[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fowNXksL0p1yHKjhSSMOcCvq3XTO48kC4PIa5eePO41E":3,"$fsLGHtnliY3WsETl_BMKwnJfCNhD47betKOB2ieCx8rU":241,"$f4f1C1oX3zJIctgPGdIBVAxiHtYRacXRzPBPCUf8Ab_Q":246},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":36,"analysis":123,"fingerprints":213},"onzauth","OnzAuth","1.0.7","zailky","https:\u002F\u002Fprofiles.wordpress.org\u002Fzailky\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one that enables passwordless email magic link and biometric login.\u003C\u002Fp>\n\u003Cp>This plugin also supports the WooCommerce login.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Ftryonzauth.com\" rel=\"nofollow ugc\">https:\u002F\u002Ftryonzauth.com\u003C\u002Fa> to sign up for a free account and learn more.\u003C\u002Fp>\n","OnzAuth plugin replaces the standard WordPress login form with one that enables passwordless email magic link and biometric login.",10,1565,100,1,"2025-09-30T05:09:00.000Z","6.8.5","5.5.1","7.3",[20,21,22,23,24],"authentication","biometric","magiclink","passwordless","webauthn","https:\u002F\u002Fgithub.com\u002Fzailky\u002Fwp-onzauth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.7.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,94,"2026-05-20T02:05:17.099Z",[37,57,75,90,106],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":34,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"biometric-authentication","Biometric Authentication","0.3.8","Ivan Kristianto","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankristianto\u002F","\u003Cp>This innovative plugin introduces passkey login to your WordPress experience. No more struggling to remember complex passwords.\u003Cbr \u002F>\nSimply use your fingerprint, face ID, or a secure PIN to log in with ease. You can still use your username and password to login to your site as fallback.\u003C\u002Fp>\n\u003Ch3>Enhanced Security, Frictionless Access:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Effortless Login: Unlock the power of passkeys for a smooth and secure login experience.\u003C\u002Fli>\n\u003Cli>Superior Security: Passkeys offer enhanced protection against breaches compared to traditional passwords.\u003C\u002Fli>\n\u003Cli>Convenience at Your Fingertips: Enjoy the freedom of logging in with your biometrics or a secure PIN.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code of this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fivankristianto\u002Fwp-passkey\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Passkeys are a safer and easier alternative to passwords. Simply use your fingerprint or face ID to log in with ease.",2978,3,"2024-05-01T04:23:00.000Z","6.5.8","6.1","8.1",[20,21,52,23,53],"passkey","security","https:\u002F\u002Fgithub.com\u002Fivankristianto\u002Fwp-passkey\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbiometric-authentication.0.3.8.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":27,"num_ratings":27,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":73,"download_link":74,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","6.9.4","5.0","7.2",[20,72,23,53,24],"passkeys","https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":11,"downloaded":83,"rating":13,"num_ratings":14,"last_updated":84,"tested_up_to":85,"requires_at_least":17,"requires_php":18,"tags":86,"homepage":88,"download_link":89,"security_score":56,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",2480,"2022-08-29T22:06:00.000Z","5.8.13",[20,87,22,23,53],"login","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":27,"downloaded":98,"rating":27,"num_ratings":27,"last_updated":99,"tested_up_to":85,"requires_at_least":69,"requires_php":100,"tags":101,"homepage":103,"download_link":104,"security_score":56,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":105},"auth-armor-passwordless-login","Auth Armor – Passwordless Login","1.0.3","autharmor","https:\u002F\u002Fprofiles.wordpress.org\u002Fautharmor\u002F","\u003Cp>With the Auth Armor plugin, you can login using your phone without passwords!\u003C\u002Fp>\n\u003Cp>More secure, faster and best of all, nothing to remember or type in.