[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT5Z8egR1Stkw9ZNow2QuMxSTfOsWk24JQk39B4CXJQc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":98,"crawl_stats":38,"alternatives":106,"analysis":214,"fingerprints":672},"wp-fb-autoconnect","WP Social AutoConnect","4.6.4","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>The simple concept behind WP-FB AutoConnect is to offer an easy-to-use widget that lets readers login to your blog with either their Facebook account or local WordPress credentials. Although many “Facebook Connect” plugins do exist, most of them are either overly complex and difficult to customize, or fail to provide a seamless experience for new  visitors. I wrote this plugin to provide what the others didn’t:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full support for both WordPress and Buddypress.\u003C\u002Fli>\n\u003Cli>No user interaction is required – the login process is transparent to new and returning users alike.\u003C\u002Fli>\n\u003Cli>Existing users who connect with FB retain the same local user accounts as before (matched via e-mail).\u003C\u002Fli>\n\u003Cli>New visitors will be given new user accounts, which can be retained even if you remove the plugin.\u003C\u002Fli>\n\u003Cli>Facebook profile pictures can be used as avatars.\u003C\u002Fli>\n\u003Cli>No contact with the Facebook API after the login completes – so no slow pageloads.\u003C\u002Fli>\n\u003Cli>No 3rd party services: your site talks directly to Facebook, through an app created and owned by you.\u003C\u002Fli>\n\u003Cli>Won’t bloat your database with duplicate user accounts, extra fields, or unnecessary complications.\u003C\u002Fli>\n\u003Cli>Custom logging options can notify you whenever someone connects with Facebook.\u003C\u002Fli>\n\u003Cli>A powerful set of hooks and filters allow developers to easily tailor the login process to their personal needs: redirect to a custom page, fill xProfile data with information from Facebook, setup permissions based on social connections, and more.\u003C\u002Fli>\n\u003Cli>Fully HTML\u002FCSS valid.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Countless hours have gone into developing, maintaining, & supporting this plugin. Just keeping it running requires ongoing work due to Facebook’s ever-changing API & WordPress’ frequent updates. If you find it useful, please consider supporting its continued development by \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-fb-autoconnect\u002F#donate\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> of any amount.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses the Facebook API to fetch data from Facebook. The data is used to automate user logins, and\u002For to automate the creation of new local WordPress user accounts. The data may therefore be copied & stored in the WordPress database, and can be removed by deleting any Facebook-linked user accounts. Usage of this plugin means the site administrator is consenting to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook’s data policy\u003C\u002Fa>. Note that using the Facebook API requires loading some JS from Facebook, which may track visitors. This plugin does not use any 3rd party intermediary for processing logins or otherwise – all data is exchanged directly between your site & Facebook.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-fb-autoconnect#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike.  Supports Buddypress.",500,384887,88,13,"2025-08-13T02:43:00.000Z","6.3.8","2.5","",[20,21,22,23,24],"buddypress","facebook-connect","facebook-login","login-with-facebook","social-login","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-fb-autoconnect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fb-autoconnect.4.6.4.zip",74,5,1,"2025-06-19 00:00:00","2026-03-15T15:16:48.613Z",[33,47,61,75,87],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-50022","wp-fb-autoconnect-authenticated-administrator-stored-cross-site-scripting","WP-FB-AutoConnect \u003C= 4.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The WP-FB-AutoConnect plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=4.6.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-25 17:57:31",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c36c69c-dc6c-436c-95c1-a0f7fe526fa6?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":40,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":29},"CVE-2024-12279","wp-social-autoconnect-cross-site-request-forgery-to-reflected-cross-site-scripting","WP Social AutoConnect \u003C= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting","The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.6.2","4.6.3",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-01-03 21:49:54","2025-01-04 11:16:33",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F392d8286-a5fd-4d5d-9f6a-f13564013edc?source=api-prod",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":38,"affected_versions":66,"patched_in_version":67,"severity":40,"cvss_score":68,"cvss_vector":69,"vuln_type":56,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2023-37974","wp-fb-autoconnect-cross-site-request-forgery-via-jfbadminpage","WP-FB-AutoConnect \u003C= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page","The WP-FB-AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.1. This is due to missing or incorrect nonce validation on the jfb_admin_page function. This makes it possible for unauthenticated attackers to update plugin settings (Facebook options) via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.6.1","4.6.2",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","2023-07-12 00:00:00","2024-01-22 19:56:02",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Feab1fe39-dda2-49c9-9c76-c1127626a85c?source=api-prod",195,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":38,"affected_versions":80,"patched_in_version":67,"severity":40,"cvss_score":81,"cvss_vector":82,"vuln_type":56,"published_date":83,"updated_date":71,"references":84,"days_to_patch":86},"WF-50f69182-66c0-4d3a-aabe-015b72937f3e-wp-fb-autoconnect","wp-social-autoconnect-cross-site-request-forgery-via-jfbadminpage","WP Social AutoConnect \u003C= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page","The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.1. This is due to missing or incorrect nonce validation on the 'jfb_admin_page' function. This makes it possible for unauthenticated attackers to update or reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C4.6.2",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2023-07-01 00:00:00",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F50f69182-66c0-4d3a-aabe-015b72937f3e?source=api-prod",206,{"id":88,"url_slug":89,"title":90,"description":91,"plugin_slug":4,"theme_slug":38,"affected_versions":92,"patched_in_version":93,"severity":40,"cvss_score":54,"cvss_vector":55,"vuln_type":43,"published_date":94,"updated_date":71,"references":95,"days_to_patch":97},"WF-d118beb2-bcb1-4d35-b25e-172fa4b6d916-wp-fb-autoconnect","wp-fb-autoconnect-cross-site-request-forgery-to-stored-cross-site-scripting","WP-FB-AutoConnect \u003C= 4.