[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fciYQRb4g90cVkwCnBwxttrgABEkTVuilVbrQivlPKF4":3,"$fG5iZzEH2mDK7r2z8PlelsY1lIvQcByFluT_tCHFRPXE":502,"$fi0ZXliBWRroCluNUsJ0QL-w5JRFq38n5zZmnthh-4Bs":507},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":129,"fingerprints":454},"uthsc-wpcas","UTHSC WPCAS","1.0","gpspake","https:\u002F\u002Fprofiles.wordpress.org\u002Fgpspake\u002F","\u003Cp>This plugin uses the phpCAS library to integrate CAS single sign on with WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provide users with a familiar secure login on multiple WordPress sites without the need for additional expensive ssl certificates.\u003C\u002Fli>\n\u003Cli>phpCAS configuration settings can be set in the plugin options \u003C\u002Fli>\n\u003Cli>Login screen redirects to CAS url specified in options  \u003C\u002Fli>\n\u003Cli>New user accounts will be created for users who have not logged in to the site yet  \u003C\u002Fli>\n\u003Cli>User attributes returned by CAS can be used to populate new user account details such as email address and display name.  \u003C\u002Fli>\n\u003Cli>Service urls can be captured to redirect users to the same page on log in\u002Fout. (Logoutwithredirectservice must be enabled on CAS server for log out redirects to work.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Special thanks\u003C\u002Fh3>\n\u003Cp>David R. Poindexter III and Indiana University – During the development of this plugin, IU-WPCAS was one of the only CAS plugins for WordPress and provided a good bit of inspiration. Clearly, our plugin’s name is completely original.\u003C\u002Fp>\n\u003Cp>Todd Barber and Billy Barnet @ UTHSC for all of their patience, support and good advice\u003C\u002Fp>\n","Integrate Central Authentication Service (CAS) with WordPress",10,3009,0,"2016-02-16T21:57:00.000Z","4.3.34","3.0.1","",[19,20,21,22],"authentication","cas","central-authentication-service","phpcas","https:\u002F\u002Fgithub.com\u002Futhsc\u002Futhsc-wpcas","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futhsc-wpcas.1.0.1.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-05-20T09:03:06.497Z",[36,54,72,87,110],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":50,"download_link":51,"security_score":52,"vuln_count":31,"unpatched_count":31,"last_vuln_date":53,"fetched_at":27},"wpcas","wpCAS","1.07","Casey Bisson","https:\u002F\u002Fprofiles.wordpress.org\u002Fmisterbisson\u002F","\u003Cp>wpCAS integrates WordPress into an established CAS architecture, allowing centralized management and authentication of user credentials in a heterogeneous environment.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCentral_Authentication_Service\" rel=\"nofollow ugc\">From Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cblockquote>\u003Cp>The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously and automatically. It also allows untrusted web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.\u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Cp>Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s\u002Fhe is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAuthZ\" rel=\"nofollow ugc\">Authorization\u003C\u002Fa> of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s\u002Fhe claims to be.\u003C\u002Fp>\n\u003Cp>If the CAS user does not have an account in the WordPress site, an administrator defined function can be called to provision the account or do other actions. By default, CAS users without WordPress accounts are simply refused access.\u003C\u002Fp>\n","wpCAS integrates WordPress into an established CAS architecture, allowing centralized management and authentication of user credentials in a heterogen &hellip;",100,6293,"2010-03-25T15:28:00.000Z","2.7.1","2.7",[19,20,21,22,37],"http:\u002F\u002Fmaisonbisson.com\u002Fprojects\u002Fwpcas","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcas.zip",63,"2026-01-20 00:00:00",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":32,"downloaded":62,"rating":44,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":70,"download_link":71,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-cas-server","Cassava CAS Server","1.2.3","Luis Rodrigues","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoblindegook\u002F","\u003Cp>Cassava allows WordPress to act as a single sign-on authenticator using the Central Authentication Service (CAS) protocol.\u003C\u002Fp>\n\u003Cp>That way, users on your WordPress install may be able to access different applications that support the CAS protocol by providing a single set of credentials and without exposing the user’s password.\u003C\u002Fp>\n\u003Cp>By default, CAS method URIs are provided under the \u003Ccode>wp-cas\u003C\u002Fcode> endpoint:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Flogin\u003C\u002Fcode>: Allows a remote service to request that a user authenticate on the CAS server. Will redirect back to the remote service along with a service ticket.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Flogout\u003C\u002Fcode>: Terminates the single sign-on session. May optionally redirect the user back to the remote service.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Fvalidate\u003C\u002Fcode> [CAS 1.0]: Allows a remote service to validate a service ticket forwarded by the user on redirect. Returns a plaintext response.