[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fghGiIAvIvaWy0YUWW5duuTM4Jsb1RmJOvsJ1PJzqUfo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":119,"fingerprints":412},"passclip-auth-for-wordpress","PassClip Auth for WordPress","1.0.5","Passlogy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpasslogy\u002F","\u003Cp>You need strong password to protect your site. However, how do you remember it or is it really strong?\u003Cbr \u002F>\n“PassClip Auth” provides really strong password that is also easy to remember.\u003Cbr \u002F>\nOnce you make your “pattern”, you can get your password using “PassClip”. And the password will change every 30 seconds(at the shortest).\u003C\u002Fp>\n\u003Ch4>Get and sign up for PassClip\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fwww.passclip.com\u002F\" rel=\"nofollow ugc\">the page about PassClip\u003C\u002Fa> and install PassClip on your smart phone.\u003C\u002Fli>\n\u003Cli>Activate your PassClip by registering your “pattern” and email address.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Sign up for PassClip Auth(PCA)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Input PassClip Code “paauth” in your PassClip. That makes a new slot in your PassClip.\u003C\u002Fli>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fmember.passclip.com\u002Fmember\u002Fui\u002F\" rel=\"nofollow ugc\">PassClip Auth member’s page\u003C\u002Fa> and log in with your email address and password which the slot shows you.\u003C\u002Fli>\n\u003Cli>Make your “PassClip Code”. And then you get your “PassClip Auth app service id(PCA app service id)”. You need both “code” and “id” to use this plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to apply PassClip Auth to your site\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin to your WordPress.\u003C\u002Fli>\n\u003Cli>Go to PassClip Auth Options Setting from the menu.\u003C\u002Fli>\n\u003Cli>Input the PassClip Auth app service id(PCA app service id), PassClip Code and other items in the setting page and click the “Save Change” button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to log in to WordPress site with PassClip Auth\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Users register PassClip Code of your site in their PassClip. That makes a new slot to get password to log in to your site.\u003C\u002Fli>\n\u003Cli>Show the password in PassClip (tap the new slot).\u003C\u002Fli>\n\u003Cli>In login form of your site, users enter email address and password in the slot. (\u003Cstrong>Users do not need general WordPress password.\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Click the “Log in” button.\u003C\u002Fli>\n\u003C\u002Fol>\n","\"PassClip Auth\" provides strong and easy authentication. \"PassClip Auth for WordPress\" is the plugin to launch PassClip Auth to Wo &hellip;",10,2199,0,"2019-12-27T07:42:00.000Z","5.3.21","4.5","5.3.3",[19,20,21,22,23],"2fa","login","otp","security","two-factor-authentication","https:\u002F\u002Fwww.passclip.com\u002Fja\u002Fpca\u002Fpca_for_wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassclip-auth-for-wordpress.1.0.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"passlogy",1,30,84,"2026-04-03T21:31:39.530Z",[37,55,71,84,104],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":51,"download_link":52,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":54},"4login-for-secure-and-smart-access","4Login for Secure And Smart Access","0.1.0","4login","https:\u002F\u002Fprofiles.wordpress.org\u002F4login\u002F","\u003Cp>Secure your site with a strong password — without the hassle of remembering it.\u003Cbr \u002F>\nWith 4Login, you get simple yet powerful authentication that connects to an external server.\u003Cbr \u002F>\nSimply create your own pattern to generate a dynamic password that updates every 60 minutes.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002F\" rel=\"nofollow ugc\">operation Instructions \u003C\u002Fa> for instructions on how to use 4Login.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external API to enable 4Login authentication.\u003Cbr \u002F>\nWhen logging in with 4Login, the plugin sends the 4Login App Service ID, the user’s email address, and a dynamic password .\u003Cbr \u002F>\nThese credentials are entered directly within the WordPress login interface.\u003C\u002Fp>\n\u003Cp>This authentication service is provided by Passlogy.