[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTlcNQzjIqPPYWBf4c2JINxY0IQ3V0yeXtCvaTlBY0Ns":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":141,"fingerprints":233},"kgr-login-with-google","KGR Login with Google","1.2","Konstantinos Raktivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fconstracti\u002F","\u003Cp>Login or register to WP usign Sign In with Google.\u003C\u002Fp>\n","Login or register to WP usign Sign In with Google.",0,838,"2021-12-06T14:09:00.000Z","5.8.13","3.1.0","7.0",[18,19,20,21],"google","login","oauth2","register","https:\u002F\u002Fgithub.com\u002Fconstracti\u002Fkgr-login-with-google","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkgr-login-with-google.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"constracti",4,60,90,30,87,"2026-04-04T14:44:42.709Z",[37,60,79,100,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"addonify-recaptcha-for-edd","Addonify – reCaptcha For EDD","1.0.14","Addonify","https:\u002F\u002Fprofiles.wordpress.org\u002Faddonify\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Faddonify.com\u002F\" rel=\"nofollow ugc\">Addonify reCAPTCHA For EDD\u003C\u002Fa> is a simple plugin that adds Google reCaptcha in Easy Digital Downloads login and registration forms. Enable reCaptcha from Dashboard > EDD Setting > reCaptcha.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ Add Google reCaptcha v2 in EDD login forms.\u003Cbr \u002F>\n✅ Add Google reCaptcha v2 in EDD register forms.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>KNOWN LIMITATIONS:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>❌ We have not tested this plugin in WP Multisite.\u003Cbr \u002F>\n❌ EDD login submit button is clickable even without passing reCaptcha validation.\u003Cbr \u002F>\n❌ EDD registration submit button is clickable even without passing reCaptcha validation.\u003Cbr \u002F>\n❌ Only supports Google reCaptcha v2 no-robot checkbox.\u003C\u002Fp>\n","Addonify reCAPTCHA for EDD is a simple plugin that adds Google reCaptcha in Easy Digital Downloads login and registration forms.",70,4468,"2025-03-25T05:31:00.000Z","6.8.5","5.0","7.4.0",[52,53,54,55,56],"edd-recaptcha","google-recaptcha","login-recaptcha","recaptcha","register-recaptcha","https:\u002F\u002Faddonify.com\u002Fdownloads\u002Frecaptcha-for-edd","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddonify-recaptcha-for-edd.1.0.14.zip",92,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":31,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":16,"tags":74,"homepage":77,"download_link":78,"security_score":69,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"sign-in-with-essentials","Sign In With Socials (Google, Apple, Microsoft)","1.4.41","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Cp>Allow users to login with Google\u002FMicrosoft\u002FApple accounts. Lightweight, no bloatware packages included.\u003Cbr \u002F>\nUseful for sites that need a quick way for their users to sign-in.\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See all available options and their description on plugin’s settings page. Here are some of them:\u003Cbr \u002F>\n* Show\u002FHide the “Sign In with” button on the login form\u003Cbr \u002F>\n* If a user is not already registered, during sign-in an account can be created for that email address (aliases are not allowed by default)\u003Cbr \u002F>\n* If a user is already logged in to target social provider, they will be automatically redirected without much fuss\u003Cbr \u002F>\n* Restrict users to be coming from only specific domain(s)\u003Cbr \u002F>\n* Connect existing user accounts.\u003Cbr \u002F>\n* WP-CLI available! See \u003Ccode>\u002Fsrc\u002Fincludes\u002Fclass-wp-cli.php\u003C\u002Fcode> header for supported list.\u003Cbr \u002F>\n* One redirect-back link \u003Ccode>https:\u002F\u002FYOURDOMAIN.TLD\u002F_AUTH_RESPONSE_SIWE_\u003C\u002Fcode> for all providers.\u003C\u002Fp>\n\u003Ch4>Programmatic access\u003C\u002Fh4>\n\u003Cp>Public functions:\u003Cbr \u002F>\n* \u003Ccode>siwe_authenticate_user($code, $state, $error = null)\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>siwe_get_auth_url()\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>siwe_get_buttons()\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Hooks:\u003Cbr \u002F>\n* dozens of hooks, look into any source file to find out specific part\u003C\u002Fp>\n","Adds functionality \"Sign in with\" Google\u002FMicrosoft\u002FApple (beta version)",1728,100,1,"2025-04-05T12:11:00.000Z","6.7.5","6.0",[75,18,19,76,21],"apple","microsoft","https:\u002F\u002Fwww.github.com\u002Fpuvox\u002Fsign-in-with-essentials","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsign-in-with-essentials.