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Fproxy\u003C\u002Fcode> [CAS 2.0]: Provides access to remote services with proxy tickets in exchange for proxy-granting tickets. Returns an XML response.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002FproxyValidate\u003C\u002Fcode> [CAS 2.0]: Allows a remote service to validate a service or proxy ticket forwarded by the user on redirect. Returns an XML response.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002FserviceValidate\u003C\u002Fcode> [CAS 2.0]: Allows a remote service to validate a service ticket forwarded by the user on redirect. Returns an XML response.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Fp3\u002FproxyValidate\u003C\u002Fcode> [CAS 3.0]: Allows a remote service to validate a service or proxy ticket forwarded by the user on redirect. Returns an XML response.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-cas\u002Fp3\u002FserviceValidate\u003C\u002Fcode> [CAS 3.0]: Allows a remote service to validate a service ticket forwarded by the user on redirect. Returns an XML response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are a few \u003Ca href=\"http:\u002F\u002Fwww.jasig.org\u002Fcas\u002Fclient-integration\" rel=\"nofollow ugc\">client integration\u003C\u002Fa> libraries available for CAS, as well as a handy guide for \u003Ca href=\"https:\u002F\u002Fwiki.jasig.org\u002Fdisplay\u002FCASC\u002FCASifying+Applications\" rel=\"nofollow ugc\">CASifying several existing applications\u003C\u002Fa>. Independent WordPress installations may integrate with Cassava using a client plugin such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcas-maestro\u002F\" rel=\"ugc\">CAS Maestro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please follow and contribute to Cassava’s development on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgoblindegook\u002Fwp-cas-server\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Ch4>Action: cas_server_before_request\u003C\u002Fh4>\n\u003Cp>Fires before a CAS request is processed.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$path\u003C\u002Fcode>: Requested URI path.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Action: cas_server_after_request\u003C\u002Fh4>\n\u003Cp>Fires after a CAS request is processed.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$path\u003C\u002Fcode>: Requested URI path.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Action: cas_server_error\u003C\u002Fh4>\n\u003Cp>Fires if the CAS server has to return an XML error.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>WP_Error\u003C\u002Fem> \u003Ccode>$error\u003C\u002Fcode>: WordPress error to return as XML.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Action: cas_server_validation_success\u003C\u002Fh4>\n\u003Cp>Fires on successful ticket validation.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>WP_User\u003C\u002Fem> \u003Ccode>$user\u003C\u002Fcode>: WordPress user validated by ticket.\u003C\u002Fli>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$ticket\u003C\u002Fcode>: Valid ticket string.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_enabled\u003C\u002Fh4>\n\u003Cp>Allows developers to disable CAS.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>boolean\u003C\u002Fem> \u003Ccode>$cas_enabled\u003C\u002Fcode>: Whether the server should respond to single sign-on requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_routes\u003C\u002Fh4>\n\u003Cp>Allows developers to override the default controller mapping, define additional endpoints and provide alternative implementations to the provided controllers.\u003C\u002Fp>\n\u003Cp>Controllers provided in this fashion should extend the \u003Ccode>\\Cassava\\CAS\\Controller\\BaseController\u003C\u002Fcode> class.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$cas_routes\u003C\u002Fcode>: CAS endpoint to controller mapping.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_response\u003C\u002Fh4>\n\u003Cp>Lets developers change the CAS server response string.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$output\u003C\u002Fcode>: Response output string.\u003C\u002Fli>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$path\u003C\u002Fcode>: Requested URI path.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_dispatch_args\u003C\u002Fh4>\n\u003Cp>Filters the callback arguments to be dispatched for the request. Plugin developers may return a \u003Ccode>WP_Error\u003C\u002Fcode> object here to abort the request.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$args\u003C\u002Fcode>: Arguments to pass the callback.\u003C\u002Fli>\n\u003Cli>\u003Cem>(string|array)\u003C\u002Fem> \u003Ccode>$callback\u003C\u002Fcode>: Callback function or method.\u003C\u002Fli>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$path\u003C\u002Fcode>: Requested URI path.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_login_args\u003C\u002Fh4>\n\u003Cp>Allows developers to change the request parameters passed to a \u003Ccode>\u002Flogin\u003C\u002Fcode> request.