority":236,"file":241,"line":324},"manage_users_custom_column","social_network_column_user_table_row",186,{"type":233,"name":326,"callback":327,"file":241,"line":328},"admin_head","network_column_css",189,{"type":233,"name":330,"callback":330,"file":241,"line":331},"init",200,{"type":310,"name":333,"callback":334,"priority":236,"file":241,"line":335},"get_avatar","social_avatar",201,{"type":310,"name":337,"callback":338,"priority":236,"file":241,"line":339},"bp_core_fetch_avatar","buddypress_avatar",202,{"type":310,"name":341,"callback":342,"priority":236,"file":241,"line":343},"get_avatar_url","social_avatar_url",203,{"type":233,"name":345,"callback":346,"priority":236,"file":241,"line":347},"heateor_sl_before_registration","disable_social_registration",204,{"type":233,"name":244,"callback":349,"file":241,"line":350},"user_profile_account_linking",205,{"type":233,"name":352,"callback":353,"priority":163,"file":241,"line":354},"bp_setup_nav","add_linking_tab",206,{"type":310,"name":356,"callback":357,"file":241,"line":358},"login_message","custom_login_message",207,{"type":233,"name":314,"callback":315,"file":241,"line":360},209,{"type":233,"name":362,"callback":363,"file":241,"line":364},"widgets_init","closure",220,{"type":233,"name":366,"callback":367,"file":368,"line":369},"wp_enqueue_scripts","frontend_styles","public\\class-heateor-social-login-public.php",2313,{"type":233,"name":371,"callback":367,"file":368,"line":372},"login_enqueue_scripts",2314,{"type":233,"name":366,"callback":374,"file":368,"line":375},"frontend_scripts",2315,{"type":233,"name":371,"callback":374,"file":368,"line":377},2316,{"type":233,"name":366,"callback":379,"file":368,"line":380},"load_event",2317,{"type":233,"name":371,"callback":379,"file":368,"line":382},2318,{"type":233,"name":384,"callback":385,"file":368,"line":386},"parse_request","connect",2319,{"type":233,"name":388,"callback":389,"file":368,"line":390},"bp_template_content","bp_account_linking",2426,[392],{"action":393,"nopriv":394,"callback":395,"hasNonce":394,"hasCapCheck":394,"file":241,"line":396},"heateor_sl_unlink",false,"unlink",169,[],[399,403],{"tag":400,"callback":401,"file":241,"line":402},"Heateor_Social_Login","shortcode",232,{"tag":404,"callback":405,"file":241,"line":406},"Heateor_Social_Linking","social_linking_shortcode",233,[],{"dangerousFunctions":409,"sqlUsage":410,"outputEscaping":424,"fileOperations":451,"externalRequests":886,"nonceChecks":142,"capabilityChecks":215,"bundledLibraries":887},[],{"prepared":155,"raw":198,"locations":411},[412,414,417,419,421],{"file":237,"line":62,"context":413},"$wpdb->get_col() with variable interpolation",{"file":368,"line":415,"context":416},3344,"$wpdb->get_var() with variable interpolation",{"file":368,"line":418,"context":416},3348,{"file":368,"line":420,"context":416},3374,{"file":422,"line":423,"context":413},"uninstall.php",17,{"escaped":425,"rawEcho":426,"locations":427},357,240,[428,431,433,435,437,439,441,443,445,447,449,452,454,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,567,569,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,601,603,605,607,609,611,613,615,617,619,621,623,625,627,629,631,633,635,637,639,641,643,645,647,649,651,653,655,657,659,661,663,665,667,669,671,673,675,677,679,681,683,685,687,689,691,693,695,697,699,701,703,705,707,709,711,713,715,717,719,721,723,725,727,729,731,733,735,737,739,741,743,745,747,749,751,753,755,757,759,761,763,765,767,769,771,773,775,777,779,781,783,785,787,789,791,793,795,797,799,801,804,806,808,809,811,812,814,816,818,819,820,822,824,825,826,828,830,831,832,834,836,837,838,840,842,843,845,847,848,850,852,854,856,858,860,861,863,865,866,867,868,870,871,872,873,874,875,876,877,878,880,882,884],{"file":429,"line":173,"context":430},"admin\\class-heateor-social-login-admin.php","raw