[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFKjrGmEyMQvCKbUiPyGAjwj1PZmGWHLs3adamTjt3zM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":125,"fingerprints":257},"oauth2-account-login","OAuth2 Account Login","1.0.1","Digitaldive","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitaldive\u002F","\u003Cp>WP OAuth2 adds “Login with WordPress.com” (OAuth2) to your WordPress login screen and a connect\u002Fdisconnect widget on user profile pages. It’s designed for agencies and teams managing multiple sites who want a consistent WordPress.com login without installing Jetpack.\u003C\u002Fp>\n\u003Cp>External Service: WordPress.com OAuth2 API\u003Cbr \u002F>\n– Service purpose: Authenticate users with their WordPress.com accounts.\u003Cbr \u002F>\n– Data sent: Client ID, redirect URI, OAuth authorization code, and standard HTTP request metadata during the OAuth flow.\u003Cbr \u002F>\n– Data received: WordPress.com user ID, email, and display name to link or create WordPress users.\u003Cbr \u002F>\n– Service terms: https:\u002F\u002Fwordpress.com\u002Ftos\u002F\u003Cbr \u002F>\n– Privacy policy: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress.com login (OAuth2 “auth” scope).\u003C\u002Fli>\n\u003Cli>Link or unlink WordPress users to WordPress.com accounts.\u003C\u002Fli>\n\u003Cli>Auto-create users when no matching email exists (optional).\u003C\u002Fli>\n\u003Cli>Allowlist by email domain or WordPress.com user ID (optional).\u003C\u002Fli>\n\u003Cli>Audit log of the last 20 OAuth attempts (optional).\u003C\u002Fli>\n\u003Cli>Stores only WordPress.com user ID in user meta (no access tokens stored).\u003C\u002Fli>\n\u003Cli>Short-lived OAuth state with HttpOnly cookie + transient for CSRF protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Setup requires creating a WordPress.com application and adding the redirect URI shown in the plugin settings. Feature toggles let you enable or disable the login button, profile widget, auto-create users, admin notices, allowlists, and the audit log.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin connects to WordPress.com to authenticate users. It stores the WordPress.com user ID in WordPress user meta to link accounts. OAuth access tokens are used during the login flow and are not stored. A short-lived HttpOnly cookie and transient are used for OAuth state validation and expire automatically. If the audit log is enabled, the last 20 OAuth attempts are stored (time, status, IP address, and basic details) in a non-autoloaded option. WordPress.com service terms: https:\u002F\u002Fwordpress.com\u002Ftos\u002F and privacy policy: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F.\u003C\u002Fp>\n","Add WordPress.com OAuth2 login to WordPress. Let teams sign in with WordPress.com, link accounts, and avoid Jetpack. Not affiliated with Automattic.",0,187,"2026-02-24T21:08:00.000Z","6.9.4","5.2","7.0",[18,19,20,21,22],"login","oauth2","sso","user-management","wordpress-com","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foauth2-account-login.1.0.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"digitaldive",4,30,94,"2026-04-04T14:44:35.444Z",[36,55,71,80,102],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":23,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":54},"lana-sso","Lana Single Sign On","1.2.0","Lana Codes","https:\u002F\u002Fprofiles.wordpress.org\u002Flanacodes\u002F","\u003Cp>Lana Single Sign On is an OAuth 2.0 client, which was primarily created for the Lana Passport OAuth 2.0 server plugin.\u003C\u002Fp>\n\u003Ch4>Lana Codes\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-sso\u002F\" rel=\"nofollow ugc\">Lana Single Sign On\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flana.solutions\u002Fdocumentation\u002Flana-sso\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-passport\u002F\" rel=\"nofollow ugc\">Lana Passport\u003C\u002Fa>\u003C\u002Fp>\n","Creates the ability to login using Single Sign On via OAuth 2.0",20,1440,"6.6.5","4.0","5.6",[18,50,19,51,20],"oauth-2-0","single-sign-on","https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-sso\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flana-sso.1.