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$args\u003C\u002Fcode>: HTTP request (GET, POST) parameters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_redirect_service\u003C\u002Fh4>\n\u003Cp>Filters the redirect URI for the service requesting user authentication.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$service\u003C\u002Fcode>: Service URI requesting user authentication.\u003C\u002Fli>\n\u003Cli>\u003Cem>WP_User\u003C\u002Fem> \u003Ccode>$user\u003C\u002Fcode>: Logged in WordPress user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_custom_auth_uri\u003C\u002Fh4>\n\u003Cp>Allows developers to redirect the user to a custom login form.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$custom_login_url\u003C\u002Fcode>: URI for the custom login page.\u003C\u002Fli>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$args\u003C\u002Fcode>: Login request parameters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_ticket_expiration\u003C\u002Fh4>\n\u003Cp>This filter allows developers to override the default ticket expiration period.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>int\u003C\u002Fem> \u003Ccode>$expiration\u003C\u002Fcode>: Ticket expiration period (in seconds).\u003C\u002Fli>\n\u003Cli>\u003Cem>string\u003C\u002Fem> \u003Ccode>$type\u003C\u002Fcode>: Type of ticket to set.\u003C\u002Fli>\n\u003Cli>\u003Cem>WP_User\u003C\u002Fem> \u003Ccode>$user\u003C\u002Fcode>: Authenticated user associated with the ticket.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_validation_user_attributes\u003C\u002Fh4>\n\u003Cp>Allows developers to change the list of (key, value) pairs before they’re included in a \u003Ccode>\u002FserviceValidate\u003C\u002Fcode> response.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$attributes\u003C\u002Fcode>: List of attributes to output.\u003C\u002Fli>\n\u003Cli>\u003Cem>WP_User\u003C\u002Fem> \u003Ccode>$user\u003C\u002Fcode>: Authenticated user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter: cas_server_settings_user_attribute_options\u003C\u002Fh4>\n\u003Cp>Allows developers to change the list of user attributes that appear in the dashboard for an administrator to set to return on successful validation requests.\u003C\u002Fp>\n\u003Cp>Options are stored in an associative array, with user attribute slugs as array keys and option labels as array values.\u003C\u002Fp>\n\u003Cp>These settings are valid only for CAS 2.0 validation requests.\u003C\u002Fp>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>array\u003C\u002Fem> \u003Ccode>$attributeOptions\u003C\u002Fcode> Attribute options an administrator can set on the dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n","Cassava provides authentication services based on the Jasig CAS protocol.",3207,2,"2016-02-13T00:05:00.000Z","4.4.34","3.9",[19,20,21,68,69],"jasig-cas","single-sign-on","https:\u002F\u002Fgoblindegook.github.io\u002Fwp-cas-server","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-cas-server.1.2.3.zip",{"slug":73,"name":74,"version":6,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":11,"downloaded":79,"rating":13,"num_ratings":13,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":17,"tags":83,"homepage":85,"download_link":86,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wpcas-server","wpCAS Server","Adam Backstrom","https:\u002F\u002Fprofiles.wordpress.org\u002Fadambackstrom\u002F","\u003Cp>This plugin reserves a collection of URIs that create, validate, and destroy CAS tickets.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u002Fcas\u002Flogin :: If user is not authenticated he\u002Fshe is redirected to the login page.  Otherwise the user is redirected to the service specified as a GET variable in the URL – or if service is not provided, the user is redirected to the WordPress instance’s home.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u002Fcas\u002Flogout :: The user’s session is destroyed, user is logged out of the WordPress instance, and redirected to $_GET[‘service’] (or the blog home if service isn’t provided)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u002Fcas\u002FproxyValidate and \u002Fcas\u002Fvalidate :: The CAS ticket must be passed as a GET parameter in the URL when calling \u002Fcas\u002Fvalidate.  The ticket is validated and XML is output with either cas:authenticationSuccess or cas:authenticationFailure\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Hooks & Filters\u003C\u002Fh3>\n\u003Ch4>wpcas_server_login Hook\u003C\u002Fh4>\n\u003Cp>This hook allows for the insertion of code after login has successfully completed and just before the ticket creation.  One common use of this hook is to fill out the $_SESSION variable with site\u002Fuser specific information.\u003C\u002Fp>\n\u003Ch4>wpcas_server_auth_value Filter\u003C\u002Fh4>\n\u003Cp>This filter (executed in a successful ticket validation in \u002Fcas\u002Fvalidate) is used to override the user identifier returned in the cas:authenticationSuccess XML response.  By default, the value returned is the $user_ID of the authenticated user.  Using this filter, that value can be altered to whatever suits your implementation.\u003C\u002Fp>\n","Turns WordPress or WordPress MU into a CAS single sign-on authenticator.",2492,"2012-07-12T13:42:00.000Z","2.9.2","2.8",[84,19,21,37,73],"auth","http:\u002F\u002Fborkweb.com\u002Fprojects\u002Fwpcas-server","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcas-server.