[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEmks26aIw9oy64PdYXvgu9jVsnDFI29U55_QvaspXu0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":127,"fingerprints":291},"xmpp-auth","XMPP Authentication","0.6","Jehan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjehan\u002F","\u003Cp>This plugin has two main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>any reader on your website can comment if one has an Instant Messaging\u003Cbr \u002F>\naddress (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal\u003Cbr \u002F>\naccount for instance are such standard IM identifiers as well);\u003C\u002Fli>\n\u003Cli>a subscribed user (whatever its role) can authenticate with one’s IM\u003Cbr \u002F>\naddress if they set their IM address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is still in experimental state but is usable.\u003C\u002Fp>\n\u003Ch4>Detailed Process\u003C\u002Fh4>\n\u003Cp>The authentication part is something like openID, except that it uses your\u003Cbr \u002F>\nexisting IM address: you ask for authentication on a website, and it pops-up a\u003Cbr \u002F>\nconfirmation via IM (that you can accept, or refuse).\u003C\u002Fp>\n\u003Cp>Considering that the IM protocol (XMPP) is very secure,\u003Cbr \u002F>\nall the infrastructure to securely exchange an authentication request is\u003Cbr \u002F>\nthere. No need to make any new account, no need a special client, nor a\u003Cbr \u002F>\nidentity third party provider, and that’s really instantaneous (as \u003Cem>instant\u003C\u002Fem>\u003Cbr \u002F>\nmessaging) and more secure than HTTP or SMTP protocols.\u003C\u002Fp>\n\u003Ch4>Spam Protection\u003C\u002Fh4>\n\u003Cp>It adds an additional layer to protect against Spam by verifying an\u003Cbr \u002F>\nidentity using a very secure and modern protocol (XMPP), which also is instant,\u003Cbr \u002F>\nhence much more reliable in any way than email for instance.\u003C\u002Fp>\n\u003Ch4>Secure and Easy Login\u003C\u002Fh4>\n\u003Cp>Many reasons to use such a plugin for login:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>not to have to remember a new password (password-login can be disabled in\u003Cbr \u002F>\nyour profile, on a per-user choice);\u003C\u002Fli>\n\u003Cli>you are in a very insecure environment (for instance a cybercafe) and consider\u003Cbr \u002F>\nonly your IM account to be a minimum securized. Or better, you run an IM\u003Cbr \u002F>\nclient on your smartphone (or a similar tool), so you would receive the query\u003Cbr \u002F>\non this personal item while never typing any kind of password on the insecure\u003Cbr \u002F>\nplatform where you log.\u003C\u002Fli>\n\u003Cli>And so on.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Publishing Account\u003C\u002Fh4>\n\u003Cp>This section contains the connection parameters of the account which will be\u003Cbr \u002F>\nused as a wordpress bot. I would personnaly advice to create a dedicated account\u003Cbr \u002F>\njust for it (you may also use your personal account of course, as the plugin’s\u003Cbr \u002F>\nbot will create a resource identifier unique for every connection) and to\u003Cbr \u002F>\nconfigure it to refuse any contact and communication (as noone will have to\u003Cbr \u002F>\nadd it to one’s roster, except you maybe for test or debugging purpose?).\u003Cbr \u002F>\nThe fields are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The bot address (bare jid form: mybotname@myserveraddress);\u003C\u002Fli>\n\u003Cli>the password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Connection Parameters\u003C\u002Fh4>\n\u003Cp>By default xmpp-auth can use SRV records which is a recommended way to\u003Cbr \u002F>\nadvertize server and port from a domain name (see for instance\u003Cbr \u002F>\nhttp:\u002F\u002Fdns.vanrein.org\u002Fsrv\u002F for details).\u003C\u002Fp>\n\u003Cp>This is an advanced section in case your server does not use SRV AND uses a server\u003Cbr \u002F>\nwhich is not the same as the domain from the jid or a port different from the\u003Cbr \u002F>\ndefault one (5222).\u003C\u002Fp>\n\u003Cp>Hence there will be very very few cases where you will have to fill this\u003Cbr \u002F>\nsection and if you don’t understand all what I say here, just don’t fill\u003Cbr \u002F>\nanything there (if you fill even only one field, then it will be used instead\u003Cbr \u002F>\nof SRV and default values).