Authentication WordPress Plugins with Most Issues
37 indexed plugins
Plugins
37
Active Installs
662k+
Average Score
54
Audited
37
Most Issues
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | WP-Members Membership Plugin | 24 | 669 | 382 | 50k+ | Output is not escaped | ||
| #2 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | ||
| #3 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #4 | Login by Auth0 | 37 | 307 | 82 | 10k+ | Text Domain Mismatch | ||
| #5 | wpDirAuth | 32 | 250 | 135 | 600 | wp function not compatible with requires wp | ||
| #6 | IP Based Login | 35 | 179 | 146 | 600 | Output is not escaped | ||
| #7 | Sessions | 33 | 196 | 103 | 900 | Output is not escaped | ||
| #8 | WP Cassify | 35 | 106 | 143 | 800 | Missing nonce verification | ||
| #9 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #10 | Login for Google Apps | 27 | 139 | 85 | 10k+ | Exception output is not escaped | ||
| #11 | WP 2-step verification | 32 | 154 | 65 | 1k+ | Output is not escaped | ||
| #12 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | Output is not escaped | ||
| #13 | Duo Two-Factor Authentication | 37 | 44 | 61 | 3k+ | Missing nonce verification | ||
| #14 | Google Authenticator | 41 | 39 | 65 | 20k+ | Output is not escaped | ||
| #15 | Simple LDAP Login | 38 | 65 | 33 | 1k+ | Output is not escaped | ||
| #16 | yubikey-plugin | 40 | 64 | 33 | 400 | Text Domain Mismatch | ||
| #17 | WP Limit Login Attempts | 39 | 26 | 67 | 10k+ | Direct Query | ||
| #18 | Two Factor | 42 | 18 | 70 | 100k+ | Nonce verification recommended | ||
| #19 | authLdap | 36 | 47 | 30 | 5k+ | Exception output is not escaped | ||
| #20 | Authorizer | 65 | 3 | 54 | 5k+ | Nonce verification recommended | ||
| #21 | JSON API User | 57 | 17 | 34 | 1k+ | Non-prefixed hook name | ||
| #22 | Protect Login | 95 | 26 | 19 | 600 | Missing direct file access protection | ||
| #23 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #24 | Easy Basic Authentication – Add basic auth to site or admin area | 46 | 14 | 28 | 600 | Input is not sanitized | ||
| #25 | Two Factor (2FA) Authentication via Email | 61 | 12 | 27 | 9k+ | Request data is not unslashed | ||
| #26 | WP SAML Auth | 76 | 7 | 25 | 8k+ | Nonce verification recommended | ||
| #27 | Duo Universal | 80 | 6 | 25 | 2k+ | Nonce verification recommended | ||
| #28 | Whitelist IP For Limit Login Attempts | 48 | 18 | 12 | 600 | Output is not escaped | ||
| #29 | HTTP Authentication | 35 | 23 | 6 | 600 | Output is not escaped | ||
| #30 | Log in with Google | 35 | 5 | 17 | 6k+ | Non-prefixed global variable | ||
| #31 | Maestro Connector | 97 | 7 | 4 | 500 | Missing direct file access protection | ||
| #32 | HivePress Authentication | 98 | 1 | 5 | 1k+ | Missing Version | ||
| #33 | WP Basic Authentication | 100 | 3 | 2k+ | trademarked term | |||
| #34 | Active Directory Integration / LDAP Integration | 100 | 2 | 4k+ | Non-prefixed constant | |||
| #35 | Logged-in-only | 100 | 1 | 700 | trademarked term | |||
| #36 | Firebase Authentication | 100 | 0 | 500 | No open findings | |||
| #37 | Shibboleth | 100 | 0 | 3k+ | No open findings |
