[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2AaHctz6-sLHlHGAPc9fr_T7pPXvAUqn5STzwCcO4iE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":132,"fingerprints":256},"mojoauth","MojoAuth Passwordless Authentication","2.7","MojoAuth","https:\u002F\u002Fprofiles.wordpress.org\u002Fmojoauth\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fmojoauth.com\" rel=\"nofollow ugc\">MojoAuth\u003C\u002Fa> Passwordless Authentication WordPress plugin replaces standard WordPress login forms with the passwordless authentication method. It provides a robust and secure passwordless authentication mechanism to your WordPress site that offers the users a way to verify themselves while not having to remember or manually type passwords, which in turn provides stronger security and fewer breaches.\u003C\u002Fp>\n\u003Cp>Adding a passwordless authentication mechanism will help to create additional barriers to secure accounts of users. We updated the conventional password method of login with a safer authentication method, for example, log in through Email OTP, Magic Link, Social Login, Phone SMS and WebAuthn. This likewise cuts the additional progression of you fumbling over your failed to remember password.\u003C\u002Fp>\n\u003Ch3>KEY FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Magic Link\u003C\u002Fstrong>: A unique link sent directly to your email which allows you to authenticate once and becomes invalid automatically once you are logged in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OTP\u003C\u002Fstrong>: A unique OTP sent directly to your email which allows you to authenticate once and becomes invalid automatically once you are logged in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WebAuthn\u003C\u002Fstrong>: Allow users to authenticate with built-in authenticators like fingerprint, pin, or using security keys like YubiKey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Login\u003C\u002Fstrong>: Allow your users to log in using Social login like Google, Facebook, Apple, etc., and increase sign-ups by removing the friction of passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMS Authentication\u003C\u002Fstrong>: Authenticate and verify your users using SMS OTP across all your applications and enable a secure, frictionless and customizable login experience for everyone.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>You can contribute or see sources to this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMojoAuth\u002Fmojoauth-wordpress\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We offer 24\u002F7 support, reach out to our support team, or refer our product documents\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live chat\u003C\u002Fli>\n\u003Cli>Email Support mailto:support@mojoauth.com\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmojoauth.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Support documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","MojoAuth provides a secure and delightful experience to your customer with passwordless. Here, you'll find comprehensive guides and documentation &hellip;",10,2761,74,3,"2022-12-13T11:58:00.000Z","6.1.10","3.4","5.6",[20,21,22,23,24],"authentication","email-magic-link","email-otp","sms-authentication","social-login","https:\u002F\u002Fgithub.com\u002FMojoAuth\u002Fmojoauth-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmojoauth.2.7.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":4,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T14:51:50.492Z",[38,60,79,97,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":46,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":46,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"memberstack","Memberstack – Member Management & Content Protection","1.3.1","Josh","https:\u002F\u002Fprofiles.wordpress.org\u002Fmsjoshlopez\u002F","\u003Cp>Since 2019, we’ve helped thousands of businesses to generate $125,000,000 in revenue through premium content and membership sites. Our customers range from high school seniors to teams at Slack, Reddit, American Airlines, Webflow, IDEO, etc.\u003C\u002Fp>\n\u003Cp>Whether you’re creating a custom SaaS application, online course, subscription service, premium content site, or member community, we’re ready to help!\u003C\u002Fp>\n\u003Cp>Our WordPress integration makes it simple to protect content, manage members, and process payments without any coding knowledge. Perfect for content creators, course developers, and businesses looking to monetize their WordPress sites through memberships.\u003C\u002Fp>\n\u003Ch4>Getting Started Guide\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Quick Start Video Tutorial\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Check out our installation and setup guide video: \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FN-S2CJjomK8?si=nGboxSIPbjHHbCoO\" rel=\"nofollow ugc\">Watch Getting Started with Memberstack + WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In this video, you’ll learn how you can add gated content, social auth, and more to your WordPress site using the Memberstack plugin with WordPress!\u003C\u002Fp>\n\u003Ch4>Why Choose Memberstack?