\u003C\u002Fp>\n\u003Cp>The default values will be used if the fields are empty and no SRV is configured on\u003Cbr \u002F>\nthe Jabber server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the XMPP server (often the same as ‘myseveraddress’ of the jid);\u003C\u002Fli>\n\u003Cli>the XMPP port (usually 5222).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Features I am considering:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>check quickstart (http:\u002F\u002Fxmpp.org\u002Fextensions\u002Finbox\u002Fquickstart.html). In\u003Cbr \u002F>\nparticular, I should at least cache DNS lookups now.\u003C\u002Fli>\n\u003Cli>deactivate IM features when plugin not configured.\u003C\u002Fli>\n\u003Cli>For comments, use the IM avatar of the commenter instead of gravatar;\u003C\u002Fli>\n\u003Cli>Make various notifications usually done by email be done by IM instead (if\u003Cbr \u002F>\nadequate);\u003C\u002Fli>\n\u003Cli>Display the comment’s JID on the admin page (as we display the email\u003Cbr \u002F>\naddress, obviously only for administrators);\u003C\u002Fli>\n\u003Cli>Add Scram-* to SASL package;\u003C\u002Fli>\n\u003Cli>Make the generic XMPP part a PEAR package.\u003C\u002Fli>\n\u003Cli>Subscribe with XMPP JID.\u003C\u002Fli>\n\u003Cli>Login with JID or username (both possible).\u003C\u002Fli>\n\u003Cli>If password is disabled, it also cannot be resetted.\u003C\u002Fli>\n\u003Cli>Make user choose to receive password reset or other notification through IM\u003Cbr \u002F>\ninstead of email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>XMPP Features\u003C\u002Fh3>\n\u003Cp>Full Secure XML Stream with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>TLS (with real certificate verification, so confidentiality and\u003Cbr \u002F>\nauthentication);\u003C\u002Fli>\n\u003Cli>SASL (Digest-MD5, CRAM-MD5 and PLAIN only for now);\u003C\u002Fli>\n\u003Cli>SRV records “randomization” algorithm.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contacts\u003C\u002Fh3>\n\u003Cp>You can have some news about this plugin on \u003Ca href=\"http:\u002F\u002Fjehan.zemarmot.net\" title=\"my public diary\" rel=\"nofollow ugc\">my freedom\u003Cbr \u002F>\nhaven\u003C\u002Fa>.\u003Cbr \u002F>\nYou can also drop me an instant message on “hysseo” at zemarmot.net.\u003C\u002Fp>\n\u003Cp>Have a nice life!\u003C\u002Fp>\n","Allows users to authenticate without password via XMPP and for visitors to be filtered by XMPP verification.",10,2799,100,1,"2016-01-15T14:33:00.000Z","4.4.34","3.2.0","",[20,21,22,23,24],"authentication","comments","jabber","xep-0070","xmpp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmpp-auth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmpp-auth.0.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"jehan",30,84,"2026-04-04T15:10:41.632Z",[38,59,79,97,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":18,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"conversejs","ConverseJS","4.2.0","brjhcxnnwqjevwc","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrjhcxnnwqjevwc\u002F","\u003Cp>Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.\u003C\u002Fp>\n\u003Cp>It’s similar to Facebook chat, but also supports multi-user chatrooms.\u003C\u002Fp>\n\u003Cp>Converse.js can connect to any accessible XMPP\u002FJabber server, either from a public provider such as chatme.im, or to one you have set up yourself.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"https:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">conversejs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmotostorie.blog\u002F\" rel=\"nofollow ugc\">MotoStorie\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Special Thanks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>To my sister for having tolerated\u003C\u002Fli>\n\u003Cli>My work for the economic support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Single-user chat\u003C\u002Fli>\n\u003Cli>Multi-user chatrooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0045.html\" rel=\"nofollow ugc\">XEP 45\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Direct invitations to chat rooms \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0249.html\" rel=\"nofollow ugc\">XEP 249\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>vCard support \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0054.html\" rel=\"nofollow ugc\">XEP 54\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Service discovery \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0030.html\" rel=\"nofollow