output",{"file":429,"line":432,"context":430},389,{"file":429,"line":434,"context":430},405,{"file":429,"line":436,"context":430},406,{"file":438,"line":155,"context":430},"admin\\partials\\heateor-social-login-about.php",{"file":438,"line":440,"context":430},53,{"file":438,"line":442,"context":430},54,{"file":438,"line":444,"context":430},55,{"file":438,"line":446,"context":430},56,{"file":438,"line":448,"context":430},57,{"file":450,"line":451,"context":430},"admin\\partials\\heateor-social-login-options-page.php",7,{"file":450,"line":453,"context":430},43,{"file":450,"line":227,"context":430},{"file":450,"line":456,"context":430},81,{"file":450,"line":458,"context":430},99,{"file":450,"line":460,"context":430},226,{"file":450,"line":462,"context":430},236,{"file":450,"line":464,"context":430},248,{"file":450,"line":466,"context":430},258,{"file":450,"line":468,"context":430},272,{"file":450,"line":470,"context":430},282,{"file":450,"line":472,"context":430},298,{"file":450,"line":474,"context":430},308,{"file":450,"line":476,"context":430},326,{"file":450,"line":478,"context":430},336,{"file":450,"line":480,"context":430},348,{"file":450,"line":482,"context":430},358,{"file":450,"line":484,"context":430},370,{"file":450,"line":486,"context":430},393,{"file":450,"line":488,"context":430},403,{"file":450,"line":490,"context":430},416,{"file":450,"line":492,"context":430},426,{"file":450,"line":494,"context":430},439,{"file":450,"line":496,"context":430},449,{"file":450,"line":498,"context":430},463,{"file":450,"line":500,"context":430},473,{"file":450,"line":502,"context":430},485,{"file":450,"line":504,"context":430},495,{"file":450,"line":506,"context":430},510,{"file":450,"line":508,"context":430},520,{"file":450,"line":510,"context":430},532,{"file":450,"line":512,"context":430},542,{"file":450,"line":514,"context":430},554,{"file":450,"line":516,"context":430},564,{"file":450,"line":518,"context":430},579,{"file":450,"line":520,"context":430},582,{"file":450,"line":522,"context":430},588,{"file":450,"line":524,"context":430},600,{"file":450,"line":526,"context":430},603,{"file":450,"line":528,"context":430},609,{"file":450,"line":530,"context":430},625,{"file":450,"line":532,"context":430},628,{"file":450,"line":534,"context":430},634,{"file":450,"line":536,"context":430},642,{"file":450,"line":538,"context":430},645,{"file":450,"line":540,"context":430},651,{"file":450,"line":542,"context":430},659,{"file":450,"line":544,"context":430},662,{"file":450,"line":546,"context":430},668,{"file":450,"line":548,"context":430},680,{"file":450,"line":550,"context":430},689,{"file":450,"line":552,"context":430},701,{"file":450,"line":554,"context":430},710,{"file":450,"line":556,"context":430},726,{"file":450,"line":558,"context":430},735,{"file":450,"line":560,"context":430},747,{"file":450,"line":562,"context":430},756,{"file":450,"line":564,"context":430},772,{"file":450,"line":566,"context":430},775,{"file":450,"line":568,"context":430},781,{"file":450,"line":570,"context":430},793,{"file":450,"line":572,"context":430},796,{"file":450,"line":574,"context":430},802,{"file":450,"line":576,"context":430},818,{"file":450,"line":578,"context":430},821,{"file":450,"line":580,"context":430},827,{"file":450,"line":582,"context":430},839,{"file":450