WP-Safety

ASD Passkey Login Security & Risk Analysis

wordpress.org/plugins/asd-passkey-login

Advanced passkey and passwordless platform with anti-phishing features, offering secure authentication for WordPress and WooCommerce (pro).

0 active installs v1.0.1 PHP 8.2+ WP 6.7+ Updated Aug 5, 2025
anti-phisingloginpasskeypasswordlesswebauthn
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ASD Passkey Login Safe to Use in 2026?

Generally Safe

Score 100/100

ASD Passkey Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "asd-passkey-login" plugin v1.0.1 presents a generally good security posture with some notable areas for improvement. Its adherence to prepared statements for SQL queries and proper output escaping for all identified outputs are strong indicators of secure coding practices. The absence of known CVEs and a clean vulnerability history further suggest a responsible development approach. However, the presence of three AJAX handlers without authentication checks is a significant concern. This creates a potential attack vector where unauthenticated users could interact with sensitive plugin functionalities, potentially leading to unintended actions or information disclosure, depending on the logic within these handlers. The plugin also has a relatively small attack surface in terms of entry points, which is positive.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

ASD Passkey Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ASD Passkey Login Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

ASD Passkey Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
0
44 escaped
Nonce Checks
6
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared7 total queries

Output Escaping

100% escaped44 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
handlePasskeySettings (app/Controllers/PasskeySettings.php:81)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

ASD Passkey Login Attack Surface

Entry Points11
Unprotected3

AJAX Handlers 11

authwp_ajax_asd_passkey_registerapp/Controllers/CreatePasskeyAdmin.php:14
authwp_ajax_asd_passkey_flaggingapp/Controllers/CreatePasskeyAdmin.php:15
authwp_ajax_asd_passkey_loginapp/Controllers/LoginAdmin.php:14
noprivwp_ajax_asd_passkey_loginapp/Controllers/LoginAdmin.php:15
authwp_ajax_asd_google_check_tokenapp/Controllers/LoginAdmin.php:16
noprivwp_ajax_asd_google_check_tokenapp/Controllers/LoginAdmin.php:17
authwp_ajax_asd_passkey_settingsapp/Controllers/PasskeySettings.php:37
authwp_ajax_asd_passkey_smtp_settingsapp/Controllers/PasskeySettings.php:39
authwp_ajax_asd_passkey_smtp_testapp/Controllers/PasskeySettings.php:40
authwp_ajax_asd_push_notification_settingsapp/Controllers/PasskeySettings.php:42
authwp_ajax_asd_push_notification_publickeyapp/Controllers/PasskeySettings.php:43
WordPress Hooks 4
actionadmin_noticesapp/Controllers/BaseController.php:40
actionlogin_formapp/Controllers/LoginAdmin.php:18
actionadmin_initapp/Controllers/PasskeySettings.php:36
actionadmin_noticesapp/Controllers/UpgradePackage.php:12
Maintenance & Trust

ASD Passkey Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 5, 2025
PHP min version8.2
Downloads396

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

ASD Passkey Login Alternatives

Secure Passkeys

Secure Passkeys

secure-passkeys

A
99

Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.

1K 1 CVE
WP-WebAuthn

WP-WebAuthn

wp-webauthn

B
74

WP-WebAuthn enables passwordless login through FIDO2 and U2F devices like Passkey, FaceID or Windows Hello for your site.

2K 1 unpatched
Bye Bye Passwords

Bye Bye Passwords

bye-bye-passwords

A
100

Enable passwordless authentication for WordPress using WebAuthn/Passkeys. More secure, more convenient.

20 No CVEs
Beyond Identity Passwordless

Beyond Identity Passwordless

beyond-identity-passwordless

A
85

A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.

0 No CVEs
Devch Passkey Login

Devch Passkey Login

devch-passkey-login

A
100

Passwordless passkey authentication (WebAuthn/FIDO2) for WordPress and WordPress Multisite.

0 No CVEs
Developer Profile

ASD Passkey Login Developer Profile

Bobby karsono

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ASD Passkey Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/asd-passkey-login/public/css/login-admin-condition.css
Version Parameters
asd-passkey-login/public/css/login-admin-condition.css?ver=

HTML / DOM Fingerprints

CSS Classes
asd-passkey-login-wrapperasd-passkey-login-wrapper-hybridlogin-via-passkey
Data Attributes
id="asd-passkey-login-wrapper"id="login-via-passkey"id="infoMessage"id="errorMessage"id="successMessage"
REST Endpoints
/wp-json/wp/v2/users
FAQ

Frequently Asked Questions about ASD Passkey Login