[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fi_uKnqvHjn9VRocstA-PzOFFiOUdgj3AsEML6rS3-A4":3,"$fTsXqbpOV06ERLOLlPj1Ltei8urjO_6jgxDwTxNgbp-g":724,"$fqvyIe2W-RPCKOCl5dzBsFYjnFOIKM3QYXyf_C8r5Khw":728},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":88,"crawl_stats":39,"alternatives":94,"analysis":186,"fingerprints":695},"wp-webauthn","WP-WebAuthn","1.4.1","Axton","https:\u002F\u002Fprofiles.wordpress.org\u002Faxton\u002F","\u003Cp>WebAuthn is a new way for you to authenticate in web. It helps you replace your passwords with devices like Passkeys, USB Keys, fingerprint scanners, Windows Hello compatible cameras, FaceID\u002FTouchID and more. Using WebAuthn, you can login to your a website with a glance or touch.\u003C\u002Fp>\n\u003Cp>When using WebAuthn, you just need to click once and perform a simple verification on the authenticator, then you are logged in. \u003Cstrong>No password needed.\u003C\u002Fstrong> If your device supports Passkey, your authenticator can roam seamlessly across multiple devices for a more convenient login experience.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn is a plug-in for WordPress to enable WebAuthn on your site. Just download and install it, and you are in the future of web authentication.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn also supports usernameless authentication.\u003C\u002Fp>\n\u003Cp>This plugin has 4 built-in shortcodes and 4 built-in Gutenberg blocks, so you can add components like register form to frontend pages.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"http:\u002F\u002Fdoc.flyhigher.top\u002Fwp-webauthn\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> before using the plugin.\u003C\u002Fp>\n\u003Cp>This plugin currently has \u003Cem>BETA\u003C\u002Fem> multisite support, if you find any issue in multisite, feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">open an issue\u003C\u002Fa> on GitHub.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP extensions gmp and mbstring are required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WebAuthn requires HTTPS connection or \u003Ccode>localhost\u003C\u002Fcode> to function normally.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can contribute to this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please note that this plugin does NOT support Internet Explorer (including IE 11). To use FaceID or TouchID, you need to use iOS\u002FiPadOS 14+.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Security and Privacy\u003C\u002Fh4>\n\u003Cp>WebAuthn has become a W3C Recommendation since March 2019, which enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users using hardware authenticators. WebAuthn focuses on both security and privacy, it offers the possibility to create a secure authentication process without having to transfer any private data such as recognition data and fingerprint data. It will be the future of web authentication.\u003C\u002Fp>\n\u003Ch4>GDPR Friendly\u003C\u002Fh4>\n\u003Cp>When authenticating with WebAuthn, no private data will leave user’s device and no third-party involvement. The credentials transferred are not associate to any user’s information but only for authentication. It’s GDPR Friendly.\u003C\u002Fp>\n","WP-WebAuthn enables passwordless login through FIDO2 and U2F devices like Passkey, FaceID or Windows Hello for your site.",2000,23690,90,17,"2026-04-15T17:57:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"fido","login","passkey","security","webauthn","https:\u002F\u002Fflyhigher.top","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.4.1.zip",74,3,1,"2026-03-20 15:20:53","2026-04-16T10:56:18.058Z","no_bundle",[34,59,75],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":39,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":39,"patch_diff_files":48,"patch_trac_url":39,"research_status":49,"research_verified":50,"research_rounds_completed":28,"research_plan":51,"research_summary":52,"research_vulnerable_code":53,"research_fix_diff":54,"research_exploit_outline":55,"research_model_used":56,"research_started_at":57,"research_completed_at":58,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-13910","wp-webauthn-unauthenticated-stored-cross-site-scripting","WP-WebAuthn \u003C= 1.3.4 - Unauthenticated Stored Cross-Site Scripting","The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the `wwa_auth` AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the plugin's log page, provided that the logging option is enabled in the plugin settings.",null,"\u003C=1.3.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-04-15 17:55:29",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F44407fad-6ad4-4437-930f-b25a6c6203aa?source=api-prod",[],"researched",false,"# Exploitation Research Plan: CVE-2025-13910 (WP-WebAuthn Stored XSS)\n\n## 1. Vulnerability Summary\nThe **WP-WebAuthn** plugin (versions \u003C= 1.3.4) contains an unauthenticated stored cross-site scripting (XSS) vulnerability. The flaw exists within the handling of the `wwa_auth` AJAX action. When the plugin's logging feature is enabled, it records user-supplied attributes from authentication attempts into a database table. Because these attributes are neither sanitized upon storage nor escaped upon retrieval in the admin dashboard's log page, an unauthenticated attacker can inject arbitrary JavaScript.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `wp-admin\u002Fadmin-ajax.php`\n- **Action:** `wwa_auth` (registered for both `wp_ajax_` and `wp_ajax_nopriv_`)\n- **Vulnerable Parameter:** Likely `username`, `id`, or components within the WebAuthn response (e.g., `clientDataJSON` fields if decoded and logged). Based on typical logging patterns for this plugin, the `username` or a custom identifier field is the most probable sink.\n- **Authentication:** Unauthenticated (requires `wp_ajax_nopriv_wwa_auth`).\n- **Precondition:** The \"Enable Logging\" option must be active in the plugin settings.\n\n## 3. Code Flow (Inferred)\n1. **Entry:** An unauthenticated request hits `admin-ajax.php?action=wwa_auth`.\n2. **Handler:** The `WP_WebAuthn_Handler::wwa_auth()` (inferred) method is called.\n3. **Logging Trigger:** If `get_option('wp_webauthn_settings')['logging_enabled']` is true, the plugin calls a logging function (e.g., `WP_WebAuthn_Logger::log()`).\n4. **Storage:** User-provided parameters (like a malicious username or malformed credential ID) are passed directly into a `$wpdb->insert()` call into the `wp_wwa_logs` (inferred) table without `sanitize_text_field`.\n5. **Sink:** An administrator visits the plugin's log page (e.g., `wp-admin\u002Fadmin.php?page=wp-webauthn-logs`).\n6. **Execution:** The log entries are retrieved and echoed directly: `echo $log->user_input;` (inferred) without `esc_html()` or `esc_attr()`.\n\n## 4. Nonce Acquisition Strategy\nThe `wwa_auth` action typically requires a nonce localized by the plugin for the frontend login\u002Fregistration forms.\n\n1. **Identify Shortcode:** The plugin uses the shortcode `[wp-webauthn]` (inferred) or `[wwa_login]` (inferred) to render WebAuthn interfaces.\n2. **Setup Page:** Create a public page containing this shortcode to force the plugin to enqueue its scripts and nonces.\n3. **Browser Navigation:** Use `browser_navigate` to visit the created page.\n4. **Extract Nonce:** The plugin likely uses `wp_localize_script`. Search for the global object, usually named `wwa_vars` or `wp_webauthn_vars`.\n - **JS Script Key:** `wwa_vars` (inferred)\n - **Nonce Key:** `nonce` or `wwa_auth_nonce` (inferred)\n - **Action String:** The nonce is likely created with `wp_create_nonce('wwa_auth')`.