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The WP-FB-AutoConnect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'jfb_email_to', 'jfb_stream_content', 'jfb_api_key' and 'jfb_api_sec' variables in versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.0.5","4.0.6","2014-12-14 00:00:00",[96],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd118beb2-bcb1-4d35-b25e-172fa4b6d916?source=api-prod",3327,{"slug":99,"display_name":7,"profile_url":8,"plugin_count":100,"total_installs":101,"avg_security_score":102,"avg_patch_time_days":103,"trust_score":104,"computed_at":105},"justin_k",3,1900,78,1466,64,"2026-04-03T23:13:05.648Z",[107,132,152,177,194],{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":29,"unpatched_count":130,"last_vuln_date":131,"fetched_at":31},"oa-social-login","Social Login","5.10.0","Claude","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudeschlesser\u002F","\u003Ch4>Social Login Plugin\u003C\u002Fh4>\n\u003Cp>Social Login is a \u003Cstrong>professionally developed\u003C\u002Fstrong> and free WordPress plugin that allows your visitors to \u003Cstrong>comment, login and register with 40+ Social Networks\u003C\u002Fstrong> like for example Facebook, Twitter \u002F X, TikTok, Google, LinkedIn, PayPal, LiveJournal, Instagram, Вконтакте or Yahoo amongst other.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Protection Guarantee\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is fully compliant with all European and U.S. data protection laws. As required by the General Data Protection Regulation (GDPR) the OneAll Terms of Service include a Data Processing Agreement that we can countersign on request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Seamless Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is fully customizable and seamlessly integrates with your existing login\u002Fregistration system so that your users don’t have to start from scratch. Existing existing accounts can add\u002Fremove their social network accounts in their WordPress profile settings and then also use the linked social networks to login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Eliminates Spam and Bot Registrations\u003C\u002Fstrong>\u003Cbr \u002F>\nGet rid of long and complicated forms, improve your data quality and instantly eliminate spam and bot registrations. Social Login increases registration rates by up to 50% and provides permission-based access to users’ social network profile data, allowing you to start delivering a personalized experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maintenance Free\u003C\u002Fstrong>\u003Cbr \u002F>\nDo not take the risk of losing any users or customers due to outdated social network integrations. Unlike other Social Login providers we monitor the APIs and technologies of the different social networks and update our service as soon as changes arise.\u003C\u002Fp>\n\u003Cp>By using OneAll you can be sure that your social media integration will always run smoothly and with the most up-to-date calls.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fully Customizable\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can easily configure which social accounts to enable\u002Fdisable for social login and on which areas of the website the social login icons should be displayed:\u003Cbr \u002F>\n* On the comment formular\u003Cbr \u002F>\n* On the login page\u003Cbr \u002F>\n* On the registration page\u003Cbr \u002F>\n* In your sidebar\u003Cbr \u002F>\n* With a shortcode\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fully Compatible With Other Plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login uses standard WordPress hooks and is compatible with all plugins that follow WordPress coding conventions,\u003Cbr \u002F>\nlike per example BuddyPress or WooCommerce amongst others.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Export\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily export your users or automatically push data of users that login using Social Login to Mailchimp or Campaign Monitor.\u003Cbr \u002F>\nThis feature is available in the premium version of Social Login and can be enabled in your OneAll account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>45+ Social Networks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>Amazon\u003C\u002Fli>\n\u003Cli>Battle.net\u003C\u002Fli>\n\u003Cli>Blogger\u003C\u002Fli>\n\u003Cli>Discord\u003C\u002Fli>\n\u003Cli>Draugiem\u003C\u002Fli>\n\u003Cli>Dribbble\u003C\u002Fli>\n\u003Cli>Epic Games\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Foursquare\u003C\u002Fli>\n\u003Cli>Github.com\u003C\u002Fli>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>Line\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>LiveJournal\u003C\u002Fli>\n\u003Cli>Mail.ru\u003C\u002Fli>\n\u003Cli>Meetup\u003C\u002Fli>\n\u003Cli>Mixer\u003C\u002Fli>\n\u003Cli>Odnoklassniki\u003C\u002Fli>\n\u003Cli>OpenID\u003C\u002Fli>\n\u003Cli>Patreon\u003C\u002Fli>\n\u003Cli>PayPal\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>PixelPin \u003C\u002Fli>\n\u003Cli>Reddit\u003C\u002Fli>\n\u003Cli>Skyrock.com\u003C\u002Fli>\n\u003Cli>SoundCloud        \u003C\u002Fli>\n\u003Cli>Spotify\u003C\u002Fli>\n\u003Cli>StackExchange\u003C\u002Fli>\n\u003Cli>Steam\u003C\u002Fli>\n\u003Cli>Strava\u003C\u002Fli>\n\u003Cli>TikTok\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003Cli>Twitch.tv\u003C\u002Fli>\n\u003Cli>Twitter \u002F X\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>VKontakte\u003C\u002Fli>\n\u003Cli>Weibo\u003C\u002Fli>\n\u003Cli>Windows Live\u003C\u002Fli>\n\u003Cli>WordPress.com\u003C\u002Fli>\n\u003Cli>XING\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Yandex\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Social Login Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR compliant\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Link\u003C\u002Fstrong> – Users can use social login to link multiple social network accounts to their WordPress account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce Connect\u003C\u002Fstrong> – Automatic integration of the social login icons on the Woocommerce checkout, login and registration pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce Profile\u003C\u002Fstrong> – Fill the user’s billing address with the first name, last name and email address received from the social network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress Connect\u003C\u002Fstrong> – Automatic integration of the social login icons on the BuddyPress account and registration pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress Profile\u003C\u002Fstrong> – Use the social network avatar as BuddyPress avatar and fill out custom fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Insights\u003C\u002Fstrong> – Access the analytics dashboard to discover which social networks your users prefer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Emails\u003C\u002Fstrong> – Send emails to users that register using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Notifications\u003C\u002Fstrong> – Send notifications to admins for every users that registers using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment Approval\u003C\u002Fstrong> – Automatically approve comments left by users that connected by using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Retrieval\u003C\u002Fstrong>  – Ask users to enter their email when social login did not receive it from the social network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirections\u003C\u002Fstrong> – Fully customize the page to redirect user to after having connected using social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrated Widget\u003C\u002Fstrong> – Simply use the social login widget to display the icons wherever you want.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ShortCodes\u003C\u002Fstrong> – Easily embed social login anywhere by using the available shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook\u003C\u002Fstrong> – Customize the social login behaviour by using the integrated hooks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon Themes\u003C\u002Fstrong> – Choose amongst three different social login icon themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Documentation\u003C\u002Fstrong> – Access a \u003Ca href=\"https:\u002F\u002Fdocs.oneall.com\u002Fplugins\u002Fguide\u002Fsocial-login-wordpress\u002F\" rel=\"nofollow ugc\">complete documentation\u003C\u002Fa> on the available Social Login hooks and filters for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support\u003C\u002Fstrong> – Any questions about Social Login? Our support team is there to assist you. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Social Login Premium Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication Filters\u003C\u002Fstrong> – Use customisable filters to restrict which users may login with social login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Export\u003C\u002Fstrong> – Automatically export social login data to Campaign Monitor or MailChimp or export as CSV.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Insights\u003C\u002Fstrong> – Access analytics and get demographic information about your social login users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon Themes\u003C\u002Fstrong> – Choose amongst twenty different social login icon themes or use you own icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Professionally Developed and Maintained\u003C\u002Fstrong>\u003Cbr \u002F>\nSocial Login is maintained by \u003Ca href=\"https:\u002F\u002Fwww.oneall.com\" rel=\"nofollow ugc\">OneAll\u003C\u002Fa>, a technology company offering a set of web-delivered tools to simplify the integration of 40+ social networks into business and personal websites and apps.\u003C\u002Fp>\n\u003Cp>The OneAll API unifies 40+ Social Networks and consolidates the most powerful social network features in a single solution. You can work with multiple social networks at once and you will obtain a standardized field structure for data received from any of the social networks. Save time and development resources and focus on your core business.\u003C\u002Fp>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Used by thousands of users around the world!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The plugin in is one of the best I’ve seen so far. Extremely easy to implement and run. The support is great too.\u003Cbr \u002F>\nNo concerns on my side. Keep it up!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>livia\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Loving the service, seen a massive increase in painless signups to my blog. Thanks!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Richard B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>You have no idea how it THRILLED me to integrate oneall. It was SO amazingly easy, your team has simplified the whole process of signing up for\u003Cbr \u002F>\nauthorization on multiple social media sites. I HAD NO QUESTIONS\u002FSTEPS THAT YOU HADN’T ALREADY ANTICIPATED. It saved me HOURS of work!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Kelly C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>This is cool. Nice work. I’m VERY impressed. You’ve made this about as painless as it gets and the value it adds is incredible.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Jason M.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>This service is simply remarkable, I’ve tried integrating logins before and it has never been this easy!