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>No Coding Required\u003C\u002Fstrong> – Easy setup with visual builders and pre-built components for WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Features\u003C\u002Fstrong> – Enterprise-grade security and functionality at a fraction of the cost\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Pricing\u003C\u002Fstrong> – Start building in test mode for free with no credit card required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong> – Social login, passwordless options, and traditional email\u002Fpassword\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page Builder Ready\u003C\u002Fstrong> – Works seamlessly with popular builders like Bricks, Elementor, Gutenberg, and more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Online Courses & Educational Content\u003C\u002Fli>\n\u003Cli>Premium News & Media Sites\u003C\u002Fli>\n\u003Cli>Subscription Services\u003C\u002Fli>\n\u003Cli>Member Communities\u003C\u002Fli>\n\u003Cli>Digital Downloads\u003C\u002Fli>\n\u003Cli>Professional Services\u003C\u002Fli>\n\u003Cli>Content Creators\u003C\u002Fli>\n\u003Cli>Online Coaches\u003C\u002Fli>\n\u003Cli>Digital Products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Essential Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Smart Content Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Protect entire pages or specific sections\u003C\u002Fli>\n\u003Cli>Create multiple membership plans, paid or free\u003C\u002Fli>\n\u003Cli>Set up trial periods for paid plans\u003C\u002Fli>\n\u003Cli>Custom access rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Social login (Google, GitHub, LinkedIn, etc.)\u003C\u002Fli>\n\u003Cli>Passwordless email login\u003C\u002Fli>\n\u003Cli>Traditional email\u002Fpassword\u003C\u002Fli>\n\u003Cli>Custom registration fields, we call them “custom fields”\u003C\u002Fli>\n\u003Cli>Profile management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Payment & Subscriptions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stripe integration – Memberstack exclusively uses Stripe\u003C\u002Fli>\n\u003Cli>Multiple pricing tiers\u003C\u002Fli>\n\u003Cli>Free and paid plans\u003C\u002Fli>\n\u003Cli>Trial periods\u003C\u002Fli>\n\u003Cli>Payment management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pricing\u003C\u002Fh4>\n\u003Cp>Start in test mode for free – no credit card required. When you’re ready to launch, choose the plan that fits your member count. As your business grows, unlock lower transaction fees. We added this section because we want to be transparent about our pricing and help you make an informed decision.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Basic – $29\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Perfect for up to 1,000 members\u003C\u002Fli>\n\u003Cli>4% transaction fee – great for testing the waters\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Professional – $49\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Scale up to 5,000 members\u003C\u002Fli>\n\u003Cli>Reduced 2% transaction fee\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Business – $99\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support up to 10,000 members\u003C\u002Fli>\n\u003Cli>Ultra-low 0.9% transaction fee\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Established – $499\u002Fmo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>10,000+ members\u003C\u002Fli>\n\u003Cli>ZERO transaction fees – maximize your revenue\u003C\u002Fli>\n\u003Cli>All core features included\u003C\u002Fli>\n\u003Cli>Priority support included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Every Plan Includes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress integration\u003C\u002Fli>\n\u003Cli>Social login options\u003C\u002Fli>\n\u003Cli>Stripe payment processing\u003C\u002Fli>\n\u003Cli>Custom SSO\u003C\u002Fli>\n\u003Cli>Branded emails\u003C\u002Fli>\n\u003Cli>Member management dashboard\u003C\u002Fli>\n\u003Cli>Save 20% with annual billing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Start for free in test mode and upgrade when you’re ready to launch. No hidden fees or surprises – just straightforward pricing that scales with your success.\u003C\u002Fp>\n\u003Ch4>Page Builder Integration\u003C\u002Fh4>\n\u003Cp>Works seamlessly with your favorite page builders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bricks\u003C\u002Fstrong> – Native elements for forms and buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Elementor\u003C\u002Fstrong> – Custom widgets for membership features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Divi\u003C\u002Fstrong> – Built-in module support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg\u003C\u002Fstrong> – Dedicated blocks for content protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy Implementation\u003C\u002Fh4>\n\u003Cp>Add membership features anywhere with our shortcodes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[memberstack_login]\u003C\u002Fcode> – Display login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_signup]\u003C\u002Fcode> – Display signup form\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_protected]\u003C\u002Fcode> – Protect content sections\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_member]\u003C\u002Fcode> – Display member information\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_modal]\u003C\u002Fcode> – Add modal triggers\u003C\u002Fli>\n\u003Cli>\u003Ccode>[memberstack_logout]\u003C\u002Fcode> – Add logout buttons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Started\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install the Memberstack WordPress plugin\u003C\u002Fli>\n\u003Cli>Create your free Memberstack account at \u003Ca href=\"https:\u002F\u002Fmemberstack.com\" rel=\"nofollow ugc\">memberstack.