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":11,"num_ratings":11,"last_updated":23,"tested_up_to":65,"requires_at_least":66,"requires_php":23,"tags":67,"homepage":69,"download_link":70,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":54},"wp-vbulletin-sso","WP vBulletin SSO","1.3.5","extremeidea","https:\u002F\u002Fprofiles.wordpress.org\u002Fextremeidea\u002F","\u003Cp>Looking for SSO tool for your WordPress and vBulletin sites?\u003C\u002Fp>\n\u003Cp>Try WP vBulletin SSO module for FREE.\u003C\u002Fp>\n\u003Cp>WP vBulletin SSO consists of two synchronization vBulletin and WordPress lightweight extensions, where WordPress holds the master users database and all the user-related operations are managed there. The solution does migrate the users data from vBulletin to WordPress (email, username) only. It does not migrate password and other user-related data like avatars, or MailChimp settings, Facebook users, other fields like first or last name etc. Only email, password, username is synced.\u003C\u002Fp>\n\u003Cp>The plugin is developed and supported by \u003Ca href=\"https:\u002F\u002Fwww.extreme-idea.com\u002F\" rel=\"nofollow ugc\">Extreme Idea LLC\u003C\u002Fa>. Our entire team is ready to help you. Ask your questions in the support forum, or \u003Ca href=\"https:\u002F\u002Fwww.extreme-idea.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">contact us directly\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Uninstallation\u003C\u002Fh3>\n\u003Cp>To Uninstall the SSO extension:\u003Cbr \u002F>\n1. Log in as WordPress administrator to WordPress Admin Panel:\u003Cbr \u002F>\n2. Navigate to Plugins > press Installed Plugins button > navigate to the SSO vBulletin extension.\u003Cbr \u002F>\n3. Press Deactivate button.\u003Cbr \u002F>\n4. Press Delete button. The plugin should be successfully deleted.\u003C\u002Fp>\n\u003Cp>To Uninstall the extension via the vBulletin dashboard:\u003Cbr \u002F>\n1. Log in to your forum’s \u002Fadmincp\u002F control panel as administrator.\u003Cbr \u002F>\n2. Navigate to the Plugins & Products section.\u003Cbr \u002F>\n3. Expand section and click on the Manage Products link.\u003Cbr \u002F>\n4. Find vBulletin SSO extension and select Uninstall it.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>To open WordPress plugin`s settings page: Log in as WordPress administrator > Settings > SSO vBulletin.\u003C\u002Fp>\n\u003Cp>Here you can:\u003Cbr \u002F>\n* Enable \u002F Disable Email Notification (by default this features is disabled).\u003Cbr \u002F>\n* Set Email Address(es) for Email Notifications.\u003Cbr \u002F>\n* Set Illegal User names and characters.\u003C\u002Fp>\n\u003Cp>To open vBulletin plugin`s settings page navigate to: Settings > Options > SSO vBulletin.\u003C\u002Fp>\n\u003Cp>There are available next redirection fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Login Url” field – enter the URL you would like to be redirected to (after Login button is pressed).\u003C\u002Fli>\n\u003Cli>“Register Url” field – enter the URL you would like to be redirected to (after Register button is pressed).\u003C\u002Fli>\n\u003Cli>“Lost Password Url ”field – enter the URL you would like to be redirected to (after Lost Password button is pressed).\u003C\u002Fli>\n\u003Cli>“Change Password and Email Url” field – enter the URL you would like to be redirected to (after Change Password and Email button is pressed).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Error Log\u003C\u002Fh3>\n\u003Cp>Errors are stored at WORDPRESS_ROOT\u002Fwp-content\u002Fuploads\u002Fsso-vbulletin-logs\u003C\u002Fp>\n","Looking for SSO tool for your WordPress and vBulletin sites?",10,1450,"5.6.17","4.4",[18,68,51,20,21],"registration","https:\u002F\u002Fwww.extreme-idea.