[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9ykmY1YyD3_2Id5rL3X-ET5XISjMKAT29dPSLYynRGQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":125,"fingerprints":213},"mail-me-in-magic-link-login-for-woocommerce","Mail Me In – Magic Link Login for WooCommerce","1.0","Amzil Ayoub","https:\u002F\u002Fprofiles.wordpress.org\u002Famzil000ayoub\u002F","\u003Cp>\u003Cstrong>Mail Me In – Magic Link Login for WooCommerce\u003C\u002Fstrong> simplifies WordPress logins by replacing passwords with secure, one-time email links. Perfect for users who forget passwords or worry about security. Key features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Passwordless Login – Users authenticate via magic links sent to their email\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>30-Minute Expiry – Auto-expiring tokens for maximum security\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Compatible – Adds login option to My Account page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Discreet Verification – Never reveals if emails exist in your system\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Auto-Cleanup – Hourly cron removes used\u002Fexpired tokens\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for reducing password-related support requests while improving security\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>How It Works\u003Cbr \u002F>\nZero Configuration Needed – Just activate and it works!\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Automatic Integration\u003C\u002Fp>\n\u003Cp>Adds a “Login With Your Email” link below WooCommerce’s login form\u003C\u002Fp>\n\u003Cp>Instantly creates required database tables on activation\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>User Flow\u003C\u002Fp>\n\u003Cp>Visitor enters email \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Receives magic link (valid 30 mins)\u003C\u002Fp>\n\u003Cp>Clicks link \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Automatically logged in \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Redirected to account\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Behind the Scenes\u003C\u002Fp>\n\u003Cp>Self-cleaning system (expired links auto-delete hourly)\u003C\u002Fp>\n\u003Cp>Uses WordPress’ native email system (works with your SMTP plugin)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Secure magic link login for WordPress. Users login via email links—no passwords needed.",0,287,"2025-05-17T14:58:00.000Z","6.8.5","6.0","7.4",[18,19,20,21,22],"authentication","email","magic-link","passwordless","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmail-me-in-magic-link-login-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmail-me-in-magic-link-login-for-woocommerce.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"amzil000ayoub",6,30,94,"2026-04-04T12:30:30.393Z",[36,57,79,96,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":55,"download_link":56,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"ventraconnect-social-login","VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)","1.2.0","Fahad Aslam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahdaslam\u002F","\u003Cp>VentraConnect provides a \u003Cstrong>unified login system\u003C\u002Fstrong> for WordPress: Social Login + Magic Link + Email OTP.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Social Login\u003C\u002Fstrong> with 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> with \u003Cstrong>Magic Link\u003C\u002Fstrong> and \u003Cstrong>Email OTP\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Can run in \u003Cstrong>Login only\u003C\u002Fstrong> mode (existing users) or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (allow new accounts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guardrails (optional):\u003C\u002Fstrong> prevent spam accounts by letting \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> log existing users in, but optionally blocking them from creating new users. This stops random visitors from turning your login screen into an open registration form, while your normal WordPress registration and any custom onboarding forms continue to work as usual.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works out-of-the-box on the default WordPress login\u002Fregistration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>) and also supports shortcodes for custom pages and page builders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No proxy servers. No third-party tracking.