WP Logo Changer Security & Risk Analysis
wordpress.org/plugins/am-login-logoWP Logo Changer - Admin Panel provides multiple features to Customize Admin Panel that you don't have in wordpress by default.
Is WP Logo Changer Safe to Use in 2026?
Use With Caution
Score 61/100WP Logo Changer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "am-login-logo" plugin version 1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed. File operations and external HTTP requests are also absent, reducing potential attack vectors.
However, several significant concerns are present. The use of the dangerous `create_function` PHP construct is a red flag, as it can be a source of vulnerabilities if not handled with extreme care. Furthermore, a concerningly low 37% of output is properly escaped, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, which is corroborated by the plugin's vulnerability history.
The plugin has a history of known vulnerabilities, including a currently unpatched High severity CVE related to XSS. This pattern suggests a recurring issue with input sanitization and output escaping, despite the generally low attack surface. The recent unpatched vulnerability points to a lack of timely security updates or a persistent flaw in the code's security implementation. While the plugin has strengths in its limited entry points and SQL handling, the prevalence of unescaped output and the dangerous use of `create_function`, coupled with an unpatched high-severity vulnerability, present a considerable risk.
Key Concerns
- Unpatched high severity CVE
- High percentage of unescaped output
- Use of dangerous function 'create_function'
- Flow with unsanitized paths (taint analysis)
- No nonce checks
- No capability checks
WP Logo Changer Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Logo Changer <= 1.2 - Unauthenticated Stored Cross-Site Scripting
WP Logo Changer Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
WP Logo Changer Attack Surface
WordPress Hooks 26
Maintenance & Trust
WP Logo Changer Maintenance & Trust
Maintenance Signals
Community Trust
WP Logo Changer Alternatives
Easy WP Page Navigation
easy-wp-page-navigation
Easy to add page navigation in your blog
Blue Login Style
blue-login-style
Blue Login Style is a tiny plugin which allows to customize your wp-login theme easily with a click.
HA Background Color Customizer
ha-background-color-customizer
Add custom background color options panel in any WP theme Customize section to easily and quickly change background color of any HTML tags in your WP …
Custom Login Page | WebHunt Infotech
wp-login-page-customizer
Plugin allows you to easily customize Login Screen. You can design beautiful and eye catching login page in few minutes.
Move Admin Menu Items
move-admin-menu-items
Move admin menu items to an overview menu page.
WP Logo Changer Developer Profile
2 plugins · 300 total installs
How We Detect WP Logo Changer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/am-login-logo/css/style.cssjs/colorpicker.jsHTML / DOM Fingerprints
amll-width-login-labelamll-color-fieldname="amll_loginlogo"name="amll_loginpagebackgroundcolor"name="amll_loginpagebackgroundimage"name="amll_loginpageformbackgroundcolor"name="amll_loginpageformfieldbackgroundcolor"name="amll_loginpageformfontcolor"+3 more