[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpdaL-6tFTXmuOl5NcPg5l0fOgUExDVSLk_FWT_WTmR0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":131,"fingerprints":545},"rublon","Rublon Multi-Factor Authentication (MFA)","4.4.5","Rublon","https:\u002F\u002Fprofiles.wordpress.org\u002Frublon\u002F","\u003Cp>Rublon MFA is a multi-factor authentication (MFA) solution that protects your organization’s data and access to networks, servers, and applications. Rublon MFA provides MFA for cloud apps, VPNs, servers, and Microsoft technologies using authentication methods like \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fmobile-push\u002F\" rel=\"nofollow ugc\">Mobile Push\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsms-passcodes\u002F\" rel=\"nofollow ugc\">SMS Passcode\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fqr-codes\u002F\" rel=\"nofollow ugc\">QR Code\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsecurity-keys\u002F\" rel=\"nofollow ugc\">WebAuthn\u002FU2F Security Keys\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>Rublon MFA is easy to use, affordable, and scalable. It helps reduce compliance risk, improve user experience, and reduce costs. Rublon MFA is compatible with a variety of technologies, including but not limited to \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdocs\u002F#vpn\" rel=\"nofollow ugc\">VPN\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Frds\u002F\" rel=\"nofollow ugc\">Remote Desktop Services (RDS)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fowa\u002F\" rel=\"nofollow ugc\">Outlook Web App (OWA)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fldap-mfa\u002F\" rel=\"nofollow ugc\">LDAP\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fradius-mfa\u002F\" rel=\"nofollow ugc\">RADIUS\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fwordpress\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Start your \u003Ca href=\"https:\u002F\u002Fadmin.rublon.net\u002Fauth\u002Fregister\" rel=\"nofollow ugc\">Free 30-Day Trial\u003C\u002Fa> and see how easy it is to get started with Rublon MFA.\u003C\u002Fh3>\n\u003Ch3>To learn more, visit \u003Ca href=\"https:\u002F\u002Frublon.com\u002F\" rel=\"nofollow ugc\">www.rublon.com\u003C\u002Fa>.\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Ch4>Recommended by Security Experts and Industry Professionals\u003C\u002Fh4>\n\u003Cp>\u003Cem>“The fact that I could speak instantly with tech support while evaluating was super important. Connecting with Rublon technicians via remote sessions was SUPER handy to assist with setting things up.” &mdash; \u003Cstrong>Chris D., Manager of GIS\u002FIT\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“We were able to get Rublon MFA installed, tested, and in use in under a day across all offices.” &mdash; \u003Cstrong>Ethan M. Hospital & Health Care\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“Product was absolutely superb for integrating MFA into our RDS solution very easy to use and the moblie app was brilliant for our end users.” &mdash; \u003Cstrong>Scott L., IT Network Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“we tested a trial version, it was very easy to set up. we got the pricing immediately. other suppliers did not even replied to my email yet and i already implemented Rublon” &mdash; \u003Cstrong>Mihail B., Logistics Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“I searched for a tool for a very specific security need and Rublon filled that need perfectly. Not only does it work every single time as expected, the support and setup are amazing! Highly recommended.” &mdash; \u003Cstrong>Charles D., Financial Services\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fcustomers\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>In What Languages Is Rublon For WordPress Available?