[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMBGtMnyHOja00xOYXYPFp1OiWmTEpqOVuXyFIrdOmbk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":144,"fingerprints":391},"wp-google-plus-connect","WP Google Plus Connect","1.0.5.1","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Display a Google+ Direct Connect Badge on your site via widget or shortcode, allow your members to login\u002Fregister via their Google+ account or sync your Google+ stream with your blog posts or BuddyPress activity via the Google+ API.\u003C\u002Fp>\n\u003Cp>WordPress Google+ Connect allow your website members the ability to register and\u002For log in via their Google+ account utilizing the Google+ API. Set up a Google Plus Application and store the API credentials in the WordPress backend, when a user clicks on the “Login with Google+” button that gets added to the WP log in screen or anywhere via a short code and authenticates their Google Plus account a WordPress account will be created with their G+ information and they will automatically be logged in. Any existing WordPress users can also log in via Google+ and link their two accounts.\u003C\u002Fp>\n\u003Cp>If BuddyPress is enabled a Google+ login button will appear on the sidebar login and the registration page. Google+ profile photos will also be imported in as BuddyPress avatars. Members can stream their Google+ activity into their BuddyPress activity if they choose via the Google+ options screen under the logged in BuddyPress members profile settings page. A cron job runs every 30 minutes to import any new Google plus activity from connected users.\u003C\u002Fp>\n\u003Cp>Configure Google+ Direct Connect and help visitors find your Google+ page and add it to their circles from directly within a Google Search.\u003C\u002Fp>\n\u003Cp>Configure your Google+ Badge and allow visitors to directly connect with and promote your brand on Google+. Visitors can also add your Google+ page to their circles directly from your website. Badges are easy to configure and can be placed on your website via a short code or a widget.\u003C\u002Fp>\n","Add Google+ Direct Connect Badge & allow your WordPress\u002FBuddyPress users to register or login via their Google+ account & import their stream  &hellip;",10,15898,0,"2011-12-20T21:04:00.000Z","3.3.2","3.0","",[19,20,21,22],"google","google-plus","googleplus","login","http:\u002F\u002Fwebdevstudios.com\u002Fplugin\u002Fwp-google-plus-connect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-google-plus-connect.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"messenlehner",2,1010,30,84,"2026-04-04T01:07:45.377Z",[37,58,75,102,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":16,"requires_php":17,"tags":49,"homepage":17,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"gp","GP – GeePress","1.0","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>GeePress, gives you all the tools you need to integrate your WordPress and Google+, including “Login with Google+” and “Comment via Google+”… Highly customizable and easy to use.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow your visitors to comment using their Google+ accounts\u003C\u002Fli>\n\u003Cli>Allow your blog users to sign in with their Google+ accounts. one click signin!\u003C\u002Fli>\n\u003Cli>Easily customizable by theme authors.\u003C\u002Fli>\n\u003C\u002Ful>\n","All the tools you need to integrate your WordPress and Google+.",40,1904,"2013-10-12T20:22:00.000Z","3.5.2",[50,51,52,53,54,19,20,22,55,56],"admin","button","comment","comments","connect","oauth","wpmu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp.1.0.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":17,"tested_up_to":17,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":72,"download_link":73,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":74},"metronet-embed-google-plus","Metronet Embed Google Plus","1.0.1","Ryan Hellyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanhellyer\u002F","\u003Cp>This plugin makes it easy to add a Google+ post to your WordPress post or page. It’s as easy pasting URL of the post onto it’s own line.