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Andrew C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I found it extremely straightforward. I just figured it out easily and make my website capable of connecting\u003Cbr \u002F>\nto many social networks by your plugin.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Deha K.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Just wanted to let you know how happy i am that i stumbled onto your service. This was the 6 Facebook\u002FTwitter integration\u003Cbr \u002F>\ni tried and was starting to lose hope that i could actually find one that worked for me.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Kyle L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I would like to thank YOU! Seriously, the WordPress plugin has been a huge life saver for me.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Piero B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Thank you for the wonderful plugin\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Martin P.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The service is excellent for what i need, simple to set up. All situations about seting up are well explained, so\u003Cbr \u002F>\nthere are no difficulties\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Facundo S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I really like the plugin, the capabilities you provide for management and your prompt reply for support.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Tom B.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>It was extremely easy to set up and use.  The documentation to set up the FB and twitter API\u003Cbr \u002F>\nwas easy to follow and implement. I was struggling with a couple of other plugins till I stumbled on this one.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Deepa V.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Works like a charm!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Fredrik L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Not sure how you can improve it’s a Damn! Good product. 100% User friendly easy to setup. Thanks!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Cody L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>So far oneall.com is the perfect solution for my site and works flawlessly.  I am extremely impressed and grateful.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Terry P.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I’ve gone in and tweaked it, tested it and it’s good to go now! Wonderful, I feel like a grown up blogger now.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Brian J.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I am really impressed with your product! Its very dynamic and its gives me the flexibility I need for integration into my own business.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Braxton D.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Your delivery is superb. You should change your name to WONall because you won it all with me. You are awesome, stay that way please.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Nicholas L.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I especially enjoy the step by step process that guides you through the Social website App creation process. In the end I would like to thank you\u003Cbr \u002F>\nfor putting together such a great product that so many users can implement with ease.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Stefan C.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Thanks for a such a great plugin! I was really impressed with the simplicity of the installation directions and the clean design.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Janae S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>I love your service the way it is, it’s amazing how easy the logging-in-via-social-network is integrated into a wordpress website!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Martin S.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>The site and the plugin are working magnificently. Thank you one million times for making your products\u002Fservices available in the manner that you have.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Herman G.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Very user friendly, there are guides and screenshot on how to set things up. Thank you so much for this awesome plugin!\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Cebututs\u003C\u002Fstrong>\u003C\u002Fp>\n","With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs",5000,942142,86,364,"2024-12-02T15:57:00.000Z","6.7.5","3.0","5.4",[22,124,24,125,126],"linkedin-login","tiktok-login","twitter-login","http:\u002F\u002Fwww.oneall.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foa-social-login.zip",89,0,"2024-11-22 15:08:42",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":142,"num_ratings":143,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":18,"tags":147,"homepage":149,"download_link":150,"security_score":151,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"userswp-social-login","UsersWP – Social Login","1.5.6","Stiofan","https:\u002F\u002Fprofiles.wordpress.org\u002Fstiofansisland\u002F","\u003Cp>Social Login addon for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuserswp\u002F\" rel=\"ugc\">UsersWP\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This addon lets your user to register and login with popular sites like Facebook, Google, Twitter, LinkedIn, Instagram, Yahoo, WordPress, vkontakte etc.\u003C\u002Fp>\n\u003Cp>100% translatable.\u003C\u002Fp>\n","Social Login addon for UsersWP.",2000,129473,66,4,"2026-01-20T12:42:00.000Z","6.9.4","6.1",[22,148,124,24,126],"google-login","https:\u002F\u002Fuserswp.