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Copy your App ID from the Memberstack dashboard\u003C\u002Fli>\n\u003Cli>Paste the App ID in WordPress under Settings > Memberstack\u003C\u002Fli>\n\u003Cli>Start protecting content and adding membership features!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Extensive \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Support Team – \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community Forum – \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Fcommunity\u002Fposts\" rel=\"nofollow ugc\">Join the Discussion\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>WordPress Slack Community – \u003Ca href=\"https:\u002F\u002Fwww.memberstack.com\u002Fwpslack\" rel=\"nofollow ugc\">Join the Slack Community\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Memberstack integrates with our cloud service to manage memberships and protect content. \u003Ca href=\"https:\u002F\u002Fdocs.memberstack.com\u002Fhc\u002Fen-us\u002Farticles\u002F11419812024347-Privacy-Policy\" rel=\"nofollow ugc\">View our Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","Transform your WordPress site into a premium membership platform. Create members-only content and manage subscriptions with ease.",100,2767,24,"2026-03-03T09:43:00.000Z","6.9.4","6.7","7.4",[54,55,24,56,57],"content-protection","membership","subscription-management","user-authentication","https:\u002F\u002Fmemberstack.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberstack.1.3.1.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":28,"num_ratings":28,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":46,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gravity-otp-verification","Gravity Forms – OTP Verification (SMS\u002FEMAIL)","3.2.0","Pigment Development","https:\u002F\u002Fprofiles.wordpress.org\u002Fpigmentdev\u002F","\u003Cp>\u003Cstrong>Gravity Forms – OTP Verification\u003C\u002Fstrong> allows you to add \u003Cstrong>One-Time Password (OTP) verification\u003C\u002Fstrong> to Gravity Forms, ensuring that users enter a valid mobile number or email address before submitting a form. It helps prevent spam, fake submissions, and ensures real user authentication.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🔒 \u003Cstrong>Secure Mobile Verification\u003C\u002Fstrong> – Ensures users verify their phone numbers before submitting.\u003C\u002Fli>\n\u003Cli>✅ \u003Cstrong>Seamless Gravity Forms Integration\u003C\u002Fstrong> – Works with all versions of Gravity Forms without conflicts.\u003C\u002Fli>\n\u003Cli>🌎 \u003Cstrong>Supports Persian, Arabic & English Numbers\u003C\u002Fstrong> – Converts and validates all number formats.\u003C\u002Fli>\n\u003Cli>📡 \u003Cstrong>Flexible SMS Gateway Support\u003C\u002Fstrong> – Connects to multiple SMS providers via built-in integrations or custom hooks.\u003C\u002Fli>\n\u003Cli>⚙️ \u003Cstrong>Easy Setup\u003C\u002Fstrong> – Configure in just a few clicks with user-friendly settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add an Mobile OTP field to \u003Cstrong>any Gravity Form\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Prevent form submission \u003Cstrong>until mobile verification is successful\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Support for \u003Cstrong>multiple SMS gateways\u003C\u002Fstrong> including custom integrations.\u003C\u002Fli>\n\u003Cli>Fully compatible with \u003Cstrong>Gravity Forms’ conditional logic\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Users can \u003Cstrong>resend OTP\u003C\u002Fstrong> with a cooldown limit (e.g., \u003Cstrong>3 attempts, 90 seconds each\u003C\u002Fstrong>).\u003C\u002Fli>\n\u003Cli>Supports \u003Cstrong>hooks & filters\u003C\u002Fstrong> to extend functionality.\u003C\u002Fli>\n\u003Cli>Works across \u003Cstrong>all WordPress and WooCommerce sites\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported SMS Gateways\u003C\u002Fh3>\n\u003Cp>The plugin supports direct integration with popular SMS gateways as well as widely-used SMS plugins. You can send OTP messages using your preferred SMS provider or through supported SMS plugins for maximum flexibility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Plugin: WSMS (formerly WP SMS) (over 300 gateways)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin: Persian WooCommerce SMS (over 100 gateways)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Iranian Gateway: SMS.ir (v1\u002Fv2)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Iranian Gateway: FarazSMS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Iranian Gateway: IPPanel\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Email Gateways\u003C\u002Fh3>\n\u003Cp>The plugin uses the default WordPress email sending function (\u003Ccode>wp_mail\u003C\u002Fcode>). This means you are free to use \u003Cstrong>any email service\u003C\u002Fstrong> you want—whether it’s your web host’s built-in mail, your WordPress site’s configured SMTP settings, or a third-party SMTP plugin. Just configure your preferred email service, and OTP emails will be sent using that method.