[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUzQOm8msnfR-8jVA_DnUO-zFpOz1223kcndV2Y0xX-g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":155,"fingerprints":234},"ultimate-ajax-login","Ultimate AJAX Login","1.2.1","Samer Bechara","https:\u002F\u002Fprofiles.wordpress.org\u002Farbet01\u002F","\u003Cp>After testing all of the AJAX plugins in the WordPress repository, I got frustrated. They’re all great, but it seems that they’re like 90% complete. They still need polishing.  This is why I decided to create this plugin\u003C\u002Fp>\n\u003Cp>How is this plugin different:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three different templates to choose from: Modal login form, Classic login form and popup login form (jQuery UI based)\u003C\u002Fli>\n\u003Cli>24 themes to choose from (jQuery UI based)  \u003C\u002Fli>\n\u003Cli>Fully customizable: Just copy the template you’re using from \u002Ftemplates\u002F directory in the plugin to the “ultimate_ajax_login” directory in your theme, and modify as you need to.\u003C\u002Fli>\n\u003Cli>After a user is logged in, nothing shows up. I found this pretty frustrating with other plugins, there was no way to hide things.\u003C\u002Fli>\n\u003Cli>If you need to show anything after a user logs in, just copy the template widget-logged-in.php to your ultimate_ajax_login folder and add whatever you need. You can call any WP function from there.\u003C\u002Fli>\n\u003Cli>Has three templates, one an AJAX-based classic login form, and the other is a jQuery UI dialog box (Tested and works on mobile), and the third one is a popmodal dialog box\u003C\u002Fli>\n\u003Cli>Blocks the login form whenever a user is being logged in.\u003C\u002Fli>\n\u003Cli>Allows you to specify a global login redirect URL in your settings page, which applies to all of your widgets.\u003C\u002Fli>\n\u003Cli>Login redirect URL can be overridden on a per-widget basis from the widget options page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Shortcode Usage\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Instead of using the widget, you can insert the shortcode inside any post. If you’re a theme developer, you can use it with the do_shortcode() function. Here are the varius option\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using with classic template and no redirect url specified: \u003Cem>[ultimate_ajax_login]\u003C\u002Fem> \u003C\u002Fli>\n\u003Cli>Using the dialog box template: \u003Cem>[ultimate_ajax_login template=’dialog’]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Using the dialog box template and a jquery theme: \u003Cem>[ultimate_ajax_login template=’dialog’ theme=’cupertino’]\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n","Very flexible and easy to use AJAX Login plugin with redirects, customizable templates...",100,14301,90,2,"2015-01-15T09:48:00.000Z","4.1.42","3.1","",[20,21,22,23,24],"admin","ajax","ajax-login","login","multi-site","http:\u002F\u002Fthoughtengineer.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-ajax-login.1.2.1.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58854","ultimate-ajax-login-cross-site-request-forgery","Ultimate AJAX Login \u003C= 1.2.1 - Cross-Site Request Forgery","The Ultimate AJAX Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-09 22:22:13",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0e7130ca-f550-439c-81ec-e48737ff3956?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"arbet01",8,260,84,30,83,"2026-04-04T15:25:20.049Z",[55,77,97,116,136],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":65,"unpatched_count":65,"last_vuln_date":37,"fetched_at":30},"els-ajax-login","Ajax Login","1.0.1","sagormax","https:\u002F\u002Fprofiles.wordpress.org\u002Fsagortouch\u002F","\u003Cp>Ajax Login demo: http:\u002F\u002Fpmzez.com\u002Fplugins\u002Fajax-login\u003C\u002Fp>\n\u003Cp>Go to “Ajax Login Menu to Find shortcode OR Appearance to Widgets and find els Ajax Login”\u003C\u002Fp>\n\u003Cp>Plugin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Click to Loading a progress bar and redirect to admin page.\u003C\u002Fli>\n\u003Cli>Enable ajax login in wp-login.php page.\u003C\u002Fli>\n\u003Cli>Add ajax login widget. \u003C\u002Fli>\n\u003Cli>Ajax’y applications. \u003C\u002Fli>\n\u003Cli>Added WP Security. \u003C\u002Fli>\n\u003Cli>Form class name customizable. \u003C\u002Fli>\n\u003Cli>Dynamically call jQuery Library.