[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faOAMJ0jv0tcTT9IFdrlOKYLQ8c2_kRt_udqtYv4EMQo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":131,"fingerprints":170},"userinfologinshortcode","User Info Login Shortcode","0.2.1","D'Arcy Norman","https:\u002F\u002Fprofiles.wordpress.org\u002Fdnorman\u002F","\u003Cp>I needed a way to display login form on the front page of a WPMU network if a person wasn’t already logged in, and a bit of info about the user, a list of their sites, a link to create a new one, and a link to logout. I could have done it by hacking the theme’s templates, but that locks you into a specific theme. With the shortcode, any theme can display this, on any page (or post, but why would you do that? whatever. it’s your site…)\u003C\u002Fp>\n","This plugin provides a [user_info_login] shortcode to let you embed a User Info or Login section without farting around with page templates or widgets",10,4519,0,"","5.2.24","2.6",[18,19,20],"login","shortcode","wpmu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserinfologinshortcode.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"dnorman",6,620,88,30,86,"2026-04-04T16:46:23.779Z",[35,58,76,90,108],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":22,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":14,"tags":48,"homepage":53,"download_link":54,"security_score":22,"vuln_count":55,"unpatched_count":13,"last_vuln_date":56,"fetched_at":57},"passwordless-login","Passwordless Login","1.1.4","madalin.ungureanu","https:\u002F\u002Fprofiles.wordpress.org\u002Fmadalinungureanu\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fadd-ons\u002Fpasswordless-login\u002F\" rel=\"nofollow ugc\">Passwordless Login\u003C\u002Fa> is a modern way of loggin into your WordPress site without the use of a password.\u003C\u002Fp>\n\u003Cp>Join the discussion here: \u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002F31550-wordpress-passwordless-login\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.cozmoslabs.com\u002F31550-wordpress-passwordless-login\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is how it works:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instead of asking users for a password when they try to log in to your website, we simply ask them for their username or email\u003C\u002Fli>\n\u003Cli>The plugin creates a temporary authorization token and saves it in a WordPress transient that expires after 10 minutes\u003C\u002Fli>\n\u003Cli>Then we send the user an email with a link and the token\u003C\u002Fli>\n\u003Cli>The user clicks the link and sends the authorization code to your server\u003C\u002Fli>\n\u003Cli>The plugin then checks if the code is valid and creates the log in WordPress cookie, successfully authenticating the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can use the shortcode [passwordless-login] in a page or widget.\u003C\u002Fp>\n\u003Cp>If you’re looking to create front-end user registration and profile forms we recommend \u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fwordpress-profile-builder\u002F\" rel=\"nofollow ugc\">Profile Builder\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>NOTE:\u003C\u002Fp>\n\u003Cp>Passwordless Authentication dose not replace the default login functionality in WordPress.\u003C\u002Fp>\n","Passwordless login form via a simple to use shortcode: [passwordless-login]",1000,30685,"2026-02-02T08:30:00.000Z","6.9.4","3.9",[49,50,51,52,36],"custom-login-form","front-end-login","login-shortcode","passwordless","https:\u002F\u002Fwww.cozmoslabs.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswordless-login.1.1.4.zip",1,"2024-03-18 00:00:00","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":14,"tags":71,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":57},"bloginfo-shortcode","Bloginfo Shortcode","1.1","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Displays information about your blog in a page or post. [bloginfo show=”url”] where show can equal any values from https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_bloginfo\u003C\u002Fp>\n","Displays information about your blog in a page or post.",800,2178,"2010-09-07T16:05:00.000Z","3.0.5","3.0",[72,19],"bloginfo","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fbloginfo-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbloginfo-shortcode.zip",85,{"slug":77,"name":60,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":22,"num_ratings":55,"last_updated":85,"tested_up_to":86,"requires_at_least":70,"requires_php":14,"tags":87,"homepage":88,"download_link":89,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":57},"wp-bloginfo-shortcode","1.0","ethanpil","https:\u002F\u002Fprofiles.wordpress.org\u002Fethanpil\u002F","\u003Cp>This plugin adds a shortcode [blog] to pull info from like the template tag bloginfo(). Its very simple to use and supports the same values as bloginfo().\u003C\u002Fp>\n\u003Cp>Why a shortcode and not the function in PHP? Sometimes I need to implement slight variations of the same site. This allows me to have the values propagate into the post content as needed without remembering every place that needs changes.\u003C\u002Fp>\n\u003Cp>Its used like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[blog info=\"name\"] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This is the equivalent of the following in PHP:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>bloginfo('name');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Here are some example uses:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[blog info=\"name\"] - Displays the \"Site Title\" set in Settings > General.