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":11,"num_ratings":11,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":69,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"thinkcaptcha","ThinkCaptcha – Login Captcha, Register Captcha & Checkout reCAPTCHA","1.1.6","ThinkPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinkplugin\u002F","\u003Cp>\u003Cstrong>Enhance Your Website’s Login Security with the Power of Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Are you tired of spam registrations, brute-force login attacks, and junk form submissions?\u003Cbr \u002F>\nThinkCaptcha is the definitive \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong> plugin for WordPress, designed to provide maximum \u003Cstrong>login security\u003C\u002Fstrong> with a simple and modern interface.\u003Cbr \u002F>\nThinkCaptcha allows you to easily add a \u003Cstrong>login captcha\u003C\u002Fstrong>, \u003Cstrong>register captcha\u003C\u002Fstrong>, and password reset captcha to your most vulnerable forms using Google’s user-friendly “I’m not a robot” checkbox (reCAPTCHA v2).\u003Cbr \u002F>\nThis is the ultimate \u003Cstrong>spam protection\u003C\u002Fstrong> and \u003Cstrong>bot protection\u003C\u002Fstrong> your site needs.\u003Cbr \u002F>\n\u003Cstrong>Free Features for Essential Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Login Captcha\u003C\u002Fstrong>: Implement a secure \u003Cstrong>login captcha\u003C\u002Fstrong> on your \u003Ccode>\u002Fwp-login.php\u003C\u002Fcode> page to stop brute-force attacks and enhance \u003Cstrong>login security\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Login Captcha\u003C\u002Fstrong>: Protect your customer accounts by adding a \u003Cstrong>WooCommerce captcha\u003C\u002Fstrong> to the login form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Register Captcha\u003C\u002Fstrong>: Stop fake user sign-ups with a robust \u003Cstrong>register captcha\u003C\u002Fstrong> on your WooCommerce registration form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Reset Captcha\u003C\u002Fstrong>: Secure both WordPress and WooCommerce password reset forms from bot abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized for Performance\u003C\u002Fstrong>: The Google reCAPTCHA script loads asynchronously and only on pages where it is needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🚀 Upgrade to ThinkCaptcha Pro for Ultimate Form Security!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Spammers target every form on your site.\u003Cbr \u002F>\nThinkCaptcha Pro extends this powerful \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> protection to create a comprehensive security shield.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce Checkout Captcha\u003C\u002Fstrong>: The best way to prevent fraudulent orders and spam.\u003Cbr \u002F>\nAdd a \u003Cstrong>checkout captcha\u003C\u002Fstrong> to your WooCommerce checkout page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form 7 reCAPTCHA\u003C\u002Fstrong>: Our most requested feature!\u003Cbr \u002F>\nAdd a \u003Cstrong>Contact Form 7 reCAPTCHA\u003C\u002Fstrong> to every contact form and eliminate junk mail forever.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPForms Captcha\u003C\u002Fstrong>: Secure all forms created with WPForms with a powerful \u003Cstrong>WPForms captcha\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Register Captcha\u003C\u002Fstrong>: Block spambots from creating user accounts on your main WordPress registration form with a secure \u003Cstrong>register captcha\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthinkplugin.com\u002Fthinkcaptcha-pro\u002F\" rel=\"nofollow ugc\">Secure your entire website today. Get ThinkCaptcha Pro Now!\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Service Disclosure\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Google reCAPTCHA service to protect forms from bots and spam.\u003Cbr \u002F>\n* \u003Cstrong>Service Used:\u003C\u002Fstrong> Google reCAPTCHA (a service provided by Google LLC).\u003Cbr \u002F>\n* \u003Cstrong>What Data is Sent:\u003C\u002Fstrong> To verify if a user is human, this service collects and sends hardware and software information, such as device and application data, to Google.\u003Cbr \u002F>\nThe user’s IP address is also collected.\u003Cbr \u002F>\n* \u003Cstrong>When Data is Sent:\u003C\u002Fstrong> This data is sent whenever a form protected by this plugin is displayed and submitted.\u003Cbr \u002F>\n* \u003Cstrong>Links to Policies:\u003C\u002Fstrong> The use of the Google reCAPTCHA service is subject to Google’s \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>.\u003C\u002Fp>\n","Secure WordPress & WooCommerce forms with Google reCAPTCHA. Stop spam, bots, and brute-force attacks effectively.",40,333,"2025-11-30T10:34:00.000Z","6.9.4","5.5","",[53,94,95,96,97],"login-captcha","register-captcha","security","woocommerce-captcha","https:\u002F\u002Fthinkplugin.com\u002Fthinkcaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthinkcaptcha.1.1.6.