[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMBkNZDoG3eWpovDyNGMAKQPFTKS9r-aKnP9RaT0JeQA":3,"$f--Bdeq3zDFK5ChA2pe_Vy9ZrDRHBHujR-wlJBVhyByk":265,"$fPv5kOHqKQ8UaPerHXgPhVyCBIeho-exH5xi2kOdQe9Y":269},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":135,"fingerprints":229},"mm-ajax-login","Mm Ajax Login","1.0.0","Braad","https:\u002F\u002Fprofiles.wordpress.org\u002Fbraad\u002F","\u003Cp>This plugin allows you to create special links that check whether a user is logged in and then follow the link if they are or show an ajax-powered login form in a simple lightbox if they are not. Once the user fills out the login form with valid credentials they will be logged in and redirected to the page the link points to.\u003C\u002Fp>\n\u003Ch4>Scenario\u003C\u002Fh4>\n\u003Cp>Let’s say you’ve got a page on your site that only logged in users are able to access. It could be a private page or ideally it is a page that is set up to show a standard login form to users who are not logged in. With this plugin you could add the class ‘ajax-login-trigger’ to all the links that point to that page, then when a user clicks one of these links an ajax request is sent to the server to check whether the user is already logged in, and if they are the user is redirected to the page without ever noticing that the login check was done, or if they aren’t logged in they’ll see a login form appear in a simple lightbox. When the user fills out the form, a second ajax request is sent to the server to attempt to log them in, and if successful the user is redirected to the page.\u003C\u002Fp>\n\u003Ch4>Customize It!\u003C\u002Fh4>\n\u003Cp>This plugin includes lots of hooks and filters that allow for all sorts of customizations and unique use cases. Here’s a quick list:\u003C\u002Fp>\n\u003Cp>Actions:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>mm_ajax_login_before_form_outside\nmm_ajax_login_before_form_inside\nmm_ajax_login_extra_buttons\nmm_ajax_login_after_form_inside\nmm_ajax_login_after_form_outside\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Filters:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>mm_ajax_login_trigger_selector\nmm_ajax_login_form_title\nmm_ajax_login_status_message\nmm_ajax_login_username_label\nmm_ajax_login_password_label\nmm_ajax_login_rememberme_text\nmm_ajax_login_lost_password_text\nmm_ajax_login_button_text\nmm_ajax_login_custom_login_action\nmm_ajax_login_email_login_fail_message\nmm_ajax_login_success_message\nmm_ajax_login_fail_message\nmm_ajax_login_allow_email_login\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Many things are possible with these hooks. The hooks \u003Ccode>mm_ajax_login_before_form_inside\u003C\u002Fcode> and \u003Ccode>mm_ajax_login_after_form_inside\u003C\u002Fcode> allow you to add any custom input elements to the form. When the login form is submitted all of the values from the input elements included in the form will get passed to the PHP function that processes the ajax request, which will then pass the data to the \u003Ccode>mm_ajax_login_custom_login_action\u003C\u002Fcode> filter. You can intercept the incoming data using this filter and proceed with any custom action you want, like registering new users and logging them in during the same action.\u003C\u002Fp>\n\u003Ch4>Filter Examples\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Use a custom selector for the trigger link:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'mm_ajax_login_trigger_selector', 'prefix_custom_login_trigger' );\nfunction prefix_custom_login_trigger( $selector ) {\n\n    \u002F\u002F Custom selector goes here.\n    $selector = '.my-custom-selector';\n\n    return $selector;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Use a custom status message:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'mm_ajax_login_status_message', 'prefix_custom_status_message' );\nfunction prefix_custom_status_message( $status_message ) {\n\n    \u002F\u002F Custom status message goes here.\n    $status_message = 'Magic happening...';\n\n    return $status_message;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin is \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMIGHTYminnow\u002Fmm-ajax-login\" rel=\"nofollow ugc\">on Github\u003C\u002Fa> and pull requests are always welcome.