\u003C\u002Fp>\n\u003Cp>You can also fully customize the OTP email: set a custom sender name, sender address, subject, and modify the email template as HTML directly from the plugin settings.\u003C\u002Fp>\n\u003Cp>Additionally, you can add \u003Cstrong>any other SMS gateway\u003C\u002Fstrong> via \u003Cstrong>WordPress hooks and filters\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>How to Setup the Plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Install & Activate\u003C\u002Fstrong> the plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Go to Gravity Forms\u003C\u002Fstrong> and create a form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add the OTP Field\u003C\u002Fstrong> from the field settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure your SMS Gateway\u003C\u002Fstrong> in plugin settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save your form\u003C\u002Fstrong>, and OTP verification will be active.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Third-Party & External Resources Used\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the following third-party libraries to enhance functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Tippy.js\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select2.js\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Datatables\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>jQuery Confirm\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>jQuery Repeater\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Font Awesome v.7\u003C\u002Fstrong> (Used only for icons in the settings panel)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disclaimer and Warranty\u003C\u002Fh3>\n\u003Cp>This plugin is provided \u003Cstrong>“as is”\u003C\u002Fstrong> without any warranties, express or implied. While every effort has been made to ensure reliability and security, the developers are not responsible for any issues arising from its use. Always test in a \u003Cstrong>staging environment\u003C\u002Fstrong> before deploying to production.\u003C\u002Fp>\n\u003Ch3>Contribution and Support\u003C\u002Fh3>\n\u003Cp>We welcome contributions to improve the plugin! If you have feature requests, bug reports, or suggestions, please create a GitHub issue or pull request.\u003C\u002Fp>\n\u003Cp>Github Repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpigment-dev\u002Fgravity-otp-verification\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fpigment-dev\u002Fgravity-otp-verification\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For support, contact us at \u003Cstrong>\u003Ca href=\"mailto:support@pigment.dev\" rel=\"nofollow ugc\">support (at) pigment (dot) dev\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n","A powerful plugin for Gravity Forms that adds OTP verification via SMS\u002FEmail to your forms for FREE.",60,1081,"2026-03-12T10:02:00.000Z","6.8.5","","7.1",[75,76,23],"gravity-forms","phone-verification","https:\u002F\u002Fpigment.dev\u002Fgravity-otp-verification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-otp-verification.3.2.0.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":28,"num_ratings":28,"last_updated":89,"tested_up_to":50,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":72,"download_link":96,"security_score":46,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"login-with","Login With","1.2","STASEO","https:\u002F\u002Fprofiles.wordpress.org\u002Fstaseo\u002F","\u003Cp>Login With – Google Login for WooCommerce, is a simple and secure plugin that adds Google authentication to your WooCommerce store. It allows customers to log in using their Google accounts, providing a quick and familiar login experience that leads to better conversion rates and more sales. With just one click, customers can log in with Google — no passwords, no forms, no friction. Faster checkouts mean fewer abandoned carts and more completed purchases. Simple to set up, trusted by users, and built to help your store grow.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses Google OAuth 2.0 for authentication. When a user clicks the “Login with Google” button, the following data is sent to Google’s servers:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Client ID and Client Secret (configured in plugin settings)\u003C\u002Fli>\n\u003Cli>User’s email address and basic profile information (name)\u003C\u002Fli>\n\u003Cli>Authentication state token for security\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This data is used to:\u003Cbr \u002F>\n– Verify the user’s Google account\u003Cbr \u002F>\n– Retrieve basic profile information\u003Cbr \u002F>\n– Create or update the user’s account in your WooCommerce store\u003C\u002Fp>\n\u003Cp>The plugin connects to these Google services:\u003Cbr \u002F>\n– https:\u002F\u002Foauth2.googleapis.com\u002Ftoken (for authentication)\u003Cbr \u002F>\n– https:\u002F\u002Fwww.googleapis.com\u002Foauth2\u002Fv2\u002Fuserinfo (for user profile data)\u003C\u002Fp>\n\u003Cp>For more information about Google’s data handling, please review:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Google’s Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google’s Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Conversion rate and sales booster\u003C\u002Fli>\n\u003Cli>Adds a “Login with Google” button to WooCommerce login forms\u003C\u002Fli>\n\u003Cli>Works on both the account page and checkout\u003C\u002Fli>\n\u003Cli>Secure OAuth 2.0 authentication\u003C\u002Fli>\n\u003Cli>Automatic user account creation for new Google users\u003C\u002Fli>\n\u003Cli>Syncs user’s name and email from Google profile\u003C\u002Fli>\n\u003Cli>Customizable button appearance\u003C\u002Fli>\n\u003Cli>Mobile-friendly design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>WooCommerce 3.