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-vbulletin-sso.zip",{"slug":72,"name":73,"version":39,"author":59,"author_profile":60,"description":74,"short_description":75,"active_installs":11,"downloaded":76,"rating":25,"num_ratings":77,"last_updated":23,"tested_up_to":65,"requires_at_least":66,"requires_php":23,"tags":78,"homepage":69,"download_link":79,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":54},"sso-vbulletin","SSO vBulletin","\u003Cp>Important!!!\u003C\u002Fp>\n\u003Cp>\nThis plugin is deprecated and was renamed as WP vBulletin SSO. All future changes will be released only in scope of WP vBulletin SSO plugin. \u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-vbulletin-sso\u002F\" rel=\"ugc\">Go to WP vBulletin SSO plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The plugin is developed and supported by \u003Ca href=\"https:\u002F\u002Fwww.extreme-idea.com\u002F\" rel=\"nofollow ugc\">Extreme Idea LLC\u003C\u002Fa>. Our entire team is ready to help you. Ask your questions in the support forum, or \u003Ca href=\"https:\u002F\u002Fwww.extreme-idea.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">contact us directly\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Uninstallation\u003C\u002Fh3>\n\u003Cp>To Uninstall the SSO extension:\u003Cbr \u002F>\n1. Log in as WordPress administrator to WordPress Admin Panel:\u003Cbr \u002F>\n2. Navigate to Plugins > press Installed Plugins button > navigate to the SSO vBulletin extension.\u003Cbr \u002F>\n3. Press Deactivate button.\u003Cbr \u002F>\n4. Press Delete button. The plugin should be successfully deleted.\u003C\u002Fp>\n\u003Cp>To Uninstall the extension via the vBulletin dashboard:\u003Cbr \u002F>\n1. Log in to your forum’s \u002Fadmincp\u002F control panel as administrator.\u003Cbr \u002F>\n2. Navigate to the Plugins & Products section.\u003Cbr \u002F>\n3. Expand section and click on the Manage Products link.\u003Cbr \u002F>\n4. Find vBulletin SSO extension and select Uninstall it.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>To open the SSO vBulletin plugin settings page: Log in as WordPress administrator > Settings > SSO vBulletin\u003Cbr \u002F>\nHere you can:\u003Cbr \u002F>\nEnable \u002F Disable Email Notification (by default this features is disabled).\u003Cbr \u002F>\nSet Email Address(es) for Email Notifications.\u003Cbr \u002F>\nSet Illegal User names and characters.\u003C\u002Fp>\n\u003Cp>To open the SSO vBulletin plugin settings page navigate to : Settings > Options > SSO vBulletin\u003C\u002Fp>\n\u003Cp>There are available next redirection fields:\u003C\u002Fp>\n\u003Cp>“Login Url” field – enter the URL you would like to be redirected to (after Login button is pressed).\u003Cbr \u002F>\n“Register Url” field – enter the URL you would like to be redirected to (after Register button is pressed).\u003Cbr \u002F>\n“Lost Password Url ”field – enter the URL you would like to be redirected to (after Lost Password button is pressed).\u003Cbr \u002F>\n“Change Password and Email Url” field – enter the URL you would like to be redirected to (after Change Password and Email button is pressed).\u003C\u002Fp>\n\u003Ch3>Error Log\u003C\u002Fh3>\n\u003Cp>Errors are stored at WORDPRESS_ROOT\u002Fwp-content\u002Fuploads\u002Fsso-vbulletin-logs\u003C\u002Fp>\n","Important!!!",4348,2,[18,68,51,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsso-vbulletin.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":25,"num_ratings":44,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":100,"vuln_count":77,"unpatched_count":11,"last_vuln_date":101,"fetched_at":27},"daggerhart-openid-connect-generic","OpenID Connect Generic Client","3.11.3","Jonathan Daggerhart","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaggerhart\u002F","\u003Cp>This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.\u003Cbr \u002F>\nOnce installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”\u003Cbr \u002F>\nbutton on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while\u003Cbr \u002F>\nnew users are created in WordPress database.