[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGzCiXK-wEnKlILw_4fOO_86AynGFQFlqUr8lXzu77Eg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":140,"fingerprints":219},"stormpath","Stormpath","0.1.6","bretterer","https:\u002F\u002Fprofiles.wordpress.org\u002Fbretterer\u002F","\u003Cp>With this plugin, you are replacing your local users with users inside of the Stormpath ecosystem. We have\u003Cbr \u002F>\ndesigned this plugin to look and act the same as the built in user authentication, but give you the power\u003Cbr \u002F>\nof Stormpath authentication.\u003C\u002Fp>\n\u003Ch3>Stormpath\u003C\u002Fh3>\n\u003Cp>Stormpath is a complete and easy Identity management API for software teams building web, mobile, and API-driven applications. Powerful, pre-built authentication and user management eliminates the cost and security risks of developing and maintaining Identity in house. With Stormpath, developers can launch applications faster and focus on the core features that make their projects a success.\u003C\u002Fp>\n\u003Cp>Stormpath is a cloud-based user data store with a private deployment option. Features include user registration, authentication, authorization, user profiles, single sign-on, multi-tenancy, token authentication, and API key management. Stormpath’s advanced security measures safeguard user data and promote compliance. The service includes robust open source SDKs for popular web and mobile frameworks, including Node.js, AngularJS, Java, PHP, Python, Ruby, .NET, iOS, and Android.\u003C\u002Fp>\n\u003Cp>The Stormpath REST API lets developers quickly and easily build a wide variety of user management functions they would otherwise have to code themselves.\u003C\u002Fp>\n","Give your WordPress website the power of Stormpath Authentication.",10,1474,0,"2016-10-26T21:33:00.000Z","4.6.30","4.5.0","",[19,20,21,4,22],"auth","authentication","authorization","user","https:\u002F\u002Fstormpath.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstormpath.0.1.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,20,30,84,"2026-04-05T20:19:08.241Z",[36,59,85,106,123],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"duo-wordpress","Duo Two-Factor Authentication","2.5.7","Duo Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fduosecurity\u002F","\u003Cp>Duo Security provides two-factor authentication as a service to protect against account takeover and data theft. Using the Duo plugin you can easily add Duo two-factor authentication to your WordPress website in just a few minutes!\u003C\u002Fp>\n\u003Cp>Rather than relying on a password alone, which can be phished or guessed, Duo’s authentication service adds a second layer of security to your WordPress accounts. Duo enables your admins or users to verify their identities using something they have—like their mobile phone or a hardware token—which provides strong authentication and dramatically enhances account security.\u003C\u002Fp>\n\u003Cp>Duo is easy to setup and use. With Duo there’s no extra hardware or complicated software to install, just sign up for Duo’s service and install the plugin. Then you can set which user roles you want to enable two-factor authentication for—admins, editors, authors, contributors, and\u002For subscribers—without setting up user accounts, directory synchronization, servers, or hardware.\u003C\u002Fp>\n\u003Cp>When they log in, your users have multiple ways they can authenticate, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One-tap authentication using Duo’s mobile app (our fastest, easiest way to authenticate)\u003C\u002Fli>\n\u003Cli>One-time passcodes generated by Duo’s mobile app (works even with no cell coverage)\u003C\u002Fli>\n\u003Cli>One-time passcodes delivered to any SMS-enabled phone (works even with no cell coverage)\u003C\u002Fli>\n\u003Cli>Phone callback to any phone (mobile or landline!)\u003C\u002Fli>\n\u003Cli>One-time passcodes generated by an OATH-compliant hardware token (if you’re feeling all old school)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress website in minutes with Duo.\u003C\u002Fp>\n\u003Ch3>End of Support Notice\u003C\u002Fh3>\n\u003Cp>Support for the traditional Duo Prompt experience using the Duo WordPress plugin ended on September 30, 2024. Please use the new \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduo-universal\u002F\" rel=\"ugc\">Duo Universal plugin for WordPress\u003C\u002Fa>. Read more about the End of Suppport and migration to the new plugin on our \u003Ca href=\"https:\u002F\u002Fduo.com\u002Fdocs\u002Fwordpress\" rel=\"nofollow ugc\">Duo for WordPress – Duo Universal Prompt\u003C\u002Fa> documentation page\u003C\u002Fp>\n","Easily add Duo Security two-factor authentication to your WordPress website. Enable two-factor authentication for your admins and\u002For users.",3000,185434,74,39,"2025-06-06T15:47:00.000Z","6.0.11","4.1",[20,52,53,54,55],"authenticator","login","two-factor","username","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fduo-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduo-wordpress.