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>Google API credentials (Client ID and Client Secret)\u003C\u002Fli>\n\u003C\u002Ful>\n","Add Google authentication to your WooCommerce store, allowing customers to log in with their Google accounts.",20,1100,"2026-02-04T11:17:00.000Z","5.0","7.2",[20,93,94,24,95],"google","login","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with.1.2.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":87,"downloaded":105,"rating":46,"num_ratings":106,"last_updated":107,"tested_up_to":50,"requires_at_least":108,"requires_php":52,"tags":109,"homepage":72,"download_link":113,"security_score":46,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ventraconnect-social-login","VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)","1.2.0","Fahad Aslam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahdaslam\u002F","\u003Cp>VentraConnect provides a \u003Cstrong>unified login system\u003C\u002Fstrong> for WordPress: Social Login + Magic Link + Email OTP.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Social Login\u003C\u002Fstrong> with 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> with \u003Cstrong>Magic Link\u003C\u002Fstrong> and \u003Cstrong>Email OTP\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Can run in \u003Cstrong>Login only\u003C\u002Fstrong> mode (existing users) or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (allow new accounts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guardrails (optional):\u003C\u002Fstrong> prevent spam accounts by letting \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> log existing users in, but optionally blocking them from creating new users. This stops random visitors from turning your login screen into an open registration form, while your normal WordPress registration and any custom onboarding forms continue to work as usual.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works out-of-the-box on the default WordPress login\u002Fregistration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>) and also supports shortcodes for custom pages and page builders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No proxy servers. No third-party tracking.\u003C\u002Fstrong> VentraConnect connects directly to each provider using official OAuth flows.\u003C\u002Fp>\n\u003Cp>| \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002Fwhat-is-ventraconnect-social-login\u002F\" rel=\"nofollow ugc\">Setup\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro Addon\u003C\u002Fa> |\u003C\u002Fp>\n\u003Ch3>Best for\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sites that want \u003Cstrong>faster logins\u003C\u002Fstrong> and fewer abandoned registrations by offering Social Login + passwordless login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> that want modern social + passwordless login on the login, checkout and My Account pages (Pro add-on).\u003C\u002Fli>\n\u003Cli>Sites that are getting \u003Cstrong>spam registrations\u003C\u002Fstrong> and want Guardrails to control who can create new accounts from the default \u003Ccode>wp-login.php\u003C\u002Fcode> screen.\u003C\u002Fli>\n\u003Cli>Sites that want to add \u003Cstrong>passwordless login\u003C\u002Fstrong> (Magic Link \u002F Email OTP) as an option, without removing the classic username\u002Fpassword login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features (Free)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Social Login\u003C\u002Fstrong>\u003Cbr \u002F>\n– 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003Cbr \u002F>\n– Adds login buttons to core WordPress login & registration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>)\u003Cbr \u002F>\n– Shortcodes for custom pages, page builders, and custom login pages\u003Cbr \u002F>\n– Account linking + unlinking (connect multiple providers to one WordPress user)\u003Cbr \u002F>\n– Optional profile sync (name + avatar)\u003Cbr \u002F>\n– Button styles: Light, Dark, Minimal, plus icon-only layouts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Passwordless Login (Magic Link + Email OTP)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Built-in security: expiry, resend throttling, single-use links, max attempt limits\u003Cbr \u002F>\n– Flexible behavior: \u003Cstrong>Login only\u003C\u002Fstrong> mode or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (per method)\u003Cbr \u002F>\n– Per-method redirect overrides (same page, referrer, homepage, custom URL)\u003Cbr \u002F>\n– Custom emails: edit sender name, subject, and message templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guardrails (Spam & signup control)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Prevent spam accounts by controlling whether \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> are allowed to create new users\u003Cbr \u002F>\n– Keep your login screen focused on \u003Cstrong>login\u003C\u002Fstrong> only, while still letting existing users sign in with all three methods\u003Cbr \u002F>\n– Your normal WordPress registration form and other registration\u002Fonboarding flows continue to work as usual\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– Basic redirect options for social + passwordless login\u003Cbr \u002F>\n– Diagnostics\u002Flogging to debug OAuth and login issues\u003Cbr \u002F>\n– Email notifications (user + admin) when a new account is created via social login\u003C\u002Fp>\n\u003Ch3>Pro Add-on (Optional)\u003C\u002Fh3>\n\u003Cp>The Pro add-on extends the same login system into popular plugins and adds advanced control:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> for login, checkout and My Account, with Guardrails-aware flows and context-based shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LMS integrations\u003C\u002Fstrong>: LearnDash, LifterLMS, LearnPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership\u002Fcommunity integrations\u003C\u002Fstrong>: MemberPress, Ultimate Member, Paid Memberships Pro (PMPro), BuddyPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Mode (Off, Recommended, Strict)\u003C\u002Fstrong> to control how aggressively passwords are phased out on supported forms while keeping an admin fallback\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced redirect rules\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & login insights\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Additional \u003Cstrong>diagnostics\u002Flogging\u003C\u002Fstrong> for complex setups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro features require the separate \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002F\" rel=\"nofollow ugc\">VentraConnect Social Login Pro\u003C\u002Fa> add-on.\u003C\u002Fp>\n\u003Ch3>Supported Social Providers\u003C\u002Fh3>\n\u003Cp>Google, Facebook, X (Twitter), LinkedIn, Microsoft, GitHub, Discord, Reddit, Slack, Twitch, Spotify, TikTok, Amazon, Yahoo, WordPress.com, LINE.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user clicks a Social Login button, or requests a Magic Link \u002F Email OTP.\u003C\u002Fli>\n\u003Cli>For Social Login, the user authenticates with the provider via official OAuth; for Magic Link \u002F OTP, they verify ownership of their email address.\u003C\u002Fli>\n\u003Cli>VentraConnect receives basic profile or email data and looks for an existing WordPress user.\u003C\u002Fli>\n\u003Cli>If the email matches an existing user, the login methods are linked to that account and the user is logged in. If not, a new user may be created (subject to your Guardrails and registration settings).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>VentraConnect Social Login is an OAuth client only.\u003C\u002Fp>\n\u003Cp>During login:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The user is redirected to the selected provider such as Google or Facebook.\u003C\u002Fli>\n\u003Cli>The provider authenticates the user.\u003C\u002Fli>\n\u003Cli>The provider returns an authorization token to your site.\u003C\u002Fli>\n\u003Cli>VentraConnect retrieves basic profile data:\n\u003Cul>\n\u003Cli>Provider user ID\u003C\u002Fli>\n\u003Cli>Email address\u003C\u002Fli>\n\u003Cli>Display name\u003C\u002Fli>\n\u003Cli>Avatar URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No user data is sent to or stored on servers owned by the plugin author.\u003Cbr \u002F>\nAll communication happens directly between your WordPress site and the provider official APIs.\u003C\u002Fp>\n\u003Ch3>Provider Domains Used\u003C\u002Fh3>\n\u003Cp>Google\u003Cbr \u002F>\naccounts.google.com\u003Cbr \u002F>\noauth2.googleapis.com\u003Cbr \u002F>\npeople.googleapis.com\u003C\u002Fp>\n\u003Cp>Facebook\u003Cbr \u002F>\ngraph.facebook.com\u003C\u002Fp>\n\u003Cp>Microsoft\u003Cbr \u002F>\nlogin.microsoftonline.com\u003Cbr \u002F>\ngraph.microsoft.com\u003C\u002Fp>\n\u003Cp>TikTok\u003Cbr \u002F>\nopen.tiktokapis.com\u003C\u002Fp>\n\u003Cp>Reddit\u003Cbr \u002F>\nwww.reddit.com\u003Cbr \u002F>\noauth.reddit.com\u003C\u002Fp>\n\u003Cp>LINE\u003Cbr \u002F>\naccess.line.me\u003Cbr \u002F>\napi.line.me\u003C\u002Fp>\n\u003Cp>Slack\u003Cbr \u002F>\nslack.com\u003C\u002Fp>\n\u003Cp>Discord\u003Cbr \u002F>\ndiscord.com\u003C\u002Fp>\n\u003Cp>Twitch\u003Cbr \u002F>\nid.twitch.tv\u003Cbr \u002F>\napi.twitch.tv\u003C\u002Fp>\n\u003Cp>GitHub\u003Cbr \u002F>\ngithub.com\u003Cbr \u002F>\napi.github.com\u003C\u002Fp>\n\u003Cp>Amazon\u003Cbr \u002F>\nwww.amazon.com\u003Cbr \u002F>\napi.amazon.com\u003C\u002Fp>\n\u003Cp>Yahoo\u003Cbr \u002F>\napi.login.yahoo.com\u003C\u002Fp>\n\u003Cp>WordPress.com\u003Cbr \u002F>\npublic-api.wordpress.com\u003C\u002Fp>\n\u003Cp>LinkedIn\u003Cbr \u002F>\nwww.linkedin.com\u003Cbr \u002F>\napi.linkedin.com\u003C\u002Fp>\n\u003Cp>Each provider has its own Terms of Service and Privacy Policy. You are responsible for complying with those terms when enabling a provider.