[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqcJVv565-TyZvWguwqI2GlwMY9Gs1k3UbZbt1zoxJdM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":159,"fingerprints":268},"trusona","Trusona for WordPress","2.0.0","Trusona","https:\u002F\u002Fprofiles.wordpress.org\u002Fhauz\u002F","\u003Cp>Trusona provides the most popular passwordless 2FA login for FREE.  Just point your phone to the secure QR code and voila – you are in.\u003C\u002Fp>\n\u003Ch4>Top Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>FREE passwordless MFA including support\u003C\u002Fli>\n\u003Cli>Hide username and password from login form\u003C\u002Fli>\n\u003Cli>Login without typing or remembering passwords\u003C\u002Fli>\n\u003Cli>NEW: Trusona ONLY Mode – get rid of the password fields FOREVER!\u003C\u002Fli>\n\u003Cli>Dynamic QR code displayed at login\u003C\u002Fli>\n\u003Cli>No SMS or OTP (one-time passwords)\u003C\u002Fli>\n\u003Cli>Patented anti-replay for added security\u003C\u002Fli>\n\u003Cli>One-click installation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What is the Cost?\u003C\u002Fh4>\n\u003Cp>Trusona’s passwordless 2FA is completely FREE  – just download it today and start using it with one-click install.  Support is included. We really mean it – it is totally FREE.\u003C\u002Fp>\n\u003Ch4>How do I know it is secure?\u003C\u002Fh4>\n\u003Cp>73% of WordPress sites are vulnerable to attack – and passwords are most likely to blame. Trusona’s passwordless 2FA for WordPress is based on the most secure technology you will ever use.  And now you can experience this level of true security for your WordPress accounts, too.  In this version we added a Trusona ONLY mode in settings.  This feature does not allow to show the user name and password fields.  Setting this page to this mode is the most secure approach.  Only recommended to advanced users.\u003C\u002Fp>\n\u003Ch4>Please note:\u003C\u002Fh4>\n\u003Cp>Once you download the Trusona WordPress Plugin you need to download the Trusona app. To download for iOS, visit the \u003Ca href=\"https:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Ftrusona\u002Fid1052983449\" rel=\"nofollow ugc\">App Store\u003C\u002Fa>. For Android devices, visit \u003Ca href=\"\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.trusona.trusona\" rel=\"nofollow ugc\">Google Play\u003C\u002Fa>.\u003C\u002Fp>\n","Passwordless 2FA for your WordPress admin account with one-click install.  Trusona's FREE passwordless plug-in prevents unauthorized logins, defa &hellip;",500,18702,100,19,"2025-08-01T15:37:00.000Z","6.8.5","6.0","8.1",[20,21,22,23,4],"no-password","no-passwords","passwordless","passwordless-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftrusona\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrusona.2.0.0.zip",78,1,"2026-01-10 03:44:04","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2026-24627","trusona-for-wordpress-missing-authorization","Trusona for WordPress \u003C= 2.0.0 - Missing Authorization","The Trusona for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=2.0.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-03 13:48:18",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdfb820f4-3d56-4f3e-96b9-206fd803c706?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"hauz",30,79,"2026-04-04T20:47:32.194Z",[51,74,95,121,140],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":61,"last_updated":62,"tested_up_to":16,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":70,"download_link":71,"security_score":13,"vuln_count":27,"unpatched_count":72,"last_vuln_date":73,"fetched_at":29},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1865629,1499,"2025-12-22T11:48:00.000Z","3.0.1","5.3",[66,67,23,68,69],"developer-access","magic-pin","secure-login","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip",0,"2021-11-15 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":92,"download_link":93,"security_score":94,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"temporary-login","Temporary Login","1.3.0","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>Temporary Login creates a secure, temporary URL for easy access to your WP admin with no username and password. Share this URL with trusted support agents and colleagues in order to resolve issues quickly, and shut down access as soon as you’re done.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Grant access to your site with a single click; a temporary URL will be created that you can share for admin-level access to your site and it will automatically expire 7 days from creation.\u003C\u002Fli>\n\u003Cli>Extend access – need more time? No problem. Just click to extend access so that users don’t get locked out.\u003C\u002Fli>\n\u003Cli>All done? Revoke access and the link becomes inaccessible.\u003C\u002Fli>\n\u003Cli>Auto disable access – whether you forget to revoke access or lose track of the timing, there’s no need to worry. We will automatically disable the access URL at the expiration, within 7 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONTRIBUTION\u003C\u002Fh4>\n\u003Cp>Would you like to contribute to this plugin? You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Felementor\u002Ftemporary-login\u002F\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. Also, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","Create a secure, temporary URL for easy access to your WP admin.",40000,134160,80,4,"2024-11-26T16:13:00.000Z","6.7.5","6.2","7.4",[91,23,69,75],"login","https:\u002F\u002Felementor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login.1.3.0.zip",92,{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":118,"vuln_count":119,"unpatched_count":72,"last_vuln_date":120,"fetched_at":29},"user-verification","User Verification by PickPlugins","2.0.46","PickPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpickplugins\u002F","\u003Cp>User Verification – Complete WordPress User Authentication & Security Plugin\u003C\u002Fp>\n\u003Ch3>User Verification by \u003Ca href=\"http:\u002F\u002Fwww.pickplugins.