[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPVyRrOWlkJtmG_Z4IaVhCM-98L2vaz5xlsUl1yhQDog":3,"$fhd8maOP-ocAMplWsF7210WkOo-WprAUUFbA6f8nUntw":205,"$fle4Tw7qmqQPbuEm6Te1-1k_MR0feHKdZ4LPany2syxc":210},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":138,"fingerprints":191},"login-with-donbaler-oauth","Login with Donbaler OAuth","1.1.1","Nima Saberi","https:\u002F\u002Fprofiles.wordpress.org\u002Fnipoto\u002F","\u003Ch4>Login with Donbaler OAuth\u003C\u002Fh4>\n\u003Cp>http:\u002F\u002Fdonbaler.com\u003C\u002Fp>\n\u003Cp>افزونه «ورود توسط دنبالر» به کاربر اجازه می‌دهد تا از طریق سایت وردپرسی به شبکه اجتماعی دنبالر متصل شده و بدون آنکه نیاز به اشتراک‌گذاری یا نوشتن رمز عبور باشد، تنها با شرط داشتن یک حساب کاربری در دنبالر به سادگی در وردپرس لاگین نماید ؛ بنابراین این افزونه ورود با استفاده از اطلاعات کاربری دنبالر به یک سایت وردپرسی را در بستری امن فراهم می‌سازد.\u003C\u002Fp>\n\u003Ch4>بیش از 150 هزار کاربر ایرانی\u003C\u002Fh4>\n\u003Cp>حساب کاربری ندارید ؟! \u003Ca href=\"http:\u002F\u002Fdonbaler.com\u002Fsignup\u002F\" rel=\"nofollow ugc\"> ثبت‌نام کنید \u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>بیشتر بدانید :\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>بسیاری از سایت‌ها، عضویت و ورود حاصل از سوشیال لاگین را به جای پر کردن فرم ثبت‌نام یا ورود می‌پسندند، چرا که علاوه بر سرعت بخشیدن به عضویت، حساب‌های کاربری تایید شده‌ای در اختیار خواهند داشت\u003C\u002Fli>\n\u003Cli>ارائه دهندگان هویت که از ایمیل‌هایی مانند گوگل یا یاهو پشتیبانی می‌کنند، میتوانند آدرس ایمیل کاربر را به سایت شخص ثالث ارجاع دهند تا از عضویت آدرس ایمیل ساختگی در حین فرایند عضویت جلوگیری کنند ؛ بالاطبع حساب‌های کاربری در یک شبکه اجتماعی نیازمند طی کردن مراحل تایید آن حساب بر مبنای ایمیل است که دنبالر نیز از این امر مستثنی نمی‌باشد\u003C\u002Fli>\n\u003Cli>گوگل، یاهو، فیس‌بوک، توئیتر و سایت‌های اجتماعی دیگری نیز پیش‌از این اقدام به ارائه ابزاری برای ورود بدون درج رمزعبور نموده‌اند که این سرویس نیز با الگوگیری از سرویس‌های مذکور، برای اولین‌بار در بین شبکه‌های اجتماعی فارسی زبان توسط دنبالر ارائه گردیده و امید می‌رود حمایت و بازخوردهای کاربران وردپرس به سرویس‌دهی بهتر ختم گردد …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>امکانات افزونه :\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>برخورداری از پنل مدیریتی برای تکمیل تنظیمات\u003C\u002Fli>\n\u003Cli>برخورداری از راهنمای کامل دریافت کلید از دنبالر\u003C\u002Fli>\n\u003Cli>اضافه کردن گزینه ورود توسط دنبالر در فرم لاگین وردپرس\u003C\u002Fli>\n\u003Cli>برخورداری از شورت‌کد برای قرار دادن گزینه ورود توسط دنبالر در مکان دلخواه\u003C\u002Fli>\n\u003Cli>امکان مشخص کردن مسیر صفحه ورود وردپرس (در مواقعی که تغییر کرده باشد)\u003C\u002Fli>\n\u003Cli>ری‌دایرکت به صفحه‌ی ارجاع دهنده در خصوص لاگین توسط شورت‌کد\u003C\u002Fli>\n\u003Cli>امکان تعریف استایل دلخواه برای شورت‌کد\u003C\u002Fli>\n\u003Cli>امکان احراز هویت از طریق دنبالر برای ورود به وردپرس\u003C\u002Fli>\n\u003Cli>ثبت‌نام کاربر در وردپرس در صورت وجود نداشتن ایمیل کاربری\u003C\u002Fli>\n\u003Cli>جلوگیری از ثبت‌نام در مواقعی که ثبت‌نام توسط مدیریت غیرفعال باشد\u003C\u002Fli>\n\u003Cli>سنجش ایمیل بازگشتی از دنبالر برای ورود یا ثبت‌نام در وردپرس\u003C\u002Fli>\n\u003Cli>انتخاب یک نام کاربری بر اساس نام کاربری بازگشتی کاربر از دنبالر\u003C\u002Fli>\n\u003Cli>ارسال ایمیل به کاربر در صورت ثبت‌نام شدن در وردپرس\u003Cbr \u002F>\nو …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>از ما حمایت کنید :\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flogin-with-donbaler-oauth?rate=5#postform\u002F\" rel=\"ugc\"> * * * * * \u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>با ما در ارتباط باشید :\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fdonbaler.com\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fdonbaler.com\u002Fcontacts\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fhamyarwp.com\u002Flogin-with-donbaler-oauth\u002F\u003C\u002Fli>\n\u003Cli>info@ideyeno.ir\u003C\u002Fli>\n\u003C\u002Ful>\n","افزونه ورود به وردپرس توسط حساب کاربری دنبالر ...",10,2961,0,"2015-06-02T17:47:00.000Z","4.2.39","3.0.1","",[19,20,21,22],"api","donbaler","oauth","%d8%af%d9%86%d8%a8%d8%a7%d9%84%d8%b1","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-with-donbaler-oauth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-donbaler-oauth.