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":44,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":108,"vuln_count":31,"unpatched_count":13,"last_vuln_date":109,"fetched_at":27},"authorizer","Authorizer","3.13.4","Paul Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Ffigureone\u002F","\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> restricts access to a WordPress site to specific users, typically students enrolled in a university course. It maintains a list of approved users that you can edit to determine who has access. It also replaces the default WordPress login\u002Fauthorization system with one relying on an external server, such as Google, CAS, LDAP, or an OAuth2 provider. Finally, \u003Cem>Authorizer\u003C\u002Fem> lets you limit invalid login attempts to prevent bots from compromising your users’ accounts.\u003C\u002Fp>\n\u003Cp>View or contribute to the plugin source on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> requires the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>CAS server\u003C\u002Fstrong> (2.x, 3.x, 4.x, 5.x, 6.x, or 7.x) or \u003Cstrong>LDAP server\u003C\u002Fstrong> (plugin needs the URL)\u003C\u002Fli>\n\u003Cli>PHP extensions: php-ldap, php-curl, php-dom\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> provides the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: WordPress accounts; Google accounts; CAS accounts; LDAP accounts; OAuth2 accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Access\u003C\u002Fstrong>: All authenticated users (all local and all external can log in); Only specific users (all local and approved external users can log in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View Access\u003C\u002Fstrong>: Everyone (open access); Only logged in users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: Progressively increase the amount of time required between invalid login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode\u003C\u002Fstrong>: Use the \u003Ccode>[authorizer_login_form]\u003C\u002Fcode> shortcode to embed a wp_login_form() outside of wp-login.php.\u003C\u002Fli>\n\u003C\u002Ful>\n","Authorizer limits login attempts, restricts access to specific users, and authenticates against external sources (OAuth2, Google, LDAP, or CAS).",5000,182565,19,"2025-12-19T20:52:00.000Z","6.9.4","5.5","7.4",[19,20,103,104,105],"ldap","login","oauth","https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthorizer.3.13.4.zip",99,"2022-11-01 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":44,"num_ratings":120,"last_updated":121,"tested_up_to":99,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":126,"download_link":127,"security_score":108,"vuln_count":31,"unpatched_count":13,"last_vuln_date":128,"fetched_at":27},"wp-cassify","WP Cassify","2.4.3","Alain-Aymerick FRANCOIS","https:\u002F\u002Fprofiles.wordpress.org\u002Faaf017\u002F","\u003Cp>If you’re happy with this plugin :\u003Cbr \u002F>\nAs a reward for my efforts, I would like to receive T-shirts (or other goodies) as gifts from the universities or companies that use it.\u003Cbr \u002F>\nMy size is L. Best regards.\u003C\u002Fp>\n\u003Cp>This Apereo CAS authentication plugin has no phpCas library dependency. This is not only an authentication plugin.\u003Cbr \u002F>\nYou can build custom authorization rules according to cas user attributes populated. If user don’t exist in WordPress\u003Cbr \u002F>\ndatabase, it can be created automatically. There are many features. You can customize everything.\u003C\u002Fp>\n\u003Ch4>Website\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fwpcassify.wordpress.com\u002F\u003C\u002Fp>\n\u003Ch4>Development and release environment\u003C\u002Fh4>\n\u003Cp>This plugin is now developed and tested from a github repository. You can find it here :\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FWP-Cassify\u002Fwp-cassify-develop\u003C\u002Fp>\n\u003Cp>Don’t hesitate to contribute to this project. You can fork it and make pull requests !\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Require at least PHP version 7.0\u003C\u002Fli>\n\u003Cli>Require at least PHP CURL package\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SLO (Single Log Out) support (thanks to dedotombo and me)\u003C\u002Fli>\n\u003Cli>Adding NCONTAINS operator (thanks to blandman)\u003C\u002Fli>\n\u003Cli>Fix bug on Gateway mode (autologin) (thanks to dedotombo again). Now it’s now necessary to hack theme files to fire it.\u003C\u002Fli>\n\u003Cli>Adding option logout on authentication failure to not disturb users\u003C\u002Fli>\n\u003Cli>Initialize PHP session at a later stage (on wp_loaded not on init)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Adding some customs hooks and filters.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Tested with Apereo CAS Server version 7.3.5\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Compatible with CAS Protocol version 2 and 3\u003C\u002Fli>\n\u003Cli>Automatic user creation if not exist in WordPress database.\u003C\u002Fli>\n\u003Cli>Synchronize WordPress User metas with CAS User attributes.