[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFd46x6BAmLmuc39ewIfTcpBCQBsGYCd3tSoEDEiming":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":133,"fingerprints":232},"pt-wp-discourse-sso","PrimeTime WordPress + Discourse SSO","0.2.3","etcio","https:\u002F\u002Fprofiles.wordpress.org\u002Fetcio\u002F","\u003Cp>Discourse is a fantastic new forum that can add another layer to your WordPress community. This plugin allows you to create a fluid experience by using your WordPress installation as the authentication server, creating a single-sign-on (SSO) for your users!\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Discourse option “Staff must approve all new user accounts before they are allowed to access the site.” needs to be disabled for this to work properly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Seamless integration into almost any WordPress installation.\u003C\u002Fli>\n\u003Cli>Get setup within minutes through 3 easy steps. Anyone can do it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Coming Soon:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only allow access with certain capabilities or roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Request processing adapted from Adam Capirola : https:\u002F\u002Fgist.github.com\u002Fadamcapriola\u002F11300529\u003C\u002Fli>\n\u003Cli>SSO methods adapted from ArmedGuy : https:\u002F\u002Fgithub.com\u002FArmedGuy\u002Fdiscourse_sso_php\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides single sign-on capabilities for Discourse using WordPress user authentication.",10,6411,100,6,"2015-05-04T20:03:00.000Z","4.2.39","3.6","",[20,21,22],"discourse","forum","sso","http:\u002F\u002Fetc.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpt-wp-discourse-sso.0.2.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T14:19:50.463Z",[36,59,73,90,114],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":26,"last_vuln_date":58,"fetched_at":28},"wp-discourse","WP Discourse","2.6.1","scossar","https:\u002F\u002Fprofiles.wordpress.org\u002Fscossar\u002F","\u003Cp>The WP Discourse plugin acts as an interface between your WordPress site and your\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.discourse.org\u002F\" rel=\"nofollow ugc\">Discourse\u003C\u002Fa> community.\u003C\u002Fp>\n\u003Ch3>Use Discourse for comments:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically creates a forum topic for discussion when a new blog post is published.\u003C\u002Fli>\n\u003Cli>Associates WP author accounts with their respective Discourse accounts. Does not require DiscourseConnect.\u003C\u002Fli>\n\u003Cli>Replies from the forum discussion can be embedded in the WP blog post. Select which replies to display\u003Cbr \u002F>\nbased on post score and commenter “trust level” — see docs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>See it live\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.discourse.org\u002F\" rel=\"nofollow ugc\">blog.discourse.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fboingboing.net\u002F\" rel=\"nofollow ugc\">boingboing.net\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>DiscourseConnect\u003C\u002Fh3>\n\u003Cp>The plugin also comes with optional DiscourseConnect functionality which lets you use your WordPress site as the\u003Cbr \u002F>\nDiscourseConnect provider for your Discourse forum.\u003C\u002Fp>\n\u003Cp>This will override Discourse’s native (and powerful) login flow and is only recommended for use cases\u003Cbr \u002F>\nthat strictly require such a setup, e.g. a site that is already using WordPress for large scale user management.\u003C\u002Fp>\n\u003Ch3>Authentication from Discourse to WordPress\u003C\u002Fh3>\n\u003Cp>The plugin allows you to use Discourse as an authentication provider for your WordPress site.\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>The WP Discourse plugin requires PHP version 5.4.0 and greater. If >=PHP-5.4.0 is not available, the plugin installation\u003Cbr \u002F>\nwill fail.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>The plugin is being developed by \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fu\u002FSimon_Cossar\u002Fsummary\" rel=\"nofollow ugc\">Simon Cossar\u003C\u002Fa> on behalf of the Discourse team.