,"line":584,"context":430},842,{"file":450,"line":586,"context":430},848,{"file":450,"line":588,"context":430},864,{"file":450,"line":590,"context":430},867,{"file":450,"line":592,"context":430},873,{"file":450,"line":594,"context":430},885,{"file":450,"line":596,"context":430},888,{"file":450,"line":598,"context":430},894,{"file":450,"line":600,"context":430},910,{"file":450,"line":602,"context":430},913,{"file":450,"line":604,"context":430},919,{"file":450,"line":606,"context":430},931,{"file":450,"line":608,"context":430},934,{"file":450,"line":610,"context":430},940,{"file":450,"line":612,"context":430},956,{"file":450,"line":614,"context":430},959,{"file":450,"line":616,"context":430},965,{"file":450,"line":618,"context":430},977,{"file":450,"line":620,"context":430},980,{"file":450,"line":622,"context":430},986,{"file":450,"line":624,"context":430},1002,{"file":450,"line":626,"context":430},1012,{"file":450,"line":628,"context":430},1024,{"file":450,"line":630,"context":430},1034,{"file":450,"line":632,"context":430},1049,{"file":450,"line":634,"context":430},1059,{"file":450,"line":636,"context":430},1070,{"file":450,"line":638,"context":430},1080,{"file":450,"line":640,"context":430},1095,{"file":450,"line":642,"context":430},1104,{"file":450,"line":644,"context":430},1116,{"file":450,"line":646,"context":430},1125,{"file":450,"line":648,"context":430},1140,{"file":450,"line":650,"context":430},1149,{"file":450,"line":652,"context":430},1161,{"file":450,"line":654,"context":430},1170,{"file":450,"line":656,"context":430},1185,{"file":450,"line":658,"context":430},1194,{"file":450,"line":660,"context":430},1206,{"file":450,"line":662,"context":430},1215,{"file":450,"line":664,"context":430},1230,{"file":450,"line":666,"context":430},1239,{"file":450,"line":668,"context":430},1251,{"file":450,"line":670,"context":430},1260,{"file":450,"line":672,"context":430},1275,{"file":450,"line":674,"context":430},1284,{"file":450,"line":676,"context":430},1295,{"file":450,"line":678,"context":430},1304,{"file":450,"line":680,"context":430},1316,{"file":450,"line":682,"context":430},1325,{"file":450,"line":684,"context":430},1341,{"file":450,"line":686,"context":430},1350,{"file":450,"line":688,"context":430},1362,{"file":450,"line":690,"context":430},1371,{"file":450,"line":692,"context":430},1387,{"file":450,"line":694,"context":430},1396,{"file":450,"line":696,"context":430},1408,{"file":450,"line":698,"context":430},1417,{"file":450,"line":700,"context":430},1432,{"file":450,"line":702,"context":430},1441,{"file":450,"line":704,"context":430},1453,{"file":450,"line":706,"context":430},1462,{"file":450,"line":708,"context":430},1475,{"file":450,"line":710,"context":430},1492,{"file":450,"line":712,"context":430},1511,{"file":450,"line":714,"context":430},1546,{"file":450,"line":716,"context":430},1565,{"file":450,"line":718,"context":430},1584,{"file":450,"line":720,"context":430},1603,{"file":450,"line":722,"context":430},1622,{"file":450,"line":724,"context":430},1641,{"file":450,"line":726,"context":430},1664,{"file":450,"line":728,"context":430},1682,{"file":450,"line":730,"context":430},1700,{"file":450,"line":732,"context":430},1718,{"file":450,"line":734,"context":430},1739,{"file":450,"line":736,"context":430},1762,{"file":450,"line":738,"context":430},1781,{"file":450,"line":740,"context":430},1799,{"file":450,"line":742,"context":430},1817,{"file":450,"line":744,"context":430},1840,{"file":450,"line":746,"context":430},1853,{"file":450,"line":748,"context":430},1861,{"file":450,"line":