Authentication and xmlrpc log writer Security & Risk Analysis
wordpress.org/plugins/authentication-and-xmlrpc-log-writerLog of failed access, pingbacks, user enumeration, disable xmlrpc authenticated methods, kill xmlrpc request on authentication error.
Is Authentication and xmlrpc log writer Safe to Use in 2026?
Use With Caution
Score 63/100Authentication and xmlrpc log writer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "authentication-and-xmlrpc-log-writer" plugin v1.2.2 exhibits a mixed security posture. While it boasts a small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and all SQL queries use prepared statements, several concerning signals are present. The use of the deprecated `create_function` is a significant red flag, as it can lead to code injection vulnerabilities if not handled with extreme care. Additionally, the output escaping rate is only 61%, indicating a substantial number of potentially unescaped outputs which could be susceptible to Cross-Site Scripting (XSS) attacks. The plugin's vulnerability history is also a major concern, with one known medium-severity CVE that is currently unpatched. This suggests a recurring pattern of vulnerabilities, specifically XSS, that have not been fully addressed, raising doubts about the ongoing maintainability and security diligence of the plugin.
Key Concerns
- Unpatched medium severity CVE
- Low output escaping percentage (61%)
- Use of dangerous function: create_function
- No nonce checks
- No capability checks
Authentication and xmlrpc log writer Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Authentication and xmlrpc log writer <= 1.2.2 - Reflected Cross-Site Scripting
Authentication and xmlrpc log writer Code Analysis
Dangerous Functions Found
Output Escaping
Authentication and xmlrpc log writer Attack Surface
WordPress Hooks 10
Maintenance & Trust
Authentication and xmlrpc log writer Maintenance & Trust
Maintenance Signals
Community Trust
Authentication and xmlrpc log writer Alternatives
WP fail2ban – Advanced Security
wp-fail2ban
WP fail2ban uses fail2ban to protect your WordPress site.
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall
limit-login-attempts-reloaded
Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.
Solid Security – Password, Two Factor Authentication, and Brute Force Protection
better-wp-security
Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.
CloudSecure WP Security
cloudsecure-wp-security
管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。
Anti-Malware Security and Brute-Force Firewall
gotmls
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
Authentication and xmlrpc log writer Developer Profile
2 plugins · 170 total installs
How We Detect Authentication and xmlrpc log writer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/authentication-and-xmlrpc-log-writer/admin/css/style.cssauthentication-and-xmlrpc-log-writer/admin/css/style.css?ver=HTML / DOM Fingerprints
axlw_admin_logviewer_headeraxlw_admin_logviewer_content-subheadaxlw_admin_logviewer_content