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserswp-social-login.1.5.6.zip",100,{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":102,"num_ratings":162,"last_updated":163,"tested_up_to":164,"requires_at_least":165,"requires_php":166,"tags":167,"homepage":173,"download_link":174,"security_score":175,"vuln_count":29,"unpatched_count":130,"last_vuln_date":176,"fetched_at":31},"json-api-user","JSON API User","4.1.0","Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fparorrey\u002F","\u003Cp>JSON API User extends the JSON API Plugin with a new Controller to allow RESTful user registration, authentication, password reset, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile get and update methods. This plugin is for WordPress\u002FMobile app developers who want to use WordPress as mobile app data backend.\u003C\u002Fp>\n\u003Cp>JSON API Plugin, that is required, was closed on August 7, 2019 from WordPress repository. You can download \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api\" rel=\"nofollow ugc\">JSON API Plugin\u003C\u002Fa> from https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api until it is republished and available on WordPress.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin was created for mobile apps integration with the web app using WordPress as backend for all the data. WordPress helped in putting together the web app quickly and then Mobile iOS and Android apps were integrated via this plugin. There were some app specific customized methods which are not included but rest have been made generic for community usage.\u003C\u002Fp>\n\u003Cp>My other JSON API Auth plugin has also been integrated with this plugin from version 1.1 because most endpoints required user authentication via cookie for data update.\u003C\u002Fp>\n\u003Cp>Pro Version – JSON API User Plus\u003C\u002Fp>\n\u003Cp>A pro version of this plugin, \u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa>, is available here http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F that supports BuddyPress Messages component, BuddyPress avatar upload, BuddyPress Extended Profile, BuddyPress Groups, BuddyPress Friends, BuddyPress Activity, BuddyPress Notifications, BuddyPres Settings and other BuddyPress related functions to integrate BuddyPress features in your mobile app via REST api.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa> includes API key which protects and restricts the endpoint calls. This key can be updated from Settings > User Plus options page. Your app must include this key with every call to get the data from REST API. Please see documentation for calling endpoints examples for ‘JSON API User Plus’.\u003C\u002Fp>\n\u003Cp>JSON API User Plus features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get\u002FUpload Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003Cli>Add Post, Update Post, Delete Post\u003C\u002Fli>\n\u003Cli>Add\u002FEdit\u002FDelete Custom Post Type, Custom Fields\u003C\u002Fli>\n\u003Cli>Search User\u003C\u002Fli>\n\u003Cli>BuddyPress Activities\u003C\u002Fli>\n\u003Cli>BuddyPress Members\u003C\u002Fli>\n\u003Cli>BuddyPress Friends\u003C\u002Fli>\n\u003Cli>BuddyPress Notifications\u003C\u002Fli>\n\u003Cli>BuddyPress Settings\u003C\u002Fli>\n\u003Cli>& many more\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.",1000,120913,21,"2025-07-29T11:54:00.000Z","6.8.5","3.0.1","5.3",[168,169,170,171,172],"authentication","json-api","restful-facebook-login","restful-user-meta-and-buddypress-xprofile","restful-user-registration","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-user.4.1.0.zip",97,"2024-07-10 00:00:00",{"slug":178,"name":179,"version":180,"author":181,"author_profile":182,"description":183,"short_description":184,"active_installs":151,"downloaded":185,"rating":186,"num_ratings":28,"last_updated":187,"tested_up_to":120,"requires_at_least":188,"requires_php":189,"tags":190,"homepage":18,"download_link":192,"security_score":193,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"happy-social-login","Happy Social Login","1.5.0","WPFOLK","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfolk\u002F","\u003Cp>Let your users signup and login to your WordPress website using their favorite social media accounts Facebook, Google, LinkedIn, Github and 42+ more. Happy Social Login is a free, easy-to-use WordPress plugin that makes registration and login a breeze. With just its social profiles (like Facebook, Google, or X (formerly Twitter)), your visitors can quickly sign up and log in to your site. No lengthy forms, no waiting for validation emails, and no more forgotten passwords. It’s simple, fast, and user-friendly!\u003C\u002Fp>\n\u003Ch3>🔗 Useful Links\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpfolk.com\u002Fplugins\u002Fhappy-social-login\" rel=\"nofollow ugc\">Official Page\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fplayground.wordpress.net\u002F?plugin=happy-social-login\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fwpfolk.com\u002Fdocs\u002Fhappy-social-login\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Quick registration and login via Facebook, Google, LinkedIn, and Github\u003C\u002Fli>\n\u003Cli>Easy integration with WordPress user accounts\u003C\u002Fli>\n\u003Cli>Customizable redirect URLs after registration and login\u003C\u002Fli>\n\u003Cli>Display social profile pictures as avatars\u003C\u002Fli>\n\u003Cli>Simple setup and user-friendly interface\u003C\u002Fli>\n\u003Cli>Helpful support for any questions or issues\u003C\u002Fli>\n\u003Cli>Additional Features in the Pro Version:\u003C\u002Fli>\n\u003Cli>Compatibility with WooCommerce, BuddyPress, UserPro, and more\u003C\u002Fli>\n\u003Cli>Access to additional providers like Amazon, PayPal, and more\u003C\u002Fli>\n\u003Cli>Control over email and username collection during registration\u003C\u002Fli>\n\u003Cli>Different login layouts and button styles\u003C\u002Fli>\n\u003Cli>Role-based access control for social logins\u003C\u002Fli>\n\u003Cli>Automatic assignment of user roles based on social login provider\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>Happy Social Login is an independent plugin and is not affiliated with or endorsed by\u003Cbr \u002F>\nany of the third-party services mentioned in this documentation, including but not limited\u003Cbr \u002F>\nto Facebook, Google, Twitter, LinkedIn, GitHub, and others. All trademarks, service marks,\u003Cbr \u002F>\nand company names are the property of their respective owners. We do not hold any copyright\u003Cbr \u002F>\nover the APIs or services provided by these third parties. Any use of these services is subject\u003Cbr \u002F>\nto their respective terms of use and privacy policies. Users are responsible for complying with\u003Cbr \u002F>\nthe terms of the third-party services they choose to enable through this plugin.