\u003C\u002Fp>\n","A custom lightbox login form that serves as a gatekeeper for links with the class \"ajax-login-trigger\".",10,2075,0,"2015-12-07T14:36:00.000Z","4.4.34","3.8","",[19,20,21,22],"ajax","form","lightbox","login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmm-ajax-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmm-ajax-login.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"braad",6,2140,30,84,"2026-07-14T22:18:11.491Z",[38,60,81,100,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":58,"download_link":59,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-ajax-login-and-register","WP AJAX Login and Register","1.3","newbiesup","https:\u002F\u002Fprofiles.wordpress.org\u002Fnewbiesup\u002F","\u003Cp>This plugin will automatically add a login\u002Fregister link to your ‘primary’ menu location. A nice looking form will popup when the link is clicked.\u003Cbr \u002F>\nShortcode is also available for use on any post or widget with ‘[wp-ajax-login text=”Login\u002FRegister”]’ and ‘text’ attribute is the link text.\u003C\u002Fp>\n\u003Cp>For more information, please visit \u003Ca href=\"http:\u002F\u002Fptheme.com\u002Fitem\u002Fwp-ajax-login\u002F\" title=\"ptheme\" rel=\"nofollow ugc\">ptheme.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Easy to use frontend AJAX Login and Register plugin with no settings required.",60,8987,100,2,"2016-04-25T14:52:00.000Z","4.5.33","3.0.1",[19,54,55,56,57],"ajax-login","ajax-register","frontend-login","login-form","http:\u002F\u002Fptheme.com\u002Fitem\u002Fwp-ajax-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ajax-login-and-register.1.3.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":48,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":78,"download_link":79,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":80},"4nton-extensions","Anton Extensions","1.2.2","Anthony Carbon","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaster-buldog\u002F","\u003Cp>Anton Extensions has PHP coding SOP fuction that prevent errors, list of addons that may suitable for your site requirements, and many more free features that you might love. This plugin is can integrate with Gravity Forms, Override WordPress default emails, login landing page, and more.\u003C\u002Fp>\n\u003Ch4>FREE Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Manage wp-login.php login landing page. Override the default WordPress layout, logo and permalink. \u003Ca href=\"https:\u002F\u002Fdemo.anthonycarbon.com\u002Fwp-login.php\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Override the WordPress email subject name and email using general settings name and email address.\u003C\u002Fli>\n\u003Cli>Turn your Gravity Form activation page into popup layout with admin settings.\u003C\u002Fli>\n\u003Cli>Override the WordPress new user registration subject name ([%s] New User Registration).\u003C\u002Fli>\n\u003Cli>Disable\u002FEnable input auto fill or autocomplete.\u003C\u002Fli>\n\u003Cli>Fix Gravity Forms Uncaught TypeError: grecaptcha.render\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Addons\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.anthonycarbon.com\u002Fproduct\u002Fgravity-forms-media-upload-field\u002F\" rel=\"nofollow ugc\">Gravity Forms Media Upload Field\u003C\u002Fa> – add custom field that can upload image with prefered dimension, save to media dashboard.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.anthonycarbon.com\u002Fproduct\u002Fwp-print\u002F\" rel=\"nofollow ugc\">WP Print\u003C\u002Fa> – Customized your post, page, or custom post-type print layout without doing any back-end coding.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Related plugins\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.anthonycarbon.com\u002Fproduct-category\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Anthony Carbon Plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Develop by\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.anthonycarbon.com\u002F\" rel=\"nofollow ugc\">anthonycarbon.com – WordPress Developer \u002F Programmer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Happy coding everyone :D.\u003C\u002Fp>\n","Developer and Programmer tools and tasks helper. Helpful SOP features.",2162,1,"2019-06-01T02:30:00.000Z","5.0.25","4.4",[19,74,75,76,77],"field","gravityform","media-upload","wp-login-php","https:\u002F\u002Fwww.anthonycarbon.