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":80,"download_link":81,"security_score":82,"vuln_count":83,"unpatched_count":13,"last_vuln_date":84,"fetched_at":27},"json-api-user","JSON API User","4.1.0","Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fparorrey\u002F","\u003Cp>JSON API User extends the JSON API Plugin with a new Controller to allow RESTful user registration, authentication, password reset, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile get and update methods. This plugin is for WordPress\u002FMobile app developers who want to use WordPress as mobile app data backend.\u003C\u002Fp>\n\u003Cp>JSON API Plugin, that is required, was closed on August 7, 2019 from WordPress repository. You can download \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api\" rel=\"nofollow ugc\">JSON API Plugin\u003C\u002Fa> from https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api until it is republished and available on WordPress.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin was created for mobile apps integration with the web app using WordPress as backend for all the data. WordPress helped in putting together the web app quickly and then Mobile iOS and Android apps were integrated via this plugin. There were some app specific customized methods which are not included but rest have been made generic for community usage.\u003C\u002Fp>\n\u003Cp>My other JSON API Auth plugin has also been integrated with this plugin from version 1.1 because most endpoints required user authentication via cookie for data update.\u003C\u002Fp>\n\u003Cp>Pro Version – JSON API User Plus\u003C\u002Fp>\n\u003Cp>A pro version of this plugin, \u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa>, is available here http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F that supports BuddyPress Messages component, BuddyPress avatar upload, BuddyPress Extended Profile, BuddyPress Groups, BuddyPress Friends, BuddyPress Activity, BuddyPress Notifications, BuddyPres Settings and other BuddyPress related functions to integrate BuddyPress features in your mobile app via REST api.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa> includes API key which protects and restricts the endpoint calls. This key can be updated from Settings > User Plus options page. Your app must include this key with every call to get the data from REST API. Please see documentation for calling endpoints examples for ‘JSON API User Plus’.\u003C\u002Fp>\n\u003Cp>JSON API User Plus features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get\u002FUpload Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003Cli>Add Post, Update Post, Delete Post\u003C\u002Fli>\n\u003Cli>Add\u002FEdit\u002FDelete Custom Post Type, Custom Fields\u003C\u002Fli>\n\u003Cli>Search User\u003C\u002Fli>\n\u003Cli>BuddyPress Activities\u003C\u002Fli>\n\u003Cli>BuddyPress Members\u003C\u002Fli>\n\u003Cli>BuddyPress Friends\u003C\u002Fli>\n\u003Cli>BuddyPress Notifications\u003C\u002Fli>\n\u003Cli>BuddyPress Settings\u003C\u002Fli>\n\u003Cli>& many more\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.",1000,120913,78,21,"2025-07-29T11:54:00.000Z","6.8.5","3.0.1","5.3",[20,76,77,78,79],"json-api","restful-facebook-login","restful-user-meta-and-buddypress-xprofile","restful-user-registration","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-user.4.1.0.zip",97,1,"2024-07-10 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":67,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":17,"tags":99,"homepage":103,"download_link":104,"security_score":25,"vuln_count":83,"unpatched_count":13,"last_vuln_date":105,"fetched_at":27},"keyring","Keyring","3.0","Beau Lebens","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeaulebens\u002F","\u003Cp>\u003Cstrong>See the \u003Ca href=\"http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F\" rel=\"nofollow ugc\">Keyring Developer’s Guide\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Keyring provides a very hookable, completely customizable framework for connecting your WordPress to an external service. It takes care of all the heavy lifting when making authenticated requests, so all you need to do is implement cool features and not worry about these tricky bits.\u003C\u002Fp>\n\u003Cp>Out of the box, Keyring currently comes with base Service definitions for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTTP Basic,\u003C\u002Fli>\n\u003Cli>OAuth1, and\u003C\u002Fli>\n\u003Cli>OAuth2.