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Japanese (translated by \u003Ca href=\"https:\u002F\u002Fen.digitalcube.jp\" rel=\"nofollow ugc\">Digital Cube\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Turkish (translated by Mehmet Emre Baş, proofread by Tarık Çayır)\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Ch4>Follow Us\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FRublonApp\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002F2772205\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Frublon\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Legal notice\u003C\u002Fh3>\n\u003Cp>I have read and agree to the \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Ftos\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> before installing the Rublon WordPress Plugin.\u003C\u002Fp>\n","Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn\u002FU2F Security Keys, and more.",500,116338,84,88,"2025-12-04T13:45:00.000Z","6.9.4","5.0","5.5.1",[20,21,22,23,24],"2fa","mfa","multi-factor-authentication","security","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Frublon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frublon.4.4.5.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":4,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,94,"2026-04-05T16:47:30.898Z",[38,58,80,100,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"two-factor","Two Factor","0.15.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.  There are no site-wide settings for this plugin.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FIDO U2F Security Keys\u003C\u002Fstrong> – Use physical security keys (requires HTTPS)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No global settings\u003C\u002Fstrong>: This plugin operates on a per-user basis only. For more, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Ftwo-factor\u002Fissues\u002F249\" rel=\"nofollow ugc\">GH#249\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Hardware-based authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Register physical security keys (USB, NFC, or Bluetooth)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Requirements\u003C\u002Fstrong>: HTTPS connection required, compatible browser needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Support\u003C\u002Fstrong>: Chrome, Firefox, Edge (varies by key type)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users with security keys who want maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F Security Keys require an HTTPS connection to function\u003C\u002Fli>\n\u003Cli>Other methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F requires a compatible browser and may not work on all devices\u003C\u002Fli>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode>action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.",100000,1526344,96,199,"2026-02-17T13:21:00.000Z","6.8","7.2",[20,54,21,23,55],"authentication","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.15.0.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":79,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[20,75,76,23,24],"captcha","login-security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":28,"num_ratings":28,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"passclip-auth-for-wordpress","PassClip Auth for WordPress","1.0.5","Passlogy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpasslogy\u002F","\u003Cp>You need strong password to protect your site. However, how do you remember it or is it really strong?\u003Cbr \u002F>\n“PassClip Auth” provides really strong password that is also easy to remember.\u003Cbr \u002F>\nOnce you make your “pattern”, you can get your password using “PassClip”. And the password will change every 30 seconds(at the shortest).\u003C\u002Fp>\n\u003Ch4>Get and sign up for PassClip\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fwww.passclip.com\u002F\" rel=\"nofollow ugc\">the page about PassClip\u003C\u002Fa> and install PassClip on your smart phone.\u003C\u002Fli>\n\u003Cli>Activate your PassClip by registering your “pattern” and email address.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Sign up for PassClip Auth(PCA)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Input PassClip Code “paauth” in your PassClip. That makes a new slot in your PassClip.