[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmPbZVapSk_Utop4n6acQJZaNWHJfQpP5qb3FODZUv2s":3,"$fXK18rCBao-nTQGjmrA-Zn8n7Ru3-1Q-86bt10zaYMrg":78,"$frIEu8cUA-H3OKMN5eSc2baO7Uxj5mtYFh_iuHJ78XUA":83},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":34,"analysis":35,"fingerprints":65},"http-header-authentication-for-application-passwords","HTTP Header Authentication for Application Passwords","1.0.1","Cameron Jones","https:\u002F\u002Fprofiles.wordpress.org\u002Fcameronjonesweb\u002F","\u003Cp>Use HTTP headers for application passwords instead of basic authentication. Perfect for those sites already protected by basic auth.\u003C\u002Fp>\n\u003Cp>Username header: \u003Ccode>X-WP-USERNAME\u003C\u002Fcode>\u003Cbr \u002F>\nPassword header: \u003Ccode>X-WP-PASSWORD\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Note that at this point the plugin doesn’t actually remove the basic authentication validation for application passwords, but checks the HTTP headers at a higher priority.\u003C\u002Fp>\n","Allows sending application passwords using HTTP headers instead of basic authentication",10,7428,0,"2021-07-10T17:12:00.000Z","5.8.13","5.6.1","5.6",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-header-authentication-for-application-passwords.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"cameronjonesweb",4,10050,89,668,71,"2026-05-20T00:33:34.639Z",[],{"attackSurface":36,"codeSignals":53,"taintFlows":60,"riskAssessment":61,"analyzedAt":64},{"hooks":37,"ajaxHandlers":49,"restRoutes":50,"shortcodes":51,"cronEvents":52,"entryPointCount":13,"unprotectedCount":13},[38,45],{"type":39,"name":40,"callback":41,"priority":42,"file":43,"line":44},"filter","determine_current_user","validate_application_password",19,"inc\\class-http-header-authentication-for-application-passwords.php",54,{"type":39,"name":46,"callback":47,"file":43,"line":48},"wp_is_site_protected_by_basic_auth","allow_adding_application_passwords",55,[],[],[],[],{"dangerousFunctions":54,"sqlUsage":55,"outputEscaping":57,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":59},[],{"prepared":13,"raw":13,"locations":56},[],{"escaped":13,"rawEcho":13,"locations":58},[],[],[],{"summary":62,"deductions":63},"The 'http-header-authentication-for-application-passwords' plugin, version 1.0.1, exhibits an excellent security posture based on the provided static analysis. The plugin demonstrates strong adherence to security best practices by having no identified entry points like AJAX handlers, REST API routes, or shortcodes that lack proper authentication or permission checks. Furthermore, the code analysis reveals a complete absence of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and nonce checks. Taint analysis also indicates zero flows with unsanitized paths, suggesting no immediate risks of data injection or manipulation through user-controlled input. The plugin's vulnerability history is clean, with no recorded CVEs, which further strengthens its perceived security.",[],"2026-03-17T00:17:17.342Z",{"wat":66,"direct":71},{"assetPaths":67,"generatorPatterns":68,"scriptPaths":69,"versionParams":70},[],[],[],[],{"cssClasses":72,"htmlComments":73,"htmlAttributes":74,"restEndpoints":75,"jsGlobals":76,"shortcodeOutput":77},[],[],[],[],[],[],{"error":79,"url":80,"statusCode":81,"statusMessage":82,"message":82},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhttp-header-authentication-for-application-passwords\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":84,"versions":85},1,[86],{"version":87,"download_url":88,"svn_tag_url":89,"released_at":22,"has_diff":90,"diff_files_changed":91,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":92,"is_current":90},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-header-authentication-for-application-passwords.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhttp-header-authentication-for-application-passwords\u002Ftags\u002F1.0.0\u002F",false,[],[]]