\u003C\u002Fp>\n","Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.",584,2,"2026-02-25T12:07:00.000Z","6.2",[22,110,111,112,24],"magic-link","oauth","passwordless-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fventraconnect-social-login.1.2.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":11,"downloaded":122,"rating":123,"num_ratings":106,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":72,"tags":127,"homepage":130,"download_link":131,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"stitchz-social-login","Stitchz Social Login","1.0.4","stitchzdotnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fstitchzdotnet\u002F","\u003Cp>The Stitchz Social Login plugin extends the standard WordPress user registration\u003Cbr \u002F>\nand login experience by integrating social login features. With Stitchz Social\u003Cbr \u002F>\nLogin users can login with one or more supported social networks, including\u003Cbr \u002F>\nFacebook, Twitter, Google, LinkedIn and more (22+).\u003C\u002Fp>\n\u003Cp>Stitchz Social Login provides a single, simple interface that maintains all\u003Cbr \u002F>\nyour social identity provider information safely and securely (and encrypted\u003Cbr \u002F>\nwhile at rest). Using Stitchz saves time and eliminates custom code necessary to\u003Cbr \u002F>\nintegrate and manage multiple identity providers.\u003C\u002Fp>\n\u003Cp>Any user account can connect one or more social identities to their account\u003Cbr \u002F>\nand use them to login in with (before or after their account is created).\u003C\u002Fp>\n\u003Ch4>Supported Providers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Google Plus\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003Cli>Box\u003C\u002Fli>\n\u003Cli>Paypal\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Dropbox\u003C\u002Fli>\n\u003Cli>OpenID\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>VK (Vkontakte)\u003C\u002Fli>\n\u003Cli>Foursquare\u003C\u002Fli>\n\u003Cli>Windows Live\u003C\u002Fli>\n\u003Cli>SoundCloud\u003C\u002Fli>\n\u003Cli>Discogs\u003C\u002Fli>\n\u003Cli>Flickr\u003C\u002Fli>\n\u003Cli>SalesForce.com\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Github\u003C\u002Fli>\n\u003Cli>Disqus\u003C\u002Fli>\n\u003Cli>more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For additional details of the plugin, visit the project page:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.stitchz.net\u002FBlog\u002FGetting-Started-with-WordPress-and-Social-Login-A-Step-by-Step-Guide\u003C\u002Fp>\n\u003Cp>To submit bug reports and feature suggestions, or to track changes:\u003Cbr \u002F>\n  http:\u002F\u002Fstitchz.uservoice.com\u002Fforums\u002F81839?lang=en\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>To login with any identity provider, click the provider link on the login page. The browser will be redirected to the identity provider’s login page followed by (typically) a permissions\u002Fscope confirmation page. After a successful login the browser will be redirected back to the WordPress website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Any user account can connect one or more social identities to their account. The Connected Identities section on the user profile page lists all social identities associated with the user. Identities can be removed by clicking the “X” next to the provider name, or added by click the provider name.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Stitchz Login Shortcode can be used on any page\u002Fpost by using the following: [stitchz_social_login_shortcode]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Cp>None.\u003C\u002Fp>\n\u003Ch3>CONTACT\u003C\u002Fh3>\n\u003Cp>Current maintainer(s):\u003Cbr \u002F>\n* Stitchzdotnet (Ethan Peterson) – \u003Ca href=\"http:\u002F\u002Fwww.twitter.com\u002Fstitchzdotnet\" rel=\"nofollow ugc\">@stichzdotnet\u003C\u002Fa> on Twitter\u003C\u002Fp>\n","The Stitchz Social Login plugin adds the option to authenticate with one or more of the 22+ social identities providers supported by Stitchz.",2221,50,"2015-12-29T04:13:00.000Z","4.4.34","3.9.2",[128,93,24,129,57],"facebook","twitter","http:\u002F\u002Fwww.stitchz.net\u002FWordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstitchz-social-login.1.0.4.zip",{"attackSurface":133,"codeSignals":216,"taintFlows":243,"riskAssessment":244,"analyzedAt":255},{"hooks":134,"ajaxHandlers":193,"restRoutes":210,"shortcodes":211,"cronEvents":213,"entryPointCount":214,"unprotectedCount":215},[135,140,144,149,152,156,160,164,168,171,173,177,180,183,187,191],{"type":136,"name":137,"callback":138,"file":139,"line":87},"action","admin_init","register_mojoauth_plugin_settings","admin\\index.php",{"type":136,"name":141,"callback":142,"file":139,"line":143},"admin_menu","create_mojoauth_menu",22,{"type":145,"name":146,"callback":147,"priority":11,"file":139,"line":148},"filter","plugin_action_links","mojoauth_setting_links",23,{"type":136,"name":150,"callback":151,"priority":11,"file":139,"line":48},"mojoauth_reset_admin_action","reset_settings_action",{"type":136,"name":153,"callback":154,"file":139,"line":155},"admin_enqueue_scripts","add_stylesheet_to_admin",25,{"type":136,"name":157,"callback":158,"priority":159,"file":139,"line":34},"personal_options_update","disable_users_email_change_BACKEND",5,{"type":136,"name":161,"callback":162,"file