\u003C\u002Fp>\n","Login using your phone without passwords! More secure, faster and best of all, nothing to remember or type in!",9543,"2022-01-24T15:14:00.000Z","5.6",[20,21,102,87,23],"faceid","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauth-armor-passwordless-login.zip","2026-04-06T09:54:40.288Z",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":27,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":16,"requires_at_least":118,"requires_php":50,"tags":119,"homepage":121,"download_link":122,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":105},"multidots-passkey-login","Multidots Passkey Login – Passwordless Login for WordPress","1.1","MULTIDOTS Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fmultidots\u002F","\u003Cp>\u003Cstrong>Multidots Passkey Login\u003C\u002Fstrong> – Passwordless Authentication brings next-generation login security to WordPress.\u003C\u002Fp>\n\u003Cp>Give your users a \u003Cstrong>secure and modern login experience\u003C\u002Fstrong> with passkeys — the new standard for \u003Cstrong>passwordless authentication\u003C\u002Fstrong> supported by all major browsers and devices.\u003C\u002Fp>\n\u003Cp>With Multidots Passkey Login, users can log in using \u003Cstrong>biometric authentication\u003C\u002Fstrong> (Face ID, Touch ID), \u003Cstrong>Windows Hello, or a device PIN—no passwords are\u003C\u002Fstrong> required.\u003C\u002Fp>\n\u003Cp>This creates a \u003Cstrong>fast, secure, and phishing-resistant\u003C\u002Fstrong> login experience that works seamlessly across desktop and mobile.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FsnlEpo36Kug?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>Built for Flexibility:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instantly works for existing WordPress users after registering a passkey.\u003C\u002Fli>\n\u003Cli>Simple yet powerful admin settings to manage login behavior and security.\u003C\u002Fli>\n\u003Cli>Built on the \u003Cstrong>FIDO2\u002FWebAuthn standard\u003C\u002Fstrong> trusted by \u003Cstrong>Apple, Google, and Microsoft\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for publishers, WooCommerce stores, agency clients, and high-security use cases.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🔐 Secure & Seamless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwordless login with Touch ID, Face ID, or security keys.\u003C\u002Fli>\n\u003Cli>Works instantly for existing users after passkey registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>📝 Easy User Registration\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Register a passkey for existing users without one.\u003C\u002Fli>\n\u003Cli>Create new users directly with passkey registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚙️ Flexible Admin Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002FDisable passkey login with one click.\u003C\u002Fli>\n\u003Cli>Control session timeout for added security.\u003C\u002Fli>\n\u003Cli>Multiple authentication options: QR code scan, Chrome guest mode, iCloud Keychain, etc.\u003C\u002Fli>\n\u003Cli>Limit number of passkeys per user (e.g., max 2 credentials).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🎨 Frontend Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nShortcodes included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli> [mdlogin_passkey_login] \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Displays a Login with Passkey button.\u003C\u002Fli>\n\u003Cli> [mdlogin_passkey_register]  \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>  Displays passkey registration form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🛡️ Security Requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Requires HTTPS for secure operation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose the Multidots Passkey Login Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Security\u003C\u002Fstrong>: Strong protection against phishing and stolen credentials.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong>: Log in with a single tap or scan—no passwords to remember.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise-Grade Standards\u003C\u002Fstrong>: Built on FIDO2\u002FWebAuthn protocols used by major platforms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-Device Compatibility\u003C\u002Fstrong>: Works on iOS, Android, macOS, and Windows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted Developer\u003C\u002Fstrong>: Created by Multidots, a WordPress VIP Gold Agency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Activate Plugin – Enable Passkey Login from settings.