\u003C\u002Fstrong> VentraConnect connects directly to each provider using official OAuth flows.\u003C\u002Fp>\n\u003Cp>| \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002Fwhat-is-ventraconnect-social-login\u002F\" rel=\"nofollow ugc\">Setup\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro Addon\u003C\u002Fa> |\u003C\u002Fp>\n\u003Ch3>Best for\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sites that want \u003Cstrong>faster logins\u003C\u002Fstrong> and fewer abandoned registrations by offering Social Login + passwordless login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> that want modern social + passwordless login on the login, checkout and My Account pages (Pro add-on).\u003C\u002Fli>\n\u003Cli>Sites that are getting \u003Cstrong>spam registrations\u003C\u002Fstrong> and want Guardrails to control who can create new accounts from the default \u003Ccode>wp-login.php\u003C\u002Fcode> screen.\u003C\u002Fli>\n\u003Cli>Sites that want to add \u003Cstrong>passwordless login\u003C\u002Fstrong> (Magic Link \u002F Email OTP) as an option, without removing the classic username\u002Fpassword login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features (Free)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Social Login\u003C\u002Fstrong>\u003Cbr \u002F>\n– 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003Cbr \u002F>\n– Adds login buttons to core WordPress login & registration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>)\u003Cbr \u002F>\n– Shortcodes for custom pages, page builders, and custom login pages\u003Cbr \u002F>\n– Account linking + unlinking (connect multiple providers to one WordPress user)\u003Cbr \u002F>\n– Optional profile sync (name + avatar)\u003Cbr \u002F>\n– Button styles: Light, Dark, Minimal, plus icon-only layouts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Passwordless Login (Magic Link + Email OTP)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Built-in security: expiry, resend throttling, single-use links, max attempt limits\u003Cbr \u002F>\n– Flexible behavior: \u003Cstrong>Login only\u003C\u002Fstrong> mode or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (per method)\u003Cbr \u002F>\n– Per-method redirect overrides (same page, referrer, homepage, custom URL)\u003Cbr \u002F>\n– Custom emails: edit sender name, subject, and message templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guardrails (Spam & signup control)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Prevent spam accounts by controlling whether \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> are allowed to create new users\u003Cbr \u002F>\n– Keep your login screen focused on \u003Cstrong>login\u003C\u002Fstrong> only, while still letting existing users sign in with all three methods\u003Cbr \u002F>\n– Your normal WordPress registration form and other registration\u002Fonboarding flows continue to work as usual\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– Basic redirect options for social + passwordless login\u003Cbr \u002F>\n– Diagnostics\u002Flogging to debug OAuth and login issues\u003Cbr \u002F>\n– Email notifications (user + admin) when a new account is created via social login\u003C\u002Fp>\n\u003Ch3>Pro Add-on (Optional)\u003C\u002Fh3>\n\u003Cp>The Pro add-on extends the same login system into popular plugins and adds advanced control:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> for login, checkout and My Account, with Guardrails-aware flows and context-based shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LMS integrations\u003C\u002Fstrong>: LearnDash, LifterLMS, LearnPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership\u002Fcommunity integrations\u003C\u002Fstrong>: MemberPress, Ultimate Member, Paid Memberships Pro (PMPro), BuddyPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Mode (Off, Recommended, Strict)\u003C\u002Fstrong> to control how aggressively passwords are phased out on supported forms while keeping an admin fallback\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced redirect rules\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & login insights\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Additional \u003Cstrong>diagnostics\u002Flogging\u003C\u002Fstrong> for complex setups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro features require the separate \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002F\" rel=\"nofollow ugc\">VentraConnect Social Login Pro\u003C\u002Fa> add-on.