[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzOCp5BpyLHbMqNh9rXirJRNxXl1d436x4INSuC5AqdQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":138,"fingerprints":549},"qqworld-passport","QQWorld通行证 \u002F QQWorld Passport","1.2.1","Michael Wang","https:\u002F\u002Fprofiles.wordpress.org\u002Fqqworld\u002F","\u003Cp>QQWorld通行证，支持多种第三方登录，目前支持QQ，微信和微博。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>子付费插件：QQWorld同步器 \u002F QQWorld Synchronizer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>作为QQWorld通行证的扩展插件，将提供各模块的扩展功能。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n        \u003Cstrong>腾讯QQ\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>暂无\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n        \u003Cstrong>微信\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>自动同步Woocommerce收货地址\u003C\u002Fli>\n\u003Cli>微信自定义菜单\u003C\u002Fli>\n\u003Cli>自动登录\u003C\u002Fli>\n\u003Cli>自动同步文章到微信公众号\u003C\u002Fli>\n\u003Cli>对于未关注公众号的用户，自动显示关注链接\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n        \u003Cstrong>腾讯微博\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>暂无\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>购买地址：\u003Ca href=\"http:\u002F\u002Fwww.qqworld.org\u002Fproducts\u002Fqqworld-synchronizer\" rel=\"nofollow ugc\">QQWorld同步器 \u002F QQWorld Synchronizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>联系方式:\u003C\u002Fp>\n\u003Cp>邮箱: admin@qqworld.org\u003C\u002Fp>\n\u003Cp>QQ: 172269588\u003C\u002Fp>\n","QQWorld通行证，支持多种第三方登录，目前支持QQ，微信和微博。尤其是支持多个网站使用同一个微信服务号oauth2登录。",10,10727,94,3,"2020-10-10T01:28:00.000Z","5.5.18","3.5","",[20,21,22],"login","oauth2","qq","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fqqworld-passport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqqworld-passport.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":25,"computed_at":36},"qqworld",8,660,87,30,"2026-04-04T22:03:10.082Z",[38,58,81,104,122],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":26,"num_ratings":26,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"apoyl-qq","[凹凸曼]一键QQ登录","1.9.2","apoyl","https:\u002F\u002Fprofiles.wordpress.org\u002Fapoyl\u002F","\u003Cp>这是一款实现QQ互联一键登录网站，让用户不在繁琐去注册用户，一键实现QQ登录，极大的方便用户登录网站.\u003C\u002Fp>\n\u003Ch3>插件功能\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>支持登录一键QQ登录\u003C\u002Fli>\n\u003Cli>支持自动同步QQ昵称到网站用户名,前提满足wp用户的注册要求\u003C\u002Fli>\n\u003Cli>支持一键QQ登录用户，自定义角色：订阅者，贡献者，作者，编辑，管理员，这个站点没有任何用户角色\u003C\u002Fli>\n\u003Cli>支持绑定记录管理\u003C\u002Fli>\n\u003Cli>支持已登录账号可以绑定QQ\u003C\u002Fli>\n\u003Cli>支持解绑账号\u003C\u002Fli>\n\u003Cli>支持中文名称\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>以上功能部分免费,点击购买付费版：\u003Ca href=\"http:\u002F\u002Fwww.girltm.com\u002F\" rel=\"nofollow ugc\">凹凸曼插件\u003C\u002Fa>\u003Cbr \u002F>\n也可以加开发者QQ：3201361925 email: 3201361925@qq.com\u003C\u002Fp>\n","这是一款实现QQ互联一键登录网站，让用户不在繁琐去注册用户，一键实现QQ登录，极大的方便用户登录网站.",2263,"2026-01-15T07:44:00.000Z","6.9.4","6.0","7.4",[52,53,21,22,54],"%e7%99%bb%e5%bd%95","%e9%80%9a%e8%a1%8c%e8%af%81","qqlogin","http:\u002F\u002Fwww.girltm.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-qq.zip",100,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":57,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":50,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":26,"last_vuln_date":80,"fetched_at":28},"daggerhart-openid-connect-generic","OpenID Connect Generic Client","3.11.3","Jonathan Daggerhart","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaggerhart\u002F","\u003Cp>This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.\u003Cbr \u002F>\nOnce installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”\u003Cbr \u002F>\nbutton on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while\u003Cbr \u002F>\nnew users are created in WordPress database.\u003C\u002Fp>\n\u003Cp>Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.\u003C\u002Fp>\n\u003Cp>Please submit issues to the Github repo: https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic\u003C\u002Fp>\n","A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.",10000,177319,20,"2026-02-13T04:36:00.000Z","6.9.0","5.0",[73,20,21,74,75],"apps","openidconnect","security","https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaggerhart-openid-connect-generic.3.11.3.zip",98,2,"2025-12-17 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":78,"num_ratings":91,"last_updated":92,"tested_up_to":48,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":78,"vuln_count":102,"unpatched_count":26,"last_vuln_date":103,"fetched_at":28},"miniorange-oauth-20-server","WP OAuth Server ( Login with WordPress )","6.1.3","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>WP OAuth Server plugin turns your WordPress site into an OAuth Server, enabling Login with WordPress. It allows you to login into \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-rocket-chat-oauth-client\" rel=\"nofollow ugc\">Rocket Chat\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-invision-community-oauth-client\" rel=\"nofollow ugc\">Invision Community\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-single-sign-on-between-two-wordpress-sites\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fsingle-sign-on-(sso)-for-odoo\" rel=\"nofollow ugc\">Odoo\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-circle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">EasyGenerator\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-salesforce-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Salesforce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fzapier-integration-with-wordpress-oauth-server\" rel=\"nofollow ugc\">Zapier\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-moodle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Moodle WordPress