\u003C\u002Fli>\n\u003Cli>Fully Responsive. \u003C\u002Fli>\n\u003Cli>Mobile supported. \u003C\u002Fli>\n\u003Cli>Very Lightweight.\u003Cbr \u002F>\n& many More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Youtube :\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.youtube.com\u002Fwatch?v=jEQ9w76rJk8\u003C\u002Fp>\n\u003Cp>Live Preview: http:\u002F\u002Fpmzez.com\u002Fplugins\u002Fajax-login\u003C\u002Fp>\n","Ajax Login is a sample login interface that you login your admin panel by using ajax.",10,3227,0,"2015-10-22T20:40:00.000Z","4.3.34","4.0",[70,22,71,72,73],"admin-login","ajax-admin-login","page-login","sidebar-ajax-login","http:\u002F\u002Fwww.easyloopsoft.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fels-ajax-login.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":95,"download_link":96,"security_score":76,"vuln_count":65,"unpatched_count":65,"last_vuln_date":37,"fetched_at":30},"simplemodal-login","SimpleModal Login","1.1","Eric","https:\u002F\u002Fprofiles.wordpress.org\u002Femartin24\u002F","\u003Cp>\u003Cstrong>SimpleModal Login 1.0 now includes a user registration and password reset feature!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SimpleModal Login provides a modal Ajax login, registration and password reset feature for WordPress and utilizes jQuery and the SimpleModal jQuery plugin.\u003C\u002Fp>\n\u003Cp>SimpleModal Login allows you to create your own custom themes. See the FAQ for details.\u003C\u002Fp>\n\u003Cp>Translations: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimplemodal-login\u002FI18n (check the version number for the correct file)\u003C\u002Fp>\n","SimpleModal Login provides a modal Ajax login, registration, and password reset feature for WordPress which utilizes jQuery and the SimpleModal jQuery",800,187883,80,33,"2017-11-28T19:50:00.000Z","4.0.38","2.5.0",[20,21,23,93,94],"modal","password","http:\u002F\u002Fwww.studiofuel.com\u002Fsimplemodal-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplemodal-login.1.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":11,"num_ratings":14,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":114,"download_link":115,"security_score":76,"vuln_count":65,"unpatched_count":65,"last_vuln_date":37,"fetched_at":30},"wp-ajax-login-and-register","WP AJAX Login and Register","1.3","newbiesup","https:\u002F\u002Fprofiles.wordpress.org\u002Fnewbiesup\u002F","\u003Cp>This plugin will automatically add a login\u002Fregister link to your ‘primary’ menu location. A nice looking form will popup when the link is clicked.\u003Cbr \u002F>\nShortcode is also available for use on any post or widget with ‘[wp-ajax-login text=”Login\u002FRegister”]’ and ‘text’ attribute is the link text.\u003C\u002Fp>\n\u003Cp>For more information, please visit \u003Ca href=\"http:\u002F\u002Fptheme.com\u002Fitem\u002Fwp-ajax-login\u002F\" title=\"ptheme\" rel=\"nofollow ugc\">ptheme.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Easy to use frontend AJAX Login and Register plugin with no settings required.",60,8932,"2016-04-25T14:52:00.000Z","4.5.33","3.0.1",[21,22,111,112,113],"ajax-register","frontend-login","login-form","http:\u002F\u002Fptheme.com\u002Fitem\u002Fwp-ajax-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ajax-login-and-register.1.3.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":65,"num_ratings":65,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":18,"download_link":135,"security_score":11,"vuln_count":65,"unpatched_count":65,"last_vuln_date":37,"fetched_at":30},"gatelink-manager","GateLink Manager – Secure One‑Click Admin Login & WordPress SSO","1.8.3","NUMAN RASHEED","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumanrki\u002F","\u003Cp>\u003Cstrong>GateLink Manager\u003C\u002Fstrong> pairs with the companion GateLink Client to deliver secure, zero‑config single sign‑on for WordPress. Skip copying credentials across sites: connect your hub to client sites and teleport into their dashboards with a single click. Whether you’re a developer, freelancer or agency managing many installations, GateLink saves time and reduces risk by using cryptographically signed links that expire within minutes.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero‑config, one‑click login\u003C\u002Fstrong> – Jump straight into any connected site’s wp‑admin without passwords.