\u003C\u002Fp>\n\u003Ch3>Supported Social Providers\u003C\u002Fh3>\n\u003Cp>Google, Facebook, X (Twitter), LinkedIn, Microsoft, GitHub, Discord, Reddit, Slack, Twitch, Spotify, TikTok, Amazon, Yahoo, WordPress.com, LINE.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user clicks a Social Login button, or requests a Magic Link \u002F Email OTP.\u003C\u002Fli>\n\u003Cli>For Social Login, the user authenticates with the provider via official OAuth; for Magic Link \u002F OTP, they verify ownership of their email address.\u003C\u002Fli>\n\u003Cli>VentraConnect receives basic profile or email data and looks for an existing WordPress user.\u003C\u002Fli>\n\u003Cli>If the email matches an existing user, the login methods are linked to that account and the user is logged in. If not, a new user may be created (subject to your Guardrails and registration settings).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>VentraConnect Social Login is an OAuth client only.\u003C\u002Fp>\n\u003Cp>During login:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The user is redirected to the selected provider such as Google or Facebook.\u003C\u002Fli>\n\u003Cli>The provider authenticates the user.\u003C\u002Fli>\n\u003Cli>The provider returns an authorization token to your site.\u003C\u002Fli>\n\u003Cli>VentraConnect retrieves basic profile data:\n\u003Cul>\n\u003Cli>Provider user ID\u003C\u002Fli>\n\u003Cli>Email address\u003C\u002Fli>\n\u003Cli>Display name\u003C\u002Fli>\n\u003Cli>Avatar URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No user data is sent to or stored on servers owned by the plugin author.\u003Cbr \u002F>\nAll communication happens directly between your WordPress site and the provider official APIs.\u003C\u002Fp>\n\u003Ch3>Provider Domains Used\u003C\u002Fh3>\n\u003Cp>Google\u003Cbr \u002F>\naccounts.google.com\u003Cbr \u002F>\noauth2.googleapis.com\u003Cbr \u002F>\npeople.googleapis.com\u003C\u002Fp>\n\u003Cp>Facebook\u003Cbr \u002F>\ngraph.facebook.com\u003C\u002Fp>\n\u003Cp>Microsoft\u003Cbr \u002F>\nlogin.microsoftonline.com\u003Cbr \u002F>\ngraph.microsoft.com\u003C\u002Fp>\n\u003Cp>TikTok\u003Cbr \u002F>\nopen.tiktokapis.com\u003C\u002Fp>\n\u003Cp>Reddit\u003Cbr \u002F>\nwww.reddit.com\u003Cbr \u002F>\noauth.reddit.com\u003C\u002Fp>\n\u003Cp>LINE\u003Cbr \u002F>\naccess.line.me\u003Cbr \u002F>\napi.line.me\u003C\u002Fp>\n\u003Cp>Slack\u003Cbr \u002F>\nslack.com\u003C\u002Fp>\n\u003Cp>Discord\u003Cbr \u002F>\ndiscord.com\u003C\u002Fp>\n\u003Cp>Twitch\u003Cbr \u002F>\nid.twitch.tv\u003Cbr \u002F>\napi.twitch.tv\u003C\u002Fp>\n\u003Cp>GitHub\u003Cbr \u002F>\ngithub.com\u003Cbr \u002F>\napi.github.com\u003C\u002Fp>\n\u003Cp>Amazon\u003Cbr \u002F>\nwww.amazon.com\u003Cbr \u002F>\napi.amazon.com\u003C\u002Fp>\n\u003Cp>Yahoo\u003Cbr \u002F>\napi.login.yahoo.com\u003C\u002Fp>\n\u003Cp>WordPress.com\u003Cbr \u002F>\npublic-api.wordpress.com\u003C\u002Fp>\n\u003Cp>LinkedIn\u003Cbr \u002F>\nwww.linkedin.com\u003Cbr \u002F>\napi.linkedin.com\u003C\u002Fp>\n\u003Cp>Each provider has its own Terms of Service and Privacy Policy. You are responsible for complying with those terms when enabling a provider.\u003C\u002Fp>\n","Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.",20,584,2,"2026-02-25T12:07:00.000Z","6.9.4","6.2",[51,20,52,53,54],"email-otp","oauth","passwordless-login","social-login","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fventraconnect-social-login.1.2.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"mojoauth","MojoAuth Passwordless Authentication","2.7","MojoAuth","https:\u002F\u002Fprofiles.wordpress.org\u002Fmojoauth\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fmojoauth.com\" rel=\"nofollow ugc\">MojoAuth\u003C\u002Fa> Passwordless Authentication WordPress plugin replaces standard WordPress login forms with the passwordless authentication method. It provides a robust and secure passwordless authentication mechanism to your WordPress site that offers the users a way to verify themselves while not having to remember or manually type passwords, which in turn provides stronger security and fewer breaches.\u003C\u002Fp>\n\u003Cp>Adding a passwordless authentication mechanism will help to create additional barriers to secure accounts of users. We updated the conventional password method of login with a safer authentication method, for example, log in through Email OTP, Magic Link, Social Login, Phone SMS and WebAuthn. This likewise cuts the additional progression of you fumbling over your failed to remember password.