Does Auth Armor – Passwordless Login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Auth Armor – Passwordless Login compatible with WordPress 5.8.13?

According to WordPress.org data, Auth Armor – Passwordless Login 1.0.3 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Auth Armor – Passwordless Login compatible with PHP 5.6+?

Auth Armor – Passwordless Login requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Auth Armor – Passwordless Login updated?

Auth Armor – Passwordless Login was last updated on Jan 24, 2022. Frequent updates are generally a positive security signal.

What is Auth Armor – Passwordless Login's security score?

Auth Armor – Passwordless Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auth Armor – Passwordless Login Security & Risk Analysis

wordpress.org/plugins/auth-armor-passwordless-login

0 active installs v1.0.3 PHP 5.6+ WP 5.0+ Updated Jan 24, 2022

authenticationbiometricfaceidloginpasswordless

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Auth Armor – Passwordless Login Safe to Use in 2026?

Generally Safe

Score 85/100

Auth Armor – Passwordless Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "auth-armor-passwordless-login" plugin exhibits a concerning security posture due to a significant attack surface composed entirely of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for SQL queries and a high percentage of properly escaped output, the lack of authorization checks on these entry points is a critical weakness. This could allow unauthenticated users to trigger potentially sensitive actions or expose information. The presence of the `unserialize` function also poses a risk, as it can lead to remote code execution if used with untrusted input, although the provided taint analysis shows no critical or high severity flows related to this. The plugin's clean vulnerability history is a positive sign, suggesting diligent development or a lack of past exploitation. However, this should not overshadow the immediate risks presented by the unprotected AJAX endpoints and the potential dangers of unserialization.

Key Concerns

10 unprotected AJAX handlers
Dangerous function: unserialize
0 nonce checks on AJAX handlers
1 capability check on 10 entry points

Vulnerabilities

None known

Auth Armor – Passwordless Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Auth Armor – Passwordless Login Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Auth Armor – Passwordless Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

221 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$new_arr = unserialize(file_get_contents('http://www.geoplugin.net/php.gp?ip='.$current_ip));includes/class-auth-armor-public.php:144

Output Escaping

92% escaped240 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

get_token_state (includes/class-auth-armor-public.php:210)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Auth Armor – Passwordless Login Attack Surface

Entry Points10

Unprotected10

AJAX Handlers 10

authwp_ajax_get_auth_request_dataincludes/class-auth-armor-public.php:697

noprivwp_ajax_get_auth_request_dataincludes/class-auth-armor-public.php:698

authwp_ajax_get_token_stateincludes/class-auth-armor-public.php:701

noprivwp_ajax_get_token_stateincludes/class-auth-armor-public.php:702

authwp_ajax_get_login_via_usernameincludes/class-auth-armor-public.php:705

noprivwp_ajax_get_login_via_usernameincludes/class-auth-armor-public.php:706

authwp_ajax_generate_user_invite_codeincludes/class-auth-armor-public.php:709

noprivwp_ajax_generate_user_invite_codeincludes/class-auth-armor-public.php:710

authwp_ajax_verify_api_detailsincludes/class-auth-armor-public.php:713

noprivwp_ajax_verify_api_detailsincludes/class-auth-armor-public.php:714

WordPress Hooks 24

actionactivated_pluginauth-armor.php:64

actionplugins_loadedauth-armor.php:104

actionadmin_initauth-armor.php:110

actioninitincludes/admin/class-auth-armor-admin.php:322

filtermanage_users_columnsincludes/admin/class-auth-armor-admin.php:324

filtermanage_users_custom_columnincludes/admin/class-auth-armor-admin.php:326

actionshow_user_profileincludes/admin/class-auth-armor-admin.php:329

actionedit_user_profileincludes/admin/class-auth-armor-admin.php:330

actionuser_new_formincludes/admin/class-auth-armor-admin.php:331

actionuser_registerincludes/admin/class-auth-armor-admin.php:334

actionedit_user_profile_updateincludes/admin/class-auth-armor-admin.php:335

actionprofile_updateincludes/admin/class-auth-armor-admin.php:336

actionadmin_menuincludes/admin/class-auth-armor-settings.php:224

actionadmin_initincludes/admin/class-auth-armor-settings.php:226

actionadmin_menuincludes/admin/class-auth-armor-wizard.php:285

actionadmin_initincludes/admin/class-auth-armor-wizard.php:287

actionwp_headincludes/class-auth-armor-public.php:690

filterbody_classincludes/class-auth-armor-public.php:692

filterretrieve_password_messageincludes/class-auth-armor-public.php:717

filterretrieve_password_titleincludes/class-auth-armor-public.php:720

actiongettextincludes/class-auth-armor-public.php:723

actionlogin_enqueue_scriptsincludes/class-auth-armor-script.php:188

actioninitincludes/class-auth-armor-script.php:190

actionadmin_enqueue_scriptsincludes/class-auth-armor-script.php:193

Maintenance & Trust

Auth Armor – Passwordless Login Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJan 24, 2022

PHP min version5.6

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Auth Armor – Passwordless Login Alternatives

Multidots Passkey Login – Passwordless Login for WordPress

multidots-passkey-login

100

Passwordless login for WordPress with Passkeys. Enable Touch ID, Face ID, and security keys for seamless, phishing-resistant authentication.

0 No CVEs

Biometric Authentication

biometric-authentication

Passkeys are a safer and easier alternative to passwords. Simply use your fingerprint or face ID to log in with ease.

100 No CVEs

Keyless Auth – Login without Passwords

keyless-auth

100

Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.

30 No CVEs

Fingerlogin

fingerlogin

Fingerlogin enable Fingerprint biometric login authentication to sign into websites and services.

10 No CVEs

Fluistr Authentication

fluistr-authentication

100

Zero Password - One touch - Two Factor Authentication. Secure your WordPress site with a passwordless, simple and intuitive 2-factor authentication.

10 No CVEs

Developer Profile

Auth Armor – Passwordless Login Developer Profile

autharmor

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Auth Armor – Passwordless Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auth-armor-passwordless-login/includes/css/auth-armor-login-form.css/wp-content/plugins/auth-armor-passwordless-login/includes/js/easy.qrcode.min.js/wp-content/plugins/auth-armor-passwordless-login/includes/js/auth-armor-login-form.js/wp-content/plugins/auth-armor-passwordless-login/includes/images/loader.gif/wp-content/plugins/auth-armor-passwordless-login/includes/images/autharmor.png/wp-content/plugins/auth-armor-passwordless-login/includes/images/sync-alt-solid.svg

Script Paths

/wp-content/plugins/auth-armor-passwordless-login/includes/js/easy.qrcode.min.js/wp-content/plugins/auth-armor-passwordless-login/includes/js/auth-armor-login-form.js

Version Parameters

auth-armor-passwordless-login/includes/css/auth-armor-login-form.css?ver=auth-armor-passwordless-login/includes/js/easy.qrcode.min.js?ver=auth-armor-passwordless-login/includes/js/auth-armor-login-form.js?ver=

HTML / DOM Fingerprints

HTML Comments

JS Globals

scanner

FAQ