[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-VQSIgX___4cLKWq22KhV04xOGmB5tVMGjmDQoh5pH0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":116,"fingerprints":169},"qr-user-login","QR User Login","1.0.0","acasado","https:\u002F\u002Fprofiles.wordpress.org\u002Facasado\u002F","\u003Cp>Allow users to login using a link (or QR code). This plugin can be used for create custom event invitation, for example: wedding, etc.\u003C\u002Fp>\n","Allow users to login using a link (or QR code). This plugin can be used for create custom event invitation, for example: wedding, etc.",10,1993,100,2,"2016-11-11T10:19:00.000Z","4.6.30","4.6","",[20,21],"login","qr","https:\u002F\u002Fgithub.com\u002Facasado86\u002Fqr-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-user-login.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T15:26:00.813Z",[35,52,73,85,103],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":13,"downloaded":43,"rating":13,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":18,"download_link":51,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"sqrl-login","SQRL Login","2.1.0","kalaspuffar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkalaspuffar\u002F","\u003Cp>SQRL can be used to log in to a site in a secure manner without giving away any personal information. This plugin enables that functionallity.\u003C\u002Fp>\n\u003Cp>Instead of using a username, email and a password, SQRL uses an app to login to SQRL-aware websites.\u003C\u002Fp>\n\u003Cp>When SQRL logs you into a website, your identity is a long code that looks like this: E6Qs2gX7W-Pwi9Y3KAmbkuYjLSWXCtKyBcymWloHAuo.\u003C\u002Fp>\n\u003Cp>Your SQRL identity is a different long code for every website you login to, but it is always the same code when you return to a site you visited before. This means that websites never know who you are, but they do know when you return.\u003C\u002Fp>\n\u003Cp>You may choose to remain anonymous to a website, such as when you post a response to someone’s blog. SQRL never identifies you by anything other than that long code.\u003C\u002Fp>\n\u003Cp>In other cases you will want to be known, like when you use SQRL to login as you at Amazon, Facebook, Netflix, or your bank. In those cases, you would inform Amazon that that particular code is actually you. SQRL lets you do that.\u003C\u002Fp>\n\u003Cp>Special thanks to:\u003C\u002Fp>\n\u003Cp>@davidshimjs (Sangmin, Shim) for writing a great javascript library for QRCode creation. (https:\u002F\u002Fgithub.com\u002Fdavidshimjs\u002Fqrcodejs)\u003Cbr \u002F>\n@jaredatch (Jared Atchison) for writing a plugin for disabling users that I took inspiration from. (https:\u002F\u002Fgithub.com\u002Fjaredatch\u002FDisable-Users)\u003C\u002Fp>\n","Secure Quick Reliable Login, this plugin will enable logging in using SQRL clients.",3907,9,"2022-03-03T20:18:00.000Z","5.9.13","5.2.2","7.2",[20,50],"sqrl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsqrl-login.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":13,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":17,"requires_php":18,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":30,"unpatched_count":30,"last_vuln_date":72,"fetched_at":27},"ider-login","IDer Login for WordPress","2.1","ider","https:\u002F\u002Fprofiles.wordpress.org\u002Fider\u002F","\u003Cp>With this plugin you can provide login and registration process using the IDer Service.\u003Cbr \u002F>\nAn additional “Login with IDer” button will appears along the regular one.\u003C\u002Fp>\n\u003Cp>How it works?\u003Cbr \u002F>\n1. First of all you need to create a profile in the \u003Ca href=\"http:\u002F\u002Fider.com\u002F\" title=\"IDer website\" rel=\"nofollow ugc\">IDer\u003C\u002Fa> website\u003Cbr \u002F>\n2. Clicking the button a redirect to the IDer server will display a QR Code\u003Cbr \u002F>\n3. To scan it you need to download the free IDer App from the App Store or Google Play depending which cell phone you own.\u003Cbr \u002F>\n   Or just scan the QR code with any QR Code reader and you will be redirect to the download page.\u003Cbr \u002F>\n   Provide few infos and you are ready to scan the QR code\u003Cbr \u002F>\n4. After that the IDer App will prompt you for the missing data required to complete the login\u002Fregistration process.\u003Cbr \u002F>\n   Confirming the data your browser will automatically log you in and show you which info the website saved.\u003C\u002Fp>\n","This plugin provides functionality to register and connect to your WordPress via IDer Service.",90,1929,3,"2024-06-03T02:43:00.000Z","6.5.8",[56,20,66,67,68],"openid","qrcode","sso","https:\u002F\u002Fwww.ider.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fider-login.2.1.zip",71,"2024-12-13 16:01:56",{"slug":74,"name":75,"version":6,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":81,"num_ratings":30,"last_updated":82,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":18,"download_link":84,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"login-with-qr","Login with QR","dessainsaraiva","https:\u002F\u002Fprofiles.wordpress.org\u002Fdessainsaraiva\u002F","\u003Cp>Make your users login via link or QR code.