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F4nton-extensions.zip","2026-04-06T09:54:40.288Z",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":48,"num_ratings":69,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"lazy-sign-in","Lazy Signin","2.2","KrishaWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fkrishaweb\u002F","\u003Cp>\u003Cstrong>Lazy Sign-In – The Smarter Way to Handle User Registration & Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tired of complicated login and sign-up setups? Lazy Sign-In makes it effortless to add sleek, responsive, and fully customizable login and registration forms to your website all powered by AJAX for a seamless user experience.\u003C\u002Fp>\n\u003Cp>With just one installation, you can create both sign-up and login pages using simple shortcodes:\u003Cbr \u002F>\n\u003Cstrong>[lazy_signin_ajax_signup_form]\u003C\u002Fstrong> for sign-up\u003Cbr \u002F>\n\u003Cstrong>[lazy_signin_ajax_login_form]\u003C\u002Fstrong> for login\u003C\u002Fp>\n\u003Cp>Why Lazy Sign-In?\u003Cbr \u002F>\n• Unlimited Custom Fields – Add as many fields as you want to your sign-up form.\u003Cbr \u002F>\n• Smart Validation – Set fields as required or unique to ensure clean, reliable data.\u003Cbr \u002F>\n• Auto-Generated Credentials – Automatically generate usernames and passwords with one click.\u003Cbr \u002F>\n• Custom Redirects – Send users to a specific page right after sign-up.\u003Cbr \u002F>\n• User Profile Management – Let users easily update their own information anytime.\u003Cbr \u002F>\n• Role Assignment – Automatically assign user roles from the backend.\u003C\u002Fp>\n\u003Cp>The best part? Unique Field Verification. This powerful feature ensures every user detail you collect stays unique, eliminating duplicate entries and strengthening your database integrity.\u003C\u002Fp>\n\u003Cp>With Lazy Sign-In, your users enjoy a smooth and intuitive registration process, while you get full control and flexibility on the backend.\u003Cbr \u002F>\nBring ease, speed, and reliability to your website’s sign-up and login process with Lazy Sign-In.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n•   Easy installation\u003Cbr \u002F>\n•   Separate login and signup pages\u003Cbr \u002F>\n•   Easy customization of login and signup forms\u003Cbr \u002F>\n•   Ability for add\u002Fremove fields in the signup form\u003Cbr \u002F>\n•   Ability to redirect users to specific page\u003Cbr \u002F>\n•   Can keep the form fields ‘required’ and ‘unique’\u003Cbr \u002F>\n•   Ability to assign roles to the users\u003Cbr \u002F>\n•   AJAX verification\u003Cbr \u002F>\n•   Free support\u003C\u002Fp>\n","Lazy Sign in lets you easily create a fully customizable AJAX powered responsive login and sign-up form for your website.",5596,"2025-09-15T12:18:00.000Z","6.8.5","6.6","7.4",[19,22,95,96,97],"register-form","signup","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flazy-sign-in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-sign-in.2.2.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":11,"downloaded":108,"rating":109,"num_ratings":69,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":17,"tags":113,"homepage":114,"download_link":115,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-ajax-login-and-register-popup","WP AJAX Login and Register Popup","1.0.3","Hasibul Islam Badsha","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhasib\u002F","\u003Cp>WP AJAX Login and Register Popup is a WordPress plugin to login and register on your website using popup box!  Use this shortcode \u003Cstrong>[WPALRP-LOGIN]\u003C\u002Fstrong> in the widget where you want to display login\u002Fregister button.\u003C\u002Fp>\n\u003Cp>Official Documentation: \u003Ca href=\"https:\u002F\u002Fwww.e2softsolution.com\u002Fwp-ajax-login-and-register-popup\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.e2softsolution.com\u002Fwp-ajax-login-and-register-popup\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.e2softsolution.com\u002Fwp-ajax-login-and-register-popup\u002F\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>       \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.e2softsolution.com\u002Fwp-ajax-login-and-register-popup\u002F\" rel=\"nofollow ugc\">Need Help?