ugc\">XEP 30\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>In-band registration \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0077.html\" rel=\"nofollow ugc\">XEP 77\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact rosters and groups\u003C\u002Fli>\n\u003Cli>Contact subscriptions\u003C\u002Fli>\n\u003Cli>Roster item exchange \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Ftmp\u002Fxep-0144-1.1.html\" rel=\"nofollow ugc\">XEP 144\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chat statuses (online, busy, away, offline)\u003C\u002Fli>\n\u003Cli>Custom status messages\u003C\u002Fli>\n\u003Cli>Typing and chat state notifications \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0085.html\" rel=\"nofollow ugc\">XEP 85\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Desktop notification messages\u003C\u002Fli>\n\u003Cli>Messages appear in all connected chat clients \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0280.html\" rel=\"nofollow ugc\">XEP 280\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Third person “\u002Fme” messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0245.html\" rel=\"nofollow ugc\">XEP 245\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>XMPP Ping \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0199.html\" rel=\"nofollow ugc\">XEP 199\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Server-side archiving of messages \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0313.html\" rel=\"nofollow ugc\">XEP 313\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Client state indication \u003Ca href=\"http:\u002F\u002Fxmpp.org\u002Fextensions\u002Fxep-0352.html\" rel=\"nofollow ugc\">XEP 352\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Off-the-record encryption\u003C\u002Fli>\n\u003Cli>Translated into 16 languages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hand-crafted, and made with love, in Padova, Italy.\u003C\u002Fp>\n\u003Cp>Based on \u003Ca href=\"http:\u002F\u002Fconversejs.org\u002F\" rel=\"nofollow ugc\">Converse.js\u003C\u002Fa>.\u003C\u002Fp>\n","Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.",17379,72,5,"6.4.8","4.6","7.3",[53,54,55,22,24],"chat","converse","irc","https:\u002F\u002Fconversejs.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconversejs.4.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":78},"ejabberd-account-tools","Ejabberd Account Tools","2.11","Beherit","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeherit\u002F","\u003Cp>Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces of websites running on the WordPress engine. You will be able to place on any page e.g. new account registration form, account password reset form, webpresence support. From the administration panel side you will gain access to e.g. blocking accounts, unblocking IP addresses from the fail2ban database and sending system messages to specific users. The plugin for communication with the ejabberd server uses the ReST API from the mod_http_api module, you only need to properly configure the ejabberd server in accordance with the guidelines from the plugin settings, type the url address of the ejabberd server ReST API and insert shortcodes on any page.\u003C\u002Fp>\n","Provides a set of useful tools for the ejabberd server, both for the frontend and backend spaces",16239,2,"2025-02-12T15:54:00.000Z","6.6.5","5.9","8.0",[74,22,24],"ejabberd","https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Fejabberd-account-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fejabberd-account-tools.2.11.zip",92,"2026-03-15T14:54:45.397Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"identity-plus","Identityplus","2.4.3","Stefan Harsan Farr","https:\u002F\u002Fprofiles.wordpress.org\u002Fshfarr\u002F","\u003Cp>Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally 3) factor authentication and TLS level authentication making your site more secure than ever. Additionally it enables site owners to collaborate in defending against criminality by allowing them to send feedback on certificates and their oweners. With Identityplus, when a spam is reported, we are not only preventing the same spam being posted anywhere else, we are effectively preventing the spammer sending any other kind of spam, anywhere else. Keep on reading for a brief intro into this powerful technology.