\u003C\u002Fli>\n\u003Cli>Add support for multivaluate cas user fields. Now multivaluate fields can be serialized to be stored in custom WP User meta.\u003C\u002Fli>\n\u003Cli>Backup \u002F Restore plugin configuration options settings\u003C\u002Fli>\n\u003Cli>You can choose CAS User attributes you want to populate. Then you can access them via PHP Session.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Be careful, to access to CAS User Attributes from your theme file (from 1.8.4), use code below :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n    if ( isset($GLOBALS['wp-cassify']) ) {\n        print_r( $GLOBALS['wp-cassify']->wp_cassify_get_cas_user_datas() );\n    }\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Set up WordPress Roles to User according to CAS User attributes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>If plugin is network activated, you can define User Role Rule scope by blog id.\u003C\u002Fli>\n\u003Cli>Authorization rule editor.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress Access Control Plugin.\u003C\u002Fli>\n\u003Cli>Manage URL White List to bypass CAS Authentication on certain pages.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Much simpler bypass authentication with post method provided by Susan Boland (See online documentation). Create wordpress authentication form with redirect attribute like this (works only if URL bypass is enabled in settings) :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\n    $args = array(\n        'echo'           => true,\n        'remember'       => true,\n        'redirect' => site_url( '\u002F?wp_cassify_bypass=bypass' ),\n        'form_id'        => 'loginform',\n        'id_username'    => 'user_login',\n        'id_password'    => 'user_pass',\n        'id_remember'    => 'rememberme',\n        'id_submit'      => 'wp-submit',\n        'label_username' => __( 'Username' ),\n        'label_password' => __( 'Password' ),\n        'label_remember' => __( 'Remember Me' ),\n        'label_log_in'   => __( 'Log In' ),\n        'value_username' => '',\n        'value_remember' => false\n    );\n\n    wp_login_form( $args ); \n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Receive email notifications when trigger is fired (after user account creation, after user login\u002Flogout).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Define notifications rules based on user attributes values.\u003C\u002Fli>\n\u003Cli>Purge user roles before applying user role rules.\u003C\u002Fli>\n\u003Cli>Define user account expiration rules bases on CAS User attributes.\u003C\u002Fli>\n\u003Cli>Network activation allowed\u003C\u002Fli>\n\u003Cli>You can set Service Logout URL (Needs to have CAS Server with followServiceRedirects option configured).\u003C\u002Fli>\n\u003Cli>Add support for web application hosted behind a reverse proxy. (Thanks to franck86)\u003C\u002Fli>\n\u003Cli>Add custom hooks : wp_cassify_after_cas_authentication, wp_cassify_before_auth_user_wordpress, wp_cassify_before_redirect, wp_cassify_after_redirect. (See online documentation)\u003C\u002Fli>\n\u003Cli>Custom filter to perform custom cas server response parsing. Hook name : wp_cassify_custom_parsing_cas_xml_response (See online documentation)\u003C\u002Fli>\n\u003Cli>Custom shortcode to generate CAS login\u002Flogout link into your blog. (See online documentation)\u003C\u002Fli>\n\u003Cli>Debug settings, dump last xml cas server response.\u003C\u002Fli>\n\u003Cli>Detect if user has already authenticated by CAS from your public pages and perform auto-login with gateway mode\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add ‘-IN’ and ‘-NOTIN’ operators to process array attributes values returned from CAS.\u003Cbr \u002F>\nWhen you have :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$cas_user_datas['title'] = array( 'Student', 'Professor' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Then you can use :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    (CAS{title} -IN \"professor\")\n\u003C\u002Fcode>\u003C\u002Fpre>\n","The plugin is an Apereo CAS Client. It performs CAS authentication and autorization for Wordpress.",900,35816,16,"2026-04-13T13:48:00.000Z","4.4","7.0",[84,19,20,125,37],"central","https:\u002F\u002Fwpcassify.wordpress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-cassify.2.4.3.zip","2025-03-26 00:00:00",{"attackSurface":130,"codeSignals":184,"taintFlows":327,"riskAssessment":441,"analyzedAt":453},{"hooks":131,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":13,"unprotectedCount":13},[132,138,142,146,150,154,158,162,165,168,171,174,177],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","login_init","bypass_login","uthsc-wpcas.php",43,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_init","register_wpcas_settings",50,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_menu","add_options_pages",57,{"type":133,"name":147,"callback":148,"file":136,"line":149},"init","activate",62,{"type":151,"name":152,"callback":152,"priority":11,"file":136,"line":153},"filter","authenticate",76,{"type":133,"name":155,"callback":156,"file":136,"line":157},"wp_logout","logout",77,{"type":133,"name":159,"callback":160,"file":136,"line":161},"lost_password