\u003C\u002Fli>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fmember.passclip.com\u002Fmember\u002Fui\u002F\" rel=\"nofollow ugc\">PassClip Auth member’s page\u003C\u002Fa> and log in with your email address and password which the slot shows you.\u003C\u002Fli>\n\u003Cli>Make your “PassClip Code”. And then you get your “PassClip Auth app service id(PCA app service id)”. You need both “code” and “id” to use this plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to apply PassClip Auth to your site\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin to your WordPress.\u003C\u002Fli>\n\u003Cli>Go to PassClip Auth Options Setting from the menu.\u003C\u002Fli>\n\u003Cli>Input the PassClip Auth app service id(PCA app service id), PassClip Code and other items in the setting page and click the “Save Change” button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to log in to WordPress site with PassClip Auth\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Users register PassClip Code of your site in their PassClip. That makes a new slot to get password to log in to your site.\u003C\u002Fli>\n\u003Cli>Show the password in PassClip (tap the new slot).\u003C\u002Fli>\n\u003Cli>In login form of your site, users enter email address and password in the slot. (\u003Cstrong>Users do not need general WordPress password.\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Click the “Log in” button.\u003C\u002Fli>\n\u003C\u002Fol>\n","\"PassClip Auth\" provides strong and easy authentication. \"PassClip Auth for WordPress\" is the plugin to launch PassClip Auth to Wo &hellip;",10,2199,"2019-12-27T07:42:00.000Z","5.3.21","4.5","5.3.3",[20,95,96,23,24],"login","otp","https:\u002F\u002Fwww.passclip.com\u002Fja\u002Fpca\u002Fpca_for_wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassclip-auth-for-wordpress.1.0.6.zip",85,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":88,"downloaded":108,"rating":27,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":77,"tags":113,"homepage":77,"download_link":115,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"snapid-two-factor-authentication","SnapID Two-Factor Authentication","2.0.2","TextPower","https:\u002F\u002Fprofiles.wordpress.org\u002Fckilaru\u002F","\u003Cp>\u003Cstrong>Thank you for choosing SnapID&trade; for Two-Factor Authentication. Unfortunately, we will be shutting down this free service as of May 1, 2020. Please disable this plugin prior to that date to prevent issues. We apologize for the inconvenience.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get the most secure & convenient two-factor authentication plugin for your WordPress website. With \u003Ca href=\"http:\u002F\u002Fwww.snapid.co\" rel=\"nofollow ugc\">SnapID\u003C\u002Fa> you will never have to remember your username and password ever again and be more secure than ever. All you need to do is send a simple text message to authenticate yourself.\u003C\u002Fp>\n\u003Cp>Check out this 2 minute video showing how SnapID works.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F107771091\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>What makes SnapID different from other authentication products?\u003C\u002Fh4>\n\u003Cp>SnapID is a next-generation authentication system developed by TextPower using the patented TextKey technology. It replaces complex, costly and high-maintenance systems with a simple approach that leverages the power of advanced messaging technologies and a cellular phone’s “fingerprint.”\u003C\u002Fp>\n\u003Cp>Many websites\u002Fcompanies haven’t taken the appropriate steps to secure their environment because of the complications and expense associated with two-factor authentication. SnapID offers a way for companies of any size to implement authentication quickly and inexpensively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SnapID eliminates:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Usernames & Passwords (when there is nothing to steal, nothing can be stolen)\u003C\u002Fli>\n\u003Cli>Need for a smartphone (any cell phone that can send a text message can be used with SnapID)\u003C\u002Fli>\n\u003Cli>Significant up-front expense of other two-factor authentication systems\u003C\u002Fli>\n\u003Cli>Complex installation of hardware and\u002For