\u003Cbr \u002F>\nAttention: anyone who has the login link will be able to login as the user.\u003C\u002Fp>\n\u003Cp>Background picture from; https:\u002F\u002Fpixabay.com\u002Fen\u002Fqr-code-quick-response-code-scanning-1903447\u002F\u003C\u002Fp>\n","Make your users login via link or QR code.",1735,60,"2017-04-30T11:45:00.000Z",[20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-qr.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":25,"num_ratings":25,"last_updated":18,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":100,"download_link":101,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":102},"qr-code-login-admin","QR Code Login Admin","1.0.2","Roberto Bottalico","https:\u002F\u002Fprofiles.wordpress.org\u002F4wpbari\u002F","\u003Cp>Permette l’accesso al tuo sito web senza inserire username e password, generando semplicemente un qr-code. Abilitato solo per gli amministratori.\u003C\u002Fp>\n\u003Ch3>Descrizione\u003C\u002Fh3>\n\u003Cp>QR Code Login Admin è un semplice ma utilissimo plugin che permette di poter far accedere al pannello di amministrazione del tuo sito wordpress direttamente scansionando il qr-code.\u003C\u002Fp>\n\u003Ch4>Che cosa permette di fare?\u003C\u002Fh4>\n\u003Cp>Consente agli amministratori di generare automaticamente il qr code per il proprio accesso. Di default, la scadenza del qr code è impostato ad un giorno (1 giorno)\u003C\u002Fp>\n\u003Cp>L’amministratore può impostare la scadenza del collegamento dalle “Impostazioni” generali di WordPress. Questa impostazione consente di impostare il tempo di scadenza fino a un massimo di 365 giorni (1 anno).\u003Cbr \u002F>\nUna volta raggiunto il tempo di scadenza preimpostato, il collegamento diventa inattivo e scade da solo e l’admin non potrà utilizzare nuovamente lo stesso qr code di accesso.\u003C\u002Fp>\n\u003Cp>Chiunque disponga del collegamento di accesso avrà diritto ad accedere all’account fino alla scadenza del qr code.\u003C\u002Fp>\n\u003Cp>Puoi accedere tramite qrcode tramite il tuo smartphone (se abilitato in fotocamera) , oppure installando applicazioni terze che permettono la lettura\u003Cbr \u002F>\nPuoi accedere anche tramite pistola ottica qrcode usb\u003C\u002Fp>\n\u003Cp>Newsss! Se avete necessità di offrire la scansione via web del qrcode, evitando di installare app di terze parti in quanto non si dispone della funzionalità in fotocamera\u003Cbr \u002F>\ndel qrcode, abbiamo rilasciato un plugin che permette di effettuare scansioni tramite la pagina web.\u003Cbr \u002F>\nBasta semplicemente applicare lo shortcode su una vostra pagina e potete offrire un lettore di qrcode istantaneo\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fqr-code-and-barcode-scanner-reader\u002F\" rel=\"ugc\">Qui il link del repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Installazione\u003C\u002Fh3>\n\u003Cp>Puoi caricare il file zip da Plugin\u002FAggiungi Nuovo, dal pannello di amministrazione del tuo wordpress\u003Cbr \u002F>\noppure\u003Cbr \u002F>\nEstrai il file zip e rilascia il contenuto nella directory wp-content \u002F plugins \u002F della tua installazione di WordPress, quindi attiva la pagina Plugin da Plugins.\u003C\u002Fp>\n","Permette l'accesso al tuo sito web senza inserire username e password, generando semplicemente un qr-code. Abilitato solo per gli amministratori.",1207,"5.7.15","4.4","5.6",[98,99],"autologin","qr-code","https:\u002F\u002Fwww.4wp.it\u002Fqr-code-login-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-code-login-admin.1.0.2.zip","2026-03-15T10:48:56.248Z",{"slug":104,"name":105,"version":106,"author":104,"author_profile":107,"description":108,"short_description":109,"active_installs":11,"downloaded":110,"rating":25,"num_ratings":25,"last_updated":111,"tested_up_to":112,"requires_at_least":17,"requires_php":113,"tags":114,"homepage":18,"download_link":115,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"qrlogin","qrLogin","1.3.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fqrlogin\u002F","\u003Cp>qrLogin is an authentication system based on the reading of the qr code by the mobile phone and the transfer of authentication data via the http\u002Fhttps protocol to the application or to a web resource.\u003C\u002Fp>\n\u003Cp>The mobile application qrLogin by reading of a specially generated qr-code allows:\u003C\u002Fp>\n\u003Cp>To authenticate on a web resource or in an application;\u003Cbr \u002F>\nTo subtract and save account data;\u003Cbr \u002F>\nTo subtract the credentials of the new account, generate a password or key and send these data to the server to complete the registration of this account.\u003Cbr \u002F>\nqrLogin is the unique thing you need to enter the web page.\u003C\u002Fp>\n\u003Cp>To log in to the web resource, run qrLogin and scan the qr-code in the form of authentication on the web page or in the application.