\u003C\u002Fp>\n\u003Cp>Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.\u003C\u002Fp>\n\u003Cp>Please submit issues to the Github repo: https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic\u003C\u002Fp>\n","A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.",10000,177319,"2026-02-13T04:36:00.000Z","6.9.0","5.0","7.4",[95,18,19,96,97],"apps","openidconnect","security","https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaggerhart-openid-connect-generic.3.11.3.zip",98,"2025-12-17 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":88,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":121,"download_link":122,"security_score":25,"vuln_count":123,"unpatched_count":11,"last_vuln_date":124,"fetched_at":27},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",661543,92,64,"2025-05-08T16:01:00.000Z","6.8.5","5.5","7.2",[118,119,18,120,20],"authentication","google","oauth","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip",1,"2022-12-01 00:00:00",{"attackSurface":126,"codeSignals":184,"taintFlows":249,"riskAssessment":250,"analyzedAt":256},{"hooks":127,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":11,"unprotectedCount":11},[128,134,138,142,146,150,154,158,162,166,169,171,172,173,174,175,176,177,178,179],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_menu","add_settings_page","OAuth2 Account Login\\WP-OAuth2.php",40,{"type":129,"name":135,"callback":136,"file":132,"line":137},"admin_init","register_settings",41,{"type":129,"name":139,"callback":140,"file":132,"line":141},"admin_notices","render_admin_notices",42,{"type":129,"name":143,"callback":144,"file":132,"line":145},"admin_post_ddoal_clear_log","handle_clear_audit_log",43,{"type":129,"name":147,"callback":148,"file":132,"line":149},"login_footer","render_floating_lock_login",46,{"type":129,"name":151,"callback":152,"file":132,"line":153},"login_enqueue_scripts","enqueue_login_assets",47,{"type":129,"name":155,"callback":156,"file":132,"line":157},"admin_footer","render_profile_floating_widget",50,{"type":129,"name":159,"callback":160,"file":132,"line":161},"admin_enqueue_scripts","enqueue_admin_assets",51,{"type":129,"name":163,"callback":164,"file":132,"line":165},"init","handle_oauth_callback",54,{"type":129,"name":135,"callback":167,"file":132,"line":168},"handle_disconnect",55,{"type":129,"name":130,"callback":131,"file":170,"line":133},"WP-OAuth2.php",{"type":129,"name":135,"callback":136,"file":170,"line":137},{"type":129,"name":139,"callback":140,"file":170,"line":141},{"type":129,"name":143,"callback":144,"file":170,"line":145},{"type":129,"name":147,"callback":148,"file":170,"line":149},{"type":129,"name":151,"callback":152,"file":170,"line":153},{"type":129,"name":155,"callback":156,"file":170,"line":157},{"type":129,"name":159,"callback":160,"file":170,"line":161},{"type":129,"name":163,"callback":164,"file":170,"line":165},{"type":129,"name":135,"callback":167,"file":170,"line":168},[],[],[],[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":188,"fileOperations":11,"externalRequests":31,"nonceChecks":31,"capabilityChecks":247,"bundledLibraries":248},[],{"prepared":11,"raw":11,"locations":187},[],{"escaped":189,"rawEcho":190,"locations":191},116,36,[192,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246],{"file":132,"line":193,"context":194},171,"raw output",{"file":132,"line":196,"context":194},177,{"file":132,"line":198,"context":194},197,{"file":132,"line":200,"context":194},198,{"file":132,"line":202,"context":194},208,{"file":132,"line":204,"context":194},209,{"file":132,"line":206,"context":194},219,{"file":132,"line":208,"context":194},220,{"file":132,"line":210,"context":194},230,{"file":132,"line":212,"context":194},231,{"file":132,"line":214,"context":194},274,{"file":132,"line":216,"context":194},275,{"file":132,"line":218,"context":194},279,{"file":132,"line":220,"context":194},287,{"file":132,"line":222,"context":194},288,{"file":132,"line":224,"context":194},292,{"file":132,"line":226,"context":194},338,{"file