software\u003C\u002Fli>\n\u003Cli>Man-in-the-Middle and Man-in-the-Browser attacks\u003C\u002Fli>\n\u003Cli>Purchasing and maintaining an inventory of “tokens”\u003C\u002Fli>\n\u003Cli>Tracking, replacing and maintaining these tokens\u003C\u002Fli>\n\u003Cli>Lost or misplaced tokens or insufficient supply when needed\u003C\u002Fli>\n\u003Cli>Learning curve for users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.textpower.com\u002Fsnapidpublic\u002Fwp-content\u002Fuploads\u002F2015\u002F06\u002Fsnapid_compare.png\" rel=\"nofollow ugc\">Check out how SnapID compares to other technologies\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>SnapID and TextKey are trademarks of TextPower Inc. TextKey is a patented technology with U.S. Patent number 8,943,561.\u003C\u002Fp>\n","Make usernames and passwords obsolete. SnapID identifies and authenticates when you send a text message. Completely secure, incredibly convenient.",6598,2,"2020-04-15T22:29:00.000Z","5.4.19","3.7",[20,22,114,39,24],"snapid","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnapid-two-factor-authentication.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":88,"downloaded":124,"rating":28,"num_ratings":28,"last_updated":125,"tested_up_to":126,"requires_at_least":17,"requires_php":127,"tags":128,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"tiny-2fa","Tiny 2FA + Brute Force Protection","0.3","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is probably the 2FA plugin you’re looking for.\u003C\u002Fp>\n\u003Cp>Secure, private, and \u003Cem>lightweight\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>Integrates into WordPress like a native feature.\u003C\u002Fp>\n\u003Ch4>Proactive vs Reactive Security\u003C\u002Fh4>\n\u003Cp>Prevents attacks instead of reacting to them. The best breach is the one that never happens.\u003C\u002Fp>\n\u003Ch4>How it Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to \u003Cem>Users > Profile > Two-Factor Authentication\u003C\u002Fem> (near the bottom)\u003C\u002Fli>\n\u003Cli>Check the box next to “Enable 2FA” and click “Update Profile”\u003C\u002Fli>\n\u003Cli>2FA and Backup Codes are now enabled\u003C\u002Fli>\n\u003Cli>Scan the QR code or manually enter the secret key into your auth app of choice (and be sure to rename the generic site name “2FA” to something more useful)\u003C\u002Fli>\n\u003Cli>Once successful login with a 2FA code from your app has been confirmed, you should disable Backup Codes\u003C\u002Fli>\n\u003Cli>Brute force protection is enabled by default and can be managed site-wide by admins in profile settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Backup Codes have been rethought from the usual method you might be used to. Read more about that in the FAQ below.\u003C\u002Fp>\n\u003Ch4>Need Support?\u003C\u002Fh4>\n\u003Cp>Ask for help \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa\u002Fissues\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","A simple two-factor authentication plugin that just works.",316,"2026-01-23T06:59:00.000Z","6.8.5","7.4",[20,95,21,23],"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-2fa.zip",{"attackSurface":132,"codeSignals":329,"taintFlows":506,"riskAssessment":533,"analyzedAt":544},{"hooks":133,"ajaxHandlers":321,"restRoutes":326,"shortcodes":327,"cronEvents":328,"entryPointCount":33,"unprotectedCount":33},[134,140,144,148,152,157,160,165,169,173,176,178,182,185,188,193,198,202,205,209,212,216,220,223,226,230,235,239,243,247,251,254,258,262,266,270,274,278,282,285,289,294,298,302,304,308,312,317],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","admin_print_footer_scripts","apiRegistration","includes\\Libs\\Classes\\class-rublon-pointers.php",32,{"type":135,"name":141,"callback":142,"file":143,"line":88},"plugins_loaded","pluginsLoaded","includes\\Libs\\Classes\\Confirmations\\RublonConfirmations.php",{"type":135,"name":145,"callback":146,"file":143,"line":147},"admin_notices","adminNotices",11,{"type":135,"name":141,"callback":149,"file":150,"line":151},"init","includes\\Libs\\Classes\\RublonFlashMessage.php",57,{"type":135,"name":153,"callback":154,"file":155,"line":156},"wp_footer","renderConsumerScript","includes\\Libs\\RublonImplemented\\Rublon2FactorGUIWordPress.php",27,{"type":135,"name":158,"callback":154,"file":155,"line":159},"admin_footer",28,{"type":135,"name":161,"callback":162,"file":163,"line":164},"admin_print_styles","rublon2factor_admin_css","includes\\rublon2factor_admin.php",73,{"type":135,"name":166,"callback":167,"file":163,"line":168},"admin_menu","rublon2factor_add_menu_entries",104,{"type":135,"name":170,"callback":171,"file":163,"line":172},"admin_enqueue_scripts","rublon2factor_admin_scripts",120,{"type":135,"name":170,"callback":174,"file":163,"line":175},"getInstance",148,{"type":135,"name":170,"callback":174,"file":163,"line":177},151,{"type":135,"name":179,"callback":180,"file":163,"line":181},"admin_init","rublon2factor_register_settings",158,{"type":135,"name":145,"callback":183,"file":163,"line":184},"rublon2factor_no_settings_warning",673,{"type":135,"name":145,"callback":186,"file":163,"line":187},"rublon2factor_show_admin_messages",693,{"type":189,"name":190,"callback":191,"priority":88,"file":163,"line":192},"filter","manage_users_custom_column","rublon2factor_manage_rublon_columns",723,{"type":135,"name":194,"callback":195,"priority":196,"file":163,"line":197},"wp_before_admin_bar_render","rublon2factor_modify_admin_toolbar",999,778,{"type":135,"name":199,"callback":200,"file":163,"line":201},"login_enqueue_scripts","rublon2factor_add_login_page_files",807,{"type":135,"name":199,"callback":203,"file":163,"line":204},"login_page_custom_css",816,{"type":135,"name":206,"callback":207,"file":163,"line":208},"login_footer","add_login_footer",889,{"type":135,"name":149,"callback":149,"file":210,"line":211},"includes\\rublon2factor_helper.php",198,{"type":189,"name":213,"callback":214,"file":210,"line":215},"xmlrpc_enabled","__return_false",622,{"type":189,"name":217,"callback":218,"file":210,"line":219},"heartbeat_settings","heartbeatSettings",654,{"type":135,"name":170,"callback":221,"file":210,"line":222},"initLogoutListenerScripts",660,{"type":135,"name":224,"callback":221,"file":210,"line":225},"wp_enqueue_scripts",662,{"type":189,"name":227,"callback":228,"priority":88,"file":210,"line":229},"auth_cookie","associateSessionWithDevice",2386,{"type":189,"name":231,"callback":232,"file":233,"line":234},"login_message","rublon2factor_login_message","includes\\rublon2factor_hooks.php",41,{"type":189,"name":236,"callback":237,"file":233,"line":238},"wp_redirect","rublon2factor_wp_redirect",58,{"type":189,"name":240,"callback":241,"priority":88,"file":233,"line":242},"login_redirect","rublon2factor_login_redirect",78,{"type":135,"name":244,"callback":245,"file":233,"line":246},"activated_plugin","rublon2factor_plugin_activated_mefirst",93,{"type":189,"name":248,"callback":249,"priority":88,"file":233,"line":250},"authenticate","rublon2factor_authenticate",166,{"type":135,"name":149,"callback":252,"file":233,"line":253},"rublon2factor_init",184,{"type":135,"name":255,"callback":256,"file":233,"line":257},"login_init","rublon2factor_login_init",193,{"type":135,"name":259,"callback":260,"priority":88,"file":233,"line":261},"set_auth_cookie","rublon2factor_store_auth_cookie_params",242,{"type":135,"name":263,"callback":264,"file":233,"line":265},"wp_logout","rublon2factor_wp_logout",257,{"type":135,"name":267,"callback":268,"priority":88,"file":233,"line":269},"wp_login","rublon2factor_wp_login",293,{"type":189,"name":271,"callback":272,"priority":88,"file":233,"line":273},"pre_update_option_rublon2factor_settings","rublon2factor_update_field_additional_settings",346,{"type":135,"name":275,"callback":276,"file":233,"line":277},"user_new_form","rublon2factor_user_new_form",375,{"type":135,"name":279,"callback":280,"file":233,"line":281},"wp_loaded","rublon2factor_wp_loaded",392,{"type":135,"name":145,"callback":283,"file":233,"line":284},"businessEditionUpgrade",424,{"type":135,"name":286,"callback":287,"priority":88,"file":233,"line":288},"tml_registered_form","disable_tml_ajax",444,{"type":135,"name":290,"callback":291,"priority":88,"file":292,"line":293},"rublon_admin_init","RublonMultisiteHelper::removeHooks","includes\\rublon2factor_multisite_helper.php",33