\u003C\u002Fp>\n\u003Ch3>qrLogin app\u003C\u002Fh3>\n\u003Cp>Secure storage of passwords;\u003Cbr \u002F>\nSupport for OTP passwords;\u003Cbr \u002F>\nAbility to generate passwords and OTP keys in the application;\u003Cbr \u002F>\nSecure export \u002F import of database of accounts with encryption of secret data;\u003Cbr \u002F>\nAbility to authenticate on the resource even if there is no Internet connection;\u003Cbr \u002F>\nAdding a new account by scanning of qr-code;\u003Cbr \u002F>\nProtection of access to the program and authentication data using a fingerprint or PIN options;\u003Cbr \u002F>\nSupport for Android and iOS devices;\u003Cbr \u002F>\nAbsolutely free full-featured version for Android and iOS;\u003Cbr \u002F>\nSimple integration with web resources and applications.\u003Cbr \u002F>\nTo operate with this authentication system the web resource needs only to place the following qr-code that contains the URL for authentication and a unique session identifier in the authentication form. The mobile application will open the specified URL and will pass authentication data.\u003C\u002Fp>\n","qrLogin is an authentication system based on the reading of the qr code by the mobile phone and the transfer of authentication data via the http\u002Fhttps &hellip;",2839,"2017-10-28T06:28:00.000Z","4.8.28","5.4",[20,67],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqrlogin.zip",{"attackSurface":117,"codeSignals":138,"taintFlows":158,"riskAssessment":159,"analyzedAt":168},{"hooks":118,"ajaxHandlers":134,"restRoutes":135,"shortcodes":136,"cronEvents":137,"entryPointCount":25,"unprotectedCount":25},[119,124,127,131],{"type":120,"name":121,"callback":121,"file":122,"line":123},"action","edit_user_profile","qr-user-login.php",46,{"type":120,"name":125,"callback":121,"file":122,"line":126},"show_user_profile",47,{"type":120,"name":128,"callback":129,"file":122,"line":130},"login_head","check_qr_login",48,{"type":120,"name":132,"callback":132,"file":122,"line":133},"admin_menu",49,[],[],[],[],{"dangerousFunctions":139,"sqlUsage":140,"outputEscaping":142,"fileOperations":25,"externalRequests":25,"nonceChecks":30,"capabilityChecks":25,"bundledLibraries":157},[],{"prepared":25,"raw":25,"locations":141},[],{"escaped":25,"rawEcho":143,"locations":144},7,[145,149,150,152,154,155,156],{"file":146,"line":147,"context":148},"templates\\edit_user_profile.php",6,"raw output",{"file":146,"line":143,"context":148},{"file":151,"line":11,"context":148},"templates\\qr-login-capability.php",{"file":151,"line":153,"context":148},12,{"file":151,"line":153,"context":148},{"file":151,"line":153,"context":148},{"file":151,"line":153,"context":148},[],[],{"summary":160,"deductions":161},"The 'qr-user-login' v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis.  There are no identified critical or high-severity code signals, dangerous functions, or SQL injection vulnerabilities. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment, suggesting a mature and well-maintained codebase.  The presence of a nonce check is a positive indicator of basic security awareness.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 7 total outputs identified and 0% properly escaped, this presents a substantial risk for cross-site scripting (XSS) vulnerabilities. Any data rendered to the user interface without proper escaping can be manipulated by attackers to inject malicious scripts. Furthermore, the absence of any capability checks is concerning, as it implies that certain functionalities might be accessible to users who shouldn't have access, depending on what these functions actually do, which is not detailed in the provided data. While the attack surface appears small and unprotected entry points are zero, the lack of output escaping creates a glaring vulnerability. The absence of taint analysis data makes it impossible to fully assess risks related to data manipulation, but the output escaping issue is a concrete and significant threat.\n\nIn conclusion, while the plugin avoids common pitfalls like SQL injection and dangerous functions, and has no known vulnerabilities, the critical lack of output escaping is a major security flaw that requires immediate attention.  The lack of capability checks, though not as immediately critical as XSS, also warrants investigation. The absence of recorded vulnerabilities is a strength, but does not negate the identified code issues. Addressing the output escaping would significantly improve the plugin's security.",[162,165],{"reason":163,"points":164},"All identified outputs are unescaped",8,{"reason":166,"points":167},"No capability checks found",5,"2026-03-17T00:30:58.433Z",{"wat":170,"direct":179},{"assetPaths":171,"generatorPatterns":174,"scriptPaths":175,"versionParams":176},[172,173],"\u002Fwp-content\u002Fplugins\u002Fqr-user-login\u002Ftemplates\u002Fedit_user_profile.php","\u002Fwp-content\u002Fplugins\u002Fqr-user-login\u002Ftemplates\u002Fqr-login-capability.php",[],[],[177,178],"qr-user-login\u002Fstyle.css?ver=","qr-user-login\u002Fscript.js?ver=",{"cssClasses":180,"htmlComments":181,"htmlAttributes":182,"restEndpoints":189,"jsGlobals":190,"shortcodeOutput":191},[],[],[183,184,185,186,187,188],"name=\"qr_login_roles[]\"","value=\"administrator\"","value=\"editor\"","value=\"author\"","value=\"contributor\"","value=\"subscriber\"",[],[],[]]