SSO\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-servicenow-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">ServiceNow\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-open-edx-edunext-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Edunext\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-wickr-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Wickr\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-freshworks-freshdesk-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Freshdesk\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-freshworks-freshdesk-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">FreshWorks\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-servicenow-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">ServiceNow\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fshinyproxy-single-sign-on-sso-with-wordpress-as-oauth-server\" rel=\"nofollow ugc\">ShinyProxy\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-knack-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Knack database\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-circle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Circle.so\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-tribe-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Tribe.so\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-tribe-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Tribe\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-mobilize-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Mobilize\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-nextcloud-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Nextcloud SSO\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-church-online-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Church Online\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\">iSpring LMS\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-academy-of-mine-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Academy of Mine\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\">BoardEffect\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ftalentlms-sso-using-wordpress-as-openid-connect-server\" rel=\"nofollow ugc\">TalentLMS\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-single-sign-on-sso-for-laravel-using-wordpress-as-oauth-provider\" rel=\"nofollow ugc\">Laravel\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpowerschool-sis-sso-using-wordpress-as-openid-connect-server\" rel=\"nofollow ugc\">PowerSchool\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpowerschool-sis-sso-using-wordpress-as-openid-connect-server\" rel=\"nofollow ugc\">PowerSchool\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-openid-connect-single-sign-on-sso-into-joomla-using-wordpress\" rel=\"nofollow ugc\">Joomla\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-into-hubspot-using-wordpress\" rel=\"nofollow ugc\">HubSpot SSO\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-single-sign-on-sso-for-shopify-using-wordpress-as-identity-provider\" rel=\"nofollow ugc\">shopify sso integration\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fmerithub-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">MeritHub\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fbookstack-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Bookstack\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpimcore-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Pimcore\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002F360learning-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">360 Learning\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Feventmobi-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">EventMobi\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsynology-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Synology\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fdrupal-wordpress-sso-integration-with-oauth-client-drupal-wordpress-login\" rel=\"nofollow ugc\">Drupal\u003C\u002Fa>, Piano Analytics, Zerotier, and any other OAuth 2.0 compliant applications using WordPress SSO credentials.\u003C\u002Fp>\n\u003Cp>| \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\">WordPress OAuth Server Setup Guides\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-api-documentation\" rel=\"nofollow ugc\">API Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-oauth-server#free-trial-oauth\" rel=\"nofollow ugc\">Demo \u002F Trial\u003C\u002Fa> |\u003C\u002Fp>\n\u003Cp>You can checkout the below video tutorial to know how to setup SSO with your OAuth\u002FOpenID Compliant Applications.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fc6v-SqRhg8o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Basically, the OAuth Server plugin allows users to login into applications that are OAuth 2.0 compliant, facilitating oauth server SSO using their WordPress login credentials. As it’s name suggests, it follows the OAuth 2.0 protocol. Along with that, it also supports OpenID Connect (OIDC), and JWT protocols.\u003C\u002Fp>\n\u003Cp>The primary goal of the OAuth Server plugin is to provide Single Sign-On Login with WordPress, so users do not need to remember a username and password for each application.\u003Cbr \u002F>\nUsing WordPress as OAuth Server, once Single Sign On is enabled, users do not need to store sensitive information to login into different applications.