\u003C\u002Fp>\n\u003Ch4>Log In, Before A Login Page\u003C\u002Fh4>\n\u003Cp>Why Identityplus Is Better Than Any 2 Factor Authentication …\u003C\u002Fp>\n\u003Cp>Whenever you deal with application level login, whether it’s one factor, two factor or any factor for that matter, you need a login page. This page must load before it gets the chance to see who is visiting, which is why Worpress has a protection against repeated login attempts. This can stop bots, to a certain degree, but if you happen to have an application vulnerability that can be used by a hacker to bypass login, whether you forgot to updated your WordPress or something totally out of your control like zero day vulnerability in PHP, your blog is toast, regardless of how many factors of authentications you have.\u003Cbr \u002F>\nIdentityplus uses TLS level authentication, which means the visiting device is authenticated before the login page loads. If the proper PKI credentials are not presented by the device, the page will never, ever load. The visitor is simply directed away from the sensitive page and hence is unable to perform any kind of attack, be that brute force, credential theft or zero day for that matter. No login page, no problem …\u003C\u002Fp>\n\u003Ch4>A VPN Into Your Admin Panel\u003C\u002Fh4>\n\u003Cp>Make Your Admin Panel Accessible Only From Your Computers …\u003C\u002Fp>\n\u003Cp>Having a PKI indenity in your browser is a powreful thing. Because the server expects that identity to be there, it does not only limit access by the user, it also limits access based on computer. As such, your admin panel becomes literally inaccessible from any other computer in the world. To access your admin panel, a hacker must steal your computer and access it from there.\u003C\u002Fp>\n\u003Ch4>SSO Like Never Before\u003C\u002Fh4>\n\u003Cp>Simpler, Faster, More Secure. Sign In Without Having To Do Anyting …\u003C\u002Fp>\n\u003Cp>Once you start using Identityplus, you will see you are hardly asked to do anything, you’ll just notice you are logged in. Don’t get scared, you are logged in because your computer is certified and it’s being identified before you would have the chance to do anything. But since you also logged in with your password or your fingerprint into the device you are using (laptop \u002F mobile phone), you are actually performing 2 factor authentication without even noticing it. You will occasionally notice however, as your certificate becomes idle, that you are being asked for your Identityplus PIN. That’s actually the third factor authentication, all in one solution\u003C\u002Fp>\n\u003Ch4>A Network Of Trust\u003C\u002Fh4>\n\u003Cp>Reward Good Deeds And Block The Spammer, Not The Only Spam …\u003C\u002Fp>\n\u003Cp>When devices wear an impossible to forge identity, something amazing happens: if you restrict access to your comment section to devices with Identityplus certificates, whever you approve a comment, you are sending tokens of trust to the owner of that certificate telling Identityplus that you trust the owner. Now other blogs can trust him too, and he is steadily building a profile that defferentiates him from any malicius bot. Conversely, when you mark a comment as spam, you’ll be telling Identityplus that this is a malicious entity, and we block the certificate making sure the device can’t be used to post spam again. Now we are no longer only stopping spam, we are collectively working on stopping the spammer.\u003C\u002Fp>\n\u003Ch4>Enjoy 10 Connected Users For Free\u003C\u002Fh4>\n\u003Cp>Free Certificates, Free API Up To 10 Connected Users, Unlimited Validations For Free …\u003C\u002Fp>\n\u003Cp>A connected user is a user that can be signed in automatically via Identityplus into a service using Identityplus. If that service is your personal blog, you probably don’t have more than 10 users who regularly sign into the administrative section of your WordPress installation. If that’s the case, you will never have to pay for Identityplus. Visitors that comment with Identityplus accounts that are not connected to local accounts do not count. For this reason the plugin will only connect administrator accouns by default. If you need log more than 10 users into your back-end, you’ll need a business account, the cost of which scales with the number of your active users. Check our the pricing section for details.