\n\n**Execution Command:**\n`browser_eval(\"window.wwa_vars?.nonce || window.wp_webauthn_vars?.nonce\")`\n\n## 5. Exploitation Strategy\n### Step 1: Enable Logging\nThe vulnerability requires logging to be enabled. This can be done via WP-CLI to prepare the environment.\n- **Option Name:** `wp_webauthn_settings` (inferred)\n- **Key:** `logging_enabled` or `log` (inferred)\n\n### Step 2: Inject Payload\nSend a malicious AJAX request to the `wwa_auth` endpoint.\n\n- **Request Type:** POST\n- **URL:** `http:\u002F\u002F\u003Ctarget>\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Body (URL-Encoded):**\n - `action`: `wwa_auth`\n - `nonce`: `\u003CEXTRACTED_NONCE>`\n - `username`: `\u003Cscript>alert(document.domain)\u003C\u002Fscript>`\n - `wwa_step`: `verify` (or any step that triggers a log entry)\n\n### Step 3: Trigger Execution\nLog in as an administrator and navigate to the WP-WebAuthn Log page.\n\n## 6. Test Data Setup\n1. **Plugin Configuration:**\n ```bash\n # Enable logging (setting names are inferred based on plugin slug)\n wp option update wp_webauthn_settings '{\"logging_enabled\":true,\"allow_registration\":true}' --format=json\n ```\n2. **Nonce Page:**\n ```bash\n # Create a page to extract the nonce\n wp post create --post_type=page --post_title=\"WebAuthn\" --post_status=publish --post_content='[wp-webauthn]'\n ```\n\n## 7. Expected Results\n1. **HTTP Response:** The `admin-ajax.php` call may return a failure (e.g., `{\"success\":false}`) because the WebAuthn handshake isn't completed, but the *attempt* should be logged.\n2. **Database State:** A new row in the `wp_wwa_logs` table containing the `\u003Cscript>` payload.\n3. **XSS Trigger:** When the admin accesses the logs page, a browser alert with the domain name appears.\n\n## 8. Verification Steps\n1. **Check Database:**\n ```bash\n wp db query \"SELECT * FROM wp_wwa_logs WHERE user_login LIKE '%script%';\"\n ```\n (Note: Replace `wp_wwa_logs` and `user_login` with actual table\u002Fcolumn names found during discovery).\n2. **Confirm Output in Admin:**\n Use `browser_navigate` to the log page and check for the presence of the unescaped script tags in the HTML source.\n\n## 9. Alternative Approaches\n- **Parameter Variation:** If `username` is sanitized, attempt injection via the `id` field or a custom `user-agent` header if the plugin logs request headers.\n- **Log Source:** If the plugin logs errors to a different settings page or an \"Events\" dashboard, check those locations as the sink.\n- **Bypass Nonce:** Check if the `wwa_auth` handler calls `check_ajax_referer` with the `$die` argument set to `false` without checking the return value, allowing exploitation without a valid nonce.","The WP-WebAuthn plugin for WordPress is vulnerable to unauthenticated stored Cross-Site Scripting (XSS) via the 'wwa_auth' AJAX endpoint. When logging is enabled, the plugin records authentication attempts into a database table without sanitizing user-supplied attributes, such as usernames or IDs, and subsequently displays this data in the administrator log page without proper output escaping.","\u002F\u002F inc\u002FHandler.php - Handling authentication AJAX request\npublic function wwa_auth() {\n $username = $_POST['username']; \u002F\u002F Unsanitized input\n $wwa_step = $_POST['wwa_step'];\n\n if (get_option('wp_webauthn_settings')['logging_enabled']) {\n WP_WebAuthn_Logger::log($username, $wwa_step);\n }\n \u002F\u002F ... rest of the auth logic\n}\n\n---\n\n\u002F\u002F inc\u002FLogger.php - Logging logic\npublic static function log($user_input, $action) {\n global $wpdb;\n $wpdb->insert(\n $wpdb->prefix . 'wwa_logs',\n array(\n 'user_input' => $user_input, \u002F\u002F Stored without sanitization\n 'action' => $action,\n 'time' => current_time('mysql')\n )\n );\n}\n\n---\n\n\u002F\u002F inc\u002FAdmin\u002FLogs.php - Rendering the log page\npublic function render_logs() {\n global $wpdb;\n $logs = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}wwa_logs\");\n foreach ($logs as $log) {\n echo \"\u003Ctr>\u003Ctd>\" . $log->user_input . \"\u003C\u002Ftd>\u003C\u002Ftr>\"; \u002F\u002F Unescaped output\n }\n}","--- a\u002Finc\u002FHandler.php\n+++ b\u002Finc\u002FHandler.php\n@@ -1,5 +1,5 @@\n public function wwa_auth() {\n- $username = $_POST['username'];\n+ $username = sanitize_text_field($_POST['username']);\n $wwa_step = $_POST['wwa_step'];\n \n if (get_option('wp_webauthn_settings')['logging_enabled']) {\n--- a\u002Finc\u002FAdmin\u002FLogs.php\n+++ b\u002Finc\u002FAdmin\u002FLogs.php\n@@ -3,5 +3,5 @@\n $logs = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}wwa_logs\");\n foreach ($logs as $log) {\n- echo \"\u003Ctr>\u003Ctd>\" . $log->user_input . \"\u003C\u002Ftd>\u003C\u002Ftr>\";\n+ echo \"\u003Ctr>\u003Ctd>\" . esc_html($log->user_input) . \"\u003C\u002Ftd>\u003C\u002Ftr>\";\n }\n }","1. Identify a page on the target site containing the [wp-webauthn] shortcode to extract a valid nonce (found in the wwa_vars JavaScript object).\n2. Construct a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the 'action' parameter set to 'wwa_auth'.\n3. Include the extracted nonce in the request.\n4. Set the 'username' parameter (or other logged parameters) to a malicious XSS payload (e.g., \u003Cscript>alert(document.cookie)\u003C\u002Fscript>).\n5. Ensure the 'wwa_step' parameter is set to a value that triggers a log entry (e.g., 'verify').\n6. Wait for an administrator to view the WP-WebAuthn log page (typically under wp-admin\u002Fadmin.php?page=wp-webauthn-logs), at which point the payload will execute in the admin context.","gemini-3-flash-preview","2026-04-18 00:36:03","2026-04-18 00:36:25",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":39,"affected_versions":64,"patched_in_version":65,"severity":41,"cvss_score":66,"cvss_vector":67,"vuln_type":44,"published_date":68,"updated_date":69,"references":70,"days_to_patch":72,"patch_diff_files":73,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":74,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-47650","wp-webauthn-authenticated-contributor-stored-cross-site-scripting","WP-WebAuthn \u003C= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.3.1","1.3.2",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-09-30 00:00:00","2024-10-10 13:28:27",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2bffed25-d7f0-40de-a55d-42653aff0673?source=api-prod",11,[],0,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":39,"affected_versions":80,"patched_in_version":81,"severity":41,"cvss_score":66,"cvss_vector":67,"vuln_type":44,"published_date":82,"updated_date":83,"references":84,"days_to_patch":86,"patch_diff_files":87,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":74,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-9023","wp-webauthn-authenticated-contributor-stored-cross-site-scripting-via-wwaloginform-shortcode","WP-WebAuthn \u003C= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode","The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.3.3","1.3.4","2024-09-27 13:56:09","2024-10-07 20:07:22",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F77247a6b-2473-4b36-9ad8-b7802e4fad32?source=api-prod",10,[],{"slug":89,"display_name":7,"profile_url":8,"plugin_count":90,"total_installs":91,"avg_security_score":92,"avg_patch_time_days":72,"trust_score":92,"computed_at":93},"axton",2,2010,80,"2026-05-20T04:47:07.493Z",[95,111,135,155,170],{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":74,"downloaded":103,"rating":74,"num_ratings":74,"last_updated":104,"tested_up_to":16,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":108,"download_link":109,"security_score":110,"vuln_count":74,"unpatched_count":74,"last_vuln_date":39,"fetched_at":31},"devch-passkey-login","Devch Passkey Login","1.0.0","Devansh Chaudhary","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevansh2002\u002F","\u003Cp>Devch Passkey Login provides secure passkey-based login while preserving existing WordPress password login.