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Discovery URL\u003C\u002Fstrong>\u003Cbr \u002F>\nThe discovery url \u002F well-known endpoint can be used to get metadata about your Identity Server, essential for setting up oauth server SSO. It will return information about the OAuth\u002FOpenID endpoints, issuer URL, supported grant types, supported scopes, key material along with claims in the JSON format. These details can be used by the clients to create an OpenID server request, enhancing the WordPress SSO experience. The well known configuration URL is accessible via \u002F.well-known\u002Fopenid-configuration, in relation to the issuer URL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>JWT Token Verification\u003C\u002Fstrong>\u003Cbr \u002F>\nJWT signing, which ensures the integrity of the tokens used during the WordPress SSO process, supports both symmetric and asymmetric algorithms provided by the OAuth Server. The plugin’s free version supports HS256, while the premium version supports RS256, enhancing security especially in scenarios involving HubSpot SSO and Nextcloud SSO.\u003C\u002Fp>\n\u003Cp>HS256, a symmetric signature algorithm, indicates that the signature is generated and verified using the same secret key. It is supported in the free version of the OAuth Server plugin, which is useful for basic OAuth Server SSO configurations.\u003C\u002Fp>\n\u003Cp>RS256, an asymmetric signature algorithm is different from a symmetric algorithm in that a pair of private and public keys is used to sign and validate the data respectively instead of a single secret key in an oauth server SSO setup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why RSA algorithm should be used?\u003C\u002Fstrong>\u003Cbr \u002F>\nThe use of a public and private key pair makes RS256 more secure in comparison to HS256 where the public key is shared and might be compromised whereas in RS256, even if you do not have the control over your client, your data remains secure as it is signed using a private key. The premium version of the OAuth Server plugin supports the RS256 algorithm.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Postman collection\u003C\u002Fstrong>\u003Cbr \u002F>\nPostman collection JSON is a file that can be used for testing the configuration of OAuth 2.0 flow in the WP OAuth Server plugin without configuring an external OAuth Client by generating the access token and the API call to the resource endpoint subsequently.\u003C\u002Fp>\n\u003Ch4>LIST OF POPULAR OAUTH CLIENTS SUPPORTED\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-rocket-chat-oauth-client\" rel=\"nofollow ugc\"> Rocket.Chat \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-invision-community-oauth-client\" rel=\"nofollow ugc\"> Invision Community (IPB Forum) \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fsingle-sign-on-(sso)-for-odoo\" rel=\"nofollow ugc\"> Odoo \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-single-sign-on-between-two-wordpress-sites\" rel=\"nofollow ugc\"> WordPress SSO into other WordPress Sites \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-circle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> EasyGenerator \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-salesforce-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Salesforce \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fzapier-integration-with-wordpress-oauth-server\" rel=\"nofollow ugc\"> Zapier  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-moodle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Moodle  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-open-edx-edunext-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Edunext  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-wickr-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Wickr  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-freshworks-freshdesk-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Freshdesk  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-freshworks-freshdesk-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> FreshWorks  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-servicenow-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> ServiceNow  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-knack-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Knack database  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-circle-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Circle.so  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-tribe-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Tribe.so  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-mobilize-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Mobilize  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-nextcloud-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Nextcloud  \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\"> iSpring LMS \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-church-online-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Church Online \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-sso-for-academy-of-mine-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\"> Academy of Mine \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\"> BoardEffect \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-single-sign-on-sso-for-laravel-using-wordpress-as-oauth-provider\" rel=\"nofollow ugc\">Laravel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpowerschool-sis-sso-using-wordpress-as-openid-connect-server\" rel=\"nofollow ugc\">PowerSchool\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-openid-connect-single-sign-on-sso-into-joomla-using-wordpress\" rel=\"nofollow ugc\">Joomla\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsingle-sign-on-into-hubspot-using-wordpress\" rel=\"nofollow ugc\">HubSpot\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-single-sign-on-sso-for-shopify-using-wordpress-as-identity-provider\" rel=\"nofollow