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bug reports and other developer inquiries should be directed at our GitHub Issues:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Please post support requests to our \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fc\u002Fsupport\u002Fwordpress\" rel=\"nofollow ugc\">dedicated support forum\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to use Discourse as a community engine for your WordPress website. The plugin is not a substitute for Disqus type commenting sy &hellip;",1000,124484,90,8,"2026-01-29T20:10:00.000Z","6.9.0","5.1","5.6",[53,20,21,22],"comments","https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-discourse.2.6.1.zip",98,2,"2025-10-31 16:59:07",{"slug":60,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":13,"num_ratings":31,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":18,"download_link":72,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"codoforum-sso","1.1","evnix","https:\u002F\u002Fprofiles.wordpress.org\u002Fevnix\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodoforum.com\" rel=\"nofollow ugc\">Codoforum\u003C\u002Fa> is a modern forum software built for better user engagement.\u003Cbr \u002F>\nwordpress-codoforum-sso plugin allows you to integrate this forum with your wordpress website.\u003Cbr \u002F>\nIt uses SSO, this means, users once logged into your website will be automatically logged into codoforum.\u003C\u002Fp>\n","Integrates Codoforum forum software with WordPress using SSO(Single Sign On)",4854,"2020-09-29T14:26:00.000Z","5.5.18","3.1",[71,21,22],"codoforum","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodoforum-sso.1.1.0.zip",{"slug":74,"name":75,"version":61,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":81,"num_ratings":31,"last_updated":82,"tested_up_to":83,"requires_at_least":69,"requires_php":18,"tags":84,"homepage":88,"download_link":89,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"forumial-sso","Forumial – Cloud Forum Platform – SSO","chuyenim","https:\u002F\u002Fprofiles.wordpress.org\u002Fchuyenim\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fforumial.com?ref=wordpress\" rel=\"nofollow ugc\">Forumial\u003C\u002Fa> is a modern cloud forum built for better user engagement.\u003Cbr \u002F>\n“Forumial – Cloud Forum Platform – SSO” plugin allows you to integrate this forum with your wordpress website.\u003Cbr \u002F>\nIt uses SSO, this means, users once logged into your website will be automatically logged into Forumial.\u003C\u002Fp>\n\u003Ch3>User Data\u003C\u002Fh3>\n\u003Cp>This plugin helps you to share user information from your WordPress site with your \u003Ca href=\"https:\u002F\u002Fforumial.com\u002F?ref=wordpress\" rel=\"nofollow ugc\">Forumial forum\u003C\u002Fa>.\u003Cbr \u002F>\nMake sure you understand the terms of use here: https:\u002F\u002Fforumial.com\u002Fterms-conditions.html\u003C\u002Fp>\n","Integrates Forumial forum software with WordPress using SSO (Single Sign On)",1921,20,"2021-07-22T09:09:00.000Z","5.6.17",[85,21,86,87,22],"cloud-forum","forum-platform","forumail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforumial-sso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforumial-sso.1.1.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":14,"unpatched_count":26,"last_vuln_date":113,"fetched_at":28},"bbpress","bbPress","2.6.14","John James Jacoby","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnjamesjacoby\u002F","\u003Cp>Are you looking for a timeless, elegant, and streamlined discussion board? bbPress is easy to integrate, easy to use, and is built to scale with your growing community.\u003C\u002Fp>\n\u003Cp>bbPress is intentionally simple yet infinitely powerful forum software, built by contributors to WordPress.\u003C\u002Fp>\n","bbPress is forum software for WordPress.",100000,9266210,78,343,"2025-07-02T15:44:00.000Z","6.9.4","6.0","5.6.20",[107,21,108,109],"discussion","forums","support","https:\u002F\u002Fbbpress.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress.2.6.14.zip",91,"2025-03-04 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":13,"num_ratings":14,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"blossomthemes-toolkit","BlossomThemes Toolkit","2.2.7","Blossom Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fblossomthemes\u002F","\u003Cp>BlossomThemes Toolkit is a lightweight and safe plugin that generates 12 much-necessary custom widgets. This plugin is optimized for BlossomTheme’s themes but also works great with other themes.