","disable_function",78,{"type":133,"name":163,"callback":160,"file":136,"line":164},"retrieve_password",79,{"type":133,"name":166,"callback":160,"file":136,"line":167},"password_reset",80,{"type":151,"name":169,"callback":169,"file":136,"line":170},"show_password_fields",81,{"type":133,"name":172,"callback":172,"priority":11,"file":136,"line":173},"check_passwords",82,{"type":151,"name":175,"callback":152,"priority":11,"file":136,"line":176},"wp_signon",83,{"type":151,"name":178,"callback":179,"priority":11,"file":136,"line":33},"login_url","wpcas_login_url",[],[],[],[],{"dangerousFunctions":185,"sqlUsage":190,"outputEscaping":193,"fileOperations":325,"externalRequests":63,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":326},[186],{"fn":187,"file":188,"line":120,"context":189},"ini_set","phpCAS-1.3-stable\u002Futils\u002Fmakepackage.php","ini_set('display_errors', true);",{"prepared":191,"raw":13,"locations":192},6,[],{"escaped":63,"rawEcho":194,"locations":195},72,[196,200,202,204,206,208,210,212,215,217,219,221,223,225,226,228,230,232,235,238,240,242,243,244,247,249,252,253,256,257,260,261,263,264,266,267,269,270,271,273,274,275,277,278,279,280,282,283,284,285,286,288,290,291,292,294,295,296,299,302,304,305,307,308,309,311,312,315,317,318,320,322],{"file":197,"line":198,"context":199},"admin\u002Futhsc-wpcas-settings.php",39,"raw output",{"file":197,"line":201,"context":199},56,{"file":197,"line":203,"context":199},73,{"file":197,"line":205,"context":199},90,{"file":197,"line":207,"context":199},107,{"file":197,"line":209,"context":199},117,{"file":197,"line":211,"context":199},127,{"file":213,"line":214,"context":199},"admin\u002Futhsc-wpcas-test.php",24,{"file":213,"line":216,"context":199},25,{"file":213,"line":218,"context":199},26,{"file":213,"line":220,"context":199},53,{"file":213,"line":222,"context":199},55,{"file":213,"line":224,"context":199},61,{"file":213,"line":224,"context":199},{"file":213,"line":227,"context":199},68,{"file":213,"line":229,"context":199},89,{"file":213,"line":231,"context":199},94,{"file":233,"line":234,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fcreate_pgt_storage_db_table.php",49,{"file":236,"line":237,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_advanced_saml11.php",60,{"file":236,"line":239,"context":199},67,{"file":236,"line":241,"context":199},69,{"file":236,"line":203,"context":199},{"file":236,"line":203,"context":199},{"file":245,"line":246,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_custom_urls.php",64,{"file":245,"line":248,"context":199},65,{"file":250,"line":251,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_gateway.php",59,{"file":250,"line":239,"context":199},{"file":254,"line":255,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_html.php",71,{"file":254,"line":194,"context":199},{"file":258,"line":259,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_lang.php",58,{"file":258,"line":251,"context":199},{"file":262,"line":251,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_logout.php",{"file":262,"line":237,"context":199},{"file":265,"line":149,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_no_ssl_cn_validation.php",{"file":265,"line":52,"context":199},{"file":268,"line":259,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_pgt_storage_db.php",{"file":268,"line":251,"context":199},{"file":268,"line":227,"context":199},{"file":272,"line":259,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_pgt_storage_file.php",{"file":272,"line":251,"context":199},{"file":272,"line":227,"context":199},{"file":276,"line":222,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_proxy_GET.php",{"file":276,"line":201,"context":199},{"file":276,"line":239,"context":199},{"file":276,"line":194,"context":199},{"file":281,"line":145,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_proxy_POST.php",{"file":281,"line":259,"context":199},{"file":281,"line":255,"context":199},{"file":281,"line":153,"context":199},{"file":281,"line":161,"context":199},{"file":287,"line":251,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_proxy_rebroadcast.php",{"file":289,"line":222,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_proxy_serviceWeb.php",{"file":289,"line":201,"context":199},{"file":289,"line":248,"context":199},{"file":293,"line":222,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_proxy_serviceWeb_chaining.php",{"file":293,"line":201,"context":199},{"file":293,"line":248,"context":199},{"file":297,"line":298,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_service.php",86,{"file":300,"line":301,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_service_POST.php",74,{"file":300,"line":303,"context":199},92,{"file":300,"line":231,"context":199},{"file":306,"line":229,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_service_that_proxies.php",{"file":306,"line":205,"context":199},{"file":306,"line":108,"context":199},{"file":310,"line":145,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_simple.php",{"file":310,"line":259,"context":199},{"file":313,"line":314,"context":199},"phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fscript_info.php",17,{"file":313,"line":316,"context":199},18,{"file":313,"line":97,"context":199},{"file":319,"line":167,"context":199},"phpCAS-1.3-stable\u002Fsource\u002FCAS\u002FClient.php",{"file":319,"line":321,"context":199},2181,{"file":323,"line":324,"context":199},"phpCAS-1.3-stable\u002Fsource\u002FCAS.php",514,4,[],[328,345,355,390,402,410,419,433],{"entryPoint":329,"graph":330,"unsanitizedCount":31,"severity":344},"uthsc_wpcas_test (admin\u002Futhsc-wpcas-test.php:3)",{"nodes":331,"edges":341},[332,336],{"id":333,"type":334,"label":335,"file":213,"line":214},"n0","source","$_SERVER['SCRIPT_NAME']",{"id":337,"type":338,"label":339,"file":213,"line":214,"wp_function":340},"n1","sink","echo() [XSS]","echo",[342],{"from":333,"to":337,"sanitized":343},false,"medium",{"entryPoint":346,"graph":347,"unsanitizedCount":31,"severity":344},"_callback (phpCAS-1.3-stable\u002Fsource\u002FCAS\u002FClient.php:2172)",{"nodes":348,"edges":353},[349,352],{"id":333,"type":334,"label":350,"file":319,"line":351},"$_GET",2179,{"id":337,"type":338,"label":339,"file":319,"line":321,"wp_function":340},[354],{"from":333,"to":337,"sanitized":343},{"entryPoint":356,"graph":357,"unsanitizedCount":389,"severity":344},"\u003CClient> (phpCAS-1.3-stable\u002Fsource\u002FCAS\u002FClient.php:0)",{"nodes":358,"edges":383},[359,360,361,364,368,374,377,380],{"id":333,"type":334,"label":350,"file":319,"line":351},{"id":337,"type":338,"label":339,"file":319,"line":321,"wp_function":340},{"id":362,"type":334,"label":350,"file":319,"line":363},"n2",2251,{"id":365,"type":366,"label":367,"file":319,"line":363},"n3","transform","→ write()",{"id":369,"type":338,"label":370,"file":371,"line":372,"wp_function":373},"n4","fopen() [File Access]","phpCAS-1.3-stable\u002Fsource\u002FCAS\u002FPGTStorage\u002FFile.php",207,"fopen",{"id":375,"type":334,"label":350,"file":319,"line":376},"n5",2267,{"id":378,"type":366,"label":379,"file":319,"line":376},"n6","→ read()",{"id":381,"type":338,"label":370,"file":371,"line":382,"wp_function":373},"n7",238,[384,385,386,387,388],{"from":333,"to":337,"sanitized":343},{"from":362,"to":365,"sanitized":343},{"from":365,"to":369,"sanitized":343},{"from":375,"to":378,"sanitized":343},{"from":378,"to":381,"sanitized":343},3,{"entryPoint":391,"graph":392,"unsanitizedCount":31,"severity":344},"bypass_login (uthsc-wpcas.php:140)",{"nodes":393,"edges":400},[394,396],{"id":333,"type":334,"label":350,"file":136,"line":395},143,{"id":337,"type":338,"label":397,"file":136,"line":398,"wp_function":399},"header() [Header Injection]",147,"header",[401],{"from":333,"to":337,"sanitized":343},{"entryPoint":403,"graph":404,"unsanitizedCount":31,"severity":344},"\u003Cuthsc-wpcas> (uthsc-wpcas.php:0)",{"nodes":405,"edges":408},[406,407],{"id":333,"type":334,"label":350,"file":136,"line":395},{"id":337,"type":338,"label":397,"file":136,"line":398,"wp_function":399},[409],{"from":333,"to":337,"sanitized":343},{"entryPoint":411,"graph":412,"unsanitizedCount":31,"severity":418},"\u003Cuthsc-wpcas-test> (admin\u002Futhsc-wpcas-test.php:0)",{"nodes":413,"edges":416},[414,415],{"id":333,"type":334,"label":335,"file":213,"line":214},{"id":337,"type":338,"label":339,"file":213,"line":214,"wp_function":340},[417],{"from":333,"to":337,"sanitized":343},"low",{"entryPoint":420,"graph":421,"unsanitizedCount":63,"severity":418},"\u003Cexample_service_POST> (phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fexample_service_POST.php:0)",{"nodes":422,"edges":430},[423,425,426,429],{"id":333,"type":334,"label":424,"file":300,"line":153},"$_SERVER['REQUEST_METHOD']",{"id":337,"type":338,"label":339,"file":300,"line":301,"wp_function":340},{"id":362,"type":334,"label":427,"file":300,"line":428},"$_POST['favorite_color']",95,{"id":365,"type":338,"label":339,"file":300,"line":231,"wp_function":340},[431,432],{"from":333,"to":337,"sanitized":343},{"from":362,"to":365,"sanitized":343},{"entryPoint":434,"graph":435,"unsanitizedCount":31,"severity":418},"\u003Cscript_info> (phpCAS-1.3-stable\u002Fdocs\u002Fexamples\u002Fscript_info.php:0)",{"nodes":436,"edges":439},[437,438],{"id":333,"type":334,"label":335,"file":313,"line":314},{"id":337,"type":338,"label":339,"file":313,"line":314,"wp_function":340},[440],{"from":333,"to":337,"sanitized":343},{"summary":442,"deductions":443},"The uthsc-wpcas plugin v1.0 presents a mixed security posture.  On one hand, the plugin demonstrates strong security practices in its handling of database interactions, with all SQL queries utilizing prepared statements. Furthermore, the static analysis reveals a very small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. This significantly limits the potential avenues for external exploitation. However, there are notable concerns. The complete absence of nonce checks and capability checks is a major weakness, as it means actions within the plugin are not protected against CSRF attacks or unauthorized privilege escalation. Additionally, the low percentage of properly escaped output (3%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website. The presence of the `ini_set` function, while not inherently malicious, warrants review in its usage as it can alter PHP configurations. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting the developers may be attentive, but it does not negate the risks identified in the current code analysis.",[444,446,448,451],{"reason":445,"points":11},"Missing nonce checks",{"reason":447,"points":11},"Missing capability checks",{"reason":449,"points":450},"Low percentage of properly escaped output",8,{"reason":452,"points":389},"Use of ini_set function","2026-04-16T12:11:17.443Z",{"wat":455,"direct":465},{"assetPaths":456,"generatorPatterns":460,"scriptPaths":461,"versionParams":462},[457,458,459],"\u002Fwp-content\u002Fplugins\u002Futhsc-wpcas\u002Fadmin\u002Fcss\u002Futhsc-wpcas-admin.css","\u002Fwp-content\u002Fplugins\u002Futhsc-wpcas\u002Fadmin\u002Fjs\u002Futhsc-wpcas-admin.js","\u002Fwp-content\u002Fplugins\u002Futhsc-wpcas\u002FphpCAS-1.3-stable\u002FCAS.php",[],[459],[463,464],"uthsc-wpcas\u002Fadmin\u002Fcss\u002Futhsc-wpcas-admin.css?ver=","uthsc-wpcas\u002Fadmin\u002Fjs\u002Futhsc-wpcas-admin.js?ver=",{"cssClasses":466,"htmlComments":470,"htmlAttributes":492,"restEndpoints":498,"jsGlobals":499,"shortcodeOutput":501},[467,468,469],"uthsc-wpcas-settings-page","uthsc-wpcas-test-page","uthsc-wpcas-about-page",[471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491],"\u003C!-- Register settings in lib\u002Fwpcas-options.php -->","\u003C!-- Update settings in lib\u002Fwpcas-options.php -->","\u003C!-- Unregister settings in lib\u002Fwpcas-options.php -->","\u003C!-- Delete settings in lib\u002Fwpcas-options.php -->","\u003C!-- This comes from phpCAS's authpage.php example but instead of using the options from config.php we get the wordpress options that are set in the plugin admin section. -->","\u003C!-- If you want to test CAS to see if it's working, you can use the authpage.php included in the plugin directory. -->","\u003C!-- Load the settings from the central config file -->","\u003C!-- Load the CAS lib -->","\u003C!-- For production use set the CA certificate that is the issuer of the cert -->","\u003C!-- on the CAS server and uncomment the line below -->","\u003C!-- For quick testing you can disable SSL validation of the CAS server. -->","\u003C!-- THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. -->","\u003C!-- VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! -->","\u003C!-- Handle SAML logout requests that emanate from the CAS host exclusively. -->","\u003C!-- Failure to restrict SAML logout requests to authorized hosts could -->","\u003C!-- allow denial of service attacks where at the least the server is -->","\u003C!-- tied up parsing bogus XML messages. -->","\u003C!-- Uncomment to enable debugging -->","\u003C!-- This is based on the CAS reponse; it may be different for your configuration. -->","\u003C!-- To test, you can use var_dump($cas_attributes) -->","\u003C!-- If the user hasn't logged in to Wordpress before, create an account with the Attribute -->",[493,494,495,496,497],"data-wpcas-host","data-wpcas-port","data-wpcas-context","data-wpcas-cas-server-ca-cert","data-wpcas-no-cas-server-validation",[],[500],"phpCAS",[],{"error":503,"url":504,"statusCode":505,"statusMessage":506,"message":506},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Futhsc-wpcas\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":508,"versions":509},5,[510,516,523,530,537],{"version":511,"download_url":24,"svn_tag_url":512,"released_at":26,"has_diff":343,"diff_files_changed":513,"diff_lines":26,"trac_diff_url":514,"vulnerabilities":515,"is_current":343},"1.0.1","https:\u002F\u002Fplugins.svn.wordpress.org\u002Futhsc-wpcas\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Futhsc-wpcas%2Ftags%2F1.0.0&new_path=%2Futhsc-wpcas%2Ftags%2F1.0.1",[],{"version":517,"download_url":518,"svn_tag_url":519,"released_at":26,"has_diff":343,"diff_files_changed":520,"diff_lines":26,"trac_diff_url":521,"vulnerabilities":522,"is_current":343},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futhsc-wpcas.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Futhsc-wpcas\u002Ftags\u002F1.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Futhsc-wpcas%2Ftags%2F0.2.2&new_path=%2Futhsc-wpcas%2Ftags%2F1.0.0",[],{"version":524,"download_url":525,"svn_tag_url":526,"released_at":26,"has_diff":343,"diff_files_changed":527,"diff_lines":26,"trac_diff_url":528,"vulnerabilities":529,"is_current":343},"0.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futhsc-wpcas.0.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Futhsc-wpcas\u002Ftags\u002F0.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Futhsc-wpcas%2Ftags%2F0.2.1&new_path=%2Futhsc-wpcas%2Ftags%2F0.2.2",[],{"version":531,"download_url":532,"svn_tag_url":533,"released_at":26,"has_diff":343,"diff_files_changed":534,"diff_lines":26,"trac_diff_url":535,"vulnerabilities":536,"is_current":343},"0.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futhsc-wpcas.0.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Futhsc-wpcas\u002Ftags\u002F0.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Futhsc-wpcas%2Ftags%2F0.2&new_path=%2Futhsc-wpcas%2Ftags%2F0.2.1",[],{"version":538,"download_url":539,"svn_tag_url":540,"released_at":26,"has_diff":343,"diff_files_changed":541,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":542,"is_current":343},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futhsc-wpcas.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Futhsc-wpcas\u002Ftags\u002F0.2\u002F",[],[]]