750,"context":430},1880,{"file":450,"line":752,"context":430},1899,{"file":450,"line":754,"context":430},1930,{"file":450,"line":756,"context":430},1951,{"file":450,"line":758,"context":430},1975,{"file":450,"line":760,"context":430},1992,{"file":450,"line":762,"context":430},2009,{"file":450,"line":764,"context":430},2040,{"file":450,"line":766,"context":430},2058,{"file":450,"line":768,"context":430},2076,{"file":450,"line":770,"context":430},2106,{"file":450,"line":772,"context":430},2118,{"file":450,"line":774,"context":430},2126,{"file":450,"line":776,"context":430},2138,{"file":450,"line":778,"context":430},2171,{"file":450,"line":780,"context":430},2191,{"file":450,"line":782,"context":430},2212,{"file":450,"line":784,"context":430},2230,{"file":450,"line":786,"context":430},2233,{"file":450,"line":788,"context":430},2249,{"file":450,"line":790,"context":430},2252,{"file":450,"line":792,"context":430},2268,{"file":450,"line":794,"context":430},2271,{"file":450,"line":796,"context":430},2287,{"file":450,"line":798,"context":430},2290,{"file":450,"line":800,"context":430},2350,{"file":802,"line":803,"context":430},"includes\\class-heateor-social-login-widgets.php",38,{"file":802,"line":805,"context":430},45,{"file":802,"line":807,"context":430},48,{"file":802,"line":440,"context":430},{"file":802,"line":810,"context":430},60,{"file":802,"line":27,"context":430},{"file":802,"line":813,"context":430},68,{"file":802,"line":815,"context":430},109,{"file":802,"line":817,"context":430},110,{"file":802,"line":817,"context":430},{"file":802,"line":817,"context":430},{"file":802,"line":821,"context":430},111,{"file":802,"line":823,"context":430},112,{"file":802,"line":823,"context":430},{"file":802,"line":823,"context":430},{"file":802,"line":827,"context":430},113,{"file":802,"line":829,"context":430},114,{"file":802,"line":829,"context":430},{"file":802,"line":829,"context":430},{"file":802,"line":833,"context":430},115,{"file":802,"line":835,"context":430},116,{"file":802,"line":835,"context":430},{"file":802,"line":835,"context":430},{"file":802,"line":839,"context":430},118,{"file":802,"line":841,"context":430},119,{"file":802,"line":841,"context":430},{"file":368,"line":844,"context":430},124,{"file":368,"line":846,"context":430},127,{"file":368,"line":498,"context":430},{"file":368,"line":849,"context":430},466,{"file":368,"line":851,"context":430},2335,{"file":368,"line":853,"context":430},2378,{"file":368,"line":855,"context":430},2416,{"file":368,"line":857,"context":430},2654,{"file":368,"line":859,"context":430},2658,{"file":368,"line":859,"context":430},{"file":368,"line":862,"context":430},2659,{"file":368,"line":864,"context":430},2669,{"file":368,"line":864,"context":430},{"file":368,"line":864,"context":430},{"file":368,"line":864,"context":430},{"file":368,"line":869,"context":430},2711,{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":869,"context":430},{"file":368,"line":879,"context":430},2733,{"file":368,"line":881,"context":430},2736,{"file":368,"line":883,"context":430},3399,{"file":368,"line":885,"context":430},3403,58,[],[889,918,995],{"entryPoint":890,"graph":891,"unsanitizedCount":155,"severity":40},"frontend_scripts (public\\class-heateor-social-login-public.php:2641)",{"nodes":892,"edges":914},[893,897,902,906,908,912],{"id":894,"type":895,"label":896,"file":368,"line":857},"n0","source","$_SERVER['HTTP_HOST']",{"id":898,"type":899,"label":900,"file":368,"line":857,"wp_function":901},"n1","sink","echo() [XSS]","echo",{"id":903,"type":895,"label":904,"file":368,"line":905},"n2","$_GET (x2)",2679,{"id":907,"type":899,"label":900,"file":368,"line":869,"wp_function":901},"n3",{"id":909,"type":895,"label":910,"file":368,"line":911},"n4","$_SERVER",2707,{"id":913,"type":899,"label":900,"file":368,"line":869,"wp_function":901},"n5",[915,916,917],{"from":894,"to":898,"sanitized":394},{"from":903,"to":907,"sanitized":394},{"from":909,"to":913,"sanitized":394},{"entryPoint":919,"graph":920,"unsanitizedCount":13,"severity":54},"connect (public\\class-heateor-social-login-public.php:107)",{"nodes":921,"edges":981},[922,924,926,929,933,935,939,943,947,951,955,957,961,964,966,970,972,974,977,979],{"id":894,"type":895,"label":923,"file":368,"line":823},"$_POST (x2)",{"id":898,"type":899,"label":900,"file":368,"line":925,"wp_function":901},128,{"id":903,"type":895,"label":927,"file":368,"line":928},"$_SERVER (x25)",183,{"id":907,"type":899,"label":930,"file":368,"line":931,"wp_function":932},"wp_redirect() [Open Redirect]",192,"wp_redirect",{"id":909,"type":895,"label":934,"file":368,"line":817},"$_POST (x9)",{"id":913,"type":899,"label":936,"file":368,"line":937,"wp_function":938},"wp_remote_get() [SSRF]",1114,"wp_remote_get",{"id":940,"type":895,"label":941,"file":368,"line":942},"n6","$_REQUEST['oauth_token']",2239,{"id":944,"type":899,"label":945,"file":368,"line":942,"wp_function":946},"n7","get_var() [SQLi]","get_var",{"id":948,"type":895,"label":949,"file":368,"line":950},"n8","$_POST",178,{"id":952,"type":953,"label":954,"file":368,"line":950},"n9","transform","→ close_login_popup()",{"id":956,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n10",{"id":958,"type":895,"label":959,"file":368,"line":960},"n11","$_POST (x26)",574,{"id":962,"type":953,"label":963,"file":368,"line":960},"n12","→ user_auth()",{"id":965,"type":899,"label":945,"file":368,"line":420,"wp_function":946},"n13",{"id":967,"type":895,"label":968,"file":368,"line":969},"n14","$_GET (x25)",590,{"id":971,"type":953,"label":954,"file":368,"line":969},"n15",{"id":973,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n16",{"id":975,"type":895,"label":976,"file":368,"line":798},"n17","$_REQUEST",{"id":978,"type":953,"label":954,"file":368,"line":798},"n18",{"id":980,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n19",[982,984,985,986,987,988,989,990,991,992,993,994],{"from":894,"to":898,"sanitized":983},true,{"from":903,"to":907,"sanitized":394},{"from":909,"to":913,"sanitized":394},{"from":940,"to":944,"sanitized":394},{"from":948,"to":952,"sanitized":394},{"from":952,"to":956,"sanitized":394},{"from":958,"to":962,"sanitized":394},{"from":962,"to":965,"sanitized":394},{"from":967,"to":971,"sanitized":394},{"from":971,"to":973,"sanitized":394},{"from":975,"to":978,"sanitized":394},{"from":978,"to":980,"sanitized":394},{"entryPoint":996,"graph":997,"unsanitizedCount":1093,"severity":54},"\u003Cclass-heateor-social-login-public> (public\\class-heateor-social-login-public.php:0)",{"nodes":998,"edges":1069},[999,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012,1013,1015,1017,1019,1023,1025,1026,1028,1030,1032,1034,1036,1038,1040,1042,1044,1046,1048,1050,1052,1054,1057,1060,1062,1065,1067],{"id":894,"type":895,"label":923,"file":368,"line":823},{"id":898,"type":899,"label":900,"file":368,"line":925,"wp_function":901},{"id":903,"type":895,"label":927,"file":368,"line":928},{"id":907,"type":899,"label":930,"file":368,"line":931,"wp_function":932},{"id":909,"type":895,"label":934,"file":368,"line":817},{"id":913,"type":899,"label":936,"file":368,"line":937,"wp_function":938},{"id":940