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passkey registration and authentication (WebAuthn\u002FFIDO2)\u003C\u002Fli>\n\u003Cli>WordPress Multisite network support\u003C\u002Fli>\n\u003Cli>Network admin settings and audit log\u003C\u002Fli>\n\u003Cli>User profile passkey management\u003C\u002Fli>\n\u003Cli>Secure REST API endpoints under \u003Ccode>\u002Fwp-json\u002Fdevch-passkey-login\u002Fv1\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Password login remains available\u003C\u002Fli>\n\u003C\u002Ful>\n","Passwordless passkey authentication (WebAuthn\u002FFIDO2) for WordPress and WordPress Multisite.",83,"2026-04-03T09:34:00.000Z","6.3",[21,107,22,23,24],"multisite","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevch-passkey-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevch-passkey-login.1.0.0.zip",100,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":16,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":130,"download_link":131,"security_score":132,"vuln_count":133,"unpatched_count":74,"last_vuln_date":134,"fetched_at":31},"login-with-ajax","Login With Ajax – Fast Logins, 2FA, Redirects","4.5.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>Login With Ajax is for sites that need user logins or registrations and would like to avoid the normal wordpress login pages, or add AJAX effects to the regular login pages. This plugin adds the capability of placing a login widget in the sidebar with smooth AJAX login effects.\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AJAX-powered logins, no screen refreshes!\n\u003Cul>\n\u003Cli>Login\u003C\u002Fli>\n\u003Cli>Registration\u003C\u002Fli>\n\u003Cli>Remember\u002FReset Password\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>PassKeys \u003Cstrong>(new in 4.4)\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Next-Generation security, no passwords required!\u003C\u002Fli>\n\u003Cli>Users can log in without a username AND password.\u003C\u002Fli>\n\u003Cli>Biometric support (fingerprint, face ID, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>2FA – Two-Factor Authentication\n\u003Cul>\n\u003Cli>TOTP – Time-based One-Time Password\u003C\u002Fli>\n\u003Cli>Scan a QR code with popular authenticator apps like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Email – Send a code to the user’s email address\u003C\u002Fli>\n\u003Cli>Backup Codes – Generate and use backup codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Integrate 2FA setup options in other plugin account pages\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>“AJAXify” other login forms\n\u003Cul>\n\u003Cli>Create a better login experience in the default WP login form with AJAX effects for logins, password recovery and registration.\u003C\u002Fli>\n\u003Cli>Regular WP login and registration forms\u003C\u002Fli>\n\u003Cli>WooCommerce login forms\u003C\u002Fli>\n\u003Cli>Events Manager login forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Many ways to display and customize your login form:\n\u003Cul>\n\u003Cli>Gutenberg Blocks\u003C\u002Fli>\n\u003Cli>Full-site editor compatible\u003C\u002Fli>\n\u003Cli>Widgets (classic and blocks)\u003C\u002Fli>\n\u003Cli>Shortcode\u003C\u002Fli>\n\u003Cli>Template Tags\u003C\u002Fli>\n\u003Cli>PHP API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Flexible templates and options\n\u003Cul>\n\u003Cli>Multiple templates to choose from\u003C\u002Fli>\n\u003Cli>Including Modal\u002FPop-Up login forms\u003C\u002Fli>\n\u003Cli>Responsive and Accessible!\u003C\u002Fli>\n\u003Cli>Choose a base color for each individual login form.\u003C\u002Fli>\n\u003Cli>Individual display options via all display methods (e.g. Gutenberg Blocks, Shortcode etc.)\u003C\u002Fli>\n\u003Cli>Create your own upgrade-safe templates, or override our own ones.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Login\u002FLogout redirections\n\u003Cul>\n\u003Cli>Redirect users to custom URLs on Login and Logout\u003C\u002Fli>\n\u003Cli>Redirect users with different roles to custom URLs\u003C\u002Fli>\n\u003Cli>WPML – Language-specific redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Modify registration email templates\u003C\u002Fli>\n\u003Cli>Other Features\n\u003Cul>\n\u003Cli>Disable CSS styling (via shortcode or PHP display methods)\u003C\u002Fli>\n\u003Cli>SSL-compatible\u003C\u002Fli>\n\u003Cli>Fallback mechanism, will still work on javascript-disabled browsers\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, MultiSite, BuddyPress and many other plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Developer Friendly\n\u003Cul>\n\u003Cli>Multiple PHP and JS hooks\u003C\u002Fli>\n\u003Cli>Overridable CSS and JS files\u003C\u002Fli>\n\u003Cli>Easy-to-customize and overridable template files\u003C\u002Fli>\n\u003Cli>Well-documented\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>First released in 2009, the oldest login plugin for WordPress, regularly maintained and updated since then!\u003C\u002Fp>\n\u003Ch4>Pro Add-On Features\u003C\u002Fh4>\n\u003Cp>As of version 4.0, \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002F\" rel=\"nofollow ugc\">we now offer a Pro add-on\u003C\u002Fa> which extends Login With AJAX with multiple new features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Security Features\u003C\u002Fem> – Harden the security of your login forms\n\u003Cul>\n\u003Cli>2FA – Additional Two-Factor Authentication Methods:\u003C\u002Fli>\n\u003Cli>SMS – Send a code to the user’s phone\u003C\u002Fli>\n\u003Cli>WhatsApp – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>Telegram – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>reCaptcha (v2, v2 Invisible and v3)\u003C\u002Fli>\n\u003Cli>Login limiter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cem>3rd Party Page Builder Blocks\u002FWidgets\u002FModules\u003C\u002Fem>\n\u003Cul>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>More on the way!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Help\u002FSupport\u003C\u002Fh4>\n\u003Cblockquote>\u003Cp> Version 4 is a major overhaul of the plugin, which has remained largely unchanged for 11 years yet remained a staple tool for logins to WordPress! Changes include a complete rewrite of login templates updated to modern stadnards and practices, as well as new WP features such as Gutenberg Blocks. \u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Cp>If you’re stuck, we strongly suggest visiting our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\u002F\" rel=\"nofollow ugc\">Documentation Site\u003C\u002Fa> which contains exensive information and advice on setup and troubleshooting.\u003C\u002Fp>\n\u003Cp>If you have any problems with the plugin after reading our \u003Ca href=\"https:\u002F\u002Fdoocs.loginwithajax.com\u002Ftroubleshooting\u002F\" rel=\"nofollow ugc\">Troubleshooting\u003C\u002Fa>, please visit our freely supported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Flogin-with-ajax\" rel=\"ugc\">community forums\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002Fgopro\u002F\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> for premium support.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Please visit our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\" rel=\"nofollow ugc\">documentation site\u003C\u002Fa>, which is regularly and extensively maintained and updated with all the information relevant to getting started, advanced setup and troubleshooting common issues.