,{"type":189,"name":295,"callback":296,"priority":88,"file":292,"line":297},"rublon_get_settings","RublonMultisiteHelper::retrieveSettings",36,{"type":135,"name":299,"callback":300,"priority":88,"file":292,"line":301},"rublon_pre_authenticate","RublonMultisiteHelper::checkSubprojectRegistration",40,{"type":135,"name":303,"callback":300,"priority":88,"file":292,"line":234},"rublon_site_registration",{"type":135,"name":305,"callback":306,"priority":88,"file":292,"line":307},"rublon_save_settings","RublonMultisiteHelper::settingsSaved",44,{"type":135,"name":309,"callback":310,"priority":88,"file":292,"line":311},"rublon_plugin_pre_init","RublonMultisiteHelper::init",330,{"type":189,"name":313,"callback":314,"priority":88,"file":315,"line":316},"plugin_action_links","rublon2factor_add_settings_link","rublon2factor.php",42,{"type":135,"name":141,"callback":318,"priority":319,"file":315,"line":320},"rublon2factor_plugins_loaded",9,91,[322],{"action":323,"nopriv":324,"callback":323,"hasNonce":324,"hasCapCheck":324,"file":233,"line":325},"hide_business_edition_upgrade_box",false,437,[],[],[],{"dangerousFunctions":330,"sqlUsage":335,"outputEscaping":349,"fileOperations":109,"externalRequests":28,"nonceChecks":503,"capabilityChecks":504,"bundledLibraries":505},[331],{"fn":332,"file":210,"line":333,"context":334},"unserialize",3570,"$tmp = unserialize(serialize($var));",{"prepared":147,"raw":336,"locations":337},4,[338,341,344,346],{"file":210,"line":339,"context":340},338,"$wpdb->get_col() with variable interpolation",{"file":210,"line":342,"context":343},340,"$wpdb->get_results() with variable interpolation",{"file":210,"line":273,"context":345},"$wpdb->query() with variable interpolation",{"file":210,"line":347,"context":348},399,"$wpdb->get_var() with variable interpolation",{"escaped":319,"rawEcho":68,"locations":350},[351,354,356,357,359,361,363,365,366,368,369,370,372,374,375,376,378,380,382,385,387,390,393,395,396,398,400,402,404,406,408,410,411,413,415,417,419,420,422,424,426,428,430,432,434,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,482,484,486,488,490,492,494,496,498,499,501],{"file":138,"line":352,"context":353},160,"raw output",{"file":138,"line":355,"context":353},163,{"file":138,"line":355,"context":353},{"file":138,"line":358,"context":353},174,{"file":138,"line":360,"context":353},177,{"file":138,"line":362,"context":353},179,{"file":138,"line":364,"context":353},181,{"file":138,"line":253,"context":353},{"file":138,"line":367,"context":353},195,{"file":138,"line":367,"context":353},{"file":138,"line":367,"context":353},{"file":138,"line":371,"context":353},196,{"file":138,"line":373,"context":353},197,{"file":138,"line":211,"context":353},{"file":138,"line":49,"context":353},{"file":138,"line":377,"context":353},202,{"file":138,"line":379,"context":353},203,{"file":138,"line":381,"context":353},208,{"file":383,"line":384,"context":353},"includes\\Libs\\Classes\\Confirmations\\RublonConfirmStrategyButton.php",21,{"file":386,"line":384,"context":353},"includes\\Libs\\Classes\\Confirmations\\RublonConfirmStrategyForm.php",{"file":388,"line":389,"context":353},"includes\\Libs\\Classes\\Confirmations\\Strategy\\DeleteTrashPost.php",47,{"file":391,"line":392,"context":353},"includes\\Libs\\RublonConsumerRegistration\\RublonConsumerRegistrationTemplate.php",275,{"file":163,"line":394,"context":353},178,{"file":163,"line":49,"context":353},{"file":163,"line":397,"context":353},200,{"file":163,"line":399,"context":353},209,{"file":163,"line":401,"context":353},251,{"file":163,"line":403,"context":353},252,{"file":163,"line":405,"context":353},253,{"file":163,"line":407,"context":353},254,{"file":163,"line":409,"context":353},256,{"file":163,"line":265,"context":353},{"file":163,"line":412,"context":353},258,{"file":163,"line":414,"context":353},259,{"file":163,"line":416,"context":353},260,{"file":163,"line":418,"context":353},264,{"file":163,"line":269,"context":353},{"file":163,"line":421,"context":353},295,{"file":163,"line":423,"context":353},296,{"file":163,"line":425,"context":353},299,{"file":163,"line":427,"context":353},300,{"file":163,"line":429,"context":353},323,{"file":163,"line