\u003Cbr \u002F>\nFor more information, please review our\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fen\u002Fauto_terms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fprivacy-policy\u002F?en=app\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","4Login will give you an easy and powerful authentication (connect to an external server for authentication).",431,"","6.8.5","6.7","8.0",[19,20,21,22,23],"https:\u002F\u002Fwww.4login.jp\u002F4login-for-secure-and-smart-access\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F4login-for-secure-and-smart-access.0.1.0.zip",100,"2026-03-15T10:48:56.248Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":49,"tags":67,"homepage":69,"download_link":70,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"flavor-2fa","Flavor 2FA","1.0.0","kuckovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fkuckovic\u002F","\u003Cp>\u003Cstrong>Flavor 2FA\u003C\u002Fstrong> adds powerful two-factor authentication to your WordPress site without the complexity. No bloat, no confusing settings – just solid security that protects your site from unauthorized access.\u003C\u002Fp>\n\u003Ch4>Why Flavor 2FA?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero configuration needed\u003C\u002Fstrong> – Works out of the box\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress styling\u003C\u002Fstrong> – Feels like part of WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two verification methods\u003C\u002Fstrong> – Authenticator apps (Google Authenticator, Authy, 1Password) or email codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-friendly setup\u003C\u002Fstrong> – Guided 3-step process with QR code scanning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete admin control\u003C\u002Fstrong> – Force 2FA, reset users, manage lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>For Users:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Choose between authenticator app or email verification\u003Cbr \u002F>\n* 10 recovery codes for emergency access\u003Cbr \u002F>\n* “Trust this device” option to skip 2FA on personal devices\u003Cbr \u002F>\n* Simple, clean verification screens\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Admins:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Require 2FA for specific user roles\u003Cbr \u002F>\n* Grace period for new users\u003Cbr \u002F>\n* Force immediate 2FA setup on next login\u003Cbr \u002F>\n* Lockout protection against brute force attacks\u003Cbr \u002F>\n* Reset 2FA or unlock accounts with one click\u003Cbr \u002F>\n* See 2FA status for all users at a glance\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Agencies managing client sites\u003C\u002Fli>\n\u003Cli>WooCommerce stores handling sensitive data\u003C\u002Fli>\n\u003Cli>Membership sites with user accounts\u003C\u002Fli>\n\u003Cli>Any WordPress site that needs extra security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin uses a third-party service to generate QR codes during the TOTP authenticator app setup process.\u003C\u002Fp>\n\u003Ch4>QR Server API\u003C\u002Fh4>\n\u003Cp>When a user chooses the “Authenticator App” method during 2FA setup, the plugin generates a QR code image via the QR Server API. This QR code contains the TOTP secret URI (which includes the site name, user email, and secret key) so the user can scan it with their authenticator app.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What data is sent:\u003C\u002Fstrong> A TOTP provisioning URI containing the site name, user email address, and a generated secret key.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When it is sent:\u003C\u002Fstrong> Only once, when a user sets up TOTP-based two-factor authentication. No data is sent during normal login verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> goQR.me \u002F QR Server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fapi\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fapi\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fapi\u002Fdoc\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fapi\u002Fdoc\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Lightweight two-factor authentication that just works. Protect your WordPress site with authenticator apps or email codes in under 2 minutes.",109,"2026-02-17T08:46:00.000Z","6.9.4","5.0",[19,20,22,68,23],"totp","https:\u002F\u002Fbranchout.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflavor-2fa.1.0.0.zip",{"slug":72,"name":73,"version":58,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":13,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":47,"requires_at_least":66,"requires_php":46,"tags":80,"homepage":46,"download_link":83,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"secureauth-authenticator-2fa","SecureAuth Authenticator 2FA","Helmi","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelmimubarak\u002F","\u003Cp>\u003Cstrong>SecureAuth Authenticator 2FA\u003C\u002Fstrong> enhances your WordPress login security by requiring a time-based one-time password (TOTP) in addition to the regular username and password. The TOTP code is generated by an authenticator app on your mobile device, adding an extra layer of protection even if your password is compromised.