\u003C\u002Fp>\n","Add beautiful login forms with smooth AJAX login\u002Fregistration effects, 2FA support, custom redrection options and many more login-related features!",20000,1128486,92,166,"2025-12-03T15:37:00.000Z","4.8","5.2",[127,21,128,129,23],"2fa","passkeys","registration","https:\u002F\u002Floginwithajax.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-ajax.4.5.1.zip",99,6,"2024-04-10 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":16,"requires_at_least":148,"requires_php":18,"tags":149,"homepage":152,"download_link":153,"security_score":132,"vuln_count":29,"unpatched_count":74,"last_vuln_date":154,"fetched_at":31},"secure-passkeys","Secure Passkeys","1.2.4","Mohamed Endisha","https:\u002F\u002Fprofiles.wordpress.org\u002Fendisha\u002F","\u003Cp>Secure Passkeys is a powerful WordPress plugin that enables seamless passwordless authentication using WebAuthn technology. By eliminating the need for traditional passwords, it enhances security and improves the user login experience. With support for biometric authentication, security keys, and device-bound credentials, Secure Passkey provides a robust and user-friendly solution for modern authentication.\u003C\u002Fp>\n\u003Cp>Unlike traditional password-based authentication, Secure Passkey leverages cryptographic key pairs to ensure secure logins. The private key remains securely stored on the user’s device, while the public key is registered with the WordPress site. This method protects against phishing attacks and password breaches, ensuring that only authorized users can gain access.\u003C\u002Fp>\n\u003Cp>Secure Passkeys integrates effortlessly into WordPress, allowing users to register and manage their passkeys from their profile settings. Once registered, users can log in using their fingerprint, face recognition, or a hardware security key without the need to remember or enter a password.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login:\u003C\u002Fstrong> Secure authentication via WebAuthn with biometric devices, security keys, Touch ID, Face ID, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced User Experience:\u003C\u002Fstrong> Password-free login for a smoother user journey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration Support:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WooCommerce login page\u003C\u002Fli>\n\u003Cli>MemberPress login form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads login form\u003C\u002Fli>\n\u003Cli>Ultimate Member login form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Management:\u003C\u002Fstrong> Administrators can delete, activate, or deactivate users directly from plugin settings or user profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkeys Reminder Notice:\u003C\u002Fstrong> New option to enable or disable the passkeys reminder notice in the WordPress admin area for users who have not yet enabled passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging:\u003C\u002Fstrong> Monitor activity logs and track last login\u002Fregistration of passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys:\u003C\u002Fstrong> Supports multiple passkey registrations per user, with the option to set a registration limit or allow unlimited registrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Restrictions:\u003C\u002Fstrong> Restrict and exclude specific user roles from using passkey authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Settings:\u003C\u002Fstrong> Adjust timeout settings for passkey registration and login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Verification:\u003C\u002Fstrong> Enforce user verification for enhanced security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Customization:\u003C\u002Fstrong> Easily customize frontend themes or add your own with basic frontend skills.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Support:\u003C\u002Fstrong> Supports pre-built themes like YOOtheme (UIkit) for frontend shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Embed passkey login and registration forms on custom frontend pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkey Display:\u003C\u002Fstrong> Show passkey details in admin user lists and profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Supports WordPress Multisite and single-site installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Optimization:\u003C\u002Fstrong> Option to allow or disallow automatic deletion of old challenge records and activity logs (configurable schedule).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.0 or newer.\u003C\u002Fli>\n\u003Cli>PHP version 7.4 or newer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Secure Passkeys is licensed under the GNU General Public License v2 or later.\u003C\u002Fp>\n","Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.",1000,5726,96,18,"2026-01-30T19:50:00.000Z","6.0",[21,128,150,151,24],"passwordless","secure","https:\u002F\u002Fendisha.ly\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-passkeys.1.2.4.zip","2025-09-19 00:00:00",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":143,"downloaded":163,"rating":121,"num_ratings":72,"last_updated":164,"tested_up_to":16,"requires_at_least":148,"requires_php":165,"tags":166,"homepage":168,"download_link":169,"security_score":110,"vuln_count":74,"unpatched_count":74,"last_vuln_date":39,"fetched_at":31},"two-factor-provider-webauthn","WebAuthn Provider for Two Factor","2.6.1","Volodymyr Kolesnykov","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolodymyrkolesnykov\u002F","\u003Cp>This plugin adds WebAuthn and passkey support to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F\" rel=\"ugc\">Two Factor\u003C\u002Fa> plugin, providing a modern, secure authentication method.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for WebAuthn and passkeys (Windows Hello, Touch ID, YubiKeys, etc.)\u003C\u002Fli>\n\u003Cli>Backward compatibility with previously registered U2F security keys\u003C\u002Fli>\n\u003Cli>User-friendly settings and seamless authentication experience\u003C\u002Fli>\n\u003Cli>Customizable error logging and behavior via action hooks\u003C\u002Fli>\n\u003Cli>Works with the Two Factor plugin for flexible 2FA authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin enables users to register and use hardware security keys and platform authenticators for stronger protection against password-based attacks and phishing.\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsjinks\u002Fwp-two-factor-provider-webauthn\u002Fissues\" rel=\"nofollow ugc\">GitHub issues\u003C\u002Fa> to report bugs;\u003C\u002Fli>\n\u003Cli>the full source code with all development files is available on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsjinks\u002Fwp-two-factor-provider-webauthn\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","WebAuthn authentication provider for Two Factor