ugc\">Shopify\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fmerithub-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">MeritHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fbookstack-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Bookstack\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpimcore-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Pimcore\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002F360learning-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">360 Learning\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Feventmobi-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">EventMobi\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsynology-sso-using-wordpress-as-oauth-server\" rel=\"nofollow ugc\">Synology\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fdrupal-wordpress-sso-integration-with-oauth-client-drupal-wordpress-login\" rel=\"nofollow ugc\">Drupal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Piano Analytics\u003C\u002Fli>\n\u003Cli>Zerotier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WORDPRESS OAUTH \u002F OPENID CONNECT SERVER USE CASES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you want to use your WordPress site as an Identity Server \u002F OAuth Server \u002F OAuth Provider and utilize Login with WordPress to access your client site\u002Fapplication with WordPress user’s login credentials, then you can use this plugin. You can also decide what kind of user data\u002Fattributes you want to send while Single Sign-On into your client site\u002Fapplication, including Moodle WordPress SSO and Nextcloud SSO functionalities.\u003C\u002Fli>\n\u003Cli>If you want to login to your Mobile app \u002F Single Page web app (SPA) using your WordPress credentials, then you can use the Authorization code with PKCE flow grant type to achieve your use case.\u003C\u002Fli>\n\u003Cli>Single set of credentials will be used to login to multiple WordPress websites.\u003C\u002Fli>\n\u003Cli>You can access the NGINX resources using NGINX Authentication. Once you login into your client application using WP OAuth Server credentials, you will get JWT. Your client application can further use it for NGINX Authentication. \u003C\u002Fli>\n\u003Cli>Membership sync or role mapping is used to sync the memberships or roles assigned to your users from OAuth Server to OAuth\u002FOpenID Client.\u003C\u002Fli>\n\u003Cli>Custom Attribute Mapping is helpful if you want to send additional attributes (beyond the default ones) from your WordPress \u003Cem>usermeta\u003C\u002Fem> table to your OAuth\u002FOpenID client using Login with WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WORDPRESS OAUTH \u002F OPENID CONNECT SERVER FREE VERSION FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Supports Login with WordPress for \u003Cstrong>Single Client\u003C\u002Fstrong> application\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protocol Support:\u003C\u002Fstrong> OAuth 2.0, OpenID Connect (OIDC)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discovery document\u003C\u002Fstrong> \u002F well-known endpoint for automatic configuration\u003C\u002Fli>\n\u003Cli>JWT signing using \u003Cstrong>HS256\u003C\u002Fstrong> or \u003Cstrong>RS256\u003C\u002Fstrong> algorithm (\u003Cstrong>Note\u003C\u002Fstrong>: In RS256 algorithm, the keys will be common for all the free version installations)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Postman collection\u003C\u002Fstrong> for testing OAuth 2.0 flow without actually configuring the client application\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Response:\u003C\u002Fstrong> Sends User ID, username, email, first name, last name, display name in the response\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Grant types Supported:\u003C\u002Fstrong> Authorization Code grant\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Site Support:\u003C\u002Fstrong> Implement the WordPress as OAuth Server within a WordPress Multisite network environment to Login with WordPress users into configured applications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Master Switch:\u003C\u002Fstrong> Block \u002F unblock OAuth API calls between OAuth Clients and OAuth Server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Length:\u003C\u002Fstrong> Change the access token length\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Foauth-api-documentation\" rel=\"nofollow ugc\"> OAuth API Documentation \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-oauth-server\" rel=\"nofollow ugc\"> Setup guides \u003C\u002Fa> to configure the plugin with various OAuth Clients (more coming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WORDPRESS OAUTH \u002F OPENID CONNECT SERVER PREMIUM VERSION FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All FREE version features\u003C\u002Fli>\n\u003Cli>Supports Login with WordPress for \u003Cstrong>Multiple Client\u003C\u002Fstrong> applications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Response:\u003C\u002Fstrong> Sends all the profile attributes along with roles, allows to send custom attributes from usermeta table and also customize the attribute names that need to be sent in server response\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Grant Types Supported:\u003C\u002Fstrong> Authorization Code Grant, Implicit Grant, Password Grant, Client Credentials Grant, Refresh Token Grant, Authorization Code grant with PKCE flow\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Lifetime:\u003C\u002Fstrong> Configure the access token and refresh token expiry time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enforce State Parameter:\u003C\u002Fstrong> Based on client configuration, you can enable or disable state parameter\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authorize \u002F Consent prompt:\u003C\u002Fstrong> Enable \u002F disable the consent screen\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect \u002F Callback URI Validation:\u003C\u002Fstrong> Enable \u002F disable this feature, based on dynamic redirect to a different pages for certain conditions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Signing Algorithm:\u003C\u002Fstrong> Supports signing algorithms HSA and RSA (with dynamic keys for each client setup)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional endpoints:\u003C\u002Fstrong> Provides Introspection endpoint, OpenID Connect Single logout endpoint, Revoke endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience you want for your users.