\u003C\u002Fp>\n\u003Cp>Happy Social Login relies on third-party services for authentication. When a user logs in using a\u003Cbr \u002F>\nsocial media account, their data is sent to the respective third-party service for authentication.\u003Cbr \u002F>\nBelow is a list of the services used, along with their respective links to privacy policies:\u003C\u002Fp>\n\u003Ch3>🔗 Privacy Policy Links\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fen\u002Fprivacy\" rel=\"nofollow ugc\">X\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google\u003C\u002Fa> || \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n","Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.",10069,80,"2025-01-09T10:48:00.000Z","6.0","7.4",[22,191,148,124,24],"github-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhappy-social-login.1.5.0.zip",92,{"slug":195,"name":196,"version":197,"author":198,"author_profile":199,"description":200,"short_description":201,"active_installs":202,"downloaded":203,"rating":204,"num_ratings":28,"last_updated":205,"tested_up_to":206,"requires_at_least":121,"requires_php":18,"tags":207,"homepage":211,"download_link":212,"security_score":213,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"de-social-login","DE Social Login","1.0.2","sunildhanda","https:\u002F\u002Fprofiles.wordpress.org\u002Fsunildhanda\u002F","\u003Cp>A Simple wordpress plugin which enable the user to login in wordress site with Google\u002FFacebook\u002FTwitter\u002FLinkedIn\u002FYahoo\u002FOpenId accounts with one click.\u003C\u002Fp>\n\u003Cp>Features:-\u003Cbr \u002F>\n1. Easy to manage.\u003Cbr \u002F>\n2. It offers the user to login with social ids i.e Facebook, Twitter, Google etc.\u003Cbr \u002F>\n3. You can enable\u002Fdisable according to you requirement out of Facebook, Twitter, Google, Yahoo, LinkedIn and OpenId\u003Cbr \u002F>\n4. Yor can change the order by dragging up and down.\u003Cbr \u002F>\n5. Supportable to custom template.\u003Cbr \u002F>\nFor further help contact us at \u003Ca href=\"http:\u002F\u002Fdevx.in\" rel=\"nofollow ugc\">http:\u002F\u002Fdevx.in\u003C\u002Fa> \u003Ca href=\"http:\u002F\u002Fsunilkumardhanda.me\" rel=\"nofollow ugc\">http:\u002F\u002Fsunilkumardhanda.me\u003C\u002Fa>\u003C\u002Fp>\n","A Simple wordpress plugin which enable the user to login in wordress site with Google\u002FFacebook\u002FTwitter\u002FLinkedIn\u002FYahoo\u002FOpenId accounts with one click.",10,6091,56,"2014-08-26T20:27:00.000Z","3.9.40",[23,208,24,209,210],"login-with-twitter","wordpress-login","wordpress-social-login","http:\u002F\u002FTiddu.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fde-social-login.zip",85,{"attackSurface":215,"codeSignals":301,"taintFlows":494,"riskAssessment":658,"analyzedAt":671},{"hooks":216,"ajaxHandlers":297,"restRoutes":298,"shortcodes":299,"cronEvents":300,"entryPointCount":130,"unprotectedCount":130},[217,224,229,233,237,242,246,250,253,256,260,265,269,273,277,281,284,288,292],{"type":218,"name":219,"callback":220,"priority":221,"file":222,"line":223},"action","admin_menu","jfb_add_admin_page",99,"AdminPage.php",6,{"type":225,"name":226,"callback":227,"priority":202,"file":222,"line":228},"filter","plugin_action_links","jfb_add_plugin_links",17,{"type":218,"name":230,"callback":231,"file":222,"line":232},"admin_head","jfb_admin_styles",28,{"type":218,"name":234,"callback":235,"file":222,"line":236},"admin_notices","jfb_admin_notices",52,{"type":218,"name":238,"callback":239,"file":240,"line":241},"wp_enqueue_scripts","jfb_enqueue_styles","Main.php",73,{"type":218,"name":243,"callback":244,"file":240,"line":245},"wpfb_add_to_asyncinit","jfb_invoke_instapopup",147,{"type":218,"name":247,"callback":248,"file":240,"line":249},"wp_footer","jfb_output_facebook_init",174,{"type":218,"name":247,"callback":251,"file":240,"line":252},"jfb_output_facebook_callback",213,{"type":218,"name":247,"callback":254,"file":240,"line":255},"jfb_show_credit",284,{"type":225,"name":257,"callback":258,"priority":202,"file":240,"line":259},"get_avatar","jfb_wp_avatar",308,{"type":225,"name":261,"callback":262,"priority":263,"file":240,"line":264},"bp_core_fetch_avatar","jfb_bp_avatar",9,350,{"type":225,"name":266,"callback":267,"priority":202,"file":240,"line":268},"wpfb_insert_user","jfb_pretty_username",389,{"type":218,"name":270,"callback":271,"file":240,"line":272},"personal_options","jfb_addprofilelink",441,{"type":218,"name":274,"callback":275,"file":240,"line":276},"bp_init","jfb_turn_on_prettynames",470,{"type":218,"name":278,"callback":279,"file":240,"line":280},"bp_after_sidebar_login_form","jfb_bp_add_fb_login_button",482,{"type":218,"name":282,"callback":279,"file":240,"line":283},"bp_after_login_widget_loggedout",483,{"type":218,"name":285,"callback":286,"file":240,"line":287},"wpfb_login","jfb_count_login",497,{"type":218,"name":289,"callback":290,"file":291,"line":175},"widgets_init","register_jfbLogin","Widget.php",{"type":218,"name":293,"callback":294,"file":295,"line":296},"init","jfb_process_login","_process_login.php",7,[],[],[],[],{"dangerousFunctions":302,"sqlUsage":303,"outputEscaping":305,"fileOperations":130,"externalRequests":143,"nonceChecks":143,"capabilityChecks":130,"bundledLibraries":493},[],{"prepared":29,"raw":130,"locations":304},[],{"escaped":306,"rawEcho":307,"locations":308},12,107,[309,312,313,315,316,318,320,322,323,325,327,329,330,332,333,334,335,336,338,339,341,343,345,347,348,350,351,353,354,356,358,360,362,364,366,368,370,372,374,376,377,378,380,381,383,385,387,389,391,392,394,396,397,399,400,402,404,406,408,409,410,412,414,416,418,420,422,424,426,428,429,430,432,433,434,436,438,439,441,443,445,446,447,449,451,453,455,457,459,461,463,465,467,469,471,473,474,476,478,480,481,483,485,487,489,491,492],{"file":222,"line":310,"context":311},62,"raw