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"nipoto",5,130,30,84,"2026-05-20T06:04:50.908Z",[38,62,83,104,122],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,906385,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[55,56,21,57,58],"json-web-authentication","jwt","rest-api","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",100,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":61,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":17,"tags":76,"homepage":81,"download_link":82,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"tweets-widget","Tweets Widget","1.0","fossasia","https:\u002F\u002Fprofiles.wordpress.org\u002Ffossasia\u002F","\u003Cp>Use anonymous Loklak API OR Connect your Twitter account to this plugin and the widget will display your latest tweets on your site.\u003C\u002Fp>\n\u003Cp>This plugin is compatible with the new \u003Cstrong>Twitter API 1.1\u003C\u002Fstrong> and provides full \u003Cstrong>OAuth\u003C\u002Fstrong> authentication via the WordPress admin area.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>You can embed tweets in the body of your posts using a WordPress the shortcode \u003Ccode>[tweets]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>To specify a different user’s timeline add the \u003Ccode>user\u003C\u002Fcode> attribute.\u003Cbr \u002F>\nTo override the default number of 5 tweets add the \u003Ccode>max\u003C\u002Fcode> attribute, e.g:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tweets max=10 user=KhoslaSopan]\u003Ch3>Theming\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For starters you can alter some of the HTML using built-in WordPress features.\u003Cbr \u002F>\nSee \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FFilter_Reference#Widgets\" rel=\"nofollow ugc\">Widget Filters\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FWidgetizing_Themes\" rel=\"nofollow ugc\">Widgetizing Themes\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>CSS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin contains no default CSS. That’s deliberate, so you can style it how you want.\u003C\u002Fp>\n\u003Cp>Tweets are rendered as a list which has various hooks you can use. Here’s a rough template:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>.tweets {\n    \u002F* style tweet list wrapper *\u002F\n}\n.tweets h3 {\n    \u002F* style whatever you did with the header *\u002F\n}\n.tweets ul { \n    \u002F* style tweet list*\u002F\n}\n.tweets li {\n   \u002F* style tweet item *\u002F\n}\n.tweets .tweet-text {\n   \u002F* style main tweet text *\u002F\n}\n.tweets .tweet-text a {\n   \u002F* style links, hashtags and mentions *\u002F\n}\n.tweets .tweet-text .emoji {\n  \u002F* style embedded emoji image in tweet *\u002F \n}\n.tweets .tweet-details {\n  \u002F* style datetime and link under tweet *\u002F\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Custom HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you want to override the default markup of the tweets, the following filters are also available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a header between the widget title and the tweets with \u003Ccode>tweets_render_before\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Perform your own rendering of the timestamp with \u003Ccode>tweets_render_date\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Render plain tweet text to your own HTML with \u003Ccode>tweets_render_text\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Render each composite tweet with \u003Ccode>tweets_render_tweet\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Override the unordered list for tweets with \u003Ccode>tweets_render_list\u003C\u002Fcode> \u003C\u002Fli>\n\u003Cli>Add a footer before the end of the widget with \u003Ccode>tweets_render_after\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s an \u003Cstrong>example\u003C\u002Fstrong> of using some of the above in your theme’s functions.php file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_render_date', function( $created_at ){\n    $date = DateTime::createFromFormat('D M d H:i:s O Y', $created_at );\n    return $date->format('d M h:ia');\n}, 10 , 1 );\n\nadd_filter('tweets_render_text', function( $text ){\n    return $text; \u002F\u002F \u003C- will use default\n}, 10 , 1 );\n\nadd_filter('tweets_render_tweet', function( $html, $date, $link, array $tweet ){\n    $pic = $tweet['user']['profile_image_url_https'];\n    return '\u003Cp class=\"my-tweet\">\u003Cimg src=\"'.$pic.'\"\u002F>'.$html.'\u003C\u002Fp>\u003Cp class=\"my-date\">\u003Ca href=\"'.$link.'\">'.$date.'\u003C\u002Fa>\u003C\u002Fp>';\n}, 10, 4 );\n\nadd_filter('tweets_render_after', function(){\n    return '\u003Cfooter>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fme\">More from me\u003C\u002Fa>\u003C\u002Ffooter>';\n}, 10, 0 );\u003Ch3>Caching\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Responses from the Twitter API are cached for 5 minutes by default. This means your new Tweets will not appear on your site in real time.\u003C\u002Fp>\n\u003Cp>This is deliberate not only for performance, but also to avoid Twitter’s strict rate limits of 15 requests every 15 minutes.\u003C\u002Fp>\n\u003Cp>You can override the 300 second cache by using the \u003Ccode>tweets_cache_seconds\u003C\u002Fcode> filter in your theme as follows:\u003C\u002Fp>\n\u003Cp>This would extend the cache to 1 minute, which is the lowest value you should consider using on a live site:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_cache_seconds', function( $ttl ){\n    return 60;\n}, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would disable the cache (not recommended other than for debugging):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_cache_seconds', function( $ttl ){\n    return 0;\n}, 10, 1 );\u003Ch3>Emoji\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to disable Emoji image replacement, you can filter the replacement callback function to something empty, e.g:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_emoji_callback', function( $func ){\n    return '';\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\n\u003Cp>or to strip Emoji characters from all tweets, return your own replacement function that returns something else, e.g:\u003C\u002Fp>\n\u003Cp>add_filter(‘tweets_emoji_callback’, function( $func ){\u003Cbr \u002F>\n    return function( array $match ){\u003Cbr \u002F>\n        return ‘\u003C!-- removed emoji -->‘;\u003Cbr \u002F>\n    };\u003Cbr \u002F>\n} );\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Screenshot taken with permission from http:\u002F\u002Fstayingalivefoundation.org\u002Fblog\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Portuguese translations by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fleandrodimitrio\" rel=\"ugc\">Leandro Dimitrio\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>German translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FFlorianFelsing\" rel=\"nofollow ugc\">Florian Felsing\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fdavid_noh\" rel=\"ugc\">David Noh\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FYakovenkoAndrey\" rel=\"nofollow ugc\">Andrey Yakovenko\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fdwichers\" rel=\"nofollow ugc\">Daniel Wichers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish translations by \u003Ca href=\"http:\u002F\u002Fminimizo.com\" rel=\"nofollow ugc\">Pedro Pica\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Be aware of \u003Ca href=\"https:\u002F\u002Fdev.twitter.com\u002Fterms\u002Fdisplay-requirements\" rel=\"nofollow ugc\">Twitter’s display requirements\u003C\u002Fa> when rendering tweets on your website.