\u003C\u002Fp>\n\u003Ch3>2.4.3\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 6.1.1\u003C\u002Fp>\n\u003Ch3>2.4.2\u003C\u002Fh3>\n\u003Cp>Minor bug fixes and tested with WordPress 6.0\u003C\u002Fp>\n\u003Ch3>2.4.1\u003C\u002Fh3>\n\u003Cp>Minor bug fixes\u003C\u002Fp>\n\u003Ch3>2.4\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.7\u003C\u002Fp>\n\u003Ch3>2.3\u003C\u002Fh3>\n\u003Cp>Minor update and tested with WordPress 5.5\u003C\u002Fp>\n\u003Ch3>2.2\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.3.2\u003C\u002Fp>\n\u003Ch3>2.1\u003C\u002Fh3>\n\u003Cp>We’ve replaced the necessity to validate the domain with an uploaded file with an automatic callback to achieve even less friction when you install the plug in.\u003C\u002Fp>\n\u003Ch3>2.0\u003C\u002Fh3>\n\u003Cp>This is a major update. We recommend deactivating the “Enforce Identity + Device Certificate” flag for safety during certificate update.\u003C\u002Fp>\n\u003Cp>Added automatic & one click API certificate renewal. This grately improves user experience for maitaining the Identity Plus plugin and prevents accidental certificate expiration, which may cause service outage.\u003Cbr \u002F>\nIntegrated the new service installation proces via automated wizard. It is no longer needed for the user to log into identity plus account and issue certificate before installation. Using the mobile application, or registered device, you can now onboard the service, issue the certificate and activate identity plus in one short flow.\u003Cbr \u002F>\nWe’ve also moved the certificate storage from file to the database for enhanced security.\u003C\u002Fp>\n\u003Ch3>1.6.4\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.3\u003C\u002Fh3>\n\u003Cp>Moved the legacy certificate validation endpoint from https:\u002F\u002Fget.identity.plus to https:\u002F\u002Fsignon.identity.plus. The get endpoint will now exclussively handle the certificate issuing and installation process.\u003C\u002Fp>\n\u003Cp>If you encounter problems while using legacy redirect and you land on get. subdomain, simply click the “back to single sign on” link to return to original flow. Please update your plugin to avoid this behavior. Sorry for the inconvenience.\u003C\u002Fp>\n\u003Ch3>1.6.2\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.1\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6\u003C\u002Fh3>\n\u003Cp>Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.\u003C\u002Fp>\n\u003Ch4>1.5\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.8.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.4 beta\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.1.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.2 beta\u003C\u002Fh4>\n\u003Cp>Corrected WordPress coding practice issues and fixing\u003C\u002Fp>\n\u003Ch4>1.1 beta\u003C\u002Fh4>\n\u003Cp>We’ve restricted automatic login for pages that are filtered so that bots would not be bothered by the presence of the plugin.\u003C\u002Fp>\n\u003Ch4>1.0 beta\u003C\u002Fh4>\n\u003Cp>Version 1.0 beta is the first version of the Identityplus plugin, and it contains the minimum set of functionality and configuration options. Nevertheless, it will give your site an incredible security boost and at the same time it will improve user experience. Please take a moment to familiarize yourself with the core concepts so that you can take maximum advantage of this powerful security technology.\u003C\u002Fp>\n","Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally &hellip;",2025,"2023-01-03T20:32:00.000Z","6.1.10","3.9",[92,20,21,93,94],"2factor","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fidentity-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidentity-plus.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":28,"num_ratings":28,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":112,"download_link":113,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"p3chat","P3chat","1.2.1","Sergey.S.Betke","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeysbetkenovgaroru\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fabout\" rel=\"nofollow ugc\">Sergey S. Betke\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\" rel=\"nofollow ugc\">http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides support for \u003Ca href=\"http:\u002F\u002Fp3chat.com\" rel=\"nofollow ugc\">online chat p3chat service\u003C\u002Fa> (online chat, offline messages)\u003Cbr \u002F>\non Your wordpress website.