\u003C\u002Fp>\n\u003Ch4>WE SUPPORT FOLLOWING GRANTS:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authorization code grant\u003C\u002Fstrong> : This code grant is used when there is a need to access the protected resources on behalf of the user on another third party application.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Implicit grant\u003C\u002Fstrong> : This grant relies on resource owner and registration of redirect uri. In authorization code grant users need to ask for authorization and access token each time, but here access token is granted for a particular redirect uri provided by a client using a particular browser.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client credential grant\u003C\u002Fstrong> : This grant type heads towards specific clients, where access token is obtained by client by only providing client credentials. This grant type is quite confidential.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource owner password credentials grant\u003C\u002Fstrong> : This type of grant is used where the resource owner has a trust relationship with the client. Just by using username and password, provided by resource owner authorization and authentication can be achieved.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Refresh token grant\u003C\u002Fstrong> : Access tokens obtained in OAuth flow eventually expire. In this grant type client can refresh his or her access token.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authorization code grant with PKCE flow\u003C\u002Fstrong> : This grant type is used for public clients like mobile and native apps, Single Page web apps, where there is a risk of client secret being compromised.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API AUTHENTICATION\u003C\u002Fh4>\n\u003Cp>Rest API is very much open to interact. Creating posts, getting information of users and much more is readily available.\u003Cbr \u002F>\nIt secures unauthorized access to your WordPress sites\u002Fpages using our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-rest-api-authentication\u002F\" rel=\"ugc\"> WordPress REST API Authentication plugin \u003C\u002Fa>.\u003C\u002Fp>\n","Single Sign-On using WordPress - Login with WordPress to your application\u002Fsites using your WordPress account. [24\u002F7 Support]",900,50872,40,"2026-01-30T04:47:00.000Z","4.8","5.6",[96,97,21,98,99],"oauth-provider","oauth-server","openid","wordpress-login","https:\u002F\u002Fwww.miniorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fminiorange-oauth-20-server.6.1.3.zip",1,"2022-08-02 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":68,"downloaded":112,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":113,"requires_at_least":114,"requires_php":94,"tags":115,"homepage":119,"download_link":120,"security_score":57,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":121},"lana-sso","Lana Single Sign On","1.2.0","Lana Codes","https:\u002F\u002Fprofiles.wordpress.org\u002Flanacodes\u002F","\u003Cp>Lana Single Sign On is an OAuth 2.0 client, which was primarily created for the Lana Passport OAuth 2.0 server plugin.\u003C\u002Fp>\n\u003Ch4>Lana Codes\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-sso\u002F\" rel=\"nofollow ugc\">Lana Single Sign On\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flana.solutions\u002Fdocumentation\u002Flana-sso\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-passport\u002F\" rel=\"nofollow ugc\">Lana Passport\u003C\u002Fa>\u003C\u002Fp>\n","Creates the ability to login using Single Sign On via OAuth 2.0",1440,"6.6.5","4.0",[20,116,21,117,118],"oauth-2-0","single-sign-on","sso","https:\u002F\u002Flana.codes\u002Fproduct\u002Flana-sso\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flana-sso.1.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":11,"downloaded":130,"rating":131,"num_ratings":79,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":50,"tags":135,"homepage":136,"download_link":137,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"hello-login","Hellō Login","1.5.4","Marius Scurtescu","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarius1hello\u002F","\u003Cp>Provide your users registration and login using their choice of popular social login, email, or phone. No need for you to configure your application at each provider or pay for a premium plugin.\u003C\u002Fp>\n\u003Cp>Hellō Login verifies your users’ email addresses so you don’t have to. No longer do they have to manage another username and password to use your site.\u003C\u002Fp>\n\u003Cp>Hellō is a cloud identity wallet cooperatively operated with a mission to empower users to control their identity. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.hello.coop\u002F\" rel=\"nofollow ugc\">hello.coop\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hellō Login installs with Hellō Quickstart to get you up and running in 7 clicks.\u003C\u002Fli>\n\u003Cli>Users manage how they login at \u003Ca href=\"https:\u002F\u002Fwallet.hello.coop\" rel=\"nofollow ugc\">wallet.hello.coop\u003C\u002Fa>. No need for you to manage how they login or help them recover their account.