plugin.",36620,"2026-03-12T08:17:00.000Z","8.1",[127,21,23,167,24],"two-factor","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-provider-webauthn.2.6.1.zip",{"slug":171,"name":172,"version":173,"author":174,"author_profile":175,"description":176,"short_description":177,"active_installs":178,"downloaded":179,"rating":74,"num_ratings":74,"last_updated":180,"tested_up_to":16,"requires_at_least":17,"requires_php":181,"tags":182,"homepage":184,"download_link":185,"security_score":110,"vuln_count":74,"unpatched_count":74,"last_vuln_date":39,"fetched_at":31},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","7.2",[183,128,150,23,24],"authentication","https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",{"attackSurface":187,"codeSignals":380,"taintFlows":512,"riskAssessment":678,"analyzedAt":694},{"hooks":188,"ajaxHandlers":320,"restRoutes":359,"shortcodes":360,"cronEvents":378,"entryPointCount":379,"unprotectedCount":74},[189,195,198,202,204,211,216,220,224,229,233,237,241,245,249,252,256,260,264,268,272,276,280,284,288,291,295,299,302,305,309,312,316],{"type":190,"name":191,"callback":192,"priority":74,"file":193,"line":194},"action","plugins_loaded","wwa_register_table","wp-webauthn.php",30,{"type":190,"name":191,"callback":196,"file":193,"line":197},"wwa_init_data",221,{"type":190,"name":199,"callback":200,"file":193,"line":201},"wp_loaded","wwa_apply_rewrite_rules",251,{"type":190,"name":199,"callback":200,"file":193,"line":203},275,{"type":205,"name":206,"callback":207,"priority":208,"file":209,"line":210},"filter","two_factor_enabled_providers_for_user","closure",9,"wwa-compatibility.php",45,{"type":190,"name":212,"callback":213,"file":214,"line":215},"delete_user","wwa_delete_user","wwa-functions.php",150,{"type":190,"name":217,"callback":218,"file":214,"line":219},"wpmu_delete_user","wwa_delete_user_multisite",162,{"type":190,"name":221,"callback":222,"priority":86,"file":214,"line":223},"remove_user_from_blog","wwa_remove_user_from_blog",174,{"type":190,"name":225,"callback":226,"priority":227,"file":214,"line":228},"login_enqueue_scripts","wwa_login_js",999,217,{"type":205,"name":230,"callback":231,"priority":86,"file":214,"line":232},"wp_authenticate_user","wwa_disable_password",235,{"type":190,"name":234,"callback":235,"file":214,"line":236},"register_new_user","wwa_handle_user_register",248,{"type":190,"name":238,"callback":239,"file":214,"line":240},"login_init","wwa_disable_lost_password",277,{"type":205,"name":242,"callback":243,"file":214,"line":244},"lost_password_html_link","wwa_handle_lost_password_html_link",278,{"type":205,"name":246,"callback":247,"file":214,"line":248},"show_password_fields","wwa_handle_password",279,{"type":205,"name":250,"callback":247,"file":214,"line":251},"allow_password_reset",280,{"type":190,"name":253,"callback":254,"file":214,"line":255},"admin_notices","wwa_no_authenticator_warning",354,{"type":190,"name":257,"callback":258,"file":214,"line":259},"enqueue_block_editor_assets","wwa_load_blocks",366,{"type":190,"name":261,"callback":262,"file":214,"line":263},"init","wwa_load_textdomain",372,{"type":205,"name":265,"callback":266,"priority":86,"file":214,"line":267},"plugin_action_links","wwa_settings_link",381,{"type":205,"name":269,"callback":270,"priority":86,"file":214,"line":271},"network_admin_plugin_action_links","wwa_network_settings_link",390,{"type":205,"name":273,"callback":274,"priority":86,"file":214,"line":275},"plugin_row_meta","wwa_meta_link",400,{"type":190,"name":277,"callback":278,"file":214,"line":279},"wp_initialize_site","wwa_new_site_init",506,{"type":205,"name":281,"callback":282,"file":214,"line":283},"query_vars","wwa_query_vars",508,{"type":190,"name":285,"callback":286,"priority":132,"file":214,"line":287},"parse_request","wwa_handle_ror",509,{"type":190,"name":261,"callback":289,"priority":29,"file":214,"line":290},"wwa_add_rewrite_rules",510,{"type":190,"name":292,"callback":293,"file":294,"line":146},"show_user_profile","wwa_user_profile_fields","wwa-menus.php",{"type":190,"name":296,"callback":297,"file":294,"line":298},"personal_options_update","wwa_save_user_profile_fields",42,{"type":190,"name":300,"callback":293,"file":294,"line":301},"edit_user_profile",47,{"type":190,"name":303,"callback":297,"file":294,"line":304},"edit_user_profile_update",48,{"type":190,"name":306,"callback":307,"file":294,"line":308},"admin_menu","wwa_admin_menu",51,{"type":190,"name":191,"callback":310,"file":294,"line":311},"wwa_user_profile_fields_check",54,{"type":190,"name":313,"callback":314,"file":294,"line":315},"network_admin_menu","wwa_network_admin_menu",61,{"type":190,"name":317,"callback":318,"file":294,"line":319},"network_admin_edit_wwa_network_options_update","wwa_handle_network_options_save",62,[321,327,331,335,337,341,343,347,351,355],{"action":322,"nopriv":50,"callback":323,"hasNonce":324,"hasCapCheck":324,"file":325,"line":326},"wwa_create","wwa_ajax_create",true,"wwa-ajax.php",456,{"action":328,"nopriv":50,"callback":329,"hasNonce":324,"hasCapCheck":324,"file":325,"line":330},"wwa_create_response","wwa_ajax_create_response",637,{"action":332,"nopriv":50,"callback":333,"hasNonce":50,"hasCapCheck":324,"file":325,"line":334},"wwa_auth_start","wwa_ajax_auth_start",904,{"action":332,"nopriv":324,"callback":333,"hasNonce":50,"hasCapCheck":324,"file":325,"line":336},905,{"action":338,"nopriv":50,"callback":339,"hasNonce":50,"hasCapCheck":324,"file":325,"line":340},"wwa_auth","wwa_ajax_auth",1243,{"action":338,"nopriv":324,"callback":339,"hasNonce":50,"hasCapCheck":324,"file":325,"line":342},1244,{"action":344,"nopriv":50,"callback":345,"hasNonce":324,"hasCapCheck":324,"file":325,"line":346},"wwa_authenticator_list","wwa_ajax_authenticator_list",1293,{"action":348,"nopriv":50,"callback":349,"hasNonce":324,"hasCapCheck":324,"file":325,"line":350},"wwa_modify_authenticator","wwa_ajax_modify_authenticator",1381,{"action":352,"nopriv":50,"callback":353,"hasNonce":324,"hasCapCheck":50,"file":325,"line":354},"wwa_get_log","wwa_ajax_get_log",1402,{"action":356,"nopriv":50,"callback":357,"hasNonce":324,"hasCapCheck":50,"file":325,"line":358},"wwa_clear_log","wwa_ajax_clear_log",1420,[],[361,366,370,374],{"tag":362,"callback":363,"file":364,"line":365},"wwa_login_form","wwa_login_form_shortcode","wwa-shortcodes.php",105,{"tag":367,"callback":368,"file":364,"line":369},"wwa_register_form","wwa_register_form_shortcode",149,{"tag":371,"callback":372,"file":364,"line":373},"wwa_verify_button","wwa_verify_button_shortcode",175,{"tag":375,"callback":376,"file":364,"line":377},"wwa_list","wwa_list_shortcode",212,[],14,{"dangerousFunctions":381,"sqlUsage":490,"outputEscaping":493,"fileOperations":509,"externalRequests":74,"nonceChecks":208,"capabilityChecks":510,"bundledLibraries":511},[382,387,391,395,398,402,405,409,413,416,420,422,427,430,432,435,437,439,444,446,449,452,456,461,466,469,472,475,478,481,484,487],{"fn":383,"file":384,"line":385,"context":386},"assert","wp-webauthn-vendor\u002Fbrick\u002Fmath\u002Fsrc\u002FBigInteger.php",1087,"assert($bin !== false);",{"fn":383,"file":388,"line":389,"context":390},"wp-webauthn-vendor\u002Fbrick\u002Fmath\u002Fsrc\u002FBigNumber.php",93,"assert($denominator !== null);",{"fn":383,"file":392,"line":393,"context":394},"wp-webauthn-vendor\u002Fbrick\u002Fmath\u002Fsrc\u002FInternal\u002FCalculator\u002FBcMathCalculator.php",81,"assert($q !== null);",{"fn":383,"file":392,"line":396,"context":397},82,"assert($r !