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":11,"num_ratings":11,"last_updated":110,"tested_up_to":90,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":116,"download_link":117,"security_score":69,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"titan-social-login","Titan Social Login","1.0.2","r0bodev","https:\u002F\u002Fprofiles.wordpress.org\u002Fr0bodev\u002F","\u003Cp>Titan Social Login adds OAuth-based sign-in to WordPress so visitors can use their existing social accounts instead of creating new passwords.\u003C\u002Fp>\n\u003Ch4>Included providers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Amazon\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>X (Twitter)\u003C\u002Fli>\n\u003Cli>Microsoft\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds login buttons to the WordPress login, registration, and lost password screens.\u003C\u002Fli>\n\u003Cli>Optional social login on comment forms.\u003C\u002Fli>\n\u003Cli>Account linking inside WordPress user profiles.\u003C\u002Fli>\n\u003Cli>Shortcodes: [tsl_login], [tsl_account_links].\u003C\u002Fli>\n\u003Cli>Popup or same-window authentication, configurable for desktop and mobile.\u003C\u002Fli>\n\u003Cli>Custom redirect after login or first registration.\u003C\u002Fli>\n\u003Cli>Design controls for layout, spacing, labels, and button styles.\u003C\u002Fli>\n\u003Cli>Placeholder emails for providers that do not return an email address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin uses external OAuth providers for authentication. See the “External Services” section for details.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>Titan Social Login does not collect or send any usage telemetry. OAuth requests go directly to the enabled provider during login. The plugin stores its configuration in your WordPress database.\u003C\u002Fp>\n\u003Ch4>Additional features in the Pro version\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>30+ OAuth providers including Apple, Discord, GitHub, Steam, Telegram, Twitch, Spotify, and more.\u003C\u002Fli>\n\u003Cli>Premium integrations for WooCommerce, BuddyPress, Ultimate Member, and Easy Digital Downloads.\u003C\u002Fli>\n\u003Cli>Statistics dashboard to monitor social login performance.\u003C\u002Fli>\n\u003Cli>Premium updates and priority support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro version and pricing: \u003Ca href=\"https:\u002F\u002Ftitan.r0bo.dev\u002F#pro\" rel=\"nofollow ugc\">https:\u002F\u002Ftitan.r0bo.dev\u002F#pro\u003C\u002Fa>\u003Cbr \u002F>\nDemo: \u003Ca href=\"https:\u002F\u002Ftitan.r0bo.dev\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Ftitan.r0bo.dev\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>Titan Social Login connects to third-party OAuth providers to authenticate users. Requests are made only when an administrator enables a provider and a user clicks a login button.\u003C\u002Fp>\n\u003Cp>Data sent during OAuth:\u003Cbr \u002F>\n– Authorization request: client_id, redirect_uri, response_type, scope, state\u003Cbr \u002F>\n– Token exchange: code, client_id, client_secret (if required), redirect_uri\u003Cbr \u002F>\n– Profile request: access_token\u003C\u002Fp>\n\u003Cp>Data received from providers:\u003Cbr \u002F>\n– Provider user ID, name, email address, and profile picture (when available)\u003C\u002Fp>\n\u003Cp>Services used:\u003Cbr \u002F>\n– Google OAuth API (accounts.google.com, oauth2.googleapis.com, www.googleapis.com). Terms: https:\u002F\u002Fpolicies.google.com\u002Fterms Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– Facebook Login (www.facebook.com, graph.facebook.com). Terms: https:\u002F\u002Fwww.facebook.com\u002Flegal\u002Fterms Privacy: https:\u002F\u002Fwww.facebook.com\u002Fprivacy\u002Fpolicy\u003Cbr \u002F>\n– Amazon Login (www.amazon.com, api.amazon.com). Terms: https:\u002F\u002Fwww.amazon.com\u002Fgp\u002Fhelp\u002Fcustomer\u002Fdisplay.html?nodeId=508088 Privacy: https:\u002F\u002Fwww.amazon.com\u002Fgp\u002Fhelp\u002Fcustomer\u002Fdisplay.html?nodeId=468496\u003Cbr \u002F>\n– Microsoft identity platform (login.microsoftonline.com, graph.microsoft.com). Terms: https:\u002F\u002Fwww.microsoft.com\u002Fservicesagreement Privacy: https:\u002F\u002Fprivacy.microsoft.com\u002Fprivacystatement\u003Cbr \u002F>\n– X (Twitter) OAuth 2.0 (twitter.com, api.twitter.com). Terms: https:\u002F\u002Ftwitter.com\u002Fen\u002Ftos Privacy: https:\u002F\u002Ftwitter.com\u002Fen\u002Fprivacy\u003C\u002Fp>\n\u003Cp>No external requests are made unless the provider is enabled and a user initiates login.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>PHP code (and any JS that links to WordPress APIs) is licensed under the GNU General Public License v2.0 or later (GPL-2.0-or-later). See \u002Flicense.txt.\u003Cbr \u002F>\nBrand icons in \u002Fassets\u002Fimages\u002Ficons are trademarks of their respective owners and are included for identification purposes only. See \u002FTHIRD-PARTY-NOTICES.txt.