Does Authorizer have any unpatched vulnerabilities?

No. All known vulnerabilities in Authorizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Authorizer compatible with WordPress 6.9.4?

According to WordPress.org data, Authorizer 3.13.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Authorizer compatible with PHP 7.4+?

Authorizer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Authorizer updated?

Authorizer was last updated on Dec 19, 2025. Frequent updates are generally a positive security signal.

What is Authorizer's security score?

Authorizer has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Authorizer Security & Risk Analysis

wordpress.org/plugins/authorizer

Authorizer limits login attempts, restricts access to specific users, and authenticates against external sources (OAuth2, Google, LDAP, or CAS).

5K active installs v3.13.4 PHP 7.4+ WP 5.5+ Updated Dec 19, 2025

authenticationcasldaploginoauth

A · Safe

CVEs total1

Unpatched0

Last CVENov 1, 2022

Plugin page Download

Safety Verdict

Is Authorizer Safe to Use in 2026?

Generally Safe

Score 99/100

Authorizer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 1, 2022Updated 3mo ago

Risk Assessment

The authorizer plugin v3.13.4 exhibits a mixed security posture. While it demonstrates strong output escaping practices and the use of nonces and capability checks, significant concerns arise from its attack surface. A substantial number of AJAX handlers, specifically 8 out of 8, lack authentication checks. This creates a broad entry point for potential exploitation. The presence of the `unserialize` function, a known vector for deserialization vulnerabilities, is also a critical point of attention, though the taint analysis did not reveal critical or high severity unsanitized paths. The plugin has a history of a high-severity vulnerability related to improper input validation, indicating a past weakness in sanitizing user-supplied data. The absence of recent unpatched CVEs is a positive sign, suggesting ongoing maintenance. However, the high proportion of unprotected AJAX endpoints combined with the historical vulnerability type warrants careful consideration.

Key Concerns

8 AJAX handlers without auth checks
Dangerous function: unserialize
1 high severity vulnerability (past)
50% SQL queries not using prepared statements
4 unsanitized paths in taint analysis

Vulnerabilities

Authorizer Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-39369high · 8Improper Validation of Specified Type of Input

phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation

Nov 1, 2022 Patched in 1.6.0 (448d)

Code Analysis

Analyzed Mar 16, 2026

Authorizer Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

740 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$meta_value = unserialize( $meta_value[0] );src\authorizer\options\class-advanced.php:306

Bundled Libraries

jQueryGuzzleSelect2

SQL Query Safety

50% prepared2 total queries

Output Escaping

100% escaped742 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

ajax_refresh_approved_user_list (src\authorizer\class-ajax-endpoints.php:322)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Authorizer Attack Surface

Entry Points9

Unprotected8

AJAX Handlers 8

authwp_ajax_update_auth_usersrc\authorizer\class-wp-plugin-authorizer.php:137

authwp_ajax_save_auth_multisite_settingssrc\authorizer\class-wp-plugin-authorizer.php:140

authwp_ajax_update_auth_usermetasrc\authorizer\class-wp-plugin-authorizer.php:143

authwp_ajax_process_google_loginsrc\authorizer\class-wp-plugin-authorizer.php:146

noprivwp_ajax_process_google_loginsrc\authorizer\class-wp-plugin-authorizer.php:147

authwp_ajax_refresh_approved_user_listsrc\authorizer\class-wp-plugin-authorizer.php:150

authwp_ajax_auth_settings_ldap_test_usersrc\authorizer\class-wp-plugin-authorizer.php:153

authwp_ajax_auth_settings_search_userssrc\authorizer\class-wp-plugin-authorizer.php:156

Shortcodes 1

[authorizer_login_form] src\authorizer\class-wp-plugin-authorizer.php:167

WordPress Hooks 50

filterauthorizer_add_branding_optionsample-theme-add-branding\functions.php:14

actionadmin_noticessrc\authorizer\class-admin-page.php:2106

actionadmin_headsrc\authorizer\class-admin-page.php:2107

filtercfturnstile_widget_disablesrc\authorizer\class-authentication.php:388

filterauthenticatesrc\authorizer\class-wp-plugin-authorizer.php:41

actionclear_auth_cookiesrc\authorizer\class-wp-plugin-authorizer.php:44

actionwp_logoutsrc\authorizer\class-wp-plugin-authorizer.php:45

filterlostpassword_urlsrc\authorizer\class-wp-plugin-authorizer.php:52

filterlogin_urlsrc\authorizer\class-wp-plugin-authorizer.php:55

filterlogin_errorssrc\authorizer\class-wp-plugin-authorizer.php:58

filterlogin_redirectsrc\authorizer\class-wp-plugin-authorizer.php:61

filterlogin_redirectsrc\authorizer\class-wp-plugin-authorizer.php:64

actionplugins_loadedsrc\authorizer\class-wp-plugin-authorizer.php:67

actionwp_login_failedsrc\authorizer\class-wp-plugin-authorizer.php:70

actionwp_loginsrc\authorizer\class-wp-plugin-authorizer.php:73

actionadmin_menusrc\authorizer\class-wp-plugin-authorizer.php:76

actionadmin_initsrc\authorizer\class-wp-plugin-authorizer.php:79

actionset_user_rolesrc\authorizer\class-wp-plugin-authorizer.php:83

filtersend_email_change_emailsrc\authorizer\class-wp-plugin-authorizer.php:86

actionload-settings_page_authorizersrc\authorizer\class-wp-plugin-authorizer.php:90