,"type":895,"label":941,"file":368,"line":942},{"id":944,"type":899,"label":945,"file":368,"line":942,"wp_function":946},{"id":948,"type":895,"label":896,"file":368,"line":857},{"id":952,"type":899,"label":900,"file":368,"line":857,"wp_function":901},{"id":956,"type":895,"label":904,"file":368,"line":905},{"id":958,"type":899,"label":900,"file":368,"line":869,"wp_function":901},{"id":962,"type":895,"label":910,"file":368,"line":911},{"id":965,"type":899,"label":900,"file":368,"line":869,"wp_function":901},{"id":967,"type":895,"label":910,"file":368,"line":1014},2799,{"id":971,"type":899,"label":936,"file":368,"line":1016,"wp_function":938},3108,{"id":973,"type":895,"label":1018,"file":368,"line":1014},"$_SERVER (x2)",{"id":975,"type":899,"label":1020,"file":368,"line":1021,"wp_function":1022},"file_put_contents() [File Write]",3126,"file_put_contents",{"id":978,"type":895,"label":1024,"file":368,"line":817},"$_POST (x3)",{"id":980,"type":899,"label":945,"file":368,"line":415,"wp_function":946},{"id":1027,"type":895,"label":976,"file":368,"line":942},"n20",{"id":1029,"type":899,"label":900,"file":368,"line":885,"wp_function":901},"n21",{"id":1031,"type":895,"label":949,"file":368,"line":950},"n22",{"id":1033,"type":953,"label":954,"file":368,"line":950},"n23",{"id":1035,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n24",{"id":1037,"type":895,"label":959,"file":368,"line":960},"n25",{"id":1039,"type":953,"label":963,"file":368,"line":960},"n26",{"id":1041,"type":899,"label":945,"file":368,"line":420,"wp_function":946},"n27",{"id":1043,"type":895,"label":968,"file":368,"line":969},"n28",{"id":1045,"type":953,"label":954,"file":368,"line":969},"n29",{"id":1047,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n30",{"id":1049,"type":895,"label":976,"file":368,"line":798},"n31",{"id":1051,"type":953,"label":954,"file":368,"line":798},"n32",{"id":1053,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n33",{"id":1055,"type":895,"label":923,"file":368,"line":1056},"n34",3164,{"id":1058,"type":953,"label":1059,"file":368,"line":1056},"n35","→ save_social_avatar()",{"id":1061,"type":899,"label":1020,"file":368,"line":1021,"wp_function":1022},"n36",{"id":1063,"type":895,"label":910,"file":368,"line":1064},"n37",3915,{"id":1066,"type":953,"label":954,"file":368,"line":1064},"n38",{"id":1068,"type":899,"label":900,"file":368,"line":881,"wp_function":901},"n39",[1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092],{"from":894,"to":898,"sanitized":983},{"from":903,"to":907,"sanitized":394},{"from":909,"to":913,"sanitized":394},{"from":940,"to":944,"sanitized":394},{"from":948,"to":952,"sanitized":394},{"from":956,"to":958,"sanitized":394},{"from":962,"to":965,"sanitized":394},{"from":967,"to":971,"sanitized":394},{"from":973,"to":975,"sanitized":394},{"from":978,"to":980,"sanitized":394},{"from":1027,"to":1029,"sanitized":394},{"from":1031,"to":1033,"sanitized":394},{"from":1033,"to":1035,"sanitized":394},{"from":1037,"to":1039,"sanitized":394},{"from":1039,"to":1041,"sanitized":394},{"from":1043,"to":1045,"sanitized":394},{"from":1045,"to":1047,"sanitized":394},{"from":1049,"to":1051,"sanitized":394},{"from":1051,"to":1053,"sanitized":394},{"from":1055,"to":1058,"sanitized":394},{"from":1058,"to":1061,"sanitized":394},{"from":1063,"to":1066,"sanitized":394},{"from":1066,"to":1068,"sanitized":394},102,{"summary":1095,"deductions":1096},"The \"heateor-social-login\" plugin v1.1.39 presents a moderate security risk, primarily due to an unprotected AJAX handler and a history of significant vulnerabilities. While the plugin demonstrates some good practices like a moderate percentage of prepared SQL statements and proper output escaping, the presence of an unprotected AJAX entry point is a critical concern, creating an immediate attack vector.  