\u003C\u002Fli>\n\u003Cli>User Registers a Passkey – through profile settings \u003C\u002Fli>\n\u003Cli>Login Without Passwords – Users authenticate via Touch ID, Face ID, or a security key.\u003C\u002Fli>\n\u003Cli>Admin Controls – Adjust login methods and session policies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our Other Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsync-product-from-amazon\u002F\" rel=\"ugc\">Sync Product From Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-post-sync\u002F\" rel=\"ugc\">Smart Post Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-by-default\u002F\" rel=\"ugc\">Better By Default\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcentralized-content-management\u002F\" rel=\"ugc\">Centralized Content Management for WordPress Multisite Networks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmd-governance\u002F\" rel=\"ugc\">MD Governance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsalsisync\u002F\" rel=\"ugc\">Salsi Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact Us\u003C\u002Fh3>\n\u003Cp>Free plugin: Need Technical Help? – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmultidots-passkey-login\u002F\" rel=\"ugc\">Click here\u003C\u002Fa>\u003Cbr \u002F>\nPro Plugin: PRE-SALE Questions – \u003Ca href=\"https:\u002F\u002Fwww.multidots.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>\u003C\u002Fp>\n","Passwordless login for WordPress with Passkeys. Enable Touch ID, Face ID, and security keys for seamless, phishing-resistant authentication.",437,60,2,"2025-12-03T12:09:00.000Z","6.0",[20,120,87,52,23],"biometric-login","https:\u002F\u002Fwww.multidots.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultidots-passkey-login.1.1.zip",{"attackSurface":124,"codeSignals":181,"taintFlows":202,"riskAssessment":203,"analyzedAt":212},{"hooks":125,"ajaxHandlers":165,"restRoutes":166,"shortcodes":175,"cronEvents":180,"entryPointCount":116,"unprotectedCount":27},[126,132,136,142,146,150,153,157,161],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_menu","add_submenu","includes\u002Fclass-configurations.php",23,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_init","settings_page_init",29,{"type":137,"name":138,"callback":139,"priority":11,"file":140,"line":141},"filter","woocommerce_locate_template","override_woocommerce_login","includes\u002Fclass-login.php",57,{"type":127,"name":143,"callback":144,"priority":11,"file":140,"line":145},"login_init","override_default_admin_login",62,{"type":127,"name":147,"callback":148,"file":140,"line":149},"login_enqueue_scripts","add_login_scripts",63,{"type":127,"name":151,"callback":148,"file":140,"line":152},"wp_enqueue_scripts",67,{"type":127,"name":154,"callback":155,"priority":11,"file":140,"line":156},"rest_api_init","register_routes",70,{"type":127,"name":158,"callback":159,"priority":11,"file":140,"line":160},"init","authorize_user",73,{"type":127,"name":162,"callback":158,"file":163,"line":164},"plugins_loaded","onzauth.php",55,[],[167],{"namespace":168,"route":169,"methods":170,"callback":172,"permissionCallback":173,"file":140,"line":174},"onzauth\u002Fv1","\u002Fauth",[171],"GET","get_auth_link","validate_token",171,[176],{"tag":177,"callback":178,"file":140,"line":179},"onzauth_login","display_onzauth_login",53,[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":198},[],{"prepared":27,"raw":27,"locations":184},[],{"escaped":186,"rawEcho":187,"locations":188},17,4,[189,192,194,196],{"file":130,"line":190,"context":191},265,"raw output",{"file":130,"line":193,"context":191},279,{"file":140,"line":195,"context":191},90,{"file":197,"line":135,"context":191},"templates\u002Fform-login.php",[199],{"name":200,"version":28,"knownCves":201},"Guzzle",[],[],{"summary":204,"deductions":205},"The \"onzauth\" v1.0.7 plugin presents a generally positive security posture based on the provided static analysis.  There are no identified vulnerabilities in its history, suggesting a history of secure development or effective patching. The code analysis indicates a responsible approach to handling data, with all SQL queries using prepared statements and a high percentage of output properly escaped.  The limited attack surface, consisting of one REST API route and one shortcode, and the absence of unprotected entry points are strong indicators of good security practices.