actionload-toplevel_page_authorizersrc\authorizer\class-wp-plugin-authorizer.php:91

actionadmin_head-index.phpsrc\authorizer\class-wp-plugin-authorizer.php:92

actionadmin_head-index.phpsrc\authorizer\class-wp-plugin-authorizer.php:93

actionlogin_enqueue_scriptssrc\authorizer\class-wp-plugin-authorizer.php:96

actionlogin_footersrc\authorizer\class-wp-plugin-authorizer.php:97

actionlogin_formsrc\authorizer\class-wp-plugin-authorizer.php:100

filterwp_login_errorssrc\authorizer\class-wp-plugin-authorizer.php:108

filterwp_login_errorssrc\authorizer\class-wp-plugin-authorizer.php:116

filterwp_login_errorssrc\authorizer\class-wp-plugin-authorizer.php:117

filterlost_password_html_linksrc\authorizer\class-wp-plugin-authorizer.php:120

actionlost_passwordsrc\authorizer\class-wp-plugin-authorizer.php:121

filterlostpassword_errorssrc\authorizer\class-wp-plugin-authorizer.php:122

actionparse_requestsrc\authorizer\class-wp-plugin-authorizer.php:125

actioninitsrc\authorizer\class-wp-plugin-authorizer.php:126

actionpre_get_postssrc\authorizer\class-wp-plugin-authorizer.php:130

actionrest_authentication_errorssrc\authorizer\class-wp-plugin-authorizer.php:134

actionwp_dashboard_setupsrc\authorizer\class-wp-plugin-authorizer.php:160

actionadmin_noticessrc\authorizer\class-wp-plugin-authorizer.php:163

actionnetwork_admin_noticessrc\authorizer\class-wp-plugin-authorizer.php:164

actionwp_enqueue_scriptssrc\authorizer\class-wp-plugin-authorizer.php:170

actionnetwork_admin_menusrc\authorizer\class-wp-plugin-authorizer.php:175

actiondelete_usersrc\authorizer\class-wp-plugin-authorizer.php:179

actionremove_user_from_blogsrc\authorizer\class-wp-plugin-authorizer.php:182

actionwpmu_delete_usersrc\authorizer\class-wp-plugin-authorizer.php:183

actioninvite_usersrc\authorizer\class-wp-plugin-authorizer.php:188

actionadded_existing_usersrc\authorizer\class-wp-plugin-authorizer.php:190

actionafter_signup_usersrc\authorizer\class-wp-plugin-authorizer.php:192

actionedit_user_created_usersrc\authorizer\class-wp-plugin-authorizer.php:194

actiongrant_super_adminsrc\authorizer\class-wp-plugin-authorizer.php:198

actionrevoke_super_adminsrc\authorizer\class-wp-plugin-authorizer.php:201

Maintenance & Trust

Authorizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 19, 2025

PHP min version7.4

Downloads182K

Community Trust

Rating100/100

Number of ratings19

Active installs5K

Alternatives

Authorizer Alternatives

Login for Google Apps

google-apps-login

100

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE

Log in with Google

100

Minimal plugin that allows WordPress users to log in using Google.

6K No CVEs

Simple LDAP Login

simple-ldap-login

Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.

1K 1 CVE

wpDirAuth

wpdirauth

WordPress directory authentication plugin through LDAP and LDAPS (SSL).

600 No CVEs

Active Directory Authentication Integration

active-directory-authentication-integration

Allows WordPress to authenticate, authorize, create and update users through Active Directory

10 No CVEs

Developer Profile

Authorizer Developer Profile

Paul Ryan

5 plugins · 45K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

961 days

View full developer profile

Detection Fingerprints

How We Detect Authorizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/authorizer/css/admin.css/wp-content/plugins/authorizer/css/settings.css/wp-content/plugins/authorizer/js/admin.js/wp-content/plugins/authorizer/js/settings.js

Script Paths

/wp-content/plugins/authorizer/js/admin.js/wp-content/plugins/authorizer/js/settings.js

Version Parameters

authorizer/css/admin.css?ver=authorizer/css/settings.css?ver=authorizer/js/admin.js?ver=authorizer/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

authorizer-login-accessauthorizer-public-accessauthorizer-access-listsauthorizer-external-optionsauthorizer-advanced-options

HTML Comments

+2 more

Data Attributes

data-authorizer-role-selectdata-authorizer-pending-user-notificationdata-authorizer-pending-user-message

JS Globals

AuthorizerAdminAuthorizerSettings

REST Endpoints

/wp-json/authorizer/v1/settings

FAQ

Authorizer Security & Risk Analysis

Is Authorizer Safe to Use in 2026?

Generally Safe

Key Concerns

Authorizer Security Vulnerabilities

CVEs by Year

Severity Breakdown

Authorizer Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Authorizer Attack Surface

AJAX Handlers 8

Shortcodes 1

Authorizer Maintenance & Trust

Maintenance Signals

Community Trust

Authorizer Alternatives

Login for Google Apps

Log in with Google

Simple LDAP Login

wpDirAuth

Active Directory Authentication Integration

Authorizer Developer Profile

How We Detect Authorizer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Authorizer