\u003Cbr \u002F>\nTrademarks belong to their respective owners; this plugin is not affiliated with or endorsed by them.\u003C\u002Fp>\n","One-click social login and account linking for Amazon, Facebook, Google, X (Twitter), and Microsoft.",10,111,"2026-01-07T12:49:00.000Z","5.3","7.2",[114,18,19,21,115],"auth","social-login","https:\u002F\u002Ftitan.r0bo.dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftitan-social-login.1.0.2.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":90,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":136,"download_link":137,"security_score":138,"vuln_count":139,"unpatched_count":11,"last_vuln_date":140,"fetched_at":26},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","4.9","5.2",[134,135,53,54,55],"captcha","comment-recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,3,"2025-03-27 19:32:14",{"attackSurface":142,"codeSignals":182,"taintFlows":223,"riskAssessment":224,"analyzedAt":232},{"hooks":143,"ajaxHandlers":173,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":70,"unprotectedCount":70},[144,150,154,158,160,163,167,170],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","init","closure","index.php",32,{"type":151,"name":152,"callback":147,"priority":108,"file":148,"line":153},"filter","plugin_action_links",37,{"type":145,"name":155,"callback":147,"file":156,"line":157},"login_form","login.php",22,{"type":145,"name":159,"callback":147,"file":156,"line":149},"register_form",{"type":145,"name":161,"callback":147,"file":156,"line":162},"wp_meta",42,{"type":145,"name":164,"callback":147,"file":165,"line":166},"admin_menu","settings.php",6,{"type":145,"name":168,"callback":147,"file":165,"line":169},"admin_init",33,{"type":145,"name":171,"callback":147,"file":165,"line":172},"admin_action_kgr-login-with-google-clear",119,[174],{"action":175,"nopriv":176,"callback":147,"hasNonce":177,"hasCapCheck":177,"file":156,"line":178},"kgr_login_with_google_redirect",true,false,54,[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":11,"externalRequests":70,"nonceChecks":221,"capabilityChecks":221,"bundledLibraries":222},[],{"prepared":11,"raw":11,"locations":185},[],{"escaped":187,"rawEcho":188,"locations":189},11,17,[190,193,195,197,198,199,201,203,204,206,208,210,212,214,216,218,220],{"file":156,"line":191,"context":192},19,"raw output",{"file":156,"line":194,"context":192},50,{"file":165,"line":196,"context":192},15,{"file":165,"line":157,"context":192},{"file":165,"line":194,"context":192},{"file":165,"line":200,"context":192},56,{"file":165,"line":202,"context":192},57,{"file":165,"line":45,"context":192},{"file":165,"line":205,"context":192},72,{"file":165,"line":207,"context":192},73,{"file":165,"line":209,"context":192},74,{"file":165,"line":211,"context":192},75,{"file":165,"line":213,"context":192},77,{"file":165,"line":215,"context":192},79,{"file":165,"line":217,"context":192},81,{"file":165,"line":219,"context":192},83,{"file":165,"line":34,"context":192},2,[],[],{"summary":225,"deductions":226},"The kgr-login-with-google plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, not performing raw SQL queries, and limiting file operations. The presence of nonce and capability checks, although limited, is also a positive indicator. However, the plugin has a significant security concern due to its single AJAX handler lacking any authentication checks, presenting a direct entry point for potential attacks. The low percentage of properly escaped output suggests a risk of cross-site scripting (XSS) vulnerabilities, as data displayed to users may not be sufficiently sanitized. The absence of recorded vulnerabilities in its history is a strength, implying a generally stable codebase, but this should not overshadow the identified weaknesses. The lack of taint analysis results also makes it difficult to definitively rule out more complex injection vulnerabilities.\n\nOverall, the most critical concern is the unprotected AJAX handler, which could be exploited by unauthenticated users to perform unintended actions within the plugin's functionality. Coupled with the insufficient output escaping, this plugin carries a moderate to high risk. While the lack of past vulnerabilities and its avoidance of raw SQL are commendable, the unprotected entry point and potential for XSS require immediate attention. Recommendations should focus on implementing robust authentication and authorization for all AJAX actions and ensuring all output is properly escaped to mitigate these risks.",[227,229],{"reason":228,"points":108},"Unprotected AJAX handler",{"reason":230,"points":231},"Low output escaping percentage",8,"2026-03-17T06:28:14.923Z",{"wat":234,"direct":239},{"assetPaths":235,"generatorPatterns":236,"scriptPaths":237,"versionParams":238},[],[],[],[],{"cssClasses":240,"htmlComments":241,"htmlAttributes":242,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":245},[],[],[],[],[],[246,247],"\u003Cdiv style=\"margin: 0 6px 16px 0;\">","\u003C\u002Fdiv>"]