output",{"file":222,"line":310,"context":311},{"file":222,"line":314,"context":311},81,{"file":222,"line":193,"context":311},{"file":222,"line":317,"context":311},115,{"file":222,"line":319,"context":311},128,{"file":222,"line":321,"context":311},136,{"file":222,"line":86,"context":311},{"file":222,"line":324,"context":311},309,{"file":222,"line":326,"context":311},313,{"file":222,"line":328,"context":311},317,{"file":222,"line":328,"context":311},{"file":222,"line":331,"context":311},339,{"file":222,"line":331,"context":311},{"file":222,"line":331,"context":311},{"file":222,"line":331,"context":311},{"file":222,"line":331,"context":311},{"file":222,"line":337,"context":311},345,{"file":222,"line":337,"context":311},{"file":222,"line":340,"context":311},349,{"file":222,"line":342,"context":311},358,{"file":222,"line":344,"context":311},361,{"file":222,"line":346,"context":311},367,{"file":222,"line":346,"context":311},{"file":222,"line":349,"context":311},368,{"file":222,"line":349,"context":311},{"file":222,"line":352,"context":311},375,{"file":222,"line":352,"context":311},{"file":222,"line":355,"context":311},378,{"file":222,"line":357,"context":311},383,{"file":222,"line":359,"context":311},384,{"file":222,"line":361,"context":311},385,{"file":222,"line":363,"context":311},386,{"file":222,"line":365,"context":311},390,{"file":222,"line":367,"context":311},394,{"file":222,"line":369,"context":311},398,{"file":222,"line":371,"context":311},401,{"file":222,"line":373,"context":311},402,{"file":222,"line":375,"context":311},406,{"file":222,"line":375,"context":311},{"file":222,"line":375,"context":311},{"file":222,"line":379,"context":311},407,{"file":222,"line":379,"context":311},{"file":222,"line":382,"context":311},408,{"file":222,"line":384,"context":311},409,{"file":222,"line":386,"context":311},430,{"file":222,"line":388,"context":311},438,{"file":222,"line":390,"context":311},453,{"file":222,"line":390,"context":311},{"file":222,"line":393,"context":311},456,{"file":222,"line":395,"context":311},463,{"file":222,"line":395,"context":311},{"file":222,"line":398,"context":311},473,{"file":222,"line":398,"context":311},{"file":222,"line":401,"context":311},476,{"file":222,"line":403,"context":311},477,{"file":222,"line":405,"context":311},480,{"file":222,"line":407,"context":311},481,{"file":222,"line":280,"context":311},{"file":222,"line":283,"context":311},{"file":222,"line":411,"context":311},485,{"file":222,"line":413,"context":311},489,{"file":222,"line":415,"context":311},501,{"file":222,"line":417,"context":311},502,{"file":222,"line":419,"context":311},504,{"file":222,"line":421,"context":311},505,{"file":222,"line":423,"context":311},508,{"file":222,"line":425,"context":311},509,{"file":222,"line":427,"context":311},529,{"file":222,"line":427,"context":311},{"file":222,"line":427,"context":311},{"file":222,"line":431,"context":311},530,{"file":222,"line":431,"context":311},{"file":222,"line":431,"context":311},{"file":222,"line":435,"context":311},531,{"file":222,"line":437,"context":311},532,{"file":222,"line":437,"context":311},{"file":222,"line":440,"context":311},534,{"file":240,"line":442,"context":311},90,{"file":240,"line":444,"context":311},127,{"file":240,"line":444,"context":311},{"file":240,"line":444,"context":311},{"file":240,"line":448,"context":311},154,{"file":240,"line":450,"context":311},180,{"file":240,"line":452,"context":311},187,{"file":240,"line":454,"context":311},191,{"file":240,"line":456,"context":311},198,{"file":240,"line":458,"context":311},224,{"file":240,"line":460,"context":311},228,{"file":240,"line":462,"context":311},240,{"file":240,"line":464,"context":311},241,{"file":240,"line":466,"context":311},252,{"file":240,"line":468,"context":311},261,{"file":240,"line":470,"context":311},270,{"file":240,"line":472,"context":311},288,{"file":240,"line":393,"context":311},{"file":291,"line":475,"context":311},22,{"file":291,"line":477,"context":311},24,{"file":291,"line":479,"context":311},35,{"file":291,"line":479,"context":311},{"file":291,"line":482,"context":311},42,{"file":291,"line":484,"context":311},47,{"file":291,"line":486,"context":311},49,{"file":291,"line":488,"context":311},50,{"file":291,"line":490,"context":311},61,{"file":291,"line":314,"context":311},{"file":291,"line":314,"context":311},[],[495,512,570,603,613,622,631,639,650],{"entryPoint":496,"graph":497,"unsanitizedCount":511,"severity":40},"jfb_admin_notices (AdminPage.php:53)",{"nodes":498,"edges":508},[499,503],{"id":500,"type":501,"label":502,"file":222,"line":314},"n0","source","$_GET (x2)",{"id":504,"type":505,"label":506,"file":222,"line":314,"wp_function":507},"n1","sink","echo() [XSS]","echo",[509],{"from":500,"to":504,"sanitized":510},false,2,{"entryPoint":513,"graph":514,"unsanitizedCount":511,"severity":40},"jfb_admin_page (AdminPage.php:103)",{"nodes":515,"edges":560},[516,519,522,524,526,530,532,536,538,541,543,546,548,551,555],{"id":500,"type":501,"label":517,"file":222,"line":518},"$_POST",184,{"id":504,"type":505,"label":520,"file":222,"line":454,"wp_function":521},"update_option() [Settings Manipulation]","update_option",{"id":523,"type":501,"label":517,"file":222,"line":74},"n2",{"id":525,"type":505,"label":506,"file":222,"line":86,"wp_function":507},"n3",{"id":527,"type":501,"label":528,"file":222,"line":529},"n4","$_POST[$opt_jfb_api_key]",219,{"id":531,"type":505,"label":520,"file":222,"line":529,"wp_function":521},"n5",{"id":533,"type":501,"label":534,"file":222,"line":535},"n6","$_POST[$opt_jfb_api_sec]",220,{"id":537,"type":505,"label":520,"file":222,"line":535,"wp_function":521},"n7",{"id":539,"type":501,"label":540,"file":222,"line":405},"n8","$_SERVER['HTTP_HOST']",{"id":542,"type":505,"label":506,"file":222,"line":405,"wp_function":507},"n9",{"id":544,"type":501,"label":545,"file":222,"line":417},"n10","$_SERVER['SERVER_SOFTWARE']",{"id":547,"type":505,"label":506,"file":222,"line":417,"wp_function":507},"n11",{"id":549,"type":501,"label":550,"file":222,"line":518},"n12","$_POST[$opt_jfb_api_key] (x2)",{"id":552,"type":553,"label":554,"file":222,"line":518},"n13","transform","→ jfb_api_get()",{"id":556,"type":505,"label":557,"file":558,"line":490,"wp_function":559},"n14","wp_remote_get() [SSRF]","__inc_opts.php","wp_remote_get",[561,563,564,565,566,567,568,569],{"from":500,"to":504,"sanitized":562},true,{"from":523,"to":525,"sanitized":562},{"from":527,"to":531,"sanitized":562},{"from":533,"to":537,"sanitized":562},{"from":539,"to":542,"sanitized":562},{"from":544,"to":547,"sanitized":562},{"from":549,"to":552,"sanitized":510},{"from":552,"to":556,"sanitized":510},{"entryPoint":571,"graph":572,"unsanitizedCount":511,"severity":40},"\u003CAdminPage> (AdminPage.php:0)",{"nodes":573,"edges":593},[574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,591],{"id":500,"type":501,"label":502,"file":222,"line":314},{"id":504,"type":505,"label":506,"file":222,"line":314,"wp_function":507},{"id":523,"type":501,"label":517,"file":222,"line":518},{"id":525,"type":505,"label":520,"file":222,"line":454,"wp_function":521},{"id":527,"type":501,"label":517,"file":222,"line":74},{"id":531,"type":505,"label":506,"file":222,"line":86,"wp_function":507},{"id":533,"type":501,"label":528,"file":222,"line":529},{"id":537,"type":505,"label":520,"file":222,"line":529,"wp_function":521},{"id":539,"type":501,"label":534,"file":222,"line":535},{"id":542,"type":505,"label":520,"file":222,"line":535,"wp_function":521},{"id":544,"type":501,"label":540,"file":222,"line":405},{"id":547,"type":505,"label":506,"file":222,"line":405,"wp_function":507},{"id":549,"type":501,"label":545,"file":222,"line":417},{"id":552,"type":505,"label":506,"file":222,"line":417,"wp_function":507},{"id":556,"type":501,"label":550,"file":222,"line":518},{"id":590,"type":553,"label":554,"file":222,"line":518},"n15",{"id":592,"type":505,"label":557,"file":558,"line":490,"wp_function":559},"n16",[594,595,596,597,598,599,600,601,602],{"from":500,"to":504,"sanitized":562},{"from":523,"to":525,"sanitized":562},{"from":527,"to":531,"sanitized":562},{"from":533,"to":537,"sanitized":562},{"from":539,"to":542,"sanitized":562},{"from":544,"to":547,"sanitized":562},{"from":549,"to":552,"sanitized":562},{"from":556,"to":590,"sanitized":510},{"from":590,"to":592,"sanitized":510},{"entryPoint":604,"graph":605,"unsanitizedCount":29,"severity":40},"jfb_output_facebook_callback (Main.php:214)",{"nodes":606,"edges":611},[607,610],{"id":500,"type":501,"label":608,"file":240,"line":609},"$_SERVER",222,{"id":504,"type":505,"label":506,"file":240,"line":464,"wp_function":507},[612],{"from":500,"to":504,"sanitized":510},{"entryPoint":614,"graph":615,"unsanitizedCount":511,"severity":40},"widget (Widget.php:18)",{"nodes":616,"edges":620},[617,619],{"id":500,"type":501,"label":618,"file":291,"line":479},"$_SERVER['REQUEST_URI'] (x2)",{"id":504,"type":505,"label":506,"file":291,"line":479,"wp_function":507},[621],{"from":500,"to":504,"sanitized":510},{"entryPoint":623,"graph":624,"unsanitizedCount":29,"severity":630},"\u003CMain> (Main.php:0)",{"nodes":625,"edges":628},[626,627],{"id":500,"type":501,"label":608,"file":240,"line":609},{"id":504,"type":505,"label":506,"file":240,"line":464,"wp_function":507},[629],{"from":500,"to":504,"sanitized":510},"low",{"entryPoint":632,"graph":633,"unsanitizedCount":511,"severity":630},"\u003CWidget> (Widget.php:0)",{"nodes":634,"edges":637},[635,636],{"id":500,"type":501,"label":618,"file":291,"line":479},{"id":504,"type":505,"label":506,"file":291,"line":479,"wp_function":507},[638],{"from":500,"to":504,"sanitized":510},{"entryPoint":640,"graph":641,"unsanitizedCount":130,"severity":630},"jfb_process_login (_process_login.php:8)",{"nodes":642,"edges":648},[643,644],{"id":500,"type":501,"label":517,"file":295,"line":486},{"id":504,"type":505,"label":645,"file":295,"line":646,"wp_function":647},"header() [Header Injection]",295,"header",[649],{"from":500,"to":504,"sanitized":562},{"entryPoint":651,"graph":652,"unsanitizedCount":130,"severity":630},"\u003C_process_login> (_process_login.php:0)",{"nodes":653,"edges":656},[654,655],{"id":500,"type":501,"label":517,"file":295,"line":486},{"id":504,"type":505,"label":645,"file":295,"line":646,"wp_function":647},[657],{"from":500,"to":504,"sanitized":562},{"summary":659,"deductions":660},"The 'wp-fb-autoconnect' v4.6.4 plugin exhibits a mixed security posture. On one hand, the static analysis reveals a commendable lack of direct attack surface through AJAX, REST API, shortcodes, and cron events.  The use of prepared statements for all SQL queries is also a strong positive. However, concerns arise from the low percentage of properly escaped output, indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of several unsanitized paths in the taint analysis, while not classified as critical or high, still points to potential areas where user input might not be handled securely.\n\nThe plugin's vulnerability history is a significant red flag. With five known CVEs, including one that is currently unpatched, and a recent vulnerability discovered in June 2025, this plugin has a history of introducing security flaws. The common types of vulnerabilities (XSS and CSRF) align with the concerns raised by the static analysis regarding output escaping and unsanitized paths. The existence of an unpatched vulnerability of medium severity means a known exploit is available and not yet mitigated by the developer, posing an immediate risk to users of this plugin.\n\nIn conclusion, while the plugin demonstrates some good security practices like secure SQL handling and a limited direct attack surface, the high number of past vulnerabilities, particularly the unpatched one, and the significant output escaping issues present a considerable security risk. Users should exercise extreme caution and consider alternative plugins until all known vulnerabilities are addressed.",[661,664,667,669],{"reason":662,"points":663},"Unpatched CVE exists (Medium severity)",15,{"reason":665,"points":666},"Low percentage of properly escaped output",8,{"reason":668,"points":223},"Flows with unsanitized paths identified",{"reason":670,"points":28},"History of 5 known CVEs","2026-03-16T19:35:18.133Z",{"wat":673,"direct":680},{"assetPaths":674,"generatorPatterns":676,"scriptPaths":677,"versionParams":678},[675],"\u002Fwp-content\u002Fplugins\u002Fwp-fb-autoconnect\u002Fstyle.css",[],[],[679],"wp-fb-autoconnect\u002Fstyle.css?ver=",{"cssClasses":681,"htmlComments":683,"htmlAttributes":686,"restEndpoints":687,"jsGlobals":688,"shortcodeOutput":690},[682],"fbLoginButton",[684,685],"\u003C!-- WP Social AutoConnect -->","\u003C!--WARNING: Invalid or Unset Facebook API Key-->",[],[],[689],"FB.login",[]]