\u003C\u002Fli>\n\u003Cli>Hellō Login uses the Hellō service, which provides login and verified email for free. See \u003Ca href=\"https:\u002F\u002Fwww.hello.dev\u002Fpricing\u002F\" rel=\"nofollow ugc\">hello.dev\u002Fpricing\u003C\u002Fa> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Documentation, configuration, and settings can be found in Settings >  Hellō Login\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=kCWY3viT368\" rel=\"nofollow ugc\">Watch a video\u003C\u002Fa> showing installation and key features, and how Hellō Login relates to popular alternatives.\u003C\u002Fp>\n","Free and simple to setup plugin provides registration and login with the Hellō Wallet. Users choose from popular social login, email, or phone.",2179,60,"2023-11-14T00:01:00.000Z","6.4.8","4.9",[73,20,21,74,75],"https:\u002F\u002Fgithub.com\u002Fhellocoop\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-login.1.5.4.zip",{"attackSurface":139,"codeSignals":282,"taintFlows":506,"riskAssessment":533,"analyzedAt":548},{"hooks":140,"ajaxHandlers":278,"restRoutes":279,"shortcodes":280,"cronEvents":281,"entryPointCount":26,"unprotectedCount":26},[141,146,150,154,157,158,160,164,166,167,168,169,171,172,173,174,176,177,178,180,181,182,183,185,186,187,189,190,191,192,195,197,199,201,203,204,205,206,208,209,210,211,216,218,221,224,228,231,235,238,241,244,248,252,255,259,262,265,269,272,275],{"type":142,"name":143,"callback":143,"file":144,"line":145},"action","admin_menu","modules\\alipay\\init.php",16,{"type":142,"name":147,"callback":148,"file":144,"line":149},"qqworld_passport_login_form_buttons","login_form_button",18,{"type":142,"name":151,"callback":152,"file":144,"line":153},"qqworld_passport_social_media_account_profile_form","profile_form",19,{"type":142,"name":143,"callback":143,"file":155,"line":156},"modules\\baidu\\init.php",14,{"type":142,"name":147,"callback":148,"file":155,"line":145},{"type":142,"name":151,"callback":152,"file":155,"line":159},17,{"type":161,"name":162,"callback":163,"priority":11,"file":155,"line":68},"filter","qqworld-passport-openids","openids",{"type":142,"name":143,"callback":143,"file":165,"line":156},"modules\\facebook\\init.php",{"type":142,"name":147,"callback":148,"file":165,"line":145},{"type":142,"name":151,"callback":152,"file":165,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":165,"line":68},{"type":142,"name":143,"callback":143,"file":170,"line":156},"modules\\google\\init.php",{"type":142,"name":147,"callback":148,"file":170,"line":145},{"type":142,"name":151,"callback":152,"file":170,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":170,"line":68},{"type":142,"name":143,"callback":143,"file":175,"line":156},"modules\\line\\init.php",{"type":142,"name":147,"callback":148,"file":175,"line":145},{"type":142,"name":151,"callback":152,"file":175,"line":159},{"type":142,"name":143,"callback":143,"file":179,"line":156},"modules\\qq\\init.php",{"type":142,"name":147,"callback":148,"file":179,"line":145},{"type":142,"name":151,"callback":152,"file":179,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":179,"line":68},{"type":142,"name":143,"callback":143,"file":184,"line":156},"modules\\taobao\\init.php",{"type":142,"name":147,"callback":148,"file":184,"line":145},{"type":142,"name":151,"callback":152,"file":184,"line":159},{"type":142,"name":143,"callback":143,"file":188,"line":156},"modules\\twitter\\init.php",{"type":142,"name":147,"callback":148,"file":188,"line":145},{"type":142,"name":151,"callback":152,"file":188,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":188,"line":68},{"type":142,"name":143,"callback":143,"file":193,"line":194},"modules\\wechat\\init.php",106,{"type":142,"name":147,"callback":148,"file":193,"line":196},108,{"type":142,"name":151,"callback":152,"file":193,"line":198},109,{"type":161,"name":162,"callback":163,"priority":11,"file":193,"line":200},112,{"type":142,"name":143,"callback":143,"file":202,"line":156},"modules\\weibo\\init.php",{"type":142,"name":147,"callback":148,"file":202,"line":145},{"type":142,"name":151,"callback":152,"file":202,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":202,"line":68},{"type":142,"name":143,"callback":143,"file":207,"line":156},"modules\\xiaomi\\init.php",{"type":142,"name":147,"callback":148,"file":207,"line":145},{"type":142,"name":151,"callback":152,"file":207,"line":159},{"type":161,"name":162,"callback":163,"priority":11,"file":207,"line":68},{"type":142,"name":212,"callback":213,"file":214,"line":215},"plugins_loaded","load_language","qqworld-passport.php",55,{"type":142,"name":143,"callback":143,"file":214,"line":217},56,{"type":161,"name":219,"callback":219,"priority":11,"file":214,"line":220},"plugin_action_links",57,{"type":142,"name":222,"callback":222,"file":214,"line":223},"admin_enqueue_scripts",58,{"type":142,"name":225,"callback":226,"file":214,"line":227},"admin_init","register_settings",59,{"type":142,"name":212,"callback":229,"file":214,"line":230},"load_modules",61,{"type":142,"name":232,"callback":233,"file":214,"line":234},"um_after_form","call_passport",64,{"type":142,"name":236,"callback":233,"file":214,"line":237},"login_form",65,{"type":142,"name":239,"callback":233,"file":214,"line":240},"woocommerce_login_form_end",66,{"type":161,"name":242,"callback":242,"priority":11,"file":214,"line":243},"login_form_middle",67,{"type":142,"name":245,"callback":246,"file":214,"line":247},"rest_api_init","register_oauth2_quest",68,{"type":142,"name":249,"callback":250,"file":214,"line":251},"after_setup_theme","set_session_start",69,{"type":161,"name":253,"callback":253,"file":214,"line":254},"get_avatar",70,{"type":142,"name":256,"callback":257,"file":214,"line":258},"show_user_profile","