[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f65LYAl3hH94RJX426IITUS5ZytzfqnbnoxGqE_AY3uU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":116,"fingerprints":227},"login-with-qr","Login with QR","1.0.0","dessainsaraiva","https:\u002F\u002Fprofiles.wordpress.org\u002Fdessainsaraiva\u002F","\u003Cp>Make your users login via link or QR code.\u003Cbr \u002F>\nAttention: anyone who has the login link will be able to login as the user.\u003C\u002Fp>\n\u003Cp>Background picture from; https:\u002F\u002Fpixabay.com\u002Fen\u002Fqr-code-quick-response-code-scanning-1903447\u002F\u003C\u002Fp>\n","Make your users login via link or QR code.",10,1735,60,1,"2017-04-30T11:45:00.000Z","4.6.30","4.6","",[20,21],"login","qr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-qr.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,30,84,"2026-04-04T07:34:41.800Z",[34,52,72,90,103],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":42,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":18,"download_link":51,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"sqrl-login","SQRL Login","2.1.0","kalaspuffar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkalaspuffar\u002F","\u003Cp>SQRL can be used to log in to a site in a secure manner without giving away any personal information. This plugin enables that functionallity.\u003C\u002Fp>\n\u003Cp>Instead of using a username, email and a password, SQRL uses an app to login to SQRL-aware websites.\u003C\u002Fp>\n\u003Cp>When SQRL logs you into a website, your identity is a long code that looks like this: E6Qs2gX7W-Pwi9Y3KAmbkuYjLSWXCtKyBcymWloHAuo.\u003C\u002Fp>\n\u003Cp>Your SQRL identity is a different long code for every website you login to, but it is always the same code when you return to a site you visited before. This means that websites never know who you are, but they do know when you return.\u003C\u002Fp>\n\u003Cp>You may choose to remain anonymous to a website, such as when you post a response to someone’s blog. SQRL never identifies you by anything other than that long code.\u003C\u002Fp>\n\u003Cp>In other cases you will want to be known, like when you use SQRL to login as you at Amazon, Facebook, Netflix, or your bank. In those cases, you would inform Amazon that that particular code is actually you. SQRL lets you do that.\u003C\u002Fp>\n\u003Cp>Special thanks to:\u003C\u002Fp>\n\u003Cp>@davidshimjs (Sangmin, Shim) for writing a great javascript library for QRCode creation. (https:\u002F\u002Fgithub.com\u002Fdavidshimjs\u002Fqrcodejs)\u003Cbr \u002F>\n@jaredatch (Jared Atchison) for writing a plugin for disabling users that I took inspiration from. (https:\u002F\u002Fgithub.com\u002Fjaredatch\u002FDisable-Users)\u003C\u002Fp>\n","Secure Quick Reliable Login, this plugin will enable logging in using SQRL clients.",100,3907,9,"2022-03-03T20:18:00.000Z","5.9.13","5.2.2","7.2",[20,50],"sqrl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsqrl-login.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":42,"num_ratings":29,"last_updated":62,"tested_up_to":63,"requires_at_least":17,"requires_php":18,"tags":64,"homepage":68,"download_link":69,"security_score":70,"vuln_count":14,"unpatched_count":14,"last_vuln_date":71,"fetched_at":26},"ider-login","IDer Login for WordPress","2.1","ider","https:\u002F\u002Fprofiles.wordpress.org\u002Fider\u002F","\u003Cp>With this plugin you can provide login and registration process using the IDer Service.\u003Cbr \u002F>\nAn additional “Login with IDer” button will appears along the regular one.\u003C\u002Fp>\n\u003Cp>How it works?\u003Cbr \u002F>\n1. First of all you need to create a profile in the \u003Ca href=\"http:\u002F\u002Fider.com\u002F\" title=\"IDer website\" rel=\"nofollow ugc\">IDer\u003C\u002Fa> website\u003Cbr \u002F>\n2. Clicking the button a redirect to the IDer server will display a QR Code\u003Cbr \u002F>\n3. To scan it you need to download the free IDer App from the App Store or Google Play depending which cell phone you own.