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, secure, and easy to use. It integrates directly into the user profile page to allow users to set up and manage their two-factor authentication with ease.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a TOTP (Time-Based One-Time Password) field to the login form.\u003C\u002Fli>\n\u003Cli>User-friendly 2FA setup available on each user’s profile page.\u003C\u002Fli>\n\u003Cli>Generates secret keys and displays QR codes for scanning with mobile apps.\u003C\u002Fli>\n\u003Cli>Compatible with apps like Google Authenticator, Microsoft Authenticator, and Authy.\u003C\u002Fli>\n\u003Cli>Secure handling with nonce verification and input sanitization.\u003C\u002Fli>\n\u003Cli>No external libraries required (except Google Chart API for QR code).\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds TOTP-based two-factor authentication (2FA) via SecureAuth Authenticator to your WordPress login page.",265,"2025-07-09T00:00:00.000Z",[19,81,68,23,82],"login-security","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecureauth-authenticator-2fa.1.0.0.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":46,"download_link":102,"security_score":103,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[19,101,81,22,23],"captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":105,"name":106,"version":58,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":33,"downloaded":111,"rating":112,"num_ratings":32,"last_updated":113,"tested_up_to":47,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":46,"download_link":118,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"email-otp-login","Email OTP Login","Tushar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fricheal\u002F","\u003Cp>Email OTP Login adds an additional layer of security to your WordPress site by requiring users to verify an OTP sent to their email after entering their username and password. This ensures that only users with access to the registered email can log in.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email OTP verification during \u003Cstrong>login\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>OTP expires in 5 minutes (configurable).\u003C\u002Fli>\n\u003Cli>OTP stored securely using WordPress password hashing.\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login form.\u003C\u002Fli>\n\u003Cli>Uses WordPress built-in \u003Ccode>wp_mail()\u003C\u002Fcode> function (works with SMTP plugins).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does \u003Cstrong>not modify WordPress core files\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 or later.\u003C\u002Fp>\n\u003Cp>This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Adds OTP (One-Time Password) verification after login for enhanced security in WordPress. OTP is sent to the user's email.",403,60,"2025-08-29T18:30:00.000Z","6.3","7.4",[117,20,21,22,23],"email-verification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-otp-login.1.0.0.zip",{"attackSurface":120,"codeSignals":285,"taintFlows":336,"riskAssessment":400,"analyzedAt":411},{"hooks":121,"ajaxHandlers":281,"restRoutes":282,"shortcodes":283,"cronEvents":284,"entryPointCount":13,"unprotectedCount":13},[122,129,133,139,143,147,151,155,159,162,166,170,174,178,182,186,190,194,199,201,203,207,212,216,221,225,229,233,237,241,244,249,253,258,262,265,269,273,277],{"type":123,"name":124,"callback":125,"priority":126,"file":127,"line":128},"action","wp_loaded","pca_authenticate_from_widget",9999,"class-passclip-auth-login-widget.php",9,{"type":123,"name":130,"callback":131,"file":127,"line":132},"widgets_init","closure",130,{"type":134,"name":135,"callback":136,"priority":11,"file":137,"line":138},"filter","manage_users_custom_column","pca_user_info_column","class-pca-users-list-table.php",15,{"type":134,"name":140,"callback":141,"file":137,"line":142},"users_list_table_query_args","pca_where_pcainfo",16,{"type":123,"name":144,"callback":145,"file":146,"line":95},"woocommerce_login_form_end","pca_make_login_form_for_woo","passclip-auth-for-woo.php",{"type":123,"name":148,"callback":149,"file":146,"line":150},"woocommerce_edit_account_form_start","pca_edit_display_name_form_for_woo",45,{"type":123,"name":152,"callback":153,"file":146,"line":154},"woocommerce_edit_account_form","pca_edit_account_form_for_woo",57,{"type":123,"name":156,"callback":157,"file":146,"line":158},"woocommerce_before_edit_account_form","pca_before_edit_account_form_for_woo",78,{"type":134,"name":160,"callback":161,"file":146,"line":103},"woocommerce_get_username_from_email","pca_dont_get_username_from_email",{"type":134,"name":163,"callback":164,"file":146,"line":165},"woocommerce_save_account_details_required_fields","pca_email_is_not_required",106,{"type":123,"name":167,"callback":168,"priority":11,"file":146,"line":169},"woocommerce_save_account_details_errors","pca_edit_user_detail_for_woo",123,{"type