\n[blog info=\"description\"] - Displays the \"Tagline\" set in Settings > General.\n[blog info=\"wpurl\"] - Displays the \"WordPress address (URL)\" set in Settings > General.\n[blog info=\"url\"] - Displays the \"Site address (URL)\" set in Settings > General.\n[blog info=\"admin_email\"] - Displays the \"E-mail address\" set in Settings > General. \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See here for all the usable parameters: https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fbloginfo\u003C\u002Fp>\n\u003Cp>Fork away: https:\u002F\u002Fgithub.com\u002Fethanpil\u002Fwp-bloginfo-shortcode\u003C\u002Fp>\n","Add a [blog] shortcode to the Wordpress editor to include data from bloginfo()",700,2500,"2013-09-25T06:38:00.000Z","3.6.1",[72,19],"https:\u002F\u002Fgithub.com\u002Fethanpil\u002Fwp-bloginfo-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-bloginfo-shortcode.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":14,"tags":103,"homepage":106,"download_link":107,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":57},"dig-bloginfo-shortcode","Dig Bloginfo Shortcode","1.0.4","Arroba Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Farroba\u002F","\u003Cp>Dig Bloginfo Shortcode fetches the blog info data and allows it to be used as a shortcode in html.\u003C\u002Fp>\n\u003Ch4>Examples:\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[bloginfo key='name']\n\n[bloginfo key='url']\n\n[bloginfo key='description']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Where:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[bloginfo key=’name’] will return the ‘Blog name’\u003C\u002Fp>\n\u003Cp>[bloginfo key=’url’] will return ‘http:\u002F\u002Fwww.example.com’\u003C\u002Fp>\n\u003Cp>[bloginfo key=’description’] will return ‘Blog description’\u003C\u002Fp>\n\u003Cp>Or use the shortcode to point directly to images in one of your theme’s folder:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cimg src=\"[bloginfo key='template_url']\u002Fimages\u002Flogo.jpg\" alt=\"[bloginfo key='name'] logo\" \u002F>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Parameters:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>name = Blog name\u003C\u002Fli>\n\u003Cli>description = Blog description\u003C\u002Fli>\n\u003Cli>admin_email = ‘admin@email.com’\u003C\u002Fli>\n\u003Cli>url = ‘http:\u002F\u002Fexample.com\u002Fhome’\u003C\u002Fli>\n\u003Cli>wpurl = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp’\u003C\u002Fli>\n\u003Cli>stylesheet_directory = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp\u002Fwp-content\u002Fthemes\u002Fchild-theme’\u003C\u002Fli>\n\u003Cli>stylesheet_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp\u002Fwp-content\u002Fthemes\u002Fchild-theme\u002Fstyle.css’\u003C\u002Fli>\n\u003Cli>template_directory = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp\u002Fwp-content\u002Fthemes\u002Fparent-theme’\u003C\u002Fli>\n\u003Cli>template_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp\u002Fwp-content\u002Fthemes\u002Fparent-theme’\u003C\u002Fli>\n\u003Cli>atom_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Ffeed\u002Fatom’\u003C\u002Fli>\n\u003Cli>rss2_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Ffeed’\u003C\u002Fli>\n\u003Cli>rss_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Ffeed\u002Frss’\u003C\u002Fli>\n\u003Cli>pingback_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fwp\u002Fxmlrpc.php’\u003C\u002Fli>\n\u003Cli>rdf_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Ffeed\u002Frdf’\u003C\u002Fli>\n\u003Cli>comments_atom_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fcomments\u002Ffeed\u002Fatom’\u003C\u002Fli>\n\u003Cli>comments_rss2_url = ‘http:\u002F\u002Fexample.com\u002Fhome\u002Fcomments\u002Ffeed’\u003C\u002Fli>\n\u003Cli>charset = UTF-8\u003C\u002Fli>\n\u003Cli>html_type = text\u002Fhtml\u003C\u002Fli>\n\u003Cli>language = en-US\u003C\u002Fli>\n\u003Cli>text_direction = ltd\u003C\u002Fli>\n\u003Cli>version = 4.6.1\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Complete list of parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get a complete list of the blog info parameters in \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fbloginfo\u002F\" rel=\"nofollow ugc\">WordPress bloginfo function reference\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Localization:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is \u003Ca href=\"https:\u002F\u002Fwpml.org\u002Fplugin\u002Fdig-bloginfo-shortcode\u002F\" rel=\"nofollow ugc\">Compatible with WPML, Tested by WPML team\u003C\u002Fa>\u003C\u002Fp>\n","Fetch the blog info data and use it through a shortcode in html or post editor.",400,2053,"2017-11-10T14:51:00.000Z","4.9.29","3.0.1",[104,72,105,19],"blog","key","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdig-bloginfo-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdig-bloginfo-shortcode.1.0.4.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":30,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":55,"unpatched_count":55,"last_vuln_date":130,"fetched_at":57},"read-more-login","Read More Login","2.0.3","arildur","https:\u002F\u002Fprofiles.wordpress.org\u002Farildur\u002F","\u003Cp>This plugin puts a combined read more\u002Flogin\u002Fregistration form in your posts and pages. The visitors must log in or sign up to read more. Remaining text will be protected and hidden from non-logged in users. Visitors can sign up and log in from inside articles and don’t need to leave the page. Text fades out above the login form and will indicate more text can be read. This could increase conversion rate.