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to the following (in no particular order) for help with the development of this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F106908591930273336258\u002Fposts\" rel=\"nofollow ugc\">Petter El Fakiri\u003C\u002Fa> – Made the initial plugin suggestion\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily embed Google+ posts into your pages",2308,100,1,"3.6.1",[19,20,21,71],"plus","http:\u002F\u002Fwww.metronet.no\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetronet-embed-google-plus.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":13,"last_vuln_date":101,"fetched_at":27},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","6.9.4","4.9","5.2",[92,93,94,95,96],"captcha","comment-recaptcha","google-recaptcha","login-recaptcha","recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,3,"2025-03-27 19:32:14",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":83,"downloaded":110,"rating":99,"num_ratings":111,"last_updated":112,"tested_up_to":88,"requires_at_least":89,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":13,"last_vuln_date":123,"fetched_at":27},"nextend-facebook-connect","Nextend Social Login and Register","3.1.23","Nextendweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fnextendweb\u002F","\u003Cp>Nextend Social Login is a professional, easy to use and free WordPress plugin. It lets your visitors  register and login to your site using their social profiles (Facebook, Google, X (formerly Twitter), etc.) instead of forcing them to spend valuable time to fill out the default registration form. Besides that, they don’t need to wait for validation emails or keep track of their username and password anymore.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftry-nextend-social-login.nextendweb.com\u002Fwp-login.php\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=buPTza2-6xc&list=PLSawiBnEUNftt3EDqnP2jIXeh6q0pZ5D8&index=1\" rel=\"nofollow ugc\">Tutorial videos\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fsocial-login.nextendweb.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fsocial-login.nextendweb.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fsocial-login.nextendweb.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro Addon\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FbuPTza2-6xc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Nextend Social Login seamlessly integrates with your existing WordPress login and registration form. Existing users can add or remove their social accounts at their WordPress profile page. A single user can attach as many social account as they want allowing them to log in with Facebook, Google or X (formerly Twitter).\u003C\u002Fp>\n\u003Ch4>Three popular providers: Facebook, Google and X (formerly Twitter)\u003C\u002Fh4>\n\u003Cp>Providers are the services which the visitors can use to register and log in to your site. Nextend Social Login allows your visitors to log in with their account from the most popular social networks: Facebook, Google and X (formerly Twitter).\u003C\u002Fp>\n\u003Ch4>Free version features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One click registration and login via Facebook, Google and X (formerly Twitter)\u003C\u002Fli>\n\u003Cli>Your current users can easily connect their Facebook, Google or X (formerly Twitter) profiles with their account\u003C\u002Fli>\n\u003Cli>Social accounts are tied to a WordPress user account so every account can be accessed with and without social account\u003C\u002Fli>\n\u003Cli>You can define custom redirect URL after the registration (upon first login) using any of the social accounts.\u003C\u002Fli>\n\u003Cli>You can define custom redirect URL after each login with any of the enabled social accounts.