call_binding_social_media_account",72,{"type":161,"name":260,"callback":260,"file":214,"line":261},"manage_users_columns",75,{"type":161,"name":263,"callback":263,"priority":11,"file":214,"line":264},"manage_users_custom_column",76,{"type":142,"name":266,"callback":267,"file":214,"line":268},"qqworld_passport_additional_form_settings","advertisement_qqworld_synchronizer",78,{"type":142,"name":266,"callback":270,"file":214,"line":271},"advertisement_qqworld_mobile",79,{"type":142,"name":4,"callback":273,"file":214,"line":274},"passport",81,{"type":142,"name":276,"callback":276,"file":214,"line":277},"binding_social_media_account",82,[],[],[],[],{"dangerousFunctions":283,"sqlUsage":284,"outputEscaping":289,"fileOperations":504,"externalRequests":102,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":505},[],{"prepared":26,"raw":102,"locations":285},[286],{"file":214,"line":287,"context":288},218,"$wpdb->get_results() with variable interpolation",{"escaped":290,"rawEcho":291,"locations":292},4,140,[293,295,297,299,300,302,304,305,306,308,310,311,312,314,315,317,318,319,321,323,325,326,327,329,330,332,333,334,336,338,340,341,342,344,345,347,348,349,350,352,354,355,356,357,359,361,362,363,365,367,368,369,371,373,375,377,379,381,382,383,384,386,387,388,390,392,394,395,396,397,398,399,400,401,402,403,404,405,407,408,410,411,412,414,416,418,420,422,424,426,428,430,432,434,435,436,438,440,442,444,446,448,449,450,452,453,454,455,456,458,460,461,462,463,464,465,466,467,468,469,470,472,474,476,478,479,480,482,484,486,488,490,492,494,495,497,499,501,502,503],{"file":144,"line":230,"context":294},"raw output",{"file":144,"line":296,"context":294},62,{"file":144,"line":298,"context":294},63,{"file":144,"line":234,"context":294},{"file":144,"line":301,"context":294},200,{"file":144,"line":303,"context":294},220,{"file":144,"line":303,"context":294},{"file":144,"line":303,"context":294},{"file":144,"line":307,"context":294},232,{"file":144,"line":309,"context":294},241,{"file":155,"line":131,"context":294},{"file":155,"line":234,"context":294},{"file":155,"line":313,"context":294},206,{"file":155,"line":313,"context":294},{"file":155,"line":316,"context":294},226,{"file":155,"line":316,"context":294},{"file":155,"line":316,"context":294},{"file":155,"line":320,"context":294},238,{"file":155,"line":322,"context":294},247,{"file":155,"line":324,"context":294},256,{"file":165,"line":131,"context":294},{"file":165,"line":234,"context":294},{"file":165,"line":328,"context":294},187,{"file":165,"line":328,"context":294},{"file":165,"line":331,"context":294},207,{"file":165,"line":331,"context":294},{"file":165,"line":331,"context":294},{"file":165,"line":335,"context":294},219,{"file":165,"line":337,"context":294},228,{"file":165,"line":339,"context":294},237,{"file":170,"line":131,"context":294},{"file":170,"line":234,"context":294},{"file":170,"line":343,"context":294},205,{"file":170,"line":343,"context":294},{"file":170,"line":346,"context":294},225,{"file":170,"line":346,"context":294},{"file":170,"line":346,"context":294},{"file":170,"line":339,"context":294},{"file":170,"line":351,"context":294},246,{"file":170,"line":353,"context":294},255,{"file":175,"line":217,"context":294},{"file":175,"line":220,"context":294},{"file":175,"line":223,"context":294},{"file":175,"line":358,"context":294},150,{"file":175,"line":360,"context":294},170,{"file":175,"line":360,"context":294},{"file":175,"line":360,"context":294},{"file":175,"line":364,"context":294},182,{"file":175,"line":366,"context":294},191,{"file":179,"line":223,"context":294},{"file":179,"line":296,"context":294},{"file":179,"line":370,"context":294},127,{"file":179,"line":372,"context":294},128,{"file":179,"line":374,"context":294},144,{"file":179,"line":376,"context":294},145,{"file":179,"line":378,"context":294},162,{"file":179,"line":380,"context":294},163,{"file":179,"line":343,"context":294},{"file":179,"line":313,"context":294},{"file":179,"line":324,"context":294},{"file":179,"line":385,"context":294},276,{"file":179,"line":385,"context":294},{"file":179,"line":385,"context":294},{"file":179,"line":389,"context":294},288,{"file":179,"line":391,"context":294},297,{"file":179,"line":393,"context":294},306,{"file":184,"line":217,"context":294},{"file":184,"line":220,"context":294},{"file":184,"line":223,"context":294},{"file":184,"line":358,"context":294},{"file":184,"line":360,"context":294},{"file":184,"line":360,"context":294},{"file":184,"line":360,"context":294},{"file":184,"line":364,"context":294},{"file":184,"line":366,"context":294},{"file":188,"line":131,"context":294},{"file":188,"line":234,"context":294},{"file":188,"line":406,"context":294},240,{"file":188,"line":406,"context":294},{"file":188,"line":409,"context":294},260,{"file":188,"line":409,"context":294},{"file":188,"line":409,"context":294},{"file":188,"line":413,"context":294},272,{"file":188,"line":415,"context":294},281,{"file":188,"line":417,"context":294},290,{"file":193,"line":419,"context":294},165,{"file":193,"line":421,"context":294},167,{"file":193,"line":423,"context":294},172,{"file":193,"line":425,"context":294},277,{"file":193,"line":427,"context":294},280,{"file":193,"line":429,"context":294},308,{"file":193,"line":431,"context":294},312,{"file":193,"line":433,"context":294},331,{"file":193,"line":433,"context":294},{"file":193,"line":433,"context":294},{"file":193,"line":437,"context":294},356,{"file":193,"line":439,"context":294},365,{"file":193,"line":441,"context":294},374,{"file":193,"line":443,"context":294},383,{"file":193,"line":445,"context":294},410,{"file":193,"line":447,"context":294},419,{"file":202,"line":215,"context":294},{"file":202,"line":227,"context":294},{"file":202,"line":451,"context":294},208,{"file":202,"line":337,"context":294},{"