WP-Safety

Ajax BootModal Login Security & Risk Analysis

wordpress.org/plugins/ajax-bootmodal-login

Ajax BootModal Login is a WordPress plugin that is powered by bootstrap and ajax for better login, registration or lost password.

60 active installs v1.4.3 PHP + WP 3.1+ Updated Oct 1, 2014
abm-loginbootstrap-login-formloginwordpress-abm-login-pluginwordpress-login
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 26, 2018
Plugin page Download
Safety Verdict

Is Ajax BootModal Login Safe to Use in 2026?

Use With Caution

Score 64/100

Ajax BootModal Login has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 26, 2018Updated 11yr ago
Risk Assessment

The ajax-bootmodal-login plugin v1.4.3 exhibits a mixed security posture. On the positive side, the static analysis reveals a lack of dangerous functions, no direct SQL injection vulnerabilities due to prepared statements, and no file operations or external HTTP requests, which are common attack vectors. The presence of nonce checks and the fact that all identified AJAX handlers and REST API routes are protected by authentication checks are strong indicators of good development practices in these areas. However, a significant concern is the extremely low percentage of properly escaped output (6%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis showed no specific flows, the unescaped output is a glaring weakness. Furthermore, the plugin has a history of vulnerabilities, with one currently unpatched medium severity CVE from 2018 (Protection Mechanism Failure), suggesting potential recurring issues or a lack of ongoing maintenance and security patching. The absence of capability checks on entry points, despite nonce checks being present, is another area for improvement, as it relies solely on nonces for authorization on AJAX handlers.

Key Concerns

  • Unpatched CVE
  • Low output escaping percentage
  • No capability checks on AJAX handlers
Vulnerabilities
1

Ajax BootModal Login Security Vulnerabilities

CVEs by Year

1 CVE in 2018 · unpatched
2018
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2018-15876medium · 5.3Protection Mechanism Failure

Ajax BootModal Login <= 1.4.3 - CAPTCHA Reuse

Aug 26, 2018Unpatched
Code Analysis
Analyzed Mar 16, 2026

Ajax BootModal Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
44
3 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

6% escaped47 total outputs
Attack Surface

Ajax BootModal Login Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

noprivwp_ajax_ajaxregisterinc\authenticate.php:21
noprivwp_ajax_ajaxlogininc\authenticate.php:22
noprivwp_ajax_ajaxlostpassinc\authenticate.php:23

Shortcodes 1

[Alimir_BootModal_Login] inc\shortcode.php:20
WordPress Hooks 8
actioninitinc\authenticate.php:25
actionwp_headinc\functions.php:97
actionwp_enqueue_scriptsinc\scripts.php:31
actionwp_print_stylesinc\scripts.php:41
actionadmin_menuinc\settings.php:2
actionadmin_initinc\settings.php:6
actionwp_footerinc\shortcode.php:3
actionwidgets_initinc\widget.php:47
Maintenance & Trust

Ajax BootModal Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedOct 1, 2014
PHP min version
Downloads29K

Community Trust

Rating90/100
Number of ratings21
Active installs60
Alternatives

Ajax BootModal Login Alternatives

LoginPress | wp-login Custom Login Page Customizer

LoginPress | wp-login Custom Login Page Customizer

loginpress

A
94

LoginPress is a Custom Login Page Customizer plugin allows you to easily customize the layout of login, admin login, client login, register pages.

200K 6 CVEs
Custom Login Page Customizer – Login Designer

Custom Login Page Customizer – Login Designer

login-designer

A
100

Login Designer is the best way to style a custom login page for your WordPress login, register and forgot password forms, right from the live-action W &hellip;

30K No CVEs
Admin Custom Login

Admin Custom Login

admin-custom-login

A
98

Customize Your WordPress Login Screen Amazingly - Add Own Logo, Add Social Profiles, Login Form Positions, Background Image Slide Show

20K 2 CVEs
My WordPress Login Logo

My WordPress Login Logo

my-wp-login-logo

A
100

My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.

10K No CVEs
WP Login and Logout Redirect

WP Login and Logout Redirect

wp-login-and-logout-redirect

A
99

This plugin enable simple and easy way to redirect user to your chosen page URL after login or logout or both.

6K 1 CVE
Developer Profile

Ajax BootModal Login Developer Profile

Alimir

4 plugins · 70K total installs

61
trust score
Avg Security Score
74/100
Avg Patch Time
342 days
View full developer profile
Detection Fingerprints

How We Detect Ajax BootModal Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ajax-bootmodal-login/assets/css/bootmodal.css/wp-content/plugins/ajax-bootmodal-login/assets/css/bootstrap.min.css/wp-content/plugins/ajax-bootmodal-login/assets/js/scripts.js
Script Paths
ajax-login-script
Version Parameters
ajax-bootmodal-login/assets/css/bootmodal.css?ver=ajax-bootmodal-login/assets/css/bootstrap.min.css?ver=ajax-bootmodal-login/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
bootmodal-loginbootmodal-registerbootmodal-lostpassword
Data Attributes
data-alimir-login-modaldata-alimir-register-modaldata-alimir-lostpass-modal
JS Globals
ajax_login_object
Shortcode Output
[alimir_login_form][alimir_register_form][alimir_lostpass_form]
FAQ

Frequently Asked Questions about Ajax BootModal Login