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.pickplugins.com\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fitem\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fsupport\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpickplugins.com\u002Fdocumentation\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Secure Your WordPress Site with Advanced User Verification & Authentication\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Verification\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides multiple layers of user authentication and spam protection to safeguard your website from unauthorized access and malicious registrations.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>Email Verification System\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mandatory Email Verification\u003C\u002Fstrong>: Ensure all new users verify their email addresses before accessing your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Pages\u003C\u002Fstrong>: Choose custom redirect pages for successful and failed verifications  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Login\u003C\u002Fstrong>: Seamlessly log users in after successful email verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Control\u003C\u002Fstrong>: Exclude specific user roles (like Administrators) from verification requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Enable\u002Fdisable email verification with simple toggle controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Magic Login (Passwordless Authentication)\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>🆕 NEW Feature\u003C\u002Fstrong>: Enable secure passwordless login for enhanced user experience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email-Based Authentication\u003C\u002Fstrong>: Users receive login links directly in their inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Key Length\u003C\u002Fstrong>: Set secure authentication key length (default: 6 characters)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attempt Limits\u003C\u002Fstrong>: Configure maximum login attempts for security (default: 3 attempts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Pages\u003C\u002Fstrong>: Set specific pages for successful logins, failures, and magic login forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Verification Integration\u003C\u002Fstrong>: Require verified emails for magic login access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Implementation\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_magic_login_form]\u003C\u002Fcode> for frontend display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>OTP (One-Time Password) Login\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMS\u002FEmail OTP\u003C\u002Fstrong>: Secure one-time password authentication system\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable OTP Length\u003C\u002Fstrong>: Customize OTP length (default: 6 digits)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Character Flexibility\u003C\u002Fstrong>: Support for numbers, uppercase, lowercase, and special characters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Success\u002FError Messages\u003C\u002Fstrong>: Personalized user feedback for OTP processes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Login Redirects\u003C\u002Fstrong>: Direct users to specific pages after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Integration\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_otp_login_form]\u003C\u002Fcode> implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Advanced Spam Protection\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain Blocking\u003C\u002Fstrong>: Block registrations from specific email domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Allowlist\u003C\u002Fstrong>: Allow only approved email domains for registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username Protection\u003C\u002Fstrong>: Block specific usernames from registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Domain Management\u003C\u002Fstrong>: Easy-to-use interface for managing blocked\u002Fallowed domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>reCAPTCHA Integration\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong>: Complete bot protection with checkbox verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Implementation Points\u003C\u002Fstrong>: Add reCAPTCHA to login, registration, password reset, and comment forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with site key and secret key\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>User Management Tools\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unverified User Cleanup\u003C\u002Fstrong>: Automatically delete unverified user accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Existing User Verification\u003C\u002Fstrong>: Mark existing users as verified with customizable intervals\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Status Monitoring\u003C\u002Fstrong>: Track verification status