\u003C\u002Fa>          \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.e2softsolution.com\u002F\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FdnAFwfYkIl4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>You can select\u002Fchange\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Font Size.\u003C\u002Fli>\n\u003Cli>Font Color.\u003C\u002Fli>\n\u003Cli>Button Background Color.\u003C\u002Fli>\n\u003Cli>Button Font Size.\u003C\u002Fli>\n\u003Cli>Button Font Color.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to your Dashboard after installation and navigate to “Settings >> AJAX Login Settings” to configure the Login\u002FRegister.\u003C\u002Fli>\n\u003Cli>Go to Widget after installation and drop “AJAX Login or Register” to your desired area, where you want to display AJAX Login or Register button.\u003C\u002Fli>\n\u003Cli>Add extra ID “show_login” at login menu & ID “show_signup” at register menu.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very easy installation\u003C\u002Fli>\n\u003Cli>Widget system\u003C\u002Fli>\n\u003Cli>Unlimited color variation by using jQuery color picker.\u003C\u002Fli>\n\u003Cli>Responsive design\u003C\u002Fli>\n\u003Cli>Flexible and easy to use\u003C\u002Fli>\n\u003Cli>Lightweight JQuery\u003C\u002Fli>\n\u003C\u002Ful>\n","WP AJAX Login and Register Popup is a WordPress plugin to login and register on your website using popup box!",5198,80,"2021-03-18T18:37:00.000Z","5.7.15","5.0",[19,54,55,56,57],"https:\u002F\u002Fwww.e2softsolution.com\u002Fwp-ajax-login-register-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ajax-login-and-register-popup.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":13,"downloaded":124,"rating":48,"num_ratings":69,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":133,"download_link":134,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"technoscore-login-redirection","Secure Frontend Ajax Login","1.0.2","Technoscore","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaravan\u002F","\u003Cp>Secure Frontend Ajax Login is  best plugin for WordPress to Login by ajax in popup and redirect to a specific page.\u003C\u002Fp>\n\u003Ch4>More details are as follows:-\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It provides login by ajax in popup and redirect to particular page.\u003C\u002Fli>\n\u003Cli>It provides a Login button when it is clicked a simple login form will appear in popup.\u003C\u002Fli>\n\u003Cli>Just install the plugin and add the ‘Techno Redirect’ widget in the sidebar.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure Frontend Ajax Login is  best plugin for WordPress to Login by ajax in popup and redirect to a specific page.",1229,"2017-06-15T05:28:00.000Z","4.7.33","4.3.6",[22,129,130,131,132],"login-by-ajax","login-form-in-widget","rdirection-after-login","redirection","http:\u002F\u002Fnddw.com\u002Fdemo3\u002Fsws-res-slider\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftechnoscore-login-redirection.zip",{"attackSurface":136,"codeSignals":171,"taintFlows":191,"riskAssessment":217,"analyzedAt":228},{"hooks":137,"ajaxHandlers":152,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":170,"unprotectedCount":13},[138,144,148],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","plugins_loaded","mm_ajax_login_load_textdomain","mm-ajax-login.php",20,{"type":139,"name":145,"callback":146,"file":142,"line":147},"wp_enqueue_scripts","mm_ajax_login_enqueue_scripts",33,{"type":139,"name":149,"callback":150,"file":142,"line":151},"wp_footer","mm_ajax_login_output_form",34,[153,159,161,165],{"action":154,"nopriv":155,"callback":156,"hasNonce":157,"hasCapCheck":155,"file":142,"line":158},"mm_is_user_logged_in",false,"mm_ajax_login_check_user_logged_in",true,40,{"action":154,"nopriv":157,"callback":156,"hasNonce":157,"hasCapCheck":155,"file":142,"line":160},41,{"action":162,"nopriv":155,"callback":163,"hasNonce":157,"hasCapCheck":155,"file":142,"line":164},"mm_do_ajax_login","mm_ajax_login_process_form_submission",42,{"action":162,"nopriv":157,"callback":163,"hasNonce":157,"hasCapCheck":155,"file":142,"line":166},43,[],[],[],4,{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":13,"externalRequests":13,"nonceChecks":49,"capabilityChecks":13,"bundledLibraries":190},[],{"prepared":13,"raw":13,"locations":174},[],{"escaped":176,"rawEcho":177,"locations":178},17,5,[179,182,184,186,188],{"file":142,"line":180,"context":181},128,"raw