\u003C\u002Fli>\n\u003Cli>Display Facebook, Google, X (formerly Twitter) profile picture as avatar\u003C\u002Fli>\n\u003Cli>Login widget and shortcodes\u003C\u002Fli>\n\u003Cli>Customizable designs to match your site\u003C\u002Fli>\n\u003Cli>Editable and translatable texts on the login buttons\u003C\u002Fli>\n\u003Cli>Very simple to setup and use\u003C\u002Fli>\n\u003Cli>Clean, user friendly UI\u003C\u002Fli>\n\u003Cli>Fast and helpful support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional features in the \u003Ca href=\"https:\u002F\u002Fsocial-login.nextendweb.com\u002F\" rel=\"nofollow ugc\">Pro addon\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce compatibility\u003C\u002Fli>\n\u003Cli>BuddyPress compatibility\u003C\u002Fli>\n\u003Cli>UserPro compatibility\u003C\u002Fli>\n\u003Cli>Ultimate Member compatibility\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads compatibility\u003C\u002Fli>\n\u003Cli>Pro providers: LinkedIn, Amazon, VKontakte, WordPress.com, Yahoo, PayPal, Disqus, Apple, GitHub, Microsoft, Line, Discord, Slack, TikTok, Steam, Twitch, Kakao, Reddit, Spotify and more coming soon\u003C\u002Fli>\n\u003Cli>Configure whether email address should be asked on registration at each provider\u003C\u002Fli>\n\u003Cli>Configure whether username should be asked on registration at each provider\u003C\u002Fli>\n\u003Cli>Choose from icons or wide buttons\u003C\u002Fli>\n\u003Cli>Several login layouts\u003C\u002Fli>\n\u003Cli>Restrict specific user roles from using the social logins. (You can restrict different roles for each provider.)\u003C\u002Fli>\n\u003Cli>Assign specific user roles to the newly registered users who use any social login provider. (You can set different roles for each provider.)\u003C\u002Fli>\n\u003Cli>Show the name of the linked providers in the Users table\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>After you activated the plugin configure and enable the provider you want to use, then the plugin will automatically\u003C\u002Fp>\n\u003Cul>\n\u003Cli>add the login buttons to the WordPress login page. See screenshot #1\u003C\u002Fli>\n\u003Cli>add the account linking buttons to the WordPress profile page. See screenshot #2\u003C\u002Fli>\n\u003C\u002Ful>\n","One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.",7588989,441,"2026-02-23T09:51:00.000Z","7.4",[115,19,116,117,118],"facebook","social-login","twitter","x","https:\u002F\u002Fsocial-login.nextendweb.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnextend-facebook-connect.3.1.23.zip",89,6,"2025-11-27 14:54:41",{"slug":95,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":17,"tags":138,"homepage":141,"download_link":142,"security_score":25,"vuln_count":68,"unpatched_count":13,"last_vuln_date":143,"fetched_at":27},"Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1369961,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[19,22,139,96,140],"nocaptcha","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip","2022-08-16 00:00:00",{"attackSurface":145,"codeSignals":232,"taintFlows":338,"riskAssessment":376,"analyzedAt":390},{"hooks":146,"ajaxHandlers":218,"restRoutes":219,"shortcodes":220,"cronEvents":229,"entryPointCount":31,"unprotectedCount":13},[147,152,155,159,164,168,172,176,180,185,188,192,195,199,202,205,209,213],{"type":148,"name":149,"callback":150,"file":151,"line":100},"action","admin_menu","wds_google_connect_menu","admin.php",{"type":148,"name":153,"callback":154,"file":151,"line":122},"admin_init","wds_google_connect_register_settings",{"type":148,"name":156,"callback":157,"file":151,"line":158},"widgets_init","wds_google_connect_badge_register_widgets",451,{"type":148,"name":160,"callback":161,"file":162,"line":163},"bp_after_sidebar_login_form","wds_gplus_bp_after_sidebar_login_form","buddypress.php",7,{"type":148,"name":165,"callback":166,"file":162,"line":167},"bp_before_account_details_fields","wds_gplus_bp_before_account_details_fields",13,{"type":148,"name":169,"callback":170,"file":162,"line":171},"init","wds_google_connect_bp_settings",22,{"type":148,"name":173,"callback":174,"file":162,"line":175},"bp_template_title","wds_google_connect_bp_template_title",37,{"type":148,"name":177,"callback":178,"file":162