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless SSO & HMAC security\u003C\u002Fstrong> – Each login URL is HMAC‑signed and valid for only a short time.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi‑site management\u003C\u002Fstrong> – Add, edit, delete, verify and log in to client sites from a single dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free plan included\u003C\u002Fstrong> – Manage up to 3 sites at no cost; upgrade to Pro (20 sites) or Business (unlimited) when needed.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built‑in logs & metrics\u003C\u002Fstrong> – View connection history and lightweight stats right from the dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern UI\u003C\u002Fstrong> – Responsive admin interface styled with Tailwind, tuned for accessibility and ease of use.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Add a site\u003C\u002Fstrong> – Enter the client’s base URL on your Manager dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share a token\u003C\u002Fstrong> – Create or paste the Shared Token in Manager; paste the same token in the Client’s “Trusted Manager” screen.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Verify & trust\u003C\u002Fstrong> – Click \u003Cstrong>Verify\u003C\u002Fstrong> to perform a health check and establish trust.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login\u003C\u002Fstrong> – Click \u003Cstrong>Login\u003C\u002Fstrong>; a short‑lived, HMAC‑signed URL opens the client site in a new tab, validates the signature and redirects to \u003Ccode>\u002Fwp-admin\u003C\u002Fcode>.  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Security & Privacy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cryptographically signed tokens\u003C\u002Fstrong> – All login links use HMAC‑SHA256 signatures with nonce‑based replay protection.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time‑limited links\u003C\u002Fstrong> – Tokens expire after a few minutes to reduce attack windows.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>No stored credentials\u003C\u002Fstrong> – GateLink never stores your admin passwords; only minimal metadata and logs are kept locally.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTPS required\u003C\u002Fstrong> – Both Manager and Client sites must run over HTTPS; allow‑list the login query parameters (\u003Ccode>gatelink_login\u003C\u002Fcode>, \u003Ccode>cid\u003C\u002Fcode>, \u003Ccode>ts\u003C\u002Fcode>, \u003Ccode>sig\u003C\u002Fcode>) in security\u002FCDN tools if necessary.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plans & Licensing\u003C\u002Fh3>\n\u003Cp>GateLink is free to use for up to three client sites. Professional and Business plans unlock higher site limits and additional support options. Licensing is handled through Freemius; no license key is required for the free tier.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>GateLink communicates only with other WordPress sites that have the GateLink Client plugin installed. Data exchanged includes site URLs, shared tokens, and connection timestamps. Licensing and support are provided via the Freemius service; activating a paid license sends your site domain, license key, and environment info to Freemius for validation.\u003C\u002Fp>\n","Secure, passwordless admin access for multiple WordPress sites—one‑click, HMAC‑signed SSO for remote wp‑admin login.",50,541,"2025-10-14T13:42:00.000Z","6.8.5","6.3","8.0",[131,24,132,133,134],"admin-access","one-click-login","passwordless","single-sign-on","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgatelink-manager.1.8.3.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":11,"num_ratings":28,"last_updated":18,"tested_up_to":146,"requires_at_least":147,"requires_php":18,"tags":148,"homepage":152,"download_link":153,"security_score":11,"vuln_count":65,"unpatched_count":65,"last_vuln_date":37,"fetched_at":154},"simply-login-regiser","Simply Login Register","2.1","Anshul Gangrade","https:\u002F\u002Fprofiles.wordpress.org\u002Fanshuln90\u002F","\u003Cp>Simply Login Regiser is a easy way to create login and register page by usring short code. for create login page use \u003Ccode>[slr_login]\u003C\u002Fcode> shortcode and for register page add \u003Ccode>[slr_register]\u003C\u002Fcode> code on page.