":431,"context":353},325,{"file":163,"line":433,"context":353},326,{"file":163,"line":342,"context":353},{"file":163,"line":436,"context":353},342,{"file":163,"line":438,"context":353},343,{"file":163,"line":440,"context":353},358,{"file":163,"line":442,"context":353},360,{"file":163,"line":444,"context":353},361,{"file":163,"line":446,"context":353},367,{"file":163,"line":448,"context":353},411,{"file":163,"line":450,"context":353},414,{"file":163,"line":452,"context":353},415,{"file":163,"line":454,"context":353},416,{"file":163,"line":456,"context":353},420,{"file":163,"line":458,"context":353},422,{"file":163,"line":460,"context":353},425,{"file":163,"line":462,"context":353},439,{"file":163,"line":464,"context":353},441,{"file":163,"line":466,"context":353},458,{"file":163,"line":468,"context":353},531,{"file":163,"line":470,"context":353},594,{"file":163,"line":472,"context":353},597,{"file":163,"line":474,"context":353},613,{"file":163,"line":476,"context":353},616,{"file":163,"line":478,"context":353},625,{"file":163,"line":480,"context":353},651,{"file":163,"line":222,"context":353},{"file":163,"line":483,"context":353},664,{"file":163,"line":485,"context":353},687,{"file":163,"line":487,"context":353},823,{"file":163,"line":489,"context":353},894,{"file":210,"line":491,"context":353},1280,{"file":210,"line":493,"context":353},3413,{"file":210,"line":495,"context":353},3463,{"file":210,"line":497,"context":353},3466,{"file":233,"line":456,"context":353},{"file":233,"line":500,"context":353},431,{"file":233,"line":502,"context":353},433,3,8,[],[507,524],{"entryPoint":508,"graph":509,"unsanitizedCount":28,"severity":523},"\u003Crublon2factor_helper> (includes\\rublon2factor_helper.php:0)",{"nodes":510,"edges":520},[511,515],{"id":512,"type":513,"label":514,"file":210,"line":192},"n0","source","$_POST",{"id":516,"type":517,"label":518,"file":210,"line":519,"wp_function":236},"n1","sink","wp_redirect() [Open Redirect]",2023,[521],{"from":512,"to":516,"sanitized":522},true,"low",{"entryPoint":525,"graph":526,"unsanitizedCount":28,"severity":523},"\u003Crublon2factor_hooks> (includes\\rublon2factor_hooks.php:0)",{"nodes":527,"edges":531},[528,530],{"id":512,"type":513,"label":514,"file":233,"line":529},126,{"id":516,"type":517,"label":518,"file":233,"line":175,"wp_function":236},[532],{"from":512,"to":516,"sanitized":522},{"summary":534,"deductions":535},"The Rublon plugin v4.4.5 presents a mixed security posture.  On the positive side, the plugin has no known historical vulnerabilities (CVEs) and demonstrates a good effort in securing its code, with 73% of SQL queries using prepared statements and a reasonable number of capability checks.  However, the static analysis reveals a significant concern: one unprotected AJAX handler represents a direct entry point for potential attackers.  Furthermore, the presence of the `unserialize` function, especially without context of its usage and sanitization, raises a red flag, as it can lead to object injection vulnerabilities if not handled with extreme care. The low percentage of properly escaped output (10%) is also a concern, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without proper encoding.",[536,538,541],{"reason":537,"points":88},"Unprotected AJAX handler",{"reason":539,"points":540},"Dangerous function unserialize used",5,{"reason":542,"points":543},"Low percentage of properly escaped output",7,"2026-03-16T19:37:08.237Z",{"wat":546,"direct":554},{"assetPaths":547,"generatorPatterns":549,"scriptPaths":550,"versionParams":551},[548],"\u002Fwp-content\u002Fplugins\u002Frublon\u002Fassets\u002Fimages\u002Frublon_visual.gif",[],[],[552,553],"rublon\u002Fstyle.css?ver=","rublon\u002Fscript.js?ver=",{"cssClasses":555,"htmlComments":562,"htmlAttributes":563,"restEndpoints":566,"jsGlobals":567,"shortcodeOutput":571},[556,557,558,559,560,561],"rublon-apireg-half-column","rublon-apireg-description","rublon-apireg-fieldset","rublon-apireg-visual","rublon-image","rublon-apireg-pointer",[],[564,565],"data-rublon-apireg-dismiss-url","data-rublon-apireg-answer-url",[],[568,569,570],"RublonWP","rublon_pointer_options","rublon_apireg_pointer_options",[]]