Does AWEOS Admin Login have any unpatched vulnerabilities?

No. All known vulnerabilities in AWEOS Admin Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AWEOS Admin Login compatible with WordPress 6.1.10?

According to WordPress.org data, AWEOS Admin Login 1.5.13 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is AWEOS Admin Login compatible with PHP 7.0+?

AWEOS Admin Login requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AWEOS Admin Login updated?

AWEOS Admin Login was last updated on Oct 12, 2023. Frequent updates are generally a positive security signal.

What is AWEOS Admin Login's security score?

AWEOS Admin Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AWEOS Admin Login Security & Risk Analysis

wordpress.org/plugins/aweos-admin-login

10 active installs v1.5.13 PHP 7.0+ WP 4.5+ Updated Oct 12, 2023

emailemail-loginloginpasswordwithout-password

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AWEOS Admin Login Safe to Use in 2026?

Generally Safe

Score 85/100

AWEOS Admin Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "aweos-admin-login" plugin, version 1.5.13, presents a significant security risk primarily due to its unprotected entry points. The static analysis reveals four AJAX handlers that lack any authentication or capability checks. This means any user, even unauthenticated ones, could potentially interact with these handlers, leading to unintended actions or information disclosure if the underlying code is vulnerable. While the plugin demonstrates good practices in SQL query handling and has no recorded vulnerability history, the absence of basic security measures on its AJAX endpoints is a critical oversight. The taint analysis indicates potential issues with unsanitized paths, which, combined with the unprotected AJAX handlers, could be exploited for path traversal or arbitrary file read/write vulnerabilities. The lack of nonce checks on these handlers further exacerbates this risk.

Key Concerns

Unprotected AJAX handlers
Taint analysis shows unsanitized paths
Missing nonce checks
Some outputs not properly escaped

Vulnerabilities

None known

AWEOS Admin Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

AWEOS Admin Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

awal_mail_clicked (ajax-handler.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

AWEOS Admin Login Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_awal_timeajax-handler.php:45

noprivwp_ajax_awal_timeajax-handler.php:46

authwp_ajax_awal_mail_clickedajax-handler.php:82

noprivwp_ajax_awal_mail_clickedajax-handler.php:83

WordPress Hooks 6

actionadmin_menuadmin-menu.php:5

actionadmin_initadmin-menu.php:16

actionlogin_headinterface.php:9

actionlogin_forminterface.php:18

actionlogin_enqueue_scriptsinterface.php:26

filterlogin_messageinterface.php:37

Maintenance & Trust

AWEOS Admin Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedOct 12, 2023

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

AWEOS Admin Login Alternatives

Magic Link – Secure one click passwordless login

magic-link

100

Secure one click passwordless login

10 No CVEs

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 2 CVEs

Email OTP Authenticator – for Login, Registration or 2FA, RWL, RWA Services

email-otp-authenticator

100

Use an OTP to Login, Register, 2FA OR allow interim premium access WITHOUT Login, even WITHOUT Account. It is FAST, FRIENDLY, SMART, SMOOTH & SECURED.

100 No CVEs

Magic Login Mail or QR Code

magic-login-mail

Enter your email address, and send you an email with a magic link or QR Code to login without a password.

100 1 CVE

Smart WP Login

smart-wp-login

remove username, login, registration, password, authentication, wp-login, email, smart Requires at least: 3.1.0 Tested up to: 4.2.2 Stable tag: 1.0.

100 No CVEs

Developer Profile

AWEOS Admin Login Developer Profile

AWEOS GmbH

10 plugins · 6K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

13 days

View full developer profile

Detection Fingerprints

How We Detect AWEOS Admin Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/aweos-admin-login/public/style.css/wp-content/plugins/aweos-admin-login/public/verification.js

Script Paths

/wp-content/plugins/aweos-admin-login/public/verification.js

Version Parameters

aweos-admin-login/public/style.css?ver=aweos-admin-login/public/verification.js?ver=

HTML / DOM Fingerprints

CSS Classes

awal_verificationawal_mid

Data Attributes

id="sender"id="verificator"id="info"

FAQ