\u003C\u002Fp>\n\u003Ch3>KEY FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Magic Link\u003C\u002Fstrong>: A unique link sent directly to your email which allows you to authenticate once and becomes invalid automatically once you are logged in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OTP\u003C\u002Fstrong>: A unique OTP sent directly to your email which allows you to authenticate once and becomes invalid automatically once you are logged in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WebAuthn\u003C\u002Fstrong>: Allow users to authenticate with built-in authenticators like fingerprint, pin, or using security keys like YubiKey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Login\u003C\u002Fstrong>: Allow your users to log in using Social login like Google, Facebook, Apple, etc., and increase sign-ups by removing the friction of passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMS Authentication\u003C\u002Fstrong>: Authenticate and verify your users using SMS OTP across all your applications and enable a secure, frictionless and customizable login experience for everyone.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>You can contribute or see sources to this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMojoAuth\u002Fmojoauth-wordpress\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We offer 24\u002F7 support, reach out to our support team, or refer our product documents\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live chat\u003C\u002Fli>\n\u003Cli>Email Support mailto:support@mojoauth.com\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmojoauth.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Support documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","MojoAuth provides a secure and delightful experience to your customer with passwordless. Here, you'll find comprehensive guides and documentation &hellip;",10,2761,74,3,"2022-12-13T11:58:00.000Z","6.1.10","3.4","5.6",[18,74,51,75,54],"email-magic-link","sms-authentication","https:\u002F\u002Fgithub.com\u002FMojoAuth\u002Fmojoauth-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmojoauth.2.7.zip",85,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":11,"num_ratings":11,"last_updated":88,"tested_up_to":89,"requires_at_least":72,"requires_php":16,"tags":90,"homepage":55,"download_link":93,"security_score":94,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":95},"1-click-passwordless-login","1-Click PasswordLess Login","1.0.0","xplodman","https:\u002F\u002Fprofiles.wordpress.org\u002Fxplodman\u002F","\u003Cp>\u003Cstrong>1-Click PasswordLess Login\u003C\u002Fstrong> allows users to log in \u003Cstrong>without passwords\u003C\u002Fstrong>, using secure \u003Cstrong>magic links\u003C\u002Fstrong>.\u003Cbr \u002F>\nEnhance security and user experience by eliminating traditional password-based logins.\u003C\u002Fp>\n\u003Ch3>🔥 Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Users log in via a secure, one-time-use email link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong> – Works seamlessly with WooCommerce login forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set Expiry Time\u003C\u002Fstrong> – Magic links expire after a configurable time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Email Notifications\u003C\u002Fstrong> – Modify login email subject and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum Login Attempts\u003C\u002Fstrong> – Limit failed login attempts before lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Dashboard Widget\u003C\u002Fstrong> – View login statistics inside WordPress admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Protection\u003C\u002Fstrong> – Prevent brute-force attacks with login attempt tracking.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Setup:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 1-Click Login\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Configure authentication settings (expiry time, lockout, WooCommerce integration).\u003C\u002Fli>\n\u003Cli>Start using passwordless authentication!