\u003C\u002Fp>\n","Easy way to create login and register page by shortcode. It\\'s very simply to use this  plugin.",20,6006,"6.4.8","3.5",[22,149,23,150,151],"ajax-regiter","register","simply","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimply-login-regiser\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-login-regiser.2.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":156,"codeSignals":162,"taintFlows":219,"riskAssessment":220,"analyzedAt":233},{"hooks":157,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":65,"unprotectedCount":65},[],[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":65,"externalRequests":65,"nonceChecks":65,"capabilityChecks":65,"bundledLibraries":218},[],{"prepared":65,"raw":65,"locations":165},[],{"escaped":65,"rawEcho":167,"locations":168},26,[169,172,174,176,177,179,182,183,185,186,188,190,192,195,197,199,201,203,204,206,209,211,212,213,215,217],{"file":170,"line":88,"context":171},"inc\\views\\site-options.php","raw output",{"file":170,"line":173,"context":171},42,{"file":170,"line":175,"context":171},51,{"file":170,"line":105,"context":171},{"file":170,"line":178,"context":171},65,{"file":180,"line":181,"context":171},"templates\\widget-classic.php",40,{"file":180,"line":173,"context":171},{"file":180,"line":184,"context":171},46,{"file":180,"line":124,"context":171},{"file":180,"line":187,"context":171},55,{"file":180,"line":189,"context":171},59,{"file":180,"line":191,"context":171},68,{"file":193,"line":194,"context":171},"templates\\widget-dialog.php",61,{"file":193,"line":196,"context":171},66,{"file":193,"line":198,"context":171},70,{"file":193,"line":200,"context":171},74,{"file":193,"line":202,"context":171},79,{"file":193,"line":50,"context":171},{"file":193,"line":205,"context":171},91,{"file":207,"line":208,"context":171},"templates\\widget-popmodal.php",69,{"file":207,"line":210,"context":171},75,{"file":207,"line":202,"context":171},{"file":207,"line":52,"context":171},{"file":207,"line":214,"context":171},88,{"file":207,"line":216,"context":171},93,{"file":207,"line":11,"context":171},[],[],{"summary":221,"deductions":222},"The 'ultimate-ajax-login' plugin v1.2.1 presents a mixed security posture. While the static analysis indicates a small attack surface with no immediately apparent dangerous functions, SQL injection risks, or unhandled taint flows, significant concerns arise from the lack of output escaping and the plugin's vulnerability history. The fact that 0% of the 26 output operations are properly escaped is a critical weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly in the frontend without sanitization.  The plugin has a history of known vulnerabilities, with one medium-severity Cross-Site Request Forgery (CSRF) vulnerability currently unpatched. This pattern, especially the recurring CSRF type, suggests potential issues with how user actions are authenticated and authorized within the plugin.  While the absence of exposed AJAX handlers, REST API routes, or shortcodes without authentication is positive, the critical lack of output escaping and the unpatched CSRF vulnerability necessitate caution. Users should be aware of the potential for XSS and CSRF attacks, and immediate attention should be given to patching the known vulnerability.",[223,226,228,231],{"reason":224,"points":225},"Unpatched Medium Severity CVE",15,{"reason":227,"points":48},"No output escaping on any output",{"reason":229,"points":230},"No nonce checks on entry points",5,{"reason":232,"points":230},"No capability checks on entry points","2026-03-16T21:08:13.169Z",{"wat":235,"direct":244},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Fultimate-ajax-login\u002Flib\u002Fclass-ual-widget.php","\u002Fwp-content\u002Fplugins\u002Fultimate-ajax-login\u002Flib\u002Fclass-ual-main.php",[],[],[242,243],"ultimate-ajax-login\u002Fstyle.css?ver=","ultimate-ajax-login\u002Fjs\u002Fual-script.js?ver=",{"cssClasses":245,"htmlComments":249,"htmlAttributes":250,"restEndpoints":253,"jsGlobals":254,"shortcodeOutput":256},[246,247,248],"ual-login-form","ual-register-form","ual-lostpassword-form",[],[251,252],"data-ual-action","data-ual-redirect",[],[255],"ual_ajax_object",[257,258,259],"[ultimate_ajax_login]","[ultimate_ajax_register]","[ultimate_ajax_lostpassword]"]