across your user base\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Email Customization\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Email Templates\u003C\u002Fstrong>: Personalize verification and notification emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPAutoP Support\u003C\u002Fstrong>: Enable\u002Fdisable automatic paragraph formatting in emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Communications\u003C\u002Fstrong>: Add your logo and customize email appearance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Email Types\u003C\u002Fstrong>: Templates for registration, verification, OTP, magic login, and activation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>E-commerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce login, registration, and password reset forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer Protection\u003C\u002Fstrong>: Prevent fake customer registrations and protect customer data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Experience\u003C\u002Fstrong>: Maintain smooth checkout process while ensuring security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong>: Protect exclusive content with verified users only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce Stores\u003C\u002Fstrong>: Prevent fake customer accounts and fraudulent orders  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Corporate Websites\u003C\u002Fstrong>: Ensure legitimate user registrations for business platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Forums\u003C\u002Fstrong>: Maintain quality user base with verified members\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Educational Platforms\u003C\u002Fstrong>: Secure student and instructor account creation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any WordPress Site\u003C\u002Fstrong>: Enhance security for blogs, portfolios, and business websites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚡ Easy Setup & Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Intuitive admin dashboard for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Ready\u003C\u002Fstrong>: Simple shortcodes for frontend form implementation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Configuration\u003C\u002Fstrong>: Enable\u002Fdisable features with simple toggle switches\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Documentation\u003C\u002Fstrong>: Detailed setup guides and troubleshooting support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 Technical Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Compatibility\u003C\u002Fstrong>: Works with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 7.4+ Support\u003C\u002Fstrong>: Modern PHP compatibility for optimal performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: All forms and interfaces work perfectly on mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Multi-language support for global websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Clean code structure with hooks and filters for customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Default Email Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Professional Setup\u003C\u002Fstrong>: Comes with pre-configured professional email settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom From Address\u003C\u002Fstrong>: Set your preferred sender email (e.g., public.nurhasan@gmail.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Sender Name\u003C\u002Fstrong>: Customize sender name (default: wordpress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Variety\u003C\u002Fstrong>: Multiple email templates for different verification scenarios\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Choose User Verification?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Complete Security Solution\u003C\u002Fstrong>: Multiple authentication methods in one plugin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Spam Guarantee\u003C\u002Fstrong>: Advanced filtering eliminates fake registrations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Experience Focused\u003C\u002Fstrong>: Smooth verification process that doesn’t frustrate legitimate users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly Customizable\u003C\u002Fstrong>: Adapt every aspect to match your site’s needs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regular Updates\u003C\u002Fstrong>: Continuously updated with new features and security improvements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Support\u003C\u002Fstrong>: Dedicated support for setup and troubleshooting\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation & Usage\u003C\u002Fh3>\n\u003Cp>Simply install the plugin, configure your preferred verification methods, and add the provided shortcodes to your pages. The plugin integrates seamlessly with WordPress default forms and popular plugins like WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Transform your WordPress site security today with User Verification – the most comprehensive user authentication plugin available.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Ch3>Spam Protection by [https:\u002F\u002Fisspammy.com](http:\u002F\u002Fisspammy.com)\u003C\u002Fh3>\n\u003Cp>isspammy.com is owned by PickPlugins and it’s used to protect spam users from login in, registering, commenting, posting reviews and etc. Once you mark a comment as spam it will send a request to isspammy.com and it will create a record for this mail and marked as spam, so later when the same email is used to post a comment it will block them as a spammer. isspammy.com is commited to keep user email private and only accessible when requested.