output",{"file":142,"line":183,"context":181},181,{"file":142,"line":185,"context":181},233,{"file":142,"line":187,"context":181},254,{"file":142,"line":189,"context":181},264,[],[192,209],{"entryPoint":193,"graph":194,"unsanitizedCount":13,"severity":208},"mm_ajax_login_process_form_submission (mm-ajax-login.php:167)",{"nodes":195,"edges":206},[196,201],{"id":197,"type":198,"label":199,"file":142,"line":200},"n0","source","$_POST",175,{"id":202,"type":203,"label":204,"file":142,"line":183,"wp_function":205},"n1","sink","echo() [XSS]","echo",[207],{"from":197,"to":202,"sanitized":157},"low",{"entryPoint":210,"graph":211,"unsanitizedCount":13,"severity":208},"\u003Cmm-ajax-login> (mm-ajax-login.php:0)",{"nodes":212,"edges":215},[213,214],{"id":197,"type":198,"label":199,"file":142,"line":200},{"id":202,"type":203,"label":204,"file":142,"line":183,"wp_function":205},[216],{"from":197,"to":202,"sanitized":157},{"summary":218,"deductions":219},"The 'mm-ajax-login' v1.0.0 plugin demonstrates a generally good security posture based on the static analysis. All identified entry points, specifically the four AJAX handlers, appear to have authorization checks in place, which is a significant strength. The complete absence of direct SQL queries and reliance on prepared statements is commendable, and the high percentage of properly escaped output further mitigates common web vulnerabilities.\n\nHowever, there are a few areas that warrant attention. While there are nonce checks present, their limited number (2) in relation to the four AJAX handlers suggests that not all handlers might be covered by nonce validation, which could be a potential weakness. More critically, the static analysis shows zero capability checks implemented. This means that even if AJAX handlers are authenticated, they are not verifying if the logged-in user has the necessary permissions to perform the action, opening the door to privilege escalation if an attacker can trick a privileged user into triggering an action they shouldn't be able to.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the positive static analysis findings regarding SQL and output handling, suggests a developer who is mindful of secure coding practices. Nevertheless, the lack of capability checks is a significant oversight that needs to be addressed to ensure robust security. The current implementation, while not actively exploited, has the potential for privilege-related issues.",[220,223,225],{"reason":221,"points":222},"Missing capability checks on AJAX handlers",15,{"reason":224,"points":177},"Potentially insufficient nonce checks on AJAX handlers",{"reason":226,"points":227},"High percentage of unescaped output",3,"2026-03-17T00:10:14.720Z",{"wat":230,"direct":240},{"assetPaths":231,"generatorPatterns":234,"scriptPaths":235,"versionParams":237},[232,233],"\u002Fwp-content\u002Fplugins\u002Fmm-ajax-login\u002Fjs\u002Fmm-ajax-login.js","\u002Fwp-content\u002Fplugins\u002Fmm-ajax-login\u002Fcss\u002Fmm-ajax-login.css",[],[236],"js\u002Fmm-ajax-login.js",[238,239],"mm-ajax-login\u002Fjs\u002Fmm-ajax-login.js?ver=","mm-ajax-login\u002Fcss\u002Fmm-ajax-login.css?ver=",{"cssClasses":241,"htmlComments":252,"htmlAttributes":253,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":264},[4,242,243,244,245,246,247,248,249,250,251],"mm-ajax-login-inner","close-button","mm-ajax-login-form-title","mm-ajax-login-status","username","password","login-remember","lost-password","login-buttons","mm-ajax-login-submit-button",[],[254,255,256,257,258,259,260],"id=\"mm-ajax-login-form\"","id=\"mm-ajax-login-status\"","id=\"mm-ajax-login-username\"","id=\"mm-ajax-login-password\"","id=\"mm-ajax-login-rememberme\"","id=\"mm-ajax-login-lost-password\"","id=\"mm-ajax-login-submit-button\"",[],[263],"mm_ajax_login_vars",[],{"error":157,"url":266,"statusCode":267,"statusMessage":268,"message":268},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmm-ajax-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":69,"versions":270},[271],{"version":6,"download_url":24,"svn_tag_url":272,"released_at":26,"has_diff":155,"diff_files_changed":273,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":274,"is_current":157},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmm-ajax-login\u002Ftags\u002F1.0.0\u002F",[],[]]