":132,"line":228,"context":194},339,{"file":170,"line":193,"context":194},{"file":170,"line":196,"context":194},{"file":170,"line":198,"context":194},{"file":170,"line":200,"context":194},{"file":170,"line":202,"context":194},{"file":170,"line":204,"context":194},{"file":170,"line":206,"context":194},{"file":170,"line":208,"context":194},{"file":170,"line":210,"context":194},{"file":170,"line":212,"context":194},{"file":170,"line":214,"context":194},{"file":170,"line":216,"context":194},{"file":170,"line":218,"context":194},{"file":170,"line":220,"context":194},{"file":170,"line":222,"context":194},{"file":170,"line":224,"context":194},{"file":170,"line":226,"context":194},{"file":170,"line":228,"context":194},8,[],[],{"summary":251,"deductions":252},"The 'oauth2-account-login' plugin version 1.0.1 exhibits a generally strong security posture based on the provided static analysis.  The plugin demonstrates excellent practices by having no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed in its attack surface, and critically, none of these potential entry points are left unprotected. The code signals also indicate a diligent approach to security, with no dangerous functions, file operations, or raw SQL queries detected. The consistent use of prepared statements for SQL queries and the presence of capability checks and nonce checks are positive indicators.  The external HTTP requests, while present, are not inherently a security risk without further context, but their nature should be monitored.\n\nThe primary area of concern, though not critical, lies in the output escaping. With 76% of outputs properly escaped, there remains a 24% portion that is not, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully.  The lack of any recorded historical vulnerabilities, critical taint flows, or unpatched CVEs suggests a well-maintained and secure plugin to date. However, the absence of vulnerability history can sometimes indicate a lack of rigorous public security auditing rather than inherent perfection.\n\nOverall, the plugin presents a low security risk. Its minimal attack surface, secure coding practices for database interactions, and absence of known vulnerabilities are significant strengths. The most notable weakness is the incomplete output escaping, which warrants attention to ensure all user-facing output is properly sanitized to prevent potential XSS issues. Continued vigilance regarding any future updates or external dependencies is recommended.",[253],{"reason":254,"points":255},"Unescaped output detected",6,"2026-03-17T06:26:41.196Z",{"wat":258,"direct":271},{"assetPaths":259,"generatorPatterns":264,"scriptPaths":265,"versionParams":266},[260,261,262,263],"\u002Fwp-content\u002Fplugins\u002Foauth2-account-login\u002Fcss\u002Fddoal-login.css","\u002Fwp-content\u002Fplugins\u002Foauth2-account-login\u002Fjs\u002Fddoal-login.js","\u002Fwp-content\u002Fplugins\u002Foauth2-account-login\u002Fcss\u002Fddoal-admin.css","\u002Fwp-content\u002Fplugins\u002Foauth2-account-login\u002Fjs\u002Fddoal-admin.js",[],[261,263],[267,268,269,270],"oauth2-account-login\u002Fcss\u002Fddoal-login.css?ver=","oauth2-account-login\u002Fjs\u002Fddoal-login.js?ver=","oauth2-account-login\u002Fcss\u002Fddoal-admin.css?ver=","oauth2-account-login\u002Fjs\u002Fddoal-admin.js?ver=",{"cssClasses":272,"htmlComments":281,"htmlAttributes":287,"restEndpoints":292,"jsGlobals":293,"shortcodeOutput":295},[273,274,275,276,277,278,279,280],"wp-com-settings","wp-com-settings-header","wp-com-settings-subtitle","wp-com-settings-card","wp-com-card-title","wp-com-settings-table","wp-com-login-button-container","wp-com-login-button",[282,283,284,285,286],"\u003C!-- WP OAuth2 Login Button -->","\u003C!-- Floating Widget -->","\u003C!-- WP OAuth2 Settings -->","\u003C!-- WP OAuth2 Allowlist Settings -->","\u003C!-- WP OAuth2 Audit Log Settings -->",[288,289,290,291],"data-ddoal-client-id","data-ddoal-auth-url","data-ddoal-redirect-uri","data-ddoal-state",[],[294],"ddoal_login_vars",[]]