\u003C\u002Fp>\n\u003Ch4>Widgets included in  BlossomThemes Toolkit\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blossom: Advertisement– This widget lets you add advertisements on your website.\u003C\u002Fli>\n\u003Cli>Blossom: Author Bio– You can place the author bio on sidebars using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Custom Categories– You can add images to the categories and also display post counts of the selected category using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Facebook Page– This widget allows you to show your Facebook page on your WordPress website.\u003C\u002Fli>\n\u003Cli>Blossom: Image Text– You can add your favorite image with caption and link with this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Pinterest– This widget lets you show your latest pins on your WordPress website.\u003C\u002Fli>\n\u003Cli>Blossom: Popular Post- This widget helps you show popular posts of your website.\u003C\u002Fli>\n\u003Cli>Blossom: Posts Category Slider– You can display the posts of selected category in a slider using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Recent Post– This widget helps you display recent posts of your website.\u003C\u002Fli>\n\u003Cli>Blossom: Snapchat Snapcode– You can show your Snapchat’s snapcode using this widget.\u003C\u002Fli>\n\u003Cli>Blossom: Social Media– This widget allows you to add social media links on your website.\u003C\u002Fli>\n\u003Cli>Blossom: Twitter Feed– You can now show your twitter news feed right on your website using this widget\u003C\u002Fli>\n\u003C\u002Ful>\n","BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.",30000,944329,"2025-05-26T06:13:00.000Z","6.8.5","4.4.0","7.4",[129,130],"blossom","toolkit","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblossomthemes-toolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblossomthemes-toolkit.2.2.7.zip",{"attackSurface":134,"codeSignals":173,"taintFlows":218,"riskAssessment":219,"analyzedAt":231},{"hooks":135,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":26,"unprotectedCount":26},[136,141,145,149,154,156,161,165],{"type":137,"name":138,"callback":138,"file":139,"line":140},"action","admin_enqueue_scripts","admin\\includes\\class.settings-api.php",32,{"type":137,"name":142,"callback":142,"file":143,"line":144},"admin_init","admin\\includes\\class.settings.php",25,{"type":137,"name":146,"callback":147,"file":143,"line":148},"admin_menu","sub_menu_page",26,{"type":137,"name":150,"callback":151,"file":152,"line":153},"plugins_loaded","get_instance","pt-wp-discourse-sso.php",39,{"type":137,"name":150,"callback":151,"file":152,"line":155},59,{"type":137,"name":157,"callback":158,"file":159,"line":160},"wpmu_new_blog","activate_new_site","public\\class-pt-wp-discourse-sso.php",68,{"type":137,"name":162,"callback":163,"file":159,"line":164},"init","interceptSSORequest",76,{"type":137,"name":166,"callback":167,"file":159,"line":168},"admin_notices","render_admin_notice",106,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":179,"outputEscaping":181,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":217},[175],{"fn":176,"file":139,"line":177,"context":178},"create_function",97,"$callback = create_function('', 'echo \"'.str_replace('\"', '\\\"', $section['desc']).'\";');",{"prepared":31,"raw":26,"locations":180},[],{"escaped":47,"rawEcho":182,"locations":183},16,[184,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215],{"file":139,"line":185,"context":186},135,"raw output",{"file":139,"line":188,"context":186},147,{"file":139,"line":190,"context":186},163,{"file":139,"line":192,"context":186},178,{"file":139,"line":194,"context":186},194,{"file":139,"line":196,"context":186},206,{"file":139,"line":198,"context":186},214,{"file":139,"line":200,"context":186},224,{"file":139,"line":202,"context":186},227,{"file":139,"line":204,"context":186},241,{"file":139,"line":206,"context":186},253,{"file":139,"line":208,"context":186},265,{"file":139,"line":210,"context":186},330,{"file":139,"line":212,"context":186},342,{"file":159,"line":214,"context":186},117,{"file":159,"line":216,"context":186},118,[],[],{"summary":220,"deductions":221},"The \"pt-wp-discourse-sso\" plugin, version 0.2.3, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas: it has no known CVEs, a clean vulnerability history, and its single SQL query utilizes prepared statements. Furthermore, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. Taint analysis also shows no critical or high severity flows, which is a strong indicator of secure data handling.