\u003C\u002Fp>\n\u003Ch3>ToDo\u003C\u002Fh3>\n\u003Cp>The next version or later:\u003C\u002Fp>\n\u003Col>\n\u003Cli>images for buttons\u003C\u002Fli>\n\u003Cli>auto registration at p3chat.com (by open-id)\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin provides support for p3chat.com online chat service on Your wordpress website.",3182,"2011-09-08T10:40:00.000Z","3.2.1","3.0.0",[53,22,110,111,24],"msn","msnp","http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fp3chat","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fp3chat.zip",{"slug":115,"name":116,"version":117,"author":63,"author_profile":64,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":28,"num_ratings":28,"last_updated":121,"tested_up_to":70,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":125,"download_link":126,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"xmpp-statistics","XMPP Statistics","1.12","\u003Cp>Displays the statistics from ejabberd XMPP server through ReST API (by using module mod_http_api). The plugin is useful when the XMPP server is located on another machine. Easy to configure and use – just need to type ReST API url and insert shortcodes on the page. Plugin can save the server statistics to the database and show them in a graph just like Munin.\u003C\u002Fp>\n\u003Ch4>Live demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjix.im\u002Fen\u002Finformations\u002Fstatistics\u002F\" rel=\"nofollow ugc\">Here\u003C\u002Fa> you can see the statistics, generated by this plugin, from my own XMPP server.\u003C\u002Fp>\n\u003Ch4>Other Notes\u003C\u002Fh4>\n\u003Cp>This plugin is using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fflot\u002Fflot\" rel=\"nofollow ugc\">Flot\u003C\u002Fa> (Javascript plotting library for jQuery) and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkallookoo\u002Fwp-color-picker-alpha\" rel=\"nofollow ugc\">wp-color-picker-alpha\u003C\u002Fa> (automatically overwrite Iris for enabled Alpha Channel in wpColorPicker).\u003C\u002Fp>\n","Displays the statistics from ejabberd XMPP server through ReST API.",6474,"2024-10-27T18:56:00.000Z","4.4","7.0",[74,22,24],"https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Fxmpp-statistics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmpp-statistics.1.12.zip",{"attackSurface":128,"codeSignals":206,"taintFlows":272,"riskAssessment":273,"analyzedAt":290},{"hooks":129,"ajaxHandlers":202,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":28,"unprotectedCount":28},[130,136,140,144,149,153,157,161,165,169,174,178,182,187,191,195,198],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_init","imauth_admin_init","admin.php",43,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_menu","imauth_menu",292,{"type":131,"name":141,"callback":142,"file":134,"line":143},"admin_notices","xmppauth_not_configured_notice",314,{"type":145,"name":146,"callback":147,"priority":34,"file":134,"line":148},"filter","user_jabber_label","rename_jabber_label",323,{"type":145,"name":150,"callback":151,"file":134,"line":152},"user_contactmethods","modify_user_contact_methods",332,{"type":131,"name":154,"callback":155,"priority":11,"file":134,"line":156},"profile_personal_options","xmppauth_profile_personal_options",371,{"type":131,"name":158,"callback":159,"file":134,"line":160},"show_user_profile","xmppauth_bottom_profile",381,{"type":131,"name":162,"callback":163,"priority":11,"file":134,"line":164},"personal_options_update","xmppauth_personal_options_update",403,{"type":145,"name":166,"callback":167,"priority":11,"file":134,"line":168},"plugin_action_links","xmppauth_plugin_action_links",434,{"type":145,"name":170,"callback":171,"priority":11,"file":172,"line":173},"comment_form_default_fields","xmppauth_comment_form_fields","comment.php",49,{"type":145,"name":175,"callback":176,"priority":13,"file":172,"line":177},"pre_comment_approved","xmppauth_validate_comment",135,{"type":131,"name":179,"callback":180,"priority":11,"file":172,"line":181},"comment_post","xmppauth_save_comment_jid",149,{"type":131,"name":183,"callback":184,"file":185,"line":186},"login_init","imauth_login_init","login.php",42,{"type":131,"name":188,"callback":189,"file":185,"line":190},"login_form","imauth_login_checkbox",68,{"type":145,"name":192,"callback":193,"priority":194,"file":185,"line":77},"authenticate","wp_authenticate_username_password",20,{"type":145,"name":192,"callback":196,"priority":28,"file":185,"line":197},"imauth_login_route",187,{"type":145,"name":199,"callback":200,"priority":11,"file":185,"line":201},"shake_error_codes","xmppauth_check_error_codes",199,[],[],[],[],{"dangerousFunctions":207,"sqlUsage":226,"outputEscaping":232,"fileOperations":11,"externalRequests":28,"nonceChecks":28,"capabilityChecks":68,"bundledLibraries":271},[208,213,215,218,221],{"fn":209,"file":210,"line":211,"context":212},"create_function","Auth\\SASL2\\SCRAM.php",83,"$this->hash = create_function('$data', 'return hash(\"' . $hashes[$hash] . '\", $data, TRUE);');",{"fn":209,"file":210,"line":35,"context":214},"$this->hmac = create_function('$key,$str,$raw', 'return hash_hmac(\"' . $hashes[$hash] . '\", $str, $k",{"fn":209,"file":210,"line":216,"context":217},88,"$this->hash = create_function('$data', 'return md5($data, true);');",{"fn":209,"file":210,"line":219,"context":220},93,"$this->hash = create_function('$data', 'return sha1($data, true);');",{"fn":222,"file":223,"line":224,"context":225},"shell_exec","xmpp-auth.php",44,"$hash = shell_exec('openssl x509 -hash -noout -in \"' . $cert . '\"');",{"prepared":28,"raw":14,"locations":227},[228],{"file":229,"line":230,"context":231},"xmpp_stream.php",96,"$wpdb->query() with variable interpolation",{"escaped":233,"rawEcho":234,"locations":235},13,17,[236,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269],{"file":134,"line":237,"context":238},99,"raw output",{"file":134,"line":240,"context":238},102,{"file":134,"line":242,"context":238},113,{"file":134,"line":244,"context":238},118,{"file":134,"line":246,"context":238},124,{"file":134,"line":248,"context":238},131,{"file":134,"line":250,"context":238},140,{"file":134,"line":252,"context":238},168,{"file":134,"line":254,"context":238},177,{"file":134,"line":256,"context":238},186,{"file":134,"line":258,"context":238},194,{"file":134,"line":260,"context":238},202,{"file":134,"line":262,"context":238},211,{"file":134,"line":264,"context":238},218,{"file":134,"line":266,"context":238},256,{"file":134,"line":268,"context":238},311,{"file":185,"line":270,"context":238},52,[],[],{"summary":274,"deductions":275},"The xmpp-auth v0.6 plugin exhibits a generally positive security posture with no known CVEs or recorded vulnerability history, suggesting a history of good security practices. The static analysis reveals a limited attack surface, with zero unprotected entry points, which is a strong indicator of secure design. However, the code analysis does highlight several areas of concern. The presence of dangerous functions like `create_function` and `shell_exec` warrants attention, as these can be misused in certain contexts. Furthermore, the plugin uses raw SQL queries without prepared statements, which is a common vector for SQL injection vulnerabilities. The moderate rate of properly escaped output (43%) suggests that some user-supplied data may not be adequately sanitized before being displayed, potentially leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on any entry points is also a notable weakness, as nonces are crucial for preventing cross-site request forgery (CSRF) attacks. Despite these specific coding concerns, the plugin's lack of a complex attack surface and its clean vulnerability history are significant strengths. The primary risks lie within the potential for SQL injection, XSS, and CSRF, stemming from the identified code-level weaknesses.",[276,279,282,285,287],{"reason":277,"points":278},"Dangerous functions present (create_function, shell_exec)",8,{"reason":280,"points":281},"SQL queries used without prepared statements",7,{"reason":283,"points":284},"Low percentage of properly escaped output",6,{"reason":286,"points":48},"Zero nonce checks on entry points",{"reason":288,"points":289},"Limited capability checks",3,"2026-03-17T01:00:17.372Z",{"wat":292,"direct":301},{"assetPaths":293,"generatorPatterns":295,"scriptPaths":296,"versionParams":298},[294],"\u002Fwp-content\u002Fplugins\u002Fxmpp-auth\u002Fxmpp-auth.css",[],[297],"\u002Fwp-content\u002Fplugins\u002Fxmpp-auth\u002Fadmin.js",[299,300],"xmpp-auth.css?ver=","admin.js?ver=",{"cssClasses":302,"htmlComments":305,"htmlAttributes":306,"restEndpoints":320,"jsGlobals":321,"shortcodeOutput":323},[303,304],"imauth-options","imauth-advanced-options",[],[307,308,309,310,311,312,313,314,315,316,317,318,319],"id='xmppauth-bot-conf'","id='node'","id='domain'","id='password'","id='xmppauth_component'","id='component'","id='component_secret'","id='component_server'","id='component_port'","id='server'","id='port'","id='disable_login'","id='disable_comment'",[],[322],"objectL10n",[]]