\u003C\u002Fp>\n\u003Cp>Example code here uses PHP \u003Ca href=\"http:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fclass.closure.php\" rel=\"nofollow ugc\">closures\u003C\u002Fa> which require PHP>=5.3.0 and won’t work on older systems.\u003C\u002Fp>\n","Tweets Widget compatible with the new Twitter API 1.1",20,2633,1,"2016-08-29T13:28:00.000Z","4.5.33","3.5.1",[77,78,21,79,80],"loklak","loklak-api","tweets","twitter","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftweets-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftweets-widget.1.0.1.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":61,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":17,"tags":96,"homepage":102,"download_link":103,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"linkedin-oauth","Linkedin_Oauth","0.1.6","Eric Zeidan","https:\u002F\u002Fprofiles.wordpress.org\u002Fk2klettern\u002F","\u003Cp>Linkedin_Oauth allows users to login or optional register into your wordpress site using their linkedin account, it will set a login button on your login page and uses a shortcode to put the button wherever you want it to show.\u003C\u002Fp>\n\u003Cp>Major features in Linkedin_Oauth include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a button to the login page of WordPress.\u003C\u002Fli>\n\u003Cli>Allow to locate the login button wherever user wants with shortcodes.\u003C\u002Fli>\n\u003Cli>Allow to set a redirection URL after login for any page or post.\u003C\u002Fli>\n\u003Cli>Allow to set if user can register with their Linkedin credentials if does not exists on Worpdress or just an error login message.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll need to set an id and secret pass on Linkedin developers API, just go to this web site and create an application https:\u002F\u002Fwww.linkedin.com\u002Fsecure\u002Fdeveloper.\u003C\u002Fp>\n","Linkedin_Oauth allows users to login\u002Fregister into your wordpress using their linkedin account, uses shortcodes.",2546,3,"2015-12-27T10:32:00.000Z","4.4.34","4.0",[97,98,99,100,101],"linkedin","linkedin-api","loggin","oauth2","social","http:\u002F\u002Fzeidan.info\u002Flinkedin_oauth-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flinkedin-oauth.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":70,"num_ratings":72,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":17,"tags":116,"homepage":119,"download_link":120,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":121},"lips","LinkedIn Profile Synchronizer Tool","0.8.15","bastb","https:\u002F\u002Fprofiles.wordpress.org\u002Fbastb\u002F","\u003Cp>So, you’ve got your own WordPress site, and you’re freelancing. You’re maintaining a LinkedIn® profile because you have to, and you need to display your resume on your own site too. Wouldn’t it be cool if you just maintain your resume at LinkedIn® and place a copy of that data on your own site and updating it would require just about pressing a button?\u003Cbr \u002F>\nThe resume page markup must, of course, match the layout of your site. Look no further, this plugin is all you need. And more.\u003C\u002Fp>\n\u003Cp>LiPS creates a local copy of your LinkedIn® Profile, using the LinkedIn® REST API to get the data. There’s no page-parsing or screen-scraping, it’s just your data, structured in a way it allows for automatic processing using a template.\u003Cbr \u002F>\nThe REST API uses OAuth, so it does not need to know your LinkedIn® username and password. It uses a token which is granted access to your data. Revoking access is easy too, in fact, it’s done automatically.\u003Cbr \u002F>\nThere’s a drawback, and that’s the user needing a LinkedIn Developer account.\u003C\u002Fp>\n\u003Cp>The tool processes the profile data and creates a page, using the Smarty templating engine. Smarty is included in the distribution, as are two minimal templates. You can choose which page to use and which template to use. In fact, you can even create your own template. Learn how through the Donate link.