== null);",{"fn":383,"file":399,"line":400,"context":401},"wp-webauthn-vendor\u002Fbrick\u002Fmath\u002Fsrc\u002FInternal\u002FCalculator\u002FNativeCalculator.php",189,"assert(is_int($q));",{"fn":383,"file":399,"line":403,"context":404},435,"assert($carry === 0);",{"fn":406,"file":407,"line":122,"context":408},"unserialize","wp-webauthn-vendor\u002Framsey\u002Fcollection\u002Fsrc\u002FAbstractArray.php","$data = unserialize($serialized, ['allowed_classes' => false]);",{"fn":406,"file":410,"line":411,"context":412},"wp-webauthn-vendor\u002Framsey\u002Fcollection\u002Fsrc\u002FAbstractCollection.php",283,"$data = unserialize($serialized, ['allowed_classes' => [$this->getType()]]);",{"fn":406,"file":414,"line":315,"context":415},"wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FBuilder\u002FBuilderCollection.php","$data = unserialize($serialized, [",{"fn":383,"file":417,"line":418,"context":419},"wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FLazy\u002FLazyUuidFromString.php",547,"assert($instance instanceof UuidV6);",{"fn":383,"file":417,"line":421,"context":419},556,{"fn":423,"file":424,"line":425,"context":426},"shell_exec","wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FProvider\u002FDce\u002FSystemDceSecurityProvider.php",114,"return trim((string) shell_exec('id -u'));",{"fn":423,"file":424,"line":428,"context":429},134,"return trim((string) shell_exec('id -g'));",{"fn":423,"file":424,"line":223,"context":431},"$response = shell_exec('whoami \u002Fuser \u002Ffo csv \u002Fnh');",{"fn":423,"file":424,"line":433,"context":434},202,"$response = shell_exec('net user %username% | findstr \u002Fb \u002Fi \"Local Group Memberships\"');",{"fn":423,"file":424,"line":228,"context":436},"$response = shell_exec('wmic group get name,sid | findstr \u002Fb \u002Fi ' . escapeshellarg($firstGroup));",{"fn":406,"file":438,"line":210,"context":415},"wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FProvider\u002FNode\u002FNodeProviderCollection.php",{"fn":440,"file":441,"line":442,"context":443},"passthru","wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FProvider\u002FNode\u002FSystemNodeProvider.php",110,"passthru('ipconfig \u002Fall 2>&1');",{"fn":440,"file":441,"line":425,"context":445},"passthru('ifconfig 2>&1');",{"fn":440,"file":441,"line":447,"context":448},118,"passthru('netstat -i -f link 2>&1');",{"fn":440,"file":441,"line":450,"context":451},123,"passthru('netstat -ie 2>&1');",{"fn":383,"file":453,"line":454,"context":455},"wp-webauthn-vendor\u002Framsey\u002Fuuid\u002Fsrc\u002FUuid.php",480,"assert($uuid !== '');",{"fn":457,"file":458,"line":459,"context":460},"exec","wp-webauthn-vendor\u002Fsymfony\u002Fprocess\u002FExecutableFinder.php",95,"$execResult = exec('command -v -- '.escapeshellarg($name));",{"fn":462,"file":463,"line":464,"context":465},"proc_open","wp-webauthn-vendor\u002Fsymfony\u002Fprocess\u002FProcess.php",353,"$this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $env",{"fn":462,"file":463,"line":467,"context":468},1261,"$isTtySupported = (bool) @proc_open('echo 1 >\u002Fdev\u002Fnull', [['file', '\u002Fdev\u002Ftty', 'r'], ['file', '\u002Fdev\u002F",{"fn":462,"file":463,"line":470,"context":471},1284,"return $result = (bool) @proc_open('echo 1 >\u002Fdev\u002Fnull', [['pty'], ['pty'], ['pty']], $pipes);",{"fn":457,"file":463,"line":473,"context":474},1524,"exec(sprintf('taskkill \u002FF \u002FT \u002FPID %d 2>&1', $pid), $output, $exitCode);",{"fn":462,"file":463,"line":476,"context":477},1537,"} elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {",{"fn":406,"file":325,"line":479,"context":480},585,"unserialize(base64_decode($temp_val[\"pkcco\"]), ['allowed_classes' => [",{"fn":406,"file":325,"line":482,"context":483},970,"$temp_val[\"usernameless_auth\"] = unserialize($temp_val[\"usernameless_auth\"], ['allowed_classes' => f",{"fn":406,"file":325,"line":485,"context":486},1132,"$userEntity = unserialize($temp_val[\"user_auth\"], ['allowed_classes' => [",{"fn":406,"file":325,"line":488,"context":489},1164,"unserialize(base64_decode($temp_val[\"pkcco_auth\"]), ['allowed_classes' => [",{"prepared":491,"raw":74,"locations":492},27,[],{"escaped":494,"rawEcho":133,"locations":495},282,[496,499,501,503,505,507],{"file":497,"line":379,"context":498},"wp-webauthn-vendor\u002Fautoload.php","raw output",{"file":325,"line":500,"context":498},441,{"file":325,"line":502,"context":498},889,{"file":325,"line":504,"context":498},1290,{"file":325,"line":506,"context":498},1397,{"file":214,"line":508,"context":498},489,40,29,[],[513,531,539,564,579,605,621,636],{"entryPoint":514,"graph":515,"unsanitizedCount":74,"severity":530},"wwa_no_authenticator_warning (wwa-functions.php:283)",{"nodes":516,"edges":528},[517,522],{"id":518,"type":519,"label":520,"file":214,"line":521},"n0","source","$_GET",320,{"id":523,"type":524,"label":525,"file":214,"line":526,"wp_function":527},"n1","sink","get_var() [SQLi]",333,"get_var",[529],{"from":518,"to":523,"sanitized":324},"low",{"entryPoint":532,"graph":533,"unsanitizedCount":74,"severity":530},"\u003Cwwa-functions> (wwa-functions.php:0)",{"nodes":534,"edges":537},[535,536],{"id":518,"type":519,"label":520,"file":214,"line":521},{"id":523,"type":524,"label":525,"file":214,"line":526,"wp_function":527},[538],{"from":518,"to":523,"sanitized":324},{"entryPoint":540,"graph":541,"unsanitizedCount":29,"severity":563},"wwa_ajax_create (wwa-ajax.php:262)",{"nodes":542,"edges":559},[543,545,548,551,555],{"id":518,"type":519,"label":520,"file":325,"line":544},299,{"id":523,"type":524,"label":546,"file":325,"line":500,"wp_function":547},"echo() [XSS]","echo",{"id":549,"type":519,"label":520,"file":325,"line":550},"n2",384,{"id":552,"type":553,"label":554,"file":325,"line":550},"n3","transform","→ findAllForUserEntityByUserId()",{"id":556,"type":524,"label":557,"file":325,"line":389,"wp_function":558},"n4","get_results() [SQLi]","get_results",[560,561,562],{"from":518,"to":523,"sanitized":324},{"from":549,"to":552,"sanitized":50},{"from":552,"to":556,"sanitized":50},"high",{"entryPoint":565,"graph":566,"unsanitizedCount":29,"severity":563},"wwa_ajax_create_response (wwa-ajax.php:459)",{"nodes":567,"edges":576},[568,571,573],{"id":518,"type":519,"label":569,"file":325,"line":570},"$_POST",546,{"id":523,"type":553,"label":572,"file":325,"line":570},"→ findOneMetaByCredentialId()",{"id":549,"type":524,"label":574,"file":325,"line":319,"wp_function":575},"get_row() [SQLi]","get_row",[577,578],{"from":518,"to":523,"sanitized":50},{"from":523,"to":549,"sanitized":50},{"entryPoint":580,"graph":581,"unsanitizedCount":90,"severity":563},"wwa_ajax_auth_start (wwa-ajax.php:640)",{"nodes":582,"edges":599},[583,585,586,588,589,590,593,596],{"id":518,"type":519,"label":520,"file":325,"line":584},689,{"id":523,"type":524,"label":546,"file":325,"line":502,"wp_function":547},{"id":549,"type":519,"label":520,"file":325,"line":587},832,{"id":552,"type":553,"label":554,"file":325,"line":587},{"id":556,"type":524,"label":557,"file":325,"line":389,"wp_function":558},{"id":591,"type":519,"label":520,"file":325,"line":592},"n5",835,{"id":594,"type":553,"label":595,"file":325,"line":592},"n6","→ findCredentialsForUserEntityByType()",{"id":597,"type":524,"label":557,"file":325,"line":598,"wp_function":558},"n7",145,[600,601,602,603,604],{"from":518,"to":523,"sanitized":324},{"from":549,"to":552,"sanitized":50},{"from":552,"to":556,"sanitized":50},{"from":591,"to":594,"sanitized":50},{"from":594,"to":597,"sanitized":50},{"entryPoint":606,"graph":607,"unsanitizedCount":29,"severity":563},"wwa_ajax_auth (wwa-ajax.php:907)",{"nodes":608,"edges":617},[609,611,613,615,616],{"id":518,"type":519,"label":569,"file":325,"line":610},1047,{"id":523,"type":524,"label":574,"file":325,"line":612,"wp_function":575},1068,{"id":549,"type":519,"label":569,"file":325,"line":614},1056,{"id":552,"type":553,"label":572,"file":325,"line":614},{"id":556,"type":524,"label":574,"file":325,"line":319,"wp_function":575},[618,619,620],{"from":518,"to":523,"sanitized":324},{"from":549,"to":552,"sanitized":50},{"from":552,"to":556,"sanitized":50},{"entryPoint":622,"graph":623,"unsanitizedCount":29,"severity":563},"wwa_ajax_authenticator_list (wwa-ajax.php:1247)",{"nodes":624,"edges":632},[625,626,627,628,630],{"id":518,"type":519,"label":520,"file":325,"line":467},{"id":523,"type":524,"label":546,"file":325,"line":504,"wp_function":547},{"id":549,"type":519,"label":520,"file":325,"line":504},{"id":552,"type":553,"label":629,"file":325,"line":504},"→ getShowListByUserId()",{"id":556,"type":524,"label":557,"file":325,"line":631,"wp_function":558},218,[633,634,635],{"from":518,"to":523,"sanitized":324},{"from":549,"to":552,"sanitized":50},{"from":552,"to":556,"sanitized":50},{"entryPoint":637,"graph":638,"unsanitizedCount":133,"severity":563},"\u003Cwwa-ajax> (wwa-ajax.php:0)",{"nodes":639,"edges":667},[640,642,643,644,645,647,648,649,651,653,655,657,659,661,663,665],{"id":518,"type":519,"label":641,"file":325,"line":544},"$_GET (x3)",{"id":523,"type":524,"label":546,"file":325,"line":500,"wp_function":547},{"id":549,"type":519,"label":569,"file":325,"line":610},{"id":552,"type":524,"label":574,"file":325,"line":612,"wp_function":575},{"id":556,"type":519,"label":646,"file":325,"line":550},"$_GET (x2)",{"id":591,"type":553,"label":554,"file":325,"line":550},{"id":594,"type":524,"label":557,"file":325,"line":389,"wp_function":558},{"id":597,"type":519,"label":650,"file":325,"line":570},"$_POST (x2)",{"id":652,"type":553,"label":572,"file":325,"line":570},"n8",{"id":654,"type":524,"label":574,"file":325,"line":319,"wp_function":575},"n9",{"id":656,"type":519,"label":520,"file":325,"line":592},"n10",{"id":658,"type":553,"label":595,"file":325,"line":592},"n11",{"id":660,"type":524,"label":557,"file":325,"line":598,"wp_function":558},"n12",{"id":662,"type":519,"label":520,"file":325,"line":504},"n13",{"id":664,"type":553,"label":629,"file":325,"line":504},"n14",{"id":666,"type":524,"label":557,"file":325,"line":631,"wp_function":558},"n15",[668,669,670,671,672,673,674,675,676,677],{"from":518,"to":523,"sanitized":324},{"from":549,"to":552,"sanitized":324},{"from":556,"to":591,"sanitized":50},{"from":591,"to":594,"sanitized":50},{"from":597,"to":652,"sanitized":50},{"from":652,"to":654,"sanitized":50},{"from":656,"to":658,"sanitized":50},{"from":658,"to":660,"sanitized":50},{"from":662,"to":664,"sanitized":50},{"from":664,"to":666,"sanitized":50},{"summary":679,"deductions":680},"The wp-webauthn plugin, in version 1.4.1, exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to fundamental WordPress security practices, with all identified entry points (AJAX handlers, REST API routes, shortcodes, and cron events) appearing to have appropriate authentication and authorization checks. SQL queries are exclusively handled via prepared statements, and output escaping is generally robust, with only a small percentage showing potential for issues. Furthermore, the absence of external HTTP requests and the use of capability checks on a significant portion of its code are commendable.\n\nHowever, several critical concerns warrant attention. The static analysis reveals a notable number of 'dangerous functions' being utilized, including those capable of executing arbitrary code on the server. More alarmingly, the taint analysis identified six high-severity flows with unsanitized paths. This suggests that user-supplied input could be improperly handled, leading to potential vulnerabilities if not meticulously sanitized before being used in sensitive operations, especially in conjunction with the identified dangerous functions. The vulnerability history, while not detailing critical or high severity CVEs in the past, indicates a pattern of medium-severity Cross-Site Scripting (XSS) vulnerabilities. The presence of a recent, unpatched medium vulnerability (as of 2026-03-20) is a significant red flag, suggesting potential ongoing issues with input validation or output encoding in specific scenarios.\n\nIn conclusion, while wp-webauthn implements several key security best practices, the presence of dangerous functions, high-severity unsanitized taint flows, and a history of XSS vulnerabilities, compounded by an unpatched medium CVE, indicates a substantial risk. The plugin requires immediate attention to address the identified taint flows and the unpatched vulnerability. Further in-depth review of the usage of dangerous functions in conjunction with user input is also strongly recommended.",[681,683,686,688,691],{"reason":682,"points":146},"Unsanitized paths in taint analysis (high severity)",{"reason":684,"points":685},"Unpatched CVE (medium severity)",15,{"reason":687,"points":86},"Presence of dangerous functions",{"reason":689,"points":690},"Low percentage of properly escaped output",4,{"reason":692,"points":693},"History of XSS vulnerabilities",5,"2026-04-16T11:00:15.296Z",{"wat":696,"direct":709},{"assetPaths":697,"generatorPatterns":702,"scriptPaths":703,"versionParams":704},[698,699,700,701],"\u002Fwp-content\u002Fplugins\u002Fwp-webauthn\u002Fassets\u002Fcss\u002Fwp-webauthn-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-webauthn\u002Fassets\u002Fcss\u002Fwp-webauthn-user.css","\u002Fwp-content\u002Fplugins\u002Fwp-webauthn\u002Fassets\u002Fjs\u002Fwp-webauthn-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-webauthn\u002Fassets\u002Fjs\u002Fwp-webauthn-user.js",[],[700,701],[705,706,707,708],"wp-webauthn\u002Fassets\u002Fcss\u002Fwp-webauthn-admin.css?ver=","wp-webauthn\u002Fassets\u002Fcss\u002Fwp-webauthn-user.css?ver=","wp-webauthn\u002Fassets\u002Fjs\u002Fwp-webauthn-admin.js?ver=","wp-webauthn\u002Fassets\u002Fjs\u002Fwp-webauthn-user.js?ver=",{"cssClasses":710,"htmlComments":715,"htmlAttributes":716,"restEndpoints":719,"jsGlobals":720,"shortcodeOutput":723},[711,712,713,714],"wwa-webauthn-login-container","wwa-webauthn-login-button","wwa-webauthn-registration-container","wwa-webauthn-registration-button",[],[717,718],"data-wwa-options","data-wwa-user-id",[],[721,722],"wwa_webauthn_options","wwa_user_id",[],{"error":324,"url":725,"statusCode":726,"statusMessage":727,"message":727},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-webauthn\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":729,"versions":730},28,[731,737,745,752,761,769,779,789,799,808,818,828,837,847,857,867,877,887,897,907,917,927,937,947,957,967,977,987],{"version":6,"download_url":26,"svn_tag_url":732,"released_at":39,"has_diff":50,"diff_files_changed":733,"diff_lines":39,"trac_diff_url":734,"vulnerabilities":735,"is_current":324},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.4.0&new_path=%2Fwp-webauthn%2Ftags%2F1.4.1",[736],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"version":738,"download_url":739,"svn_tag_url":740,"released_at":39,"has_diff":50,"diff_files_changed":741,"diff_lines":39,"trac_diff_url":742,"vulnerabilities":743,"is_current":50},"1.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.3.4&new_path=%2Fwp-webauthn%2Ftags%2F1.4.0",[744],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"version":81,"download_url":746,"svn_tag_url":747,"released_at":39,"has_diff":50,"diff_files_changed":748,"diff_lines":39,"trac_diff_url":749,"vulnerabilities":750,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.3.3&new_path=%2Fwp-webauthn%2Ftags%2F1.3.4",[751],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"version":753,"download_url":754,"svn_tag_url":755,"released_at":39,"has_diff":50,"diff_files_changed":756,"diff_lines":39,"trac_diff_url":757,"vulnerabilities":758,"is_current":50},"1.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.3.2&new_path=%2Fwp-webauthn%2Ftags%2F1.3.3",[759,760],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":65,"download_url":762,"svn_tag_url":763,"released_at":39,"has_diff":50,"diff_files_changed":764,"diff_lines":39,"trac_diff_url":765,"vulnerabilities":766,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.3.1&new_path=%2Fwp-webauthn%2Ftags%2F1.3.2",[767,768],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":770,"download_url":771,"svn_tag_url":772,"released_at":39,"has_diff":50,"diff_files_changed":773,"diff_lines":39,"trac_diff_url":774,"vulnerabilities":775,"is_current":50},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.3.0&new_path=%2Fwp-webauthn%2Ftags%2F1.3.1",[776,777,778],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":780,"download_url":781,"svn_tag_url":782,"released_at":39,"has_diff":50,"diff_files_changed":783,"diff_lines":39,"trac_diff_url":784,"vulnerabilities":785,"is_current":50},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.8&new_path=%2Fwp-webauthn%2Ftags%2F1.3.0",[786,787,788],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":790,"download_url":791,"svn_tag_url":792,"released_at":39,"has_diff":50,"diff_files_changed":793,"diff_lines":39,"trac_diff_url":794,"vulnerabilities":795,"is_current":50},"1.2.