\u003Cbr \u002F>\n   Or just scan the QR code with any QR Code reader and you will be redirect to the download page.\u003Cbr \u002F>\n   Provide few infos and you are ready to scan the QR code\u003Cbr \u002F>\n4. After that the IDer App will prompt you for the missing data required to complete the login\u002Fregistration process.\u003Cbr \u002F>\n   Confirming the data your browser will automatically log you in and show you which info the website saved.\u003C\u002Fp>\n","This plugin provides functionality to register and connect to your WordPress via IDer Service.",90,1929,"2024-06-03T02:43:00.000Z","6.5.8",[56,20,65,66,67],"openid","qrcode","sso","https:\u002F\u002Fwww.ider.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fider-login.2.1.zip",71,"2024-12-13 16:01:56",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":24,"num_ratings":24,"last_updated":18,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":87,"download_link":88,"security_score":42,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":89},"qr-code-login-admin","QR Code Login Admin","1.0.2","Roberto Bottalico","https:\u002F\u002Fprofiles.wordpress.org\u002F4wpbari\u002F","\u003Cp>Permette l’accesso al tuo sito web senza inserire username e password, generando semplicemente un qr-code. Abilitato solo per gli amministratori.\u003C\u002Fp>\n\u003Ch3>Descrizione\u003C\u002Fh3>\n\u003Cp>QR Code Login Admin è un semplice ma utilissimo plugin che permette di poter far accedere al pannello di amministrazione del tuo sito wordpress direttamente scansionando il qr-code.\u003C\u002Fp>\n\u003Ch4>Che cosa permette di fare?\u003C\u002Fh4>\n\u003Cp>Consente agli amministratori di generare automaticamente il qr code per il proprio accesso. Di default, la scadenza del qr code è impostato ad un giorno (1 giorno)\u003C\u002Fp>\n\u003Cp>L’amministratore può impostare la scadenza del collegamento dalle “Impostazioni” generali di WordPress. Questa impostazione consente di impostare il tempo di scadenza fino a un massimo di 365 giorni (1 anno).\u003Cbr \u002F>\nUna volta raggiunto il tempo di scadenza preimpostato, il collegamento diventa inattivo e scade da solo e l’admin non potrà utilizzare nuovamente lo stesso qr code di accesso.\u003C\u002Fp>\n\u003Cp>Chiunque disponga del collegamento di accesso avrà diritto ad accedere all’account fino alla scadenza del qr code.\u003C\u002Fp>\n\u003Cp>Puoi accedere tramite qrcode tramite il tuo smartphone (se abilitato in fotocamera) , oppure installando applicazioni terze che permettono la lettura\u003Cbr \u002F>\nPuoi accedere anche tramite pistola ottica qrcode usb\u003C\u002Fp>\n\u003Cp>Newsss! Se avete necessità di offrire la scansione via web del qrcode, evitando di installare app di terze parti in quanto non si dispone della funzionalità in fotocamera\u003Cbr \u002F>\ndel qrcode, abbiamo rilasciato un plugin che permette di effettuare scansioni tramite la pagina web.\u003Cbr \u002F>\nBasta semplicemente applicare lo shortcode su una vostra pagina e potete offrire un lettore di qrcode istantaneo\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fqr-code-and-barcode-scanner-reader\u002F\" rel=\"ugc\">Qui il link del repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Installazione\u003C\u002Fh3>\n\u003Cp>Puoi caricare il file zip da Plugin\u002FAggiungi Nuovo, dal pannello di amministrazione del tuo wordpress\u003Cbr \u002F>\noppure\u003Cbr \u002F>\nEstrai il file zip e rilascia il contenuto nella directory wp-content \u002F plugins \u002F della tua installazione di WordPress, quindi attiva la pagina Plugin da Plugins.