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And includes ready-to-use definitions for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F500px.com\u002F\" rel=\"nofollow ugc\">500px\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdelicious.com\u002F\" rel=\"nofollow ugc\">Delicious\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Feventbrite.com\u002F\" rel=\"nofollow ugc\">Eventbrite\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffacebook.com\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffitbit.com\u002F\" rel=\"nofollow ugc\">Fitbit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fflickr.com\u002F\" rel=\"nofollow ugc\">Flickr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffoursquare.com\u002F\" rel=\"nofollow ugc\">Foursquare\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fcontacts\u002F\" rel=\"nofollow ugc\">Google Contacts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fmail\u002F\" rel=\"nofollow ugc\">Google Mail\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Finstagram.com\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Finstapaper.com\u002F\" rel=\"nofollow ugc\">Instapaper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002F\" rel=\"nofollow ugc\">Jetpack\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fwordpress.com\u002F\" rel=\"nofollow ugc\">WordPress.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Flinkedin.com\u002F\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmoves-app.com\u002F\" rel=\"nofollow ugc\">Moves\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fnest.com\u002F\" rel=\"nofollow ugc\">Nest\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpinterest.com\u002F\" rel=\"nofollow ugc\">Pinterest\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frunkeeper.com\u002F\" rel=\"nofollow ugc\">RunKeeper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstrava.com\u002F\" rel=\"nofollow ugc\">Strava\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftripit.com\u002F\" rel=\"nofollow ugc\">TripIt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftumblr.com\u002F\" rel=\"nofollow ugc\">Tumblr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyahoo.com\u002F\" rel=\"nofollow ugc\">Yahoo! Updates\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutube.com\u002F\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can very easily write your own Service definitions and then use all the power of Keyring to hook into that authentication flow. See the \u003Ca href=\"http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F\" rel=\"nofollow ugc\">Keyring Developer’s Guide\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>Contributions are welcome via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbeaulebens\u002Fkeyring\" rel=\"nofollow ugc\">Github pull request\u003C\u002Fa>.\u003C\u002Fp>\n","An authentication framework that handles authorization\u002Fcommunication with most popular web services.",95201,86,6,"2023-04-25T21:21:00.000Z","6.2.9","4.0",[20,21,100,101,102],"http-basic","oauth","security","http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyring.3.0.zip","2014-07-07 00:00:00",{"slug":107,"name":108,"version":109,"author":63,"author_profile":64,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":117,"homepage":121,"download_link":122,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"json-api-auth","JSON API Auth","3.0.0","\u003Cp>JSON API Auth extends the JSON API Plugin to allow RESTful user authentication.\u003C\u002Fp>\n\u003Cp>JSON API Plugin, that is required, was closed on August 7, 2019 from WordPress repository. You can download \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api\" rel=\"nofollow ugc\">JSON API Plugin\u003C\u002Fa> from https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api until it is republished and available on WordPress.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Generate Auth Cookie for user authentication\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Validate Auth Cookie\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Get Current User Info\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For documentation: See ‘Other Notes’ tab above for usage examples.\u003C\u002Fp>\n\u003Cp>Credits: http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-auth\u002F\u003C\u002Fp>\n","Extends the JSON API Plugin for RESTful user authentication",800,78995,94,11,"2025-07-29T11:41:00.000Z",[118,119,76,120],"api","authenticate-user","wordpress-user-authentication","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-auth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-auth.3.0.0.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":58,"num_ratings":133,"last_updated":134,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":135,"homepage":138,"download_link":139,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-logged-in-only","Logged-in-only","2.1.4","Drivingralle","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrivingralle\u002F","\u003Cp>Only logged-in users can view the frontend, backend or content of the REST API if this plugin is activated. The password reset process on wp-login keeps on working.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No options\u002Fsettings\u003C\u002Fli>\n\u003Cli>No by-pass\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage as MU-Plugin\u003C\u002Fh3>\n\u003Cp>This plugin is very simple and can also be used as a must-use plugin. That way no admin of a website can deactivate the plugin, making sure the requirement of just authenticated  users is ensured.