":139,"line":163},"show_user_profile","disable_users_email_change_HTML",31,{"type":136,"name":165,"callback":166,"priority":11,"file":167,"line":87},"login_enqueue_scripts","mojoauth_enqueue_script","frontend\\pages\\auth.php",{"type":145,"name":169,"callback":170,"file":167,"line":48},"pr_page_content","mojoauth_short_code",{"type":136,"name":172,"callback":172,"file":167,"line":155},"woocommerce_init",{"type":136,"name":174,"callback":175,"file":167,"line":176},"init","mojoauth_state_id_handler",26,{"type":136,"name":178,"callback":166,"priority":11,"file":167,"line":179},"wp_footer",43,{"type":145,"name":181,"callback":182,"file":167,"line":68},"woocommerce_checkout_fields","mojoauth_woocommerce_remove_checkout_fields",{"type":136,"name":184,"callback":185,"file":167,"line":186},"woocommerce_edit_account_form_end","mojoauth_myaccount_required_fields",61,{"type":136,"name":188,"callback":189,"file":167,"line":190},"template_redirect","mojoauth_woocommerce_login_form_redirect",63,{"type":136,"name":178,"callback":166,"priority":11,"file":167,"line":192},104,[194,198,201,204,206,209],{"action":195,"nopriv":196,"callback":197,"hasNonce":196,"hasCapCheck":196,"file":139,"line":176},"mojoauth_verification",false,"mojoauth_apikey_verification",{"action":195,"nopriv":199,"callback":197,"hasNonce":196,"hasCapCheck":196,"file":139,"line":200},true,27,{"action":202,"nopriv":196,"callback":202,"hasNonce":196,"hasCapCheck":196,"file":139,"line":203},"mojoauth_get_language",28,{"action":202,"nopriv":199,"callback":202,"hasNonce":196,"hasCapCheck":196,"file":139,"line":205},29,{"action":207,"nopriv":196,"callback":207,"hasNonce":196,"hasCapCheck":196,"file":167,"line":208},"mojoauth_login",21,{"action":207,"nopriv":199,"callback":207,"hasNonce":196,"hasCapCheck":196,"file":167,"line":143},[],[212],{"tag":4,"callback":170,"file":167,"line":148},[],7,6,{"dangerousFunctions":217,"sqlUsage":218,"outputEscaping":220,"fileOperations":33,"externalRequests":106,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":242},[],{"prepared":28,"raw":28,"locations":219},[],{"escaped":214,"rawEcho":221,"locations":222},9,[223,227,229,230,232,234,236,238,240],{"file":224,"line":225,"context":226},"admin\\views\\settings.php",129,"raw output",{"file":167,"line":228,"context":226},49,{"file":167,"line":123,"context":226},{"file":167,"line":231,"context":226},159,{"file":167,"line":233,"context":226},171,{"file":167,"line":235,"context":226},178,{"file":167,"line":237,"context":226},201,{"file":167,"line":239,"context":226},204,{"file":167,"line":241,"context":226},234,[],[],{"summary":245,"deductions":246},"The \"mojoauth\" plugin v2.7 exhibits a mixed security posture.  On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and shows no known historical vulnerabilities. This suggests a developer with some awareness of common security pitfalls.  However, a significant concern arises from the static analysis, where a substantial portion of the attack surface, specifically 6 out of 7 entry points, are unprotected AJAX handlers. This lack of authentication checks on these handlers presents a significant risk of unauthorized actions if they can be triggered by unauthenticated users.\n\nThe code analysis also reveals that only 44% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. While no critical or high severity taint flows were detected, the potential for XSS due to unescaped output on multiple entry points remains a notable weakness. The plugin also makes external HTTP requests, which, without further analysis, could be a vector for other types of attacks if not handled securely. The absence of nonce checks on AJAX handlers further exacerbates the risk associated with the unprotected entry points.\n\nIn conclusion, while the absence of historical CVEs and the use of prepared statements are strengths, the plugin's security is significantly undermined by the numerous unprotected AJAX handlers and the insufficient output escaping. These issues create a considerable risk of unauthorized actions and potential XSS vulnerabilities. Further investigation into the specific functionality of the unprotected AJAX handlers and the unescaped output is highly recommended to fully assess the impact.",[247,249,251,253],{"reason":248,"points":11},"Unprotected AJAX handlers",{"reason":250,"points":215},"Insufficient output escaping",{"reason":252,"points":214},"Missing nonce checks on AJAX",{"reason":254,"points":106},"External HTTP requests","2026-03-17T00:00:05.020Z",{"wat":257,"direct":266},{"assetPaths":258,"generatorPatterns":261,"scriptPaths":262,"versionParams":263},[259,260],"\u002Fwp-content\u002Fplugins\u002Fmojoauth\u002Fadmin\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmojoauth\u002Fadmin\u002Fassets\u002Fjs\u002Fverification.js",[],[260],[264,265],"mojoauth\u002Fadmin\u002Fassets\u002Fcss\u002Fstyle.css?ver=","mojoauth\u002Fadmin\u002Fassets\u002Fjs\u002Fverification.js?ver=",{"cssClasses":267,"htmlComments":269,"htmlAttributes":271,"restEndpoints":275,"jsGlobals":277,"shortcodeOutput":279},[268],"mojoauth-admin-notice",[270],"\u003C!-- MojoAuth Settings Page -->",[272,273,274],"data-mojoauth-key","data-mojoauth-redirect","data-mojoauth-lang",[276],"\u002Fwp-json\u002Fmojoauth\u002Fv1\u002Fuser\u002Flogin",[278,7],"mojoauthadminajax",[280],"[mojoauth_login]"]