":134,"name":171,"callback":172,"file":146,"line":173},"option_woocommerce_enable_myaccount_registration","pca_override_woo_settings_registration",136,{"type":134,"name":175,"callback":176,"file":146,"line":177},"option_woocommerce_registration_generate_password","pca_override_woo_settings_password",150,{"type":134,"name":179,"callback":180,"file":146,"line":181},"option_woocommerce_enable_signup_and_login_from_checkout","pca_override_woo_settings_checkout_signup",164,{"type":123,"name":183,"callback":184,"file":185,"line":95},"login_enqueue_scripts","pca_login_form_scripts","passclip-auth-login-form.php",{"type":123,"name":187,"callback":188,"file":185,"line":189},"login_form","pca_make_login_form",55,{"type":134,"name":191,"callback":192,"priority":11,"file":185,"line":193},"wp_login_errors","pca_filter_login_errors",105,{"type":134,"name":195,"callback":196,"priority":11,"file":197,"line":198},"login_redirect","pca_redirect_to","passclip-auth-login.php",177,{"type":134,"name":195,"callback":196,"priority":11,"file":197,"line":200},181,{"type":134,"name":195,"callback":196,"priority":11,"file":197,"line":202},219,{"type":123,"name":204,"callback":205,"file":197,"line":206},"lostpassword_post","pca_dont_let_lostpassword",515,{"type":123,"name":208,"callback":209,"file":210,"line":211},"plugins_loaded","pca_check_version_to_upgrade","passclip-auth-options.php",117,{"type":123,"name":213,"callback":214,"file":210,"line":215},"admin_notices","pca_check_pca_registration",176,{"type":134,"name":217,"callback":218,"priority":11,"file":219,"line":220},"show_password_fields","pca_hide_password_field","passclip-auth-user-edit.php",40,{"type":123,"name":222,"callback":223,"file":219,"line":224},"edit_user_profile","pca_show_user_meta_passclip",76,{"type":123,"name":226,"callback":227,"file":219,"line":228},"user_edit_form_tag","pca_make_form_register_user_login",171,{"type":123,"name":230,"callback":231,"file":219,"line":232},"admin_print_styles-profile.php","pca_register_user_login_css",182,{"type":123,"name":234,"callback":235,"file":219,"line":236},"admin_print_scripts-profile.php","pca_user_edit_js",194,{"type":123,"name":238,"callback":239,"file":219,"line":240},"personal_options_update","pca_update_user_login",288,{"type":123,"name":238,"callback":242,"file":219,"line":243},"pca_edit_user_add_email",301,{"type":134,"name":245,"callback":246,"priority":11,"file":247,"line":248},"screen_options_show_screen","pca_add_screen_option_in_manage_users","passclip-auth-users.php",20,{"type":134,"name":250,"callback":251,"file":247,"line":252},"passclip_auth_page_pca_manage_users_per_page","pca_set_perpage",41,{"type":134,"name":254,"callback":255,"priority":53,"file":256,"line":257},"authenticate","pca_login_authenticate","passclip-auth.php",65,{"type":123,"name":259,"callback":260,"file":256,"line":261},"init","passclip_auth_action_init",69,{"type":134,"name":259,"callback":263,"file":256,"line":264},"pca_filter_init",82,{"type":123,"name":266,"callback":267,"file":256,"line":268},"admin_menu","pca_action_admin_menu",119,{"type":123,"name":270,"callback":271,"file":256,"line":272},"admin_head","pca_admin_menu",129,{"type":134,"name":274,"callback":275,"priority":11,"file":256,"line":276},"plugin_action_links","pca_filter_plugin_action_links",153,{"type":134,"name":278,"callback":279,"file":256,"line":280},"pca_create_user","pca_dont_show_adminbar",199,[],[],[],[],{"dangerousFunctions":286,"sqlUsage":287,"outputEscaping":289,"fileOperations":13,"externalRequests":334,"nonceChecks":32,"capabilityChecks":32,"bundledLibraries":335},[],{"prepared":13,"raw":13,"locations":288},[],{"escaped":290,"rawEcho":291,"locations":292},37,23,[293,295,297,299,301,303,304,305,307,309,310,311,312,314,316,318,320,322,324,326,328,330,332],{"file":127,"line":248,"context":294},"raw output",{"file":127,"line":296,"context":294},49,{"file":127,"line":298,"context":294},53,{"file":127,"line":300,"context":294},58,{"file":127,"line":302,"context":294},83,{"file":127,"line":34,"context":294},{"file":127,"line":34,"context":294},{"file":185,"line":306,"context":294},46,{"file":185,"line":308,"context":294},72,{"file":185,"line":94,"context":294},{"file":185,"line":94,"context":294},{"file":185,"line":264,"context":294},{"file":197,"line":313,"context":294},332,{"file":197,"line":315,"context":294},333,{"file":197,"line":317,"context":294},334,{"file":210,"line":319,"context":294},246,{"file":210,"line":321,"context":294},248,{"file":210,"line":323,"context":294},305,{"file":210,"line":325,"context":294},307,{"file":210,"line":327,"context":294},429,{"file":210,"line":329,"context":294},443,{"file":219,"line":331,"context":294},159,{"file":247,"line":333,"context":294},67,2,[],[337,355,364,374,382,392],{"entryPoint":338,"graph":339,"unsanitizedCount":32,"severity":354},"widget (class-passclip-auth-login-widget.php:18)",{"nodes":340,"edges":351},[341,346],{"id":342,"type":343,"label":344,"file":127,"line":345},"n0","source","$_SERVER",43,{"id":347,"type":348,"label":349,"file":127,"line":298,"wp_function":350},"n1","sink","echo() [XSS]","echo",[352],{"from":342,"to":347,"sanitized":353},false,"medium",{"entryPoint":356,"graph":357,"unsanitizedCount":32,"severity":354},"pca_make_login_form (passclip-auth-login-form.php:33)",{"nodes":358,"edges":362},[359,361],{"id":342,"type":343,"label":360,"file":185,"line":220},"$_POST",{"id":347,"type":348,"label":349,"file":185,"line":306,"wp_function":350},[363],{"from":342,"to":347,"sanitized":353},{"entryPoint":365,"graph":366,"unsanitizedCount":13,"severity":373},"\u003Cclass-passclip-auth-login-widget> (class-passclip-auth-login-widget.php:0)",{"nodes":367,"edges":370},[368,369],{"id":342,"type":343,"label":344,"file":127,"line":345},{"id":347,"type":348,"label":349,"file":127,"line":298,"wp_function":350},[371],{"from":342,"to":347,"sanitized":372},true,"low",{"entryPoint":375,"graph":376,"unsanitizedCount":32,"severity":373},"\u003Cpassclip-auth-login-form> (passclip-auth-login-form.php:0)",{"nodes":377,"edges":380},[378,379],{"id":342,"type":343,"label":360,"file":185,"line":220},{"id":347,"type":348,"label":349,"file":185,"line":306,"wp_function":350},[381],{"from":342,"to":347,"sanitized":353},{"entryPoint":383,"graph":384,"unsanitizedCount":13,"severity":373},"pca_manage_users (passclip-auth-users.php:46)",{"nodes":385,"edges":390},[386,389],{"id":342,"type":343,"label":387,"file":247,"line":388},"$_GET['pcainfo']",124,{"id":347,"type":348,"label":349,"file":247,"line":388,"wp_function":350},[391],{"from":342,"to":347,"sanitized":372},{"entryPoint":393,"graph":394,"unsanitizedCount":13,"severity":373},"\u003Cpassclip-auth-users> (passclip-auth-users.php:0)",{"nodes":395,"edges":398},[396,397],{"id":342,"type":343,"label":387,"file":247,"line":388},{"id":347,"type":348,"label":349,"file":247,"line":388,"wp_function":350},[399],{"from":342,"to":347,"sanitized":372},{"summary":401,"deductions":402},"The 'passclip-auth-for-wordpress' plugin, version 1.0.5, presents a generally positive security posture based on the static analysis. The plugin has no recorded vulnerabilities (CVEs), which is a strong indicator of a secure development history. It also demonstrates good practices by not utilizing dangerous functions and by executing all SQL queries using prepared statements. Furthermore, the absence of a significant attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events, significantly reduces the potential for external exploitation.\n\nHowever, there are a few areas for concern. The taint analysis revealed three flows with unsanitized paths, albeit none were classified as critical or high severity. This indicates a potential for input sanitization weaknesses that could, in a different context or with different data, lead to vulnerabilities. Additionally, the output escaping is only 62% proper, which, while not critical given the limited attack surface, could still pose a risk for stored or reflected cross-site scripting if user-supplied data is displayed without adequate sanitization in certain contexts. The presence of two external HTTP requests also warrants attention to ensure these are made securely and to trusted endpoints.\n\nIn conclusion, 'passclip-auth-for-wordpress' v1.0.5 appears to be a relatively secure plugin, primarily due to its limited attack surface and clean vulnerability history. The key strengths are the lack of CVEs and the use of prepared statements for SQL. The weaknesses lie in the potential for unsanitized paths identified by taint analysis and incomplete output escaping, which, although not critical in this specific version's observed behavior, should be monitored in future releases.",[403,406,409],{"reason":404,"points":405},"Flows with unsanitized paths found in taint analysis",8,{"reason":407,"points":408},"Output escaping is only 62% properly escaped",5,{"reason":410,"points":334},"External HTTP requests present","2026-03-17T00:24:14.814Z",{"wat":413,"direct":422},{"assetPaths":414,"generatorPatterns":417,"scriptPaths":418,"versionParams":419},[415,416],"\u002Fwp-content\u002Fplugins\u002Fpassclip-auth-for-wordpress\u002Fjs\u002Fpca-login-form.js","\u002Fwp-content\u002Fplugins\u002Fpassclip-auth-for-wordpress\u002Fcss\u002Fpca-login-form.css",[],[415],[420,421],"passclip-auth-for-wordpress\u002Fjs\u002Fpca-login-form.js?ver=","passclip-auth-for-wordpress\u002Fcss\u002Fpca-login-form.css?ver=",{"cssClasses":423,"htmlComments":431,"htmlAttributes":432,"restEndpoints":434,"jsGlobals":435,"shortcodeOutput":437},[424,425,426,427,428,429,430],"woocommerce-form-row","woocommerce-form-row--wide","form-row","form-row-wide","woocommerce-Input","woocommerce-Input--text","input-text",[],[433],"data-pca-id",[],[436],"pca_password_form",[]]