\u003C\u002Fli>\n\u003C\u002Fol>\n","A secure and simple 1-click passwordless login system for WordPress. No more passwords – just magic links!",699,"2025-02-23T15:40:00.000Z","6.7.5",[18,91,92,21,22],"login","one-click-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F1-click-passwordless-login.1.0.0.zip",92,"2026-03-15T14:54:45.397Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":11,"num_ratings":11,"last_updated":55,"tested_up_to":48,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":55,"download_link":111,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":112},"authyo-passwordless-login","Authyo Passwordless Login","1.0.3","Konceptwise Digital Media Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonceptwise\u002F","\u003Cp>Authyo Passwordless Login enables secure \u003Cstrong>OTP login for WordPress\u003C\u002Fstrong> using email-based one-time passwords. It replaces traditional passwords with a modern \u003Cstrong>passwordless authentication system\u003C\u002Fstrong> that improves login security and simplifies the user experience.\u003C\u002Fp>\n\u003Cp>Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.\u003C\u002Fp>\n\u003Cp>This plugin is officially developed and maintained by \u003Cstrong>Konceptwise Digital Media Pvt. Ltd.\u003C\u002Fstrong> and uses \u003Cstrong>Authyo’s secure OTP authentication infrastructure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With Authyo Passwordless Login, WordPress administrators can implement \u003Cstrong>passwordless login\u003C\u002Fstrong>, improve \u003Cstrong>account security\u003C\u002Fstrong>, and eliminate risks related to password leaks or weak credentials.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Passwordless login for WordPress using email OTP\u003C\u002Fli>\n\u003Cli>No passwords stored or required\u003C\u002Fli>\n\u003Cli>Secure token-based authentication (single-use and time-limited)\u003C\u002Fli>\n\u003Cli>OTP delivered via Authyo’s secure email service\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback Method:\u003C\u002Fstrong> Optional two-factor authenticator app if email OTP fails\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login page\u003C\u002Fli>\n\u003Cli>AJAX-powered login flow (no page reloads)\u003C\u002Fli>\n\u003Cli>Automatic dashboard redirect after successful login\u003C\u002Fli>\n\u003Cli>Enable or disable passwordless login anytime\u003C\u002Fli>\n\u003Cli>Compatible with custom login URL plugins (e.g., WPS Hide Login)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>This plugin is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress sites that want \u003Cstrong>OTP login instead of passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Improving \u003Cstrong>WordPress login security\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enabling \u003Cstrong>passwordless authentication\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Preventing password brute-force attacks\u003C\u002Fli>\n\u003Cli>Membership websites and user portals\u003C\u002Fli>\n\u003Cli>Sites that want a \u003Cstrong>simple two-factor authentication alternative\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>User enters their email address on the WordPress login page\u003C\u002Fli>\n\u003Cli>Authyo sends a one-time password (OTP) via email\u003C\u002Fli>\n\u003Cli>User verifies the OTP\u003C\u002Fli>\n\u003Cli>WordPress logs the user in automatically using a secure single-use token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No password is required during the login process.\u003C\u002Fp>\n\u003Ch3>About Konceptwise & Authyo\u003C\u002Fh3>\n\u003Cp>Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authyo\u003C\u002Fstrong> is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.\u003C\u002Fp>\n\u003Cp>This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>How to Use Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FcStBvoHTzro?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– User email address (sent to Authyo API when requesting OTP)\u003Cbr \u002F>\n– OTP code (sent to Authyo API for verification)\u003Cbr \u002F>\n– Mask ID (returned by Authyo API, used for OTP verification)\u003C\u002Fp>\n\u003Cp>When data is sent:\u003Cbr \u002F>\n– When the user requests an OTP: Email address is sent to Authyo API\u003Cbr \u002F>\n– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API\u003C\u002Fp>\n\u003Cp>Authentication Flow:\u003Cbr \u002F>\n– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions\u003Cbr \u002F>\n– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking\u003Cbr \u002F>\n– The token is stored temporarily in WordPress transients and expires after 5 minutes\u003Cbr \u002F>\n– The token allows