The taint analysis also highlights two high-severity flows with unsanitized paths, indicating potential for code injection or data manipulation if these paths are reachable by unauthenticated users.\n\nThe vulnerability history is a significant red flag. With six known CVEs, including one currently unpatched and two high-severity past vulnerabilities, the plugin has a pattern of introducing security flaws, particularly related to Cross-Site Request Forgery (CSRF), improper authentication, and Cross-Site Scripting (XSS). This history suggests recurring weaknesses in the plugin's security architecture and development process. While the plugin has some positive attributes, the combination of an unprotected AJAX handler, high-severity taint flows, and a history of unpatched vulnerabilities warrants caution.\n\nOverall, users should be aware that this plugin carries inherent risks. The absence of proper authentication checks on a critical entry point and the recurring nature of security issues suggest that diligent security monitoring and prompt updating are essential. While not all aspects of the plugin are inherently insecure, the identified weaknesses, especially the unpatched CVE, significantly elevate the overall risk profile.",[1097,1099,1102,1104,1106,1108,1110,1112,1114],{"reason":1098,"points":236},"Unprotected AJAX handler detected",{"reason":1100,"points":1101},"High severity taint flows (2)",12,{"reason":1103,"points":14},"Currently unpatched CVE (1)",{"reason":1105,"points":236},"History of 6 CVEs",{"reason":1107,"points":77},"2 High severity CVEs",{"reason":1109,"points":198},"No nonce checks on AJAX",{"reason":1111,"points":198},"Only 2 capability checks for entry points",{"reason":1113,"points":28},"SQL queries: only 44% using prepared statements",{"reason":1115,"points":155},"Output escaping: only 60% properly escaped","2026-03-16T18:59:00.842Z",{"wat":1118,"direct":1133},{"assetPaths":1119,"generatorPatterns":1125,"scriptPaths":1126,"versionParams":1127},[1120,1121,1122,1123,1124],"\u002Fwp-content\u002Fplugins\u002Fheateor-social-login\u002Fcss\u002Fheateor-social-login-admin.css","\u002Fwp-content\u002Fplugins\u002Fheateor-social-login\u002Fcss\u002Fheateor-social-login-public.css","\u002Fwp-content\u002Fplugins\u002Fheateor-social-login\u002Fjs\u002Fheateor-social-login-admin.js","\u002Fwp-content\u002Fplugins\u002Fheateor-social-login\u002Fjs\u002Fheateor-social-login-fb-sdk.js","\u002Fwp-content\u002Fplugins\u002Fheateor-social-login\u002Fjs\u002Fheateor-social-login-public.js",[],[],[1128,1129,1130,1131,1132],"heateor-social-login\u002Fcss\u002Fheateor-social-login-admin.css?ver=","heateor-social-login\u002Fcss\u002Fheateor-social-login-public.css?ver=","heateor-social-login\u002Fjs\u002Fheateor-social-login-admin.js?ver=","heateor-social-login\u002Fjs\u002Fheateor-social-login-fb-sdk.js?ver=","heateor-social-login\u002Fjs\u002Fheateor-social-login-public.js?ver=",{"cssClasses":1134,"htmlComments":1138,"htmlAttributes":1139,"restEndpoints":1142,"jsGlobals":1143,"shortcodeOutput":1146},[1135,1136,1137],"heateor_social_login","heateor_sl_login","heateor_sl_social_login_div",[],[1140,1141],"data-plugin-name=\"heateor-social-login\"","data-version=\"1.1.39\"",[],[1144,1145],"heateorSlWebsiteUrl","heateorSlHelpBubbleTitle",[]]