\u003C\u002Fp>\n\u003Cp>There is one more important feature. LiPS can also create posts for each position in your profile, allowing you to add more detail, such as (ex) coworkers adding their appreciation in working with you through the comments system build into WordPress™. Posts maintained by this tool are filtered from your “normal” blog stream, but you can link to them from any other page. You can use\u003Cbr \u002F>\na different template for the post content too.\u003C\u002Fp>\n\u003Cp>Really impress an employer or client? Add your StackExchange reputation from one of their major sites to your resume. Just select the site you registered on and enter your login or account id. Your account details will be automatically included when you update your profile page.\u003C\u002Fp>\n\u003Cp>One more thing that needs to be clear. You’re using this tool at your own risk. I’m not responsible for any type of damages caused by this tool.\u003C\u002Fp>\n\u003Cp>Do you think you found a bug? Do you want additional features or help? Contact me through http:\u002F\u002Fwww.tenberge-ict.nl\u002Fcontact\u002Fenglish\u002F.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>= Things to do =\u003Cbr \u002F>\n * it’s probably a good idea to encrypt the OAuth authenticated tokens with\u003Cbr \u002F>\n  some form of a password, because anybody with access to the MySQL database\u003Cbr \u002F>\n  will have access to port of the authentication details.\u003Cbr \u002F>\n * verify whatever a template generates -> the page template must start with a \u003Ch1> or\u003Cbr \u002F>\n  \u003Cdiv>, same for a post.\u003Cbr \u002F>\n * allow a user to remove languages, thus shortening the language list.\u003Cbr \u002F>\n * optimize the jQuery code. It’s a bit bloated and contains different styles at once.\u003Cbr \u002F>\n * …\u003C\u002Fp>\n","This tool downloads your LinkedIn® profile and maintains a selectable page on your WordPress installation.",10597,"2013-10-21T20:01:00.000Z","3.4.2","3.3.1",[19,117,118,97,21],"in","linked","http:\u002F\u002Fwww.tenberge-ict.nl\u002Ftools\u002Fwordpress\u002Flips\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flips.0.8.15.zip","2026-04-06T09:54:40.288Z",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":11,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":17,"download_link":137,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"rest-api-broker","WordPress REST API – Authentication Broker","0.1.0","Joe Hoyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoehoyle\u002F","\u003Cp>Used together with the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FOAuth1\" rel=\"nofollow ugc\">WP REST API OAuth 1.0a Server plugin\u003C\u002Fa>, this allows \u003Ca href=\"https:\u002F\u002Fapps.wp-api.org\u002F\" rel=\"nofollow ugc\">the WP RET API Authentication Broker\u003C\u002Fa>\u003Cbr \u002F>\nto connect to your site.\u003C\u002Fp>\n\u003Cp>Read about how it works \u003Ca href=\"https:\u002F\u002Fapps.wp-api.org\u002F\" rel=\"nofollow ugc\">on the reference broker\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Fapps.wp-api.org\u002Fspec\u002F\" rel=\"nofollow ugc\">read the full specification\u003C\u002Fa>.\u003C\u002Fp>\n","Used together with the WP REST API OAuth 1.0a Server plugin, this allows the WP RET API Authentication