\n\nHowever, there are areas for concern. The complete absence of nonce checks and capability checks across all entry points is a significant weakness. While the current attack surface is small and appears to be protected by default WordPress mechanisms, any future expansion or introduction of new AJAX handlers could expose the plugin to cross-site request forgery (CSRF) or privilege escalation if these checks remain absent.  The bundled Guzzle library, if not actively maintained and updated by the plugin developer, could also represent a potential vector for vulnerabilities if known exploits exist for specific versions of Guzzle.\n\nIn conclusion, \"onzauth\" v1.0.7 has a strong foundation with its secure handling of SQL and output, and a clear history of no known vulnerabilities. The primary weakness lies in the missing nonce and capability checks, which, while not actively exploited in this version, represent a latent risk that should be addressed for long-term security.",[206,208,210],{"reason":207,"points":11},"Missing nonce checks on entry points",{"reason":209,"points":11},"Missing capability checks on entry points",{"reason":211,"points":46},"Bundled library (Guzzle) potential risk","2026-04-16T12:51:17.251Z",{"wat":214,"direct":225},{"assetPaths":215,"generatorPatterns":219,"scriptPaths":220,"versionParams":221},[216,217,218],"\u002Fwp-content\u002Fplugins\u002Fonzauth\u002Fassets\u002Fcss\u002Fonzauth.css","\u002Fwp-content\u002Fplugins\u002Fonzauth\u002Fassets\u002Fjs\u002Fonzauth.js","\u002Fwp-content\u002Fplugins\u002Fonzauth\u002Fassets\u002Fjs\u002Fjwt-decode.js",[],[217,218],[222,223,224],"onzauth\u002Fassets\u002Fcss\u002Fonzauth.css?ver=","onzauth\u002Fassets\u002Fjs\u002Fonzauth.js?ver=","onzauth\u002Fassets\u002Fjs\u002Fjwt-decode.js?ver=",{"cssClasses":226,"htmlComments":229,"htmlAttributes":232,"restEndpoints":235,"jsGlobals":237,"shortcodeOutput":239},[227,228],"onzauth-login-form","onzauth-submit-button",[230,231],"\u003C!-- OnzAuth login form -->","\u003C!-- Generated by OnzAuth -->",[233,234],"data-onzauth-client-id","data-onzauth-redirect-uri",[236],"\u002Fwp-json\u002Fonzauth\u002Fv1\u002Fauth",[238],"window.OnzAuthLogin",[240],"[onzauth_login]",{"error":242,"url":243,"statusCode":244,"statusMessage":245,"message":245},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fonzauth\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":247,"versions":248},7,[249,255,262,269,275,281,288],{"version":6,"download_url":26,"svn_tag_url":250,"released_at":28,"has_diff":251,"diff_files_changed":252,"diff_lines":28,"trac_diff_url":253,"vulnerabilities":254,"is_current":242},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.7\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.6&new_path=%2Fonzauth%2Ftags%2F1.0.7",[],{"version":256,"download_url":257,"svn_tag_url":258,"released_at":28,"has_diff":251,"diff_files_changed":259,"diff_lines":28,"trac_diff_url":260,"vulnerabilities":261,"is_current":251},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.5&new_path=%2Fonzauth%2Ftags%2F1.0.6",[],{"version":263,"download_url":264,"svn_tag_url":265,"released_at":28,"has_diff":251,"diff_files_changed":266,"diff_lines":28,"trac_diff_url":267,"vulnerabilities":268,"is_current":251},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.4&new_path=%2Fonzauth%2Ftags%2F1.0.5",[],{"version":78,"download_url":270,"svn_tag_url":271,"released_at":28,"has_diff":251,"diff_files_changed":272,"diff_lines":28,"trac_diff_url":273,"vulnerabilities":274,"is_current":251},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.3&new_path=%2Fonzauth%2Ftags%2F1.0.4",[],{"version":93,"download_url":276,"svn_tag_url":277,"released_at":28,"has_diff":251,"diff_files_changed":278,"diff_lines":28,"trac_diff_url":279,"vulnerabilities":280,"is_current":251},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.2&new_path=%2Fonzauth%2Ftags%2F1.0.3",[],{"version":282,"download_url":283,"svn_tag_url":284,"released_at":28,"has_diff":251,"diff_files_changed":285,"diff_lines":28,"trac_diff_url":286,"vulnerabilities":287,"is_current":251},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fonzauth%2Ftags%2F1.0.1&new_path=%2Fonzauth%2Ftags%2F1.0.2",[],{"version":289,"download_url":290,"svn_tag_url":291,"released_at":28,"has_diff":251,"diff_files_changed":292,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":293,"is_current":251},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonzauth.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fonzauth\u002Ftags\u002F1.0.1\u002F",[],[]]