\u003C\u002Fp>\n\u003Cp>Live demo: \u003Ca href=\"https:\u002F\u002Fwww.readmorelogin.com\u002Flive-demo\u002F\" rel=\"nofollow ugc\">readmorelogin.com\u002Flive-demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Main features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creates login\u002Fregister form inside articles on posts and pages\u003C\u002Fli>\n\u003Cli>Visitors can log in from inside the articles, remaining text loads automatically\u003C\u002Fli>\n\u003Cli>Text will fade close to login form, this indicate more text be to read \u003C\u002Fli>\n\u003Cli>Easy access to register button to sign-up new visitors\u003C\u002Fli>\n\u003Cli>The e-mail confirmation link sends the signed up user right back to the article\u003C\u002Fli>\n\u003Cli>Works with both pages and posts\u003C\u002Fli>\n\u003Cli>SEO friendly, Google search engines can read without login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Membership handling\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Login\u002Fregistration forms inside articles\u003C\u002Fli>\n\u003Cli>Registration page\u003C\u002Fli>\n\u003Cli>Login\u002Flogout page\u003C\u002Fli>\n\u003Cli>Profile page\u003C\u002Fli>\n\u003Cli>Password recovery page\u003C\u002Fli>\n\u003Cli>E-mail confirmation\u003C\u002Fli>\n\u003Cli>E-mail notifications for registered users and admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Admin panels\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configurable forms and text messages\u003C\u002Fli>\n\u003Cli>Configurable linking\u003C\u002Fli>\n\u003Cli>Login\u002Flogout\u002Fregister\u002Fpassword page redirect\u003C\u002Fli>\n\u003Cli>E-mail customization\u003C\u002Fli>\n\u003Cli>Registration status\u003C\u002Fli>\n\u003Cli>Sign-up statistics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More info, live-demo, user guides, documentation, support:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.readmorelogin.com\" rel=\"nofollow ugc\">readmorelogin.com\u003C\u002Fa>\u003C\u002Fp>\n","Put a combined read more\u002Flogin\u002Fregistration form in your posts and pages. The visitors must log in or sign up to read more.",200,7292,7,"2021-07-31T11:56:00.000Z","5.8.13","4.7","5.5",[124,18,125,126,19],"access","read-more","register","https:\u002F\u002Fwww.readmorelogin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fread-more-login.2.0.3.zip",63,"2025-06-05 00:00:00",{"attackSurface":132,"codeSignals":142,"taintFlows":157,"riskAssessment":158,"analyzedAt":169},{"hooks":133,"ajaxHandlers":134,"restRoutes":135,"shortcodes":136,"cronEvents":141,"entryPointCount":55,"unprotectedCount":13},[],[],[],[137],{"tag":138,"callback":19,"file":139,"line":140},"user_info_login","UserInfoLoginShortcode.php",174,[],{"dangerousFunctions":143,"sqlUsage":144,"outputEscaping":154,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":156},[],{"prepared":13,"raw":145,"locations":146},3,[147,150,152],{"file":139,"line":148,"context":149},101,"$wpdb->get_var() with variable interpolation",{"file":139,"line":151,"context":149},102,{"file":139,"line":153,"context":149},103,{"escaped":13,"rawEcho":13,"locations":155},[],[],[],{"summary":159,"deductions":160},"The \"userinfologinshortcode\" v0.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding output escaping, with 100% of analyzed outputs being properly escaped. Furthermore, the plugin has no known recorded vulnerabilities (CVEs), suggesting a history of stable and secure development or a lack of widespread exploitation. The attack surface is also minimal, with only one shortcode and no AJAX handlers or REST API routes that are exposed without authentication checks. Taint analysis found no critical or high-severity flaws, and dangerous functions and file operations are absent.\n\nHowever, a significant concern lies in the handling of SQL queries. All three identified SQL queries are executed without prepared statements. This makes the plugin highly susceptible to SQL injection vulnerabilities if any user-supplied data is incorporated into these queries, even if output is escaped. The lack of nonce checks and capability checks also presents a potential risk, as it implies that the functionality triggered by the shortcode might not be adequately protected against unauthorized access or misuse if those functions are called indirectly.",[161,164,167],{"reason":162,"points":163},"Raw SQL queries without prepare",15,{"reason":165,"points":166},"Missing nonce checks",5,{"reason":168,"points":166},"Missing capability checks","2026-03-16T23:12:02.341Z",{"wat":171,"direct":176},{"assetPaths":172,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[],[],[],[],{"cssClasses":177,"htmlComments":181,"htmlAttributes":184,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":196},[178,179,180],"inbox","submit-button","chk",[182,183],"\u003C!-- user info \u002F login block -->","\u003C!-- end user info \u002F login block -->",[185,186,187,188,189,190,191,192,193],"name=\"log\"","id=\"user_login\"","name=\"pwd\"","id=\"user_pass\"","name=\"submit\"","name=\"rememberme\"","id=\"rememberme\"","name=\"redirect_to\"","id=\"user-profile\"",[],[],[197],"\u003Cform name=\"loginform\" action=\""]