\u003Cbr \u002F>\n! No automatic updates are made for mu plugins\u003C\u002Fp>\n","A Plugin to lock down the whole site to prevent public access.",700,21474,7,"2025-05-08T16:15:00.000Z",[20,53,136,137,22],"rest-api","simple","https:\u002F\u002Fgithub.com\u002Freimersjan\u002Fwp-logged-in-only","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-logged-in-only.2.1.4.zip",{"attackSurface":141,"codeSignals":196,"taintFlows":208,"riskAssessment":209,"analyzedAt":218},{"hooks":142,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":13,"unprotectedCount":13},[143,149,151,156,160,163,165,169,173,176,180,184,187],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_notices","closure","includes\\notices\\notices.php",67,{"type":144,"name":145,"callback":146,"file":150,"line":82},"includes\\resources\\client.php",{"type":144,"name":152,"callback":153,"file":154,"line":155},"admin_init","register_options","includes\\stormpath.php",91,{"type":144,"name":157,"callback":158,"priority":11,"file":154,"line":159},"stormpath_admin_error","display",92,{"type":144,"name":161,"callback":158,"priority":11,"file":154,"line":162},"stormpath_admin_warning",93,{"type":144,"name":164,"callback":158,"priority":11,"file":154,"line":114},"stormpath_admin_success",{"type":144,"name":166,"callback":167,"file":154,"line":168},"admin_menu","add_options_page",95,{"type":144,"name":170,"callback":171,"priority":11,"file":154,"line":172},"user_register","user_registered",109,{"type":144,"name":174,"callback":174,"priority":11,"file":154,"line":175},"profile_update",110,{"type":144,"name":177,"callback":178,"priority":11,"file":154,"line":179},"after_password_reset","password_changed",111,{"type":181,"name":182,"callback":182,"priority":11,"file":154,"line":183},"filter","authenticate",112,{"type":181,"name":185,"callback":185,"priority":11,"file":154,"line":186},"login_errors",113,{"type":144,"name":188,"callback":189,"file":190,"line":191},"init","anonymous","stormpath.php",36,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":200,"fileOperations":30,"externalRequests":13,"nonceChecks":30,"capabilityChecks":13,"bundledLibraries":203},[],{"prepared":13,"raw":13,"locations":199},[],{"escaped":201,"rawEcho":13,"locations":202},15,[],[204],{"name":205,"version":206,"knownCves":207},"Guzzle","1.1",[],[],{"summary":210,"deductions":211},"Based on the static analysis and vulnerability history, the \"stormpath\" plugin v0.1.6 appears to have a strong security posture. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface.  Furthermore, the code demonstrates good development practices with 100% of SQL queries using prepared statements and all output being properly escaped. The presence of nonce checks and a complete lack of recorded vulnerabilities further bolsters this positive assessment.\n\nHowever, a few areas warrant consideration. The static analysis indicates zero capability checks were found. While the attack surface is currently zero, any future additions of entry points without proper capability checks would introduce significant risk. Additionally, the plugin bundles Guzzle v1.1, which, depending on its specific version, could be outdated and potentially contain known vulnerabilities. While no CVEs are currently recorded for this plugin, this absence doesn't guarantee future safety and relies on the developer's ongoing vigilance.\n\nOverall, this plugin exhibits a high level of security for its current version and feature set. The developer has implemented several key security best practices. The primary areas for potential future risk lie in ensuring proper capability checks are implemented for any new entry points, and maintaining awareness of the security status of bundled libraries. Without any detected vulnerabilities or exploitable code patterns, the current risk is assessed as very low.",[212,215],{"reason":213,"points":214},"No capability checks implemented",5,{"reason":216,"points":217},"Bundled library Guzzle v1.1 may be outdated",3,"2026-03-17T00:46:12.927Z",{"wat":220,"direct":233},{"assetPaths":221,"generatorPatterns":226,"scriptPaths":227,"versionParams":228},[222,223,224,225],"\u002Fwp-content\u002Fplugins\u002Fstormpath\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fstormpath\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fstormpath\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fstormpath\u002Fassets\u002Fjs\u002Ffrontend.js",[],[224,225],[229,230,231,232],"stormpath\u002Fassets\u002Fcss\u002Fadmin.css?ver=","stormpath\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","stormpath\u002Fassets\u002Fjs\u002Fadmin.js?ver=","stormpath\u002Fassets\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":234,"htmlComments":236,"htmlAttributes":237,"restEndpoints":238,"jsGlobals":239,"shortcodeOutput":241},[235],"stormpath-admin-settings",[],[],[],[240],"StormpathAdmin",[]]