WordPress to complete authentication without requiring a password\u003Cbr \u002F>\n– Token is deleted immediately after verification (single-use security)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\n– To verify ownership of the provided email address through OTP verification\u003Cbr \u002F>\n– After successful OTP verification, a secure browser-bound login token is generated\u003Cbr \u002F>\n– The token allows WordPress to authenticate users without passwords\u003C\u002Fp>\n\u003Cp>Data Storage:\u003Cbr \u002F>\n– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)\u003Cbr \u002F>\n– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)\u003Cbr \u002F>\n– No user data is permanently stored by this plugin\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fterms-service\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An active Authyo account with API credentials\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Getting Authyo API Credentials\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Sign up for an account at https:\u002F\u002Fauthyo.io\u003C\u002Fli>\n\u003Cli>Log in to your Authyo dashboard\u003C\u002Fli>\n\u003Cli>Navigate to your application settings\u003C\u002Fli>\n\u003Cli>Copy your \u003Cstrong>App ID\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Plugin Setup\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enable \u003Cstrong>Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enter your Authyo API credentials:\n\u003Cul>\n\u003Cli>Authyo App ID\u003C\u002Fli>\n\u003Cli>Authyo Client ID\u003C\u002Fli>\n\u003Cli>Authyo Client Secret\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once configured, the passwordless login form will appear on your WordPress login page.\u003C\u002Fp>\n","Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.",245,"5.0","7.2",[51,108,53,109,110],"otp-login","two-factor-authentication","wordpress-otp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthyo-passwordless-login.1.0.3.zip","2026-03-15T10:48:56.248Z",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":25,"rating":11,"num_ratings":11,"last_updated":121,"tested_up_to":48,"requires_at_least":105,"requires_php":55,"tags":122,"homepage":55,"download_link":124,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"elevation-magic-link","Elevation Magic Link Login","1.2.2","Elevation Team","https:\u002F\u002Fprofiles.wordpress.org\u002Felevation1support\u002F","\u003Cp>Elevation Magic Link Login allows your users to sign in without remembering a password. By simply entering their username or email address, they receive a secure, time-sensitive link via email that logs them in instantly.\u003C\u002Fp>\n\u003Cp>This plugin is built with security as a priority, utilizing WordPress best practices such as nonces, input sanitization, output escaping, hashed tokens, and HMAC signatures to ensure your site and users remain protected.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Adds a “Send Me a Magic Link” button to the default WP login form.\u003C\u002Fp>\n\u003Cp>New: Toggle-based UI that hides the password field when requesting a link for a cleaner experience.\u003C\u002Fp>\n\u003Cp>Secure, high-entropy token generation.\u003C\u002Fp>\n\u003Cp>Tokens are hashed before storage for maximum security.\u003C\u002Fp>\n\u003Cp>Cross-device support: Uses stateless HMAC signatures to validate links even if opened on a different device than requested.\u003C\u002Fp>\n\u003Cp>One-time use links that expire after 15 minutes (filterable).\u003C\u002Fp>\n\u003Cp>No-password fallback for users who forget their credentials.\u003C\u002Fp>\n\u003Cp>Lightweight and developer-friendly.\u003C\u002Fp>\n\u003Cp>Filterable redirect URL after successful login.\u003C\u002Fp>\n","Add a secure, passwordless login option to the default WordPress login