\u003C\u002Fp>\n","Permette l'accesso al tuo sito web senza inserire username e password, generando semplicemente un qr-code. Abilitato solo per gli amministratori.",1207,"5.7.15","4.4","5.6",[85,86],"autologin","qr-code","https:\u002F\u002Fwww.4wp.it\u002Fqr-code-login-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-code-login-admin.1.0.2.zip","2026-03-15T10:48:56.248Z",{"slug":91,"name":92,"version":6,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":42,"num_ratings":98,"last_updated":99,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":100,"homepage":101,"download_link":102,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"qr-user-login","QR User Login","acasado","https:\u002F\u002Fprofiles.wordpress.org\u002Facasado\u002F","\u003Cp>Allow users to login using a link (or QR code). This plugin can be used for create custom event invitation, for example: wedding, etc.\u003C\u002Fp>\n","Allow users to login using a link (or QR code). This plugin can be used for create custom event invitation, for example: wedding, etc.",1993,2,"2016-11-11T10:19:00.000Z",[20,21],"https:\u002F\u002Fgithub.com\u002Facasado86\u002Fqr-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-user-login.zip",{"slug":104,"name":105,"version":106,"author":104,"author_profile":107,"description":108,"short_description":109,"active_installs":11,"downloaded":110,"rating":24,"num_ratings":24,"last_updated":111,"tested_up_to":112,"requires_at_least":17,"requires_php":113,"tags":114,"homepage":18,"download_link":115,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"qrlogin","qrLogin","1.3.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fqrlogin\u002F","\u003Cp>qrLogin is an authentication system based on the reading of the qr code by the mobile phone and the transfer of authentication data via the http\u002Fhttps protocol to the application or to a web resource.\u003C\u002Fp>\n\u003Cp>The mobile application qrLogin by reading of a specially generated qr-code allows:\u003C\u002Fp>\n\u003Cp>To authenticate on a web resource or in an application;\u003Cbr \u002F>\nTo subtract and save account data;\u003Cbr \u002F>\nTo subtract the credentials of the new account, generate a password or key and send these data to the server to complete the registration of this account.\u003Cbr \u002F>\nqrLogin is the unique thing you need to enter the web page.\u003C\u002Fp>\n\u003Cp>To log in to the web resource, run qrLogin and scan the qr-code in the form of authentication on the web page or in the application.\u003C\u002Fp>\n\u003Ch3>qrLogin app\u003C\u002Fh3>\n\u003Cp>Secure storage of passwords;\u003Cbr \u002F>\nSupport for OTP passwords;\u003Cbr \u002F>\nAbility to generate passwords and OTP keys in the application;\u003Cbr \u002F>\nSecure export \u002F import of database of accounts with encryption of secret data;\u003Cbr \u002F>\nAbility to authenticate on the resource even if there is no Internet connection;\u003Cbr \u002F>\nAdding a new account by scanning of qr-code;\u003Cbr \u002F>\nProtection of access to the program and authentication data using a fingerprint or PIN options;\u003Cbr \u002F>\nSupport for Android and iOS devices;\u003Cbr \u002F>\nAbsolutely free full-featured version for Android and iOS;\u003Cbr \u002F>\nSimple integration with web resources and applications.\u003Cbr \u002F>\nTo operate with this authentication system the web resource needs only to place the following qr-code that contains the URL for authentication and a unique session identifier in the authentication form. The mobile application will open the specified URL and will pass authentication data.\u003C\u002Fp>\n","qrLogin is an authentication system based on the reading of the qr code by the mobile phone and the transfer of authentication data via the http\u002Fhttps &hellip;",2839,"2017-10-28T06:28:00.000Z","4.8.28","5.4",[20,66],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqrlogin.zip",{"attackSurface":117,"codeSignals":161,"taintFlows":176,"riskAssessment":218,"analyzedAt":226},{"hooks":118,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":24,"unprotectedCount":24},[119,124,127,131,136,140,143,146,150,154],{"type":120,"name":121,"callback":121,"file":122,"line":123},"action","edit_user_profile","qr-user-login.php",49,{"type":120,"name":125,"callback":121,"file":122,"line":126},"show_user_profile",50,{"type":120,"name":128,"callback":129,"file":122,"line":130},"login_head","check_qr_login",51,{"type