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002FAbout Us\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Email verification for user registration to protect spam.",5000,330832,90,63,"2026-02-14T03:45:00.000Z","6.9.4","4.1","",[112,113,114,115,23],"email-otp","email-validation","email-verification","hide-login","http:\u002F\u002Fpickplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-verification.zip",87,3,"2026-03-23 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":89,"tags":136,"homepage":138,"download_link":139,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"magic-login","Magic Login – Passwordless Authentication for WordPress – Login Without Password","2.7.1","handyplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fhandyplugins\u002F","\u003Cp>Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fp>\n\u003Cp>Streamline the login process by sending links to your users. No more passwords to remember, no more password resets, and no more password strength requirements.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fmagic-login-pro\u002F\" rel=\"nofollow ugc\">Learn more about Magic Login\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Key Features 🌟\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Authentication\u003C\u002Fstrong>: No more forgotten passwords or complex requirements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Magic Links\u003C\u002Fstrong>: Secure, unique links sent directly to users’ email inboxes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Login\u003C\u002Fstrong>: Support for auto-login links in outgoing emails. It’s useful when pending action from a user, such as reply a comment, complete the checkout, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong>: Simplifies the login process for all users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: Reduces risks associated with weak passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tools\u003C\u002Fstrong>:  Export, import, and reset plugin settings easily from the admin panel or WP-CLI. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-tools\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How does it work? 🪄\u003C\u002Fh4>\n\u003Col>\n\u003Cli>User enters their email address.\u003C\u002Fli>\n\u003Cli>A unique magic link is sent to their inbox.\u003C\u002Fli>\n\u003Cli>Clicking the link authenticates and logs in the user.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>PRO Features 🎩\u003C\u002Fh4>\n\u003Cp>Here are the premium features that come with Magic Login Pro:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMS Login:\u003C\u002Fstrong> Send magic login links via SMS. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fpasswordless-authentication-with-sms\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>QR Code Login:\u003C\u002Fstrong> Let users log in by scanning a QR code. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fqr-code-login\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Registration:\u003C\u002Fstrong> Enable easy user registration directly from the login form or with a shortcode. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-registration\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CLI Command:\u003C\u002Fstrong> Use WP-CLI to create login links, generate QR codes, export\u002Fimport settings, and more. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-cli-command\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection:\u003C\u002Fstrong> Limit rate of login attempts and block IP temporarily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login request throttling:\u003C\u002Fstrong> Limit login link generation for a certain period.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Check:\u003C\u002Fstrong> Enhance the security by restricting users to log in from the same IP address that requested the link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Restriction:\u003C\u002Fstrong> Allow only certain domains to use the magic link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Email Customization:\u003C\u002Fstrong> Customize login message by using email placeholders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Redirect:\u003C\u002Fstrong> Redirect users to a specific page right after login. You can also redirect different pages based on the user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Integration:\u003C\u002Fstrong> Seamless checkout experience for returning customers. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-woocommerce-integration\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Digital Downloads (EDD) Integration:\u003C\u002Fstrong> Enhance the checkout experience with seamless magic login support. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-edd-integration\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FluentCRM Integration:\u003C\u002Fstrong> Send magic login links directly via FluentCRM. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-fluent-crm\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>reCAPTCHA Integration:\u003C\u002Fstrong> Safeguard your login and registration forms from spam with Google reCAPTCHA. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-spam-protection\u002F#1-toc-title\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile Integration:\u003C\u002Fstrong> Enhance spam protection for your login and registration forms using Cloudflare Turnstile. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-spam-protection\u002F#2-toc-title\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Friendly Captcha Integration:\u003C\u002Fstrong> Protect your login and registration forms from bots with privacy-friendly Friendly Captcha. \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-spam-protection\u002F#3-toc-title\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API Support:\u003C\u002Fstrong> Integrate Magic Login with your custom applications using the REST API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By upgrading to Magic Login Pro you also get access to one-on-one help from our knowledgeable support team and our extensive documentation site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fmagic-login-pro\u002F\" rel=\"nofollow ugc\">Explore Magic Login Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Our documentation can be found on \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs-category\u002Fmagic-login-pro\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fhandyplugins.co\u002Fdocs-category\u002Fmagic-login-pro\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Hook reference: \u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-hooks-doc\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fhandyplugins.co\u002Fdocs\u002Fmagic-login-hooks-doc\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contributing & Bug Report\u003C\u002Fh4>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHandyPlugins\u002Fmagic-login\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Some of our features are pro only, please consider before sending PR.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you like Magic Login, then consider checking out our other projects:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fmagic-login-pro\u002F\" rel=\"friend nofollow ugc\">Magic Login Pro\u003C\u002Fa> – Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Feasy-text-to-speech\u002F\" rel=\"friend nofollow ugc\">Easy Text-to-Speech for WordPress\u003C\u002Fa> – Transform your textual content into high-quality synthesized speech with Amazon Polly.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fhandywriter\u002F\" rel=\"friend nofollow ugc\">Handywriter\u003C\u002Fa> – AI-powered writing assistant that can help you create content for your WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fpaddlepress-pro\u002F\" rel=\"friend nofollow ugc\">PaddlePress PRO\u003C\u002Fa> – Paddle Plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpoweredcache.com\u002F\" rel=\"friend nofollow ugc\">Powered Cache\u003C\u002Fa> – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fwp-accessibility-toolkit\u002F\" rel=\"friend nofollow ugc\">WP Accessibility Toolkit\u003C\u002Fa> – A collection of tools to help you make your WordPress more accessible.\u003C\u002Fli>\n\u003C\u002Ful>\n","Passwordless login for WordPress. Streamline the login process by sending magic links to your users.",2000,59224,96,25,"2026-03-15T13:35:00.000Z","7.0","5.0",[91,137,122,22,23],"magic-link","https:\u002F\u002Fhandyplugins.co\u002Fmagic-login-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagic-login.2.7.1.zip",{"slug":23,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":13,"num_ratings":149,"last_updated":150,"tested_up_to":108,"requires_at_least":151,"requires_php":110,"tags":152,"homepage":156,"download_link":157,"security_score":13,"vuln_count":27,"unpatched_count":72,"last_vuln_date":158,"fetched_at":29},"Passwordless Login","1.1.4","madalin.ungureanu","https:\u002F\u002Fprofiles.wordpress.org\u002Fmadalinungureanu\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fadd-ons\u002Fpasswordless-login\u002F\" rel=\"nofollow ugc\">Passwordless Login\u003C\u002Fa> is a modern way of loggin into your WordPress site without the use of a password.\u003C\u002Fp>\n\u003Cp>Join the discussion here: \u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002F31550-wordpress-passwordless-login\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.cozmoslabs.com\u002F31550-wordpress-passwordless-login\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is how it works:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instead of asking users for a password when they try to log in to your website, we simply ask them for their username or email\u003C\u002Fli>\n\u003Cli>The plugin creates a temporary authorization token and saves it in a WordPress transient that expires after 10 minutes\u003C\u002Fli>\n\u003Cli>Then we send the user an email with a link and the token\u003C\u002Fli>\n\u003Cli>The user clicks the link and sends the authorization code to your server\u003C\u002Fli>\n\u003Cli>The plugin then checks if the code is valid and creates the log in WordPress cookie, successfully authenticating the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can use the shortcode [passwordless-login] in a page or widget.\u003C\u002Fp>\n\u003Cp>If you’re looking to create front-end user registration and profile forms we recommend \u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fwordpress-profile-builder\u002F\" rel=\"nofollow ugc\">Profile Builder\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>NOTE:\u003C\u002Fp>\n\u003Cp>Passwordless Authentication dose not replace the default login functionality in WordPress.\u003C\u002Fp>\n","Passwordless login form via a simple to use shortcode: [passwordless-login]",1000,30685,10,"2026-02-02T08:30:00.000Z","3.9",[153,154,155,22,23],"custom-login-form","front-end-login","login-shortcode","https:\u002F\u002Fwww.cozmoslabs.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswordless-login.1.1.4.zip","2024-03-18 00:00:00",{"attackSurface":160,"codeSignals":204,"taintFlows":219,"riskAssessment":256,"analyzedAt":267},{"hooks":161,"ajaxHandlers":191,"restRoutes":200,"shortcodes":201,"cronEvents":202,"entryPointCount":203,"unprotectedCount":72},[162,168,171,173,175,179,182,185,188],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","validate_registration_action","validate_registration","trusona-openid.php",75,{"type":163,"name":169,"callback":170,"file":166,"line":26},"wp_logout","trusona_openid_logout",{"type":163,"name":172,"callback":172,"file":166,"line":48},"login_footer",{"type":163,"name":174,"callback":174,"file":166,"line":84},"login_form",{"type":163,"name":176,"callback":177,"file":166,"line":178},"login_enqueue_scripts","add_trusona_jquery",81,{"type":163,"name":176,"callback":180,"file":166,"line":181},"add_trusona_css",82,{"type":163,"name":183,"callback":184,"file":166,"line":118},"admin_notices","activation_email_notice_info",{"type":163,"name":186,"callback":186,"file":166,"line":187},"admin_menu",88,{"type":163,"name":189,"callback":189,"file":166,"line":190},"admin_init",89,[192,198],{"action":193,"nopriv":194,"callback":195,"hasNonce":194,"hasCapCheck":196,"file":166,"line":197},"trusona_openid-callback",true,"callback",false,85,{"action":193,"nopriv":196,"callback":195,"hasNonce":194,"hasCapCheck":196,"file":166,"line":199},86,[],[],[],2,{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":208,"fileOperations":72,"externalRequests":85,"nonceChecks":27,"capabilityChecks":72,"bundledLibraries":218},[],{"prepared":72,"raw":72,"locations":207},[],{"escaped":209,"rawEcho":119,"locations":210},18,[211,214,216],{"file":166,"line":212,"context":213},148,"raw output",{"file":166,"line":215,"context":213},545,{"file":166,"line":217,"context":213},561,[],[220,238],{"entryPoint":221,"graph":222,"unsanitizedCount":203,"severity":237},"admin_menu (trusona-openid.php:413)",{"nodes":223,"edges":235},[224,229],{"id":225,"type":226,"label":227,"file":166,"line":228},"n0","source","$_POST (x2)",418,{"id":230,"type":231,"label":232,"file":166,"line":233,"wp_function":234},"n1","sink","update_option() [Settings Manipulation]",419,"update_option",[236],{"from":225,"to":230,"sanitized":196},"low",{"entryPoint":239,"graph":240,"unsanitizedCount":72,"severity":237},"\u003Ctrusona-openid> (trusona-openid.php:0)",{"nodes":241,"edges":253},[242,243,244,248],{"id":225,"type":226,"label":227,"file":166,"line":228},{"id":230,"type":231,"label":232,"file":166,"line":233,"wp_function":234},{"id":245,"type":226,"label":246,"file":166,"line":247},"n2","$_GET",294,{"id":249,"type":231,"label":250,"file":166,"line":251,"wp_function":252},"n3","echo() [XSS]",429,"echo",[254,255],{"from":225,"to":230,"sanitized":194},{"from":245,"to":249,"sanitized":194},{"summary":257,"deductions":258},"The Trusona plugin v2.0.0 exhibits a mixed security posture. On the positive side, the static analysis reveals a limited attack surface with no identified shortcodes, cron events, or REST API routes. Crucially, all SQL queries are properly prepared, and the majority of output is correctly escaped, indicating good development practices for these common vulnerability areas.  The absence of dangerous functions and file operations is also a positive sign.\n\nHowever, several concerns warrant attention. The taint analysis identified one flow with an unsanitized path, which, while not categorized as critical or high, represents a potential risk for path traversal or file inclusion vulnerabilities. The plugin's history is marred by a known medium-severity vulnerability, specifically \"Missing Authorization,\" which remains unpatched. This is a significant red flag, especially given the plugin's entry points, which include AJAX handlers. The lack of capability checks on AJAX handlers, despite the presence of a nonce check, suggests that while some basic protection is in place, authorization might not be sufficiently robust.\n\nIn conclusion, while Trusona v2.0.0 demonstrates some strong security foundations, the unpatched medium-severity vulnerability related to missing authorization and the identified unsanitized path flow are significant weaknesses. The absence of capability checks on all entry points, particularly AJAX handlers, further exacerbates these concerns. These factors suggest a moderate to high risk if the plugin is deployed in a production environment without addressing the outstanding vulnerabilities and bolstering authorization mechanisms.",[259,262,265],{"reason":260,"points":261},"Currently unpatched medium vulnerability",15,{"reason":263,"points":264},"Flow with unsanitized path (taint analysis)",5,{"reason":266,"points":149},"Missing capability checks on AJAX handlers","2026-03-16T19:33:33.356Z",{"wat":269,"direct":279},{"assetPaths":270,"generatorPatterns":273,"scriptPaths":274,"versionParams":275},[271,272],"\u002Fwp-content\u002Fplugins\u002Ftrusona\u002Fcss\u002Ftrusona-openid.css","\u002Fwp-content\u002Fplugins\u002Ftrusona\u002Fjs\u002Ftrusona-login.js",[],[272],[276,277,278],"trusona\u002Fstyle.css?ver=","trusona-openid.css?ver=","trusona-login.js?ver=",{"cssClasses":280,"htmlComments":284,"htmlAttributes":285,"restEndpoints":287,"jsGlobals":289,"shortcodeOutput":290},[281,282,283],"trusona-login-button","trusona-login-text","trusona-login-button-text",[],[286],"data-trusona-login-url",[288],"\u002Fwp-json\u002Ftrusona-openid-callback",[],[]]