,"line":179},"bp_template_content","wds_google_connect_bp_template_content",38,{"type":181,"name":182,"callback":183,"file":162,"line":184},"filter","bp_activity_allowed_tags","wds_digit_allow_p_h",103,{"type":148,"name":169,"callback":186,"file":162,"line":187},"wds_google_connect_cron_activity",112,{"type":181,"name":189,"callback":190,"file":162,"line":191},"cron_schedules","wds_google_connect_cron_schedules",247,{"type":148,"name":193,"callback":186,"file":162,"line":194},"wds_google_connect_cron",252,{"type":148,"name":196,"callback":197,"file":198,"line":163},"wp_head","wds_google_connect_badge_wp_head","functions.php",{"type":148,"name":200,"callback":197,"file":198,"line":201},"admin_head",8,{"type":148,"name":169,"callback":203,"file":198,"line":204},"wds_google_connect_button",56,{"type":148,"name":206,"callback":207,"file":198,"line":208},"wp_logout","wds_gplus_wp_logout",237,{"type":148,"name":210,"callback":211,"file":198,"line":212},"login_form","wp_gplus_login_button",243,{"type":148,"name":214,"callback":215,"file":216,"line":217},"bp_include","wds_google_connect_buddypress","wp-google-plus-connect.php",12,[],[],[221,225],{"tag":222,"callback":223,"file":198,"line":224},"gplus_badge","gplus_badge_shortcode",26,{"tag":226,"callback":227,"file":198,"line":228},"gplus_button","gplus_button_shortcode",249,[230],{"hook":193,"callback":193,"file":162,"line":231},250,{"dangerousFunctions":233,"sqlUsage":242,"outputEscaping":245,"fileOperations":336,"externalRequests":68,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":337},[234,239],{"fn":235,"file":236,"line":237,"context":238},"unserialize","src\\cache\\apiApcCache.php",79,"return unserialize($ret['data']);",{"fn":235,"file":240,"line":99,"context":241},"src\\cache\\apiFileCache.php","$data = unserialize($data);",{"prepared":243,"raw":13,"locations":244},4,[],{"escaped":204,"rawEcho":246,"locations":247},48,[248,250,252,254,256,257,259,261,263,265,267,269,271,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,309,311,313,315,317,318,320,322,323,325,327,328,329,331,332,334],{"file":151,"line":204,"context":249},"raw output",{"file":151,"line":251,"context":249},57,{"file":151,"line":253,"context":249},58,{"file":151,"line":255,"context":249},60,{"file":151,"line":25,"context":249},{"file":151,"line":258,"context":249},93,{"file":151,"line":260,"context":249},97,{"file":151,"line":262,"context":249},101,{"file":151,"line":264,"context":249},105,{"file":151,"line":266,"context":249},109,{"file":151,"line":268,"context":249},124,{"file":151,"line":270,"context":249},128,{"file":151,"line":231,"context":249},{"file":151,"line":273,"context":249},257,{"file":151,"line":275,"context":249},282,{"file":151,"line":277,"context":249},301,{"file":151,"line":279,"context":249},305,{"file":151,"line":281,"context":249},309,{"file":151,"line":283,"context":249},312,{"file":151,"line":285,"context":249},316,{"file":151,"line":287,"context":249},320,{"file":151,"line":289,"context":249},324,{"file":151,"line":291,"context":249},328,{"file":151,"line":293,"context":249},363,{"file":151,"line":295,"context":249},369,{"file":151,"line":297,"context":249},375,{"file":151,"line":299,"context":249},381,{"file":151,"line":301,"context":249},387,{"file":151,"line":303,"context":249},393,{"file":151,"line":305,"context":249},399,{"file":151,"line":307,"context":249},469,{"file":151,"line":307,"context":249},{"file":151,"line":310,"context":249},485,{"file":151,"line":312,"context":249},486,{"file":151,"line":314,"context":249},488,{"file":162,"line":316,"context":249},62,{"file":198,"line":167,"context":249},{"file":198,"line":319,"context":249},15,{"file":198,"line":321,"context":249},42,{"file":198,"line":321,"context":249},{"file":198,"line":324,"context":249},44,{"file":198,"line":326,"context":249},45,{"file":198,"line":326,"context":249},{"file":198,"line":326,"context":249},{"file":198,"line":330,"context":249},111,{"file":198,"line":270,"context":249},{"file":198,"line":333,"context":249},196,{"file":198,"line":335,"context":249},228,9,[],[339,365],{"entryPoint":340,"graph":341,"unsanitizedCount":31,"severity":364},"wds_google_connect_button (functions.php:57)",{"nodes":342,"edges":360},[343,348,354,356],{"id":344,"type":345,"label":346,"file":198,"line":347},"n0","source","$_GET",65,{"id":349,"type":350,"label":351,"file":198,"line":352,"wp_function":353},"n1","sink","wp_redirect() [Open Redirect]",68,"wp_redirect",{"id":355,"type":345,"label":346,"file":198,"line":347},"n2",{"id":357,"type":350,"label":358,"file":198,"line":335,"wp_function":359},"n3","echo() [XSS]","echo",[361,363],{"from":344,"to":349,"sanitized":362},false,{"from":355,"to":357,"sanitized":362},"medium",{"entryPoint":366,"graph":367,"unsanitizedCount":31,"severity":364},"\u003Cfunctions> (functions.php:0)",{"nodes":368,"edges":373},[369,370,371,372],{"id":344,"type":345,"label":346,"file":198,"line":347},{"id":349,"type":350,"label":351,"file":198,"line":352,"wp_function":353},{"id":355,"type":345,"label":346,"file":198,"line":347},{"id":357,"type":350,"label":358,"file":198,"line":335,"wp_function":359},[374,375],{"from":344,"to":349,"sanitized":362},{"from":355,"to":357,"sanitized":362},{"summary":377,"deductions":378},"The wp-google-plus-connect plugin v1.0.5.1 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all its SQL queries and avoiding bundled libraries, significant concerns arise from the presence of dangerous functions and a lack of robust security checks. The use of `unserialize` is a critical vulnerability vector, especially when coupled with a complete absence of nonce and capability checks. This means that any user, regardless of their privilege level, could potentially trigger deserialization attacks if an attacker can control the data being unserialized. Although the taint analysis shows no critical or high severity flows, the inherent risk of `unserialize` remains, and the lack of authentication checks on entry points is a major red flag. The plugin's history of zero known CVEs is a positive indicator, suggesting past stability, but it does not mitigate the immediate risks identified in the static analysis. Overall, the plugin has strengths in its SQL handling but significant weaknesses in input validation and authorization, making it a moderate to high risk without further hardening.",[379,381,383,385,388],{"reason":380,"points":319},"Dangerous function 'unserialize' used",{"reason":382,"points":11},"No nonce checks found",{"reason":384,"points":11},"No capability checks found",{"reason":386,"points":387},"Unescaped output percentage is low (54%)",5,{"reason":389,"points":387},"Flows with unsanitized paths","2026-03-16T23:44:12.672Z",{"wat":392,"direct":401},{"assetPaths":393,"generatorPatterns":397,"scriptPaths":398,"versionParams":400},[394,395,396],"\u002Fwp-content\u002Fplugins\u002Fwp-google-plus-connect\u002Fcss\u002Fwds-google-connect.css","\u002Fwp-content\u002Fplugins\u002Fwp-google-plus-connect\u002Fcss\u002Fgplus-badge.css","\u002Fwp-content\u002Fplugins\u002Fwp-google-plus-connect\u002Fjs\u002Fwds-google-connect.js",[],[399],"https:\u002F\u002Fapis.google.com\u002Fjs\u002Fplusone.js",[],{"cssClasses":402,"htmlComments":405,"htmlAttributes":418,"restEndpoints":424,"jsGlobals":425,"shortcodeOutput":427},[403,404],"wds-google-connect-login","wds-gplus-button",[406,407,408,409,410,411,412,413,414,415,416,417],"\u003C!-- Direct Connect & Badge -->","\u003C!-- Google+ Direct Connect & Badge Header -->","\u003C!-- Google+ Badge Short Code -->","\u003C!-- Google+ Badge Function -->","\u003C!-- Google+ Login -->","\u003C!-- Google+ Auth and Connect Button -->","\u003C!-- kill session if new login -->","\u003C!-- new token -->","\u003C!-- if token then grab data -->","\u003C!-- Check if user exists and\u002For create -->","\u003C!-- Get or Create User -->","\u003C!-- Check if G+ ID for a user already exists -->",[419,420,421,422,423],"data-clientid","data-redirecturi","data-appname","data-scope","data-callback",[],[426],"window.___gcfg",[428,429],"\u003Cg:plus","\u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F"]