":120,"name":132,"callback":133,"priority":134,"file":122,"line":135},"admin_bar_menu","pkg_autologin_add_admin_bar_generate_link_button",125,202,{"type":120,"name":137,"callback":138,"file":122,"line":139},"init","pkg_autologin_localization",413,{"type":120,"name":137,"callback":141,"file":122,"line":142},"pkg_autologin_authenticate",419,{"type":120,"name":128,"callback":144,"file":122,"line":145},"pkg_autologin_extract_login_link_error",469,{"type":120,"name":147,"callback":148,"file":122,"line":149},"admin_enqueue_scripts","pkg_autologin_load_autologin_scripts",491,{"type":120,"name":151,"callback":152,"file":122,"line":153},"personal_options_update","pkg_autologin_update_link",519,{"type":120,"name":155,"callback":152,"file":122,"line":156},"edit_user_profile_update",520,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":24,"externalRequests":24,"nonceChecks":98,"capabilityChecks":14,"bundledLibraries":175},[],{"prepared":98,"raw":24,"locations":164},[],{"escaped":166,"rawEcho":29,"locations":167},4,[168,171,173],{"file":122,"line":169,"context":170},172,"raw output",{"file":122,"line":172,"context":170},173,{"file":122,"line":174,"context":170},186,[],[177,206],{"entryPoint":178,"graph":179,"unsanitizedCount":14,"severity":205},"pkg_autologin_authenticate (qr-user-login.php:420)",{"nodes":180,"edges":200},[181,186,192,196],{"id":182,"type":183,"label":184,"file":122,"line":185},"n0","source","$_GET",425,{"id":187,"type":188,"label":189,"file":122,"line":190,"wp_function":191},"n1","sink","get_col() [SQLi]",435,"get_col",{"id":193,"type":183,"label":194,"file":122,"line":195},"n2","$_SERVER['HTTP_HOST']",454,{"id":197,"type":188,"label":198,"file":122,"line":195,"wp_function":199},"n3","wp_redirect() [Open Redirect]","wp_redirect",[201,203],{"from":182,"to":187,"sanitized":202},true,{"from":193,"to":197,"sanitized":204},false,"medium",{"entryPoint":207,"graph":208,"unsanitizedCount":24,"severity":217},"\u003Cqr-user-login> (qr-user-login.php:0)",{"nodes":209,"edges":214},[210,211,212,213],{"id":182,"type":183,"label":184,"file":122,"line":185},{"id":187,"type":188,"label":189,"file":122,"line":190,"wp_function":191},{"id":193,"type":183,"label":194,"file":122,"line":195},{"id":197,"type":188,"label":198,"file":122,"line":195,"wp_function":199},[215,216],{"from":182,"to":187,"sanitized":202},{"from":193,"to":197,"sanitized":202},"low",{"summary":219,"deductions":220},"The \"login-with-qr\" plugin v1.0.0 presents a generally positive security posture, with no known vulnerabilities and a good approach to core security practices. The static analysis indicates a small attack surface and diligent use of prepared statements for SQL queries. The presence of nonce and capability checks is also a strength. However, the analysis does reveal a concerning taint flow with an unsanitized path, which, despite not being flagged as critical or high severity, warrants attention as it represents a potential entry point for attackers if not properly handled. The 57% output escaping rate, while not terrible, suggests room for improvement to prevent cross-site scripting (XSS) vulnerabilities in the remaining outputs.",[221,224],{"reason":222,"points":223},"Taint flow with unsanitized path",8,{"reason":225,"points":166},"Partial output escaping","2026-03-16T23:41:01.642Z",{"wat":228,"direct":233},{"assetPaths":229,"generatorPatterns":230,"scriptPaths":231,"versionParams":232},[],[],[],[],{"cssClasses":234,"htmlComments":235,"htmlAttributes":236,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":251},[],[],[237,238,239,240],"id=\"pkg_autologin_code\"","id=\"pkg_autologin_new_link_button\"","id=\"pkg_autologin_delete_link_button\"","id=\"pkg_autologin_link\"",[],[243,244,245,246,247,248,249,250],"pkg_autologin_get_page_user_id","pkg_autologin_check_view_permissions","pkg_autologin_check_modify_permissions","pkg_autologin_new_link_click","pkg_autologin_delete_link_click","PKG_AUTOLOGIN_USER_META_KEY","PKG_AUTOLOGIN_LANGUAGE_DOMAIN","PKG_AUTOLOGIN_VALUE_NAME",[]]