\n\nHowever, there are notable concerns that temper this positive outlook. The presence of the `create_function` is a significant security anti-pattern, as it can be exploited to execute arbitrary PHP code if not handled with extreme care, and in many contexts, is considered deprecated and insecure. Additionally, the plugin struggles with output escaping, with only 33% of outputs being properly escaped. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, especially if any of the unsanitized outputs are influenced by user input. The complete lack of nonce checks and capability checks, while potentially mitigated by the limited attack surface, is a weakness that could become a serious issue if the plugin's functionality were ever to expand or be integrated differently.\n\nIn conclusion, while the plugin has a clean vulnerability history and a limited attack surface, the use of `create_function` and the poor output escaping are significant weaknesses. These specific issues present real risks that need to be addressed. The lack of broader security checks like nonces and capability checks further contributes to a less robust security posture than ideal, despite the apparent absence of direct exploitability in the current configuration.",[222,224,226,229],{"reason":223,"points":11},"Dangerous function create_function() used",{"reason":225,"points":14},"Only 33% of outputs properly escaped",{"reason":227,"points":228},"0 Nonce checks found",5,{"reason":230,"points":228},"0 Capability checks found","2026-03-16T23:49:27.253Z",{"wat":233,"direct":242},{"assetPaths":234,"generatorPatterns":237,"scriptPaths":238,"versionParams":239},[235,236],"\u002Fwp-content\u002Fplugins\u002Fpt-wp-discourse-sso\u002Fpublic\u002Fcss\u002Fpt-wp-discourse-sso.css","\u002Fwp-content\u002Fplugins\u002Fpt-wp-discourse-sso\u002Fpublic\u002Fjs\u002Fpt-wp-discourse-sso.js",[],[236],[240,241],"pt-wp-discourse-sso\u002Fpublic\u002Fcss\u002Fpt-wp-discourse-sso.css?ver=","pt-wp-discourse-sso\u002Fpublic\u002Fjs\u002Fpt-wp-discourse-sso.js?ver=",{"cssClasses":243,"htmlComments":244,"htmlAttributes":284,"restEndpoints":285,"jsGlobals":286,"shortcodeOutput":288},[],[245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283],"\u003C!-- IF THIS FILE IS CALLED DIRECTLY, ABORT. -->","\u003C!-- SET SOME CONSTANTS -->","\u003C!-- PUBLIC-FACING FUNCTIONALITY -->","\u003C!-- REGISTER HOOKS THAT ARE FIRED WHEN THE PLUGIN IS ACTIVATED OR DEACTIVATED. -->","\u003C!-- WHEN THE PLUGIN IS DELETED, THE UNINSTALL.PHP FILE IS LOADED. -->","\u003C!-- IF YOU WANT TO INCLUDE AJAX WITHIN THE DASHBOARD, CHANGE THE FOLLOWING -->","\u003C!-- CONDITIONAL TO: -->","\u003C!-- THE CODE BELOW IS INTENDED TO TO GIVE THE LIGHTEST FOOTPRINT POSSIBLE. -->","\u003C!-- GENERAL SETTINGS -->","\u003C!-- IMPORTANT: You must fill in the `id` options for each of them -->","\u003C!-- WEBSITES -->","\u003C!-- Fields -->","\u003C!-- Render the title section -->","\u003C!-- Render the description section -->","\u003C!-- Render the input field -->","\u003C!-- Render the text field -->","\u003C!-- Render the textarea -->","\u003C!-- Render the select field -->","\u003C!-- Render the checkbox field -->","\u003C!-- Render the multicheckbox field -->","\u003C!-- Render the radio field -->","\u003C!-- Render the password field -->","\u003C!-- Render the email field -->","\u003C!-- Render the url field -->","\u003C!-- Render the number field -->","\u003C!-- Render the date field -->","\u003C!-- Render the time field -->","\u003C!-- Render the datetime field -->","\u003C!-- Render the color field -->","\u003C!-- Render the image field -->","\u003C!-- Render the file field -->","\u003C!-- Render the rich editor field -->","\u003C!-- Render the editor field -->","\u003C!-- Render the html field -->","\u003C!-- Render the wp_editor field -->","\u003C!-- Render the wp_textarea_editor field -->","\u003C!-- Render the html_attributes field -->","\u003C!-- Render the custom field -->","\u003C!-- Render the plugin settings -->",[],[],[287],"wpdisc_sso_ajax_obj",[]]