file":202,"line":337,"context":294},{"file":202,"line":337,"context":294},{"file":202,"line":406,"context":294},{"file":202,"line":457,"context":294},249,{"file":202,"line":459,"context":294},258,{"file":207,"line":131,"context":294},{"file":207,"line":234,"context":294},{"file":207,"line":343,"context":294},{"file":207,"line":343,"context":294},{"file":207,"line":346,"context":294},{"file":207,"line":346,"context":294},{"file":207,"line":346,"context":294},{"file":207,"line":339,"context":294},{"file":207,"line":351,"context":294},{"file":207,"line":353,"context":294},{"file":214,"line":471,"context":294},534,{"file":214,"line":473,"context":294},536,{"file":214,"line":475,"context":294},537,{"file":214,"line":477,"context":294},542,{"file":214,"line":477,"context":294},{"file":214,"line":477,"context":294},{"file":214,"line":481,"context":294},544,{"file":214,"line":483,"context":294},547,{"file":214,"line":485,"context":294},550,{"file":214,"line":487,"context":294},551,{"file":214,"line":489,"context":294},554,{"file":214,"line":491,"context":294},581,{"file":214,"line":493,"context":294},716,{"file":214,"line":493,"context":294},{"file":214,"line":496,"context":294},718,{"file":214,"line":498,"context":294},719,{"file":214,"line":500,"context":294},722,{"file":214,"line":500,"context":294},{"file":214,"line":500,"context":294},{"file":214,"line":500,"context":294},5,[],[507,524],{"entryPoint":508,"graph":509,"unsanitizedCount":102,"severity":523},"profile_form (modules\\alipay\\init.php:40)",{"nodes":510,"edges":520},[511,515],{"id":512,"type":513,"label":514,"file":144,"line":296},"n0","source","$_SERVER['REMOTE_ADDR']",{"id":516,"type":517,"label":518,"file":144,"line":296,"wp_function":519},"n1","sink","echo() [XSS]","echo",[521],{"from":512,"to":516,"sanitized":522},false,"medium",{"entryPoint":525,"graph":526,"unsanitizedCount":102,"severity":532},"\u003Cinit> (modules\\alipay\\init.php:0)",{"nodes":527,"edges":530},[528,529],{"id":512,"type":513,"label":514,"file":144,"line":296},{"id":516,"type":517,"label":518,"file":144,"line":296,"wp_function":519},[531],{"from":512,"to":516,"sanitized":522},"low",{"summary":534,"deductions":535},"The \"qqworld-passport\" plugin, version 1.2.1, exhibits a mixed security posture. On the surface, the plugin presents a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there are no reported historical vulnerabilities (CVEs) associated with this plugin, which is generally a positive indicator. However, the static analysis reveals significant underlying code quality concerns that overshadow the apparent lack of external entry points.\n\nThe plugin's code signals are alarming. A single SQL query is present, and it is not using prepared statements, posing a risk of SQL injection if user-controlled data is incorporated into this query. More critically, only 3% of the 144 output operations are properly escaped, indicating a widespread Cross-Site Scripting (XSS) vulnerability risk across multiple output points. The taint analysis identified two flows with unsanitized paths, further reinforcing the XSS concerns. The complete absence of nonce and capability checks on any identified entry points (even if the count is zero) means that if any were to be introduced or discovered in the future, they would be inherently insecure.\n\nWhile the lack of historical vulnerabilities is good, it could also simply mean the plugin hasn't been extensively audited or exploited yet. The significant number of unescaped outputs and the raw SQL query represent substantial, readily exploitable weaknesses that require immediate attention. The absence of any detected entry points does not negate the risks posed by the insecure coding practices within the plugin itself.",[536,538,541,544,546],{"reason":537,"points":32},"Raw SQL queries without prepared statements",{"reason":539,"points":540},"Low percentage of properly escaped output",15,{"reason":542,"points":543},"Taint flows with unsanitized paths",12,{"reason":545,"points":11},"No nonce checks detected",{"reason":547,"points":11},"No capability checks detected","2026-03-16T23:41:33.338Z",{"wat":550,"direct":563},{"assetPaths":551,"generatorPatterns":556,"scriptPaths":557,"versionParams":558},[552,553,554,555],"\u002Fwp-content\u002Fplugins\u002Fqqworld-passport\u002Fasset\u002Fcss\u002Fqqworld-passport.css","\u002Fwp-content\u002Fplugins\u002Fqqworld-passport\u002Fasset\u002Fjs\u002Fqqworld-passport.js","\u002Fwp-content\u002Fplugins\u002Fqqworld-passport\u002Fasset\u002Fjs\u002Fwxshare.js","\u002Fwp-content\u002Fplugins\u002Fqqworld-passport\u002Fasset\u002Fjs\u002Fqqlogin.js",[],[553,554,555],[559,560,561,562],"qqworld-passport\u002Fasset\u002Fcss\u002Fqqworld-passport.css?ver=","qqworld-passport\u002Fasset\u002Fjs\u002Fqqworld-passport.js?ver=","qqworld-passport\u002Fasset\u002Fjs\u002Fwxshare.js?ver=","qqworld-passport\u002Fasset\u002Fjs\u002Fqqlogin.js?ver=",{"cssClasses":564,"htmlComments":566,"htmlAttributes":570,"restEndpoints":579,"jsGlobals":581,"shortcodeOutput":584},[565],"qqworld-passport-login-error",[567,568,569],"\u003C!-- QQWorld Passport for Wordpress, Many Oauth 2.0 log in methods. -->","\u003C!-- QQWorld Synchronizer is a component for QQWorld Passport. -->","\u003C!-- QQWorld Mobile is a component for QQWorld Passport, The featured such as Phone Nubmber Register and Sms Group Sends. -->",[571,572,573,574,575,576,577,578],"id=\"qqworld-synchronizer-container\"","id=\"qqworld-mobile-container\"","class=\"extension commercial\"","class=\"attr pay\"","class=\"extension-image\"","class=\"extension-label\"","class=\"extension-description\"","class=\"activate inactive\"",[580],"\u002Fwp-json\u002Fqqworld-passport\u002Fv1\u002Foauth2",[582,583],"qqworld_passport_login_error","qqworld_passport_redirect",[]]