Broker",2657,"2016-10-06T20:04:00.000Z","4.7.33","4.4",[19,135,21,136,57],"json","rest","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-broker.0.1.0.zip",{"attackSurface":139,"codeSignals":165,"taintFlows":179,"riskAssessment":180,"analyzedAt":190},{"hooks":140,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":164,"entryPointCount":72,"unprotectedCount":13},[141,147,151],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","acc_plugin_setup_menu","index.php",27,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_init","acc_plugin_redirect",99,{"type":152,"name":153,"callback":154,"priority":155,"file":145,"line":156},"filter","login_message","acc_login_form",999,129,[],[],[160],{"tag":161,"callback":162,"file":145,"line":163},"donbaler-oauth","acc_login_shortcode",131,[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":13,"externalRequests":171,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":168},[],{"escaped":170,"rawEcho":171,"locations":172},4,2,[173,176],{"file":145,"line":174,"context":175},82,"raw output",{"file":145,"line":177,"context":175},119,[],[],{"summary":181,"deductions":182},"The \"login-with-donbaler-oauth\" plugin v1.1.1 exhibits a generally positive security posture based on the provided static analysis. The absence of dangerous functions, SQL queries without prepared statements, and file operations is commendable. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, further contributes to a reduced risk profile.  However, the analysis does reveal some areas for improvement.  The lack of nonce checks and capability checks is a significant concern, as it could potentially expose functionality to unauthorized access if the shortcode or other entry points are manipulated. While the vulnerability history is clean, suggesting good past practices or low visibility, it doesn't negate the inherent risks identified in the code itself.\n\nOverall, the plugin is strong in preventing common web vulnerabilities like SQL injection and insecure file handling. The absence of known vulnerabilities is a good sign. The primary weakness lies in the lack of robust access control mechanisms for its entry points, specifically the shortcode. This could be a target for attackers seeking to exploit unexpected behavior or information disclosure. Therefore, while the plugin is not inherently dangerous, the identified gaps in security checks warrant attention to ensure continued security.",[183,186,188],{"reason":184,"points":185},"Missing nonce checks",8,{"reason":187,"points":185},"Missing capability checks",{"reason":189,"points":170},"Only 67% of output properly escaped","2026-03-17T00:32:12.382Z",{"wat":192,"direct":197},{"assetPaths":193,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[],[],[],[],{"cssClasses":198,"htmlComments":199,"htmlAttributes":200,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[154],[],[],[],[],[204],"[donbaler-oauth]",{"error":206,"url":207,"statusCode":208,"statusMessage":209,"message":209},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flogin-with-donbaler-oauth\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":92,"versions":211},[212,219,226],{"version":6,"download_url":213,"svn_tag_url":214,"released_at":26,"has_diff":215,"diff_files_changed":216,"diff_lines":26,"trac_diff_url":217,"vulnerabilities":218,"is_current":206},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-donbaler-oauth.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-with-donbaler-oauth\u002Ftags\u002F1.1.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-with-donbaler-oauth%2Ftags%2F1.1&new_path=%2Flogin-with-donbaler-oauth%2Ftags%2F1.1.1",[],{"version":220,"download_url":221,"svn_tag_url":222,"released_at":26,"has_diff":215,"diff_files_changed":223,"diff_lines":26,"trac_diff_url":224,"vulnerabilities":225,"is_current":215},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-donbaler-oauth.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-with-donbaler-oauth\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-with-donbaler-oauth%2Ftags%2F1.0&new_path=%2Flogin-with-donbaler-oauth%2Ftags%2F1.1",[],{"version":65,"download_url":227,"svn_tag_url":228,"released_at":26,"has_diff":215,"diff_files_changed":229,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":230,"is_current":215},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-donbaler-oauth.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-with-donbaler-oauth\u002Ftags\u002F1.0\u002F",[],[]]