Does Authorize IP Address have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Authorize IP Address compatible with WordPress 4.7.33?

According to WordPress.org data, Authorize IP Address 1.0.1 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Authorize IP Address updated?

Authorize IP Address was last updated on Feb 2, 2017. Frequent updates are generally a positive security signal.

What is Authorize IP Address's security score?

Authorize IP Address has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Authorize IP Address Security & Risk Analysis

wordpress.org/plugins/authorize-ip-address

Authorize IP Address prevent login from unknown IP address. Whitelist User IP addresses. If a user logs in from an unknown IP the plugin sends an ema …

10 active installs v1.0.1 PHP + WP 3.0.1+ Updated Feb 2, 2017

authenticationauthorize-iploginsecuritywhitelisting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Authorize IP Address Safe to Use in 2026?

Generally Safe

Score 85/100

Authorize IP Address has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "authorize-ip-address" v1.0.1 plugin exhibits a concerning security posture due to significant gaps in authentication and output sanitization, despite a clean vulnerability history. The presence of two AJAX handlers without any authentication checks represents a direct and exploitable attack surface. This means any unauthenticated user could potentially trigger these handlers, leading to unintended consequences depending on their functionality. Furthermore, the complete lack of proper output escaping on all identified outputs is a critical weakness, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This allows attackers to inject malicious scripts into the website, which can then be executed by other users' browsers.

While the plugin demonstrates good practice by using prepared statements for its SQL queries and has no known vulnerabilities or taint flows, these strengths are overshadowed by the critical authentication and output sanitization deficiencies. The absence of any recorded vulnerabilities in its history might suggest it hasn't been extensively targeted or audited, but the static analysis clearly indicates exploitable flaws. The overall recommendation is to treat this plugin with extreme caution and prioritize remediation of the identified security issues before it can be considered safe for use.

Key Concerns

AJAX handlers without authentication checks
Outputs not properly escaped (XSS risk)
Missing nonce checks on AJAX handlers
Missing capability checks on AJAX handlers

Vulnerabilities

None known

Authorize IP Address Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Authorize IP Address Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Authorize IP Address Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Attack Surface

2 unprotected

Authorize IP Address Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_manual_approvewpaip-options-page.php:268

authwp_ajax_manual_deletewhitelistwpaip-options-page.php:294

WordPress Hooks 11

actionwp_loginauthorize-ip-address.php:41

actioninitauthorize-ip-address.php:42

actionlogin_formauthorize-ip-address.php:43

actionadmin_initauthorize-ip-address.php:44

actionadmin_menuauthorize-ip-address.php:45

actionlogin_form_unknownipauthorize-ip-address.php:48

actionlogin_form_registeripauthorize-ip-address.php:49

actionlogin_form_invalidkeyauthorize-ip-address.php:50

actionwp_logoutauthorize-ip-address.php:164

actionadmin_initwpaip-options-page.php:24

actionadmin_menuwpaip-options-page.php:25

Maintenance & Trust

Authorize IP Address Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedFeb 2, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Authorize IP Address Alternatives

WP Login Security 2

wp-login-security-2

Whitelist User IP addresses. If a user logs in from an unknown IP the plugin sends an email to the user and optionally the admin with a one-time key.

20 No CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Limit Login Attempts

limit-login-attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs

WPS Limit Login

wps-limit-login

WPS Limit login limit connection attempts by IP address

100K 3 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Developer Profile

Authorize IP Address Developer Profile

jovevskitoni

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Authorize IP Address

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

wpaip_url

FAQ