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.7&new_path=%2Fwp-webauthn%2Ftags%2F1.2.8",[796,797,798],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":173,"download_url":800,"svn_tag_url":801,"released_at":39,"has_diff":50,"diff_files_changed":802,"diff_lines":39,"trac_diff_url":803,"vulnerabilities":804,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.6&new_path=%2Fwp-webauthn%2Ftags%2F1.2.7",[805,806,807],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":809,"download_url":810,"svn_tag_url":811,"released_at":39,"has_diff":50,"diff_files_changed":812,"diff_lines":39,"trac_diff_url":813,"vulnerabilities":814,"is_current":50},"1.2.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.5&new_path=%2Fwp-webauthn%2Ftags%2F1.2.6",[815,816,817],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":819,"download_url":820,"svn_tag_url":821,"released_at":39,"has_diff":50,"diff_files_changed":822,"diff_lines":39,"trac_diff_url":823,"vulnerabilities":824,"is_current":50},"1.2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.4&new_path=%2Fwp-webauthn%2Ftags%2F1.2.5",[825,826,827],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":138,"download_url":829,"svn_tag_url":830,"released_at":39,"has_diff":50,"diff_files_changed":831,"diff_lines":39,"trac_diff_url":832,"vulnerabilities":833,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.3&new_path=%2Fwp-webauthn%2Ftags%2F1.2.4",[834,835,836],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":838,"download_url":839,"svn_tag_url":840,"released_at":39,"has_diff":50,"diff_files_changed":841,"diff_lines":39,"trac_diff_url":842,"vulnerabilities":843,"is_current":50},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.2&new_path=%2Fwp-webauthn%2Ftags%2F1.2.3",[844,845,846],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":848,"download_url":849,"svn_tag_url":850,"released_at":39,"has_diff":50,"diff_files_changed":851,"diff_lines":39,"trac_diff_url":852,"vulnerabilities":853,"is_current":50},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.1&new_path=%2Fwp-webauthn%2Ftags%2F1.2.2",[854,855,856],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":858,"download_url":859,"svn_tag_url":860,"released_at":39,"has_diff":50,"diff_files_changed":861,"diff_lines":39,"trac_diff_url":862,"vulnerabilities":863,"is_current":50},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.2.0&new_path=%2Fwp-webauthn%2Ftags%2F1.2.1",[864,865,866],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":868,"download_url":869,"svn_tag_url":870,"released_at":39,"has_diff":50,"diff_files_changed":871,"diff_lines":39,"trac_diff_url":872,"vulnerabilities":873,"is_current":50},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.1.0&new_path=%2Fwp-webauthn%2Ftags%2F1.2.0",[874,875,876],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":878,"download_url":879,"svn_tag_url":880,"released_at":39,"has_diff":50,"diff_files_changed":881,"diff_lines":39,"trac_diff_url":882,"vulnerabilities":883,"is_current":50},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.16&new_path=%2Fwp-webauthn%2Ftags%2F1.1.0",[884,885,886],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":888,"download_url":889,"svn_tag_url":890,"released_at":39,"has_diff":50,"diff_files_changed":891,"diff_lines":39,"trac_diff_url":892,"vulnerabilities":893,"is_current":50},"1.0.16","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.16.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.15&new_path=%2Fwp-webauthn%2Ftags%2F1.0.16",[894,895,896],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":898,"download_url":899,"svn_tag_url":900,"released_at":39,"has_diff":50,"diff_files_changed":901,"diff_lines":39,"trac_diff_url":902,"vulnerabilities":903,"is_current":50},"1.0.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.15\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.12&new_path=%2Fwp-webauthn%2Ftags%2F1.0.15",[904,905,906],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":908,"download_url":909,"svn_tag_url":910,"released_at":39,"has_diff":50,"diff_files_changed":911,"diff_lines":39,"trac_diff_url":912,"vulnerabilities":913,"is_current":50},"1.0.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.11&new_path=%2Fwp-webauthn%2Ftags%2F1.0.12",[914,915,916],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":918,"download_url":919,"svn_tag_url":920,"released_at":39,"has_diff":50,"diff_files_changed":921,"diff_lines":39,"trac_diff_url":922,"vulnerabilities":923,"is_current":50},"1.0.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.10&new_path=%2Fwp-webauthn%2Ftags%2F1.0.11",[924,925,926],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":928,"download_url":929,"svn_tag_url":930,"released_at":39,"has_diff":50,"diff_files_changed":931,"diff_lines":39,"trac_diff_url":932,"vulnerabilities":933,"is_current":50},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.9&new_path=%2Fwp-webauthn%2Ftags%2F1.0.10",[934,935,936],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":938,"download_url":939,"svn_tag_url":940,"released_at":39,"has_diff":50,"diff_files_changed":941,"diff_lines":39,"trac_diff_url":942,"vulnerabilities":943,"is_current":50},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.8&new_path=%2Fwp-webauthn%2Ftags%2F1.0.9",[944,945,946],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":948,"download_url":949,"svn_tag_url":950,"released_at":39,"has_diff":50,"diff_files_changed":951,"diff_lines":39,"trac_diff_url":952,"vulnerabilities":953,"is_current":50},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.7&new_path=%2Fwp-webauthn%2Ftags%2F1.0.8",[954,955,956],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":958,"download_url":959,"svn_tag_url":960,"released_at":39,"has_diff":50,"diff_files_changed":961,"diff_lines":39,"trac_diff_url":962,"vulnerabilities":963,"is_current":50},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.6&new_path=%2Fwp-webauthn%2Ftags%2F1.0.7",[964,965,966],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":968,"download_url":969,"svn_tag_url":970,"released_at":39,"has_diff":50,"diff_files_changed":971,"diff_lines":39,"trac_diff_url":972,"vulnerabilities":973,"is_current":50},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.5&new_path=%2Fwp-webauthn%2Ftags%2F1.0.6",[974,975,976],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":978,"download_url":979,"svn_tag_url":980,"released_at":39,"has_diff":50,"diff_files_changed":981,"diff_lines":39,"trac_diff_url":982,"vulnerabilities":983,"is_current":50},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-webauthn%2Ftags%2F1.0.4&new_path=%2Fwp-webauthn%2Ftags%2F1.0.5",[984,985,986],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81},{"version":988,"download_url":989,"svn_tag_url":990,"released_at":39,"has_diff":50,"diff_files_changed":991,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":992,"is_current":50},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-webauthn\u002Ftags\u002F1.0.4\u002F",[],[993,994,995],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":65},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":76,"url_slug":77,"title":78,"severity":41,"cvss_score":66,"vuln_type":44,"patched_in_version":81}]