form.","2026-01-23T18:34:00.000Z",[18,91,20,21,123],"security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felevation-magic-link.1.2.2.zip",{"attackSurface":126,"codeSignals":164,"taintFlows":177,"riskAssessment":204,"analyzedAt":212},{"hooks":127,"ajaxHandlers":150,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":46,"unprotectedCount":11},[128,134,138,142,146],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","plugins_loaded","mail_me_in_init","mail-me-in.php",27,{"type":129,"name":135,"callback":136,"file":132,"line":137},"init","mail_me_in_handle_token_login",58,{"type":129,"name":139,"callback":140,"file":132,"line":141},"mail_me_in_cleanup_tokens","mail_me_in_cleanup_expired_tokens",123,{"type":129,"name":143,"callback":144,"file":132,"line":145},"woocommerce_after_customer_login_form","mail_me_in_add_magic_link_option",149,{"type":129,"name":147,"callback":148,"file":132,"line":149},"wp_enqueue_scripts","mail_me_in_enqueue_assets",150,[151,157],{"action":152,"nopriv":153,"callback":154,"hasNonce":155,"hasCapCheck":153,"file":132,"line":156},"mail_me_in_send_link",false,"mail_me_in_send_link_handler",true,151,{"action":152,"nopriv":155,"callback":154,"hasNonce":155,"hasCapCheck":153,"file":132,"line":158},152,[],[],[162],{"hook":139,"callback":139,"file":132,"line":163},54,{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":169,"fileOperations":11,"externalRequests":11,"nonceChecks":46,"capabilityChecks":11,"bundledLibraries":176},[],{"prepared":167,"raw":11,"locations":168},4,[],{"escaped":167,"rawEcho":46,"locations":170},[171,174],{"file":132,"line":172,"context":173},188,"raw output",{"file":132,"line":175,"context":173},191,[],[178,196],{"entryPoint":179,"graph":180,"unsanitizedCount":11,"severity":195},"mail_me_in_handle_token_login (mail-me-in.php:60)",{"nodes":181,"edges":193},[182,187],{"id":183,"type":184,"label":185,"file":132,"line":186},"n0","source","$_GET",72,{"id":188,"type":189,"label":190,"file":132,"line":191,"wp_function":192},"n1","sink","get_row() [SQLi]",84,"get_row",[194],{"from":183,"to":188,"sanitized":155},"low",{"entryPoint":197,"graph":198,"unsanitizedCount":11,"severity":195},"\u003Cmail-me-in> (mail-me-in.php:0)",{"nodes":199,"edges":202},[200,201],{"id":183,"type":184,"label":185,"file":132,"line":186},{"id":188,"type":189,"label":190,"file":132,"line":191,"wp_function":192},[203],{"from":183,"to":188,"sanitized":155},{"summary":205,"deductions":206},"This plugin exhibits a generally good security posture based on the provided static analysis. It utilizes prepared statements for all SQL queries and a good majority of its output is properly escaped, minimizing risks of SQL injection and cross-site scripting. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security.  Importantly, there are no known past or current vulnerabilities associated with this plugin, suggesting a history of secure development or minimal public exposure of any potential weaknesses.\n\nHowever, the analysis does highlight a couple of areas that could be improved. While the plugin has a small attack surface with only two AJAX handlers, the lack of explicit capability checks on these handlers is a notable concern. This means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions. Although no unsanitized paths were found in taint analysis, this lack of capability checks could become a vector for privilege escalation if the AJAX actions perform sensitive operations. The presence of nonce checks on these handlers is positive, but they only protect against CSRF and not unauthorized access based on user roles.\n\nIn conclusion, the plugin is built on a foundation of secure coding practices regarding data handling. The primary weakness lies in the absence of granular access control on its AJAX endpoints. While there's no current vulnerability history, addressing the capability checks would significantly enhance its overall security and resilience against potential future exploits.",[207,210],{"reason":208,"points":209},"AJAX handlers missing capability checks",8,{"reason":211,"points":68},"67% of output escaped, not 100%","2026-03-17T07:29:00.063Z",{"wat":214,"direct":223},{"assetPaths":215,"generatorPatterns":218,"scriptPaths":219,"versionParams":220},[216,217],"\u002Fwp-content\u002Fplugins\u002Fmail-me-in-magic-link-login-for-woocommerce\u002Fassets\u002Fcss\u002Fmail-me-in.css","\u002Fwp-content\u002Fplugins\u002Fmail-me-in-magic-link-login-for-woocommerce\u002Fassets\u002Fjs\u002Fmail-me-in.js",[],[217],[221,222],"mail-me-in-magic-link-login-for-woocommerce\u002Fassets\u002Fcss\u002Fmail-me-in.css?ver=","mail-me-in-magic-link-login-for-woocommerce\u002Fassets\u002Fjs\u002Fmail-me-in.js?ver=",{"cssClasses":224,"htmlComments":230,"htmlAttributes":231,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":240},[225,226,227,228,229],"mail-me-in-option","mail-me-in-popup","mail-me-in-popup-content","mail-me-in-form","mail-me-in-form-group",[],[232,233,234,235,236],"id=\"mail-me-in-trigger\"","id=\"mail-me-in-popup\"","id=\"mail-me-in-popup-content\"","id=\"mail-me-in-form\"","id=\"mail-me-in-email\"",[],[239],"mail_me_in_vars",[]]