Does Authyo Passwordless Login have any unpatched vulnerabilities?

No. All known vulnerabilities in Authyo Passwordless Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Authyo Passwordless Login compatible with WordPress 6.9.4?

According to WordPress.org data, Authyo Passwordless Login 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Authyo Passwordless Login compatible with PHP 7.2+?

Authyo Passwordless Login requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Authyo Passwordless Login updated?

Authyo Passwordless Login was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Authyo Passwordless Login's security score?

Authyo Passwordless Login has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Authyo Passwordless Login Security & Risk Analysis

wordpress.org/plugins/authyo-passwordless-login

Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.

0 active installs v1.0.3 PHP 7.2+ WP 5.0+ Updated Unknown

email-otpotp-loginpasswordless-logintwo-factor-authenticationwordpress-otp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Authyo Passwordless Login Safe to Use in 2026?

Generally Safe

Score 100/100

Authyo Passwordless Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'authyo-passwordless-login' v1.0.3 plugin presents a mixed security posture. While it boasts no recorded vulnerabilities and a low number of external HTTP requests, the static analysis reveals several areas for concern. A significant portion of its attack surface, specifically 4 out of 9 AJAX handlers, lacks authentication checks. Additionally, both SQL queries within the plugin are not using prepared statements, which is a common vector for SQL injection vulnerabilities. The plugin also has a good output escaping rate at 84%, but this still leaves room for potential cross-site scripting (XSS) vulnerabilities in the remaining 16% of outputs. The absence of any taint analysis findings and a clean vulnerability history are positive indicators, suggesting that active exploitation of known issues is unlikely. However, the presence of unprotected entry points and raw SQL queries represent actionable risks that could be exploited by an attacker.

Key Concerns

AJAX handlers without auth checks
Raw SQL queries without prepared statements

Vulnerabilities

None known

Authyo Passwordless Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Authyo Passwordless Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

84% escaped63 total outputs

Attack Surface

4 unprotected

Authyo Passwordless Login Attack Surface

Entry Points11

Unprotected4

AJAX Handlers 9

authwp_ajax_authyo_passwordless_login_send_otpauthyo-passwordless-login.php:145

noprivwp_ajax_authyo_passwordless_login_send_otpauthyo-passwordless-login.php:146

authwp_ajax_authyo_passwordless_login_verify_otpauthyo-passwordless-login.php:147

noprivwp_ajax_authyo_passwordless_login_verify_otpauthyo-passwordless-login.php:148

authwp_ajax_authyo_passwordless_submit_deactivation_feedbackincludes\class-authyo-passwordless-feedback.php:23

authwp_ajax_authyo_passwordless_submit_email_subscriptionincludes\class-authyo-passwordless-feedback.php:34

authwp_ajax_authyo_passwordless_dismiss_email_subscriptionincludes\class-authyo-passwordless-feedback.php:35

authwp_ajax_authyo_google_auth_verifyincludes\modules\google-auth\class-authyo-google-auth.php:52

noprivwp_ajax_authyo_google_auth_verifyincludes\modules\google-auth\class-authyo-google-auth.php:53

REST API Routes 1

POST/wp-json/authyo-passwordless/v1/deactivation-feedbackincludes\class-authyo-passwordless-feedback.php:168

Shortcodes 1

[authyo_login] authyo-passwordless-login.php:151

WordPress Hooks 19

actionadmin_noticesauthyo-passwordless-login.php:21

actionadmin_menuauthyo-passwordless-login.php:137

actionadmin_initauthyo-passwordless-login.php:138

actionadmin_enqueue_scriptsauthyo-passwordless-login.php:139

actionlogin_initauthyo-passwordless-login.php:142

actionlogin_enqueue_scriptsauthyo-passwordless-login.php:154

actionadmin_noticesauthyo-passwordless-login.php:259

actioninitauthyo-passwordless-login.php:276

actionadmin_noticesauthyo-passwordless-login.php:291

actionlogin_footerincludes\class-authyo-login.php:25

actionadmin_enqueue_scriptsincludes\class-authyo-passwordless-feedback.php:20

actionrest_api_initincludes\class-authyo-passwordless-feedback.php:26

actionupdate_option_authyo_passwordless_login_settingsincludes\class-authyo-passwordless-feedback.php:29

actionadd_option_authyo_passwordless_login_settingsincludes\class-authyo-passwordless-feedback.php:30

actionadmin_noticesincludes\class-authyo-passwordless-feedback.php:33

actionlogin_enqueue_scriptsincludes\modules\google-auth\class-authyo-google-auth.php:43

actionwp_enqueue_scriptsincludes\modules\google-auth\class-authyo-google-auth.php:46

actionadmin_enqueue_scriptsincludes\modules\google-auth\class-authyo-google-auth.php:49

filterscript_loader_tagincludes\modules\google-auth\class-authyo-google-auth.php:137

Maintenance & Trust

Authyo Passwordless Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.2

Downloads245

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Authyo Passwordless Login Alternatives

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 2 CVEs

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)

ventraconnect-social-login

100

Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.

20 No CVEs

Password Less Login

password-less-login

100

A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.

0 No CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Developer Profile

Authyo Passwordless Login Developer Profile

Konceptwise Digital Media Pvt Ltd

10 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Authyo Passwordless Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/authyo-passwordless-login/assets/css/login.css/wp-content/plugins/authyo-passwordless-login/assets/js/login.js

Script Paths

/wp-content/plugins/authyo-passwordless-login/assets/js/login.js

Version Parameters

authyo-passwordless-login/assets/css/login.css?ver=authyo-passwordless-login/assets/js/login.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-authyo-login-urldata-authyo-nonce

JS Globals

authyoPasswordlessLogin

REST Endpoints

/wp-json/authyo-passwordless-login/v1/settings

Shortcode Output

[authyo_login]

FAQ