Does Beyond Identity Passwordless have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Beyond Identity Passwordless compatible with WordPress 6.3.8?

According to WordPress.org data, Beyond Identity Passwordless 1.0.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Beyond Identity Passwordless compatible with PHP 7.2+?

Beyond Identity Passwordless requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Beyond Identity Passwordless updated?

Beyond Identity Passwordless was last updated on Oct 16, 2023. Frequent updates are generally a positive security signal.

What is Beyond Identity Passwordless's security score?

Beyond Identity Passwordless has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Beyond Identity Passwordless Security & Risk Analysis

wordpress.org/plugins/beyond-identity-passwordless

A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.

0 active installs v1.0.0 PHP 7.2+ WP 4.9+ Updated Oct 16, 2023

authenticationloginpasskeyspasswordlesssecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Beyond Identity Passwordless Safe to Use in 2026?

Generally Safe

Score 85/100

Beyond Identity Passwordless has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "beyond-identity-passwordless" plugin v1.0.0 exhibits several security concerns despite a lack of recorded vulnerabilities. The static analysis reveals an attack surface with 3 out of 5 entry points lacking proper authentication or permission checks. Specifically, 2 AJAX handlers and 1 REST API route are exposed without these critical security measures. While the code signals indicate a good practice of using prepared statements for SQL queries and proper output escaping, the absence of nonce checks and capability checks on AJAX requests is a significant weakness. The taint analysis showing no flows is positive, but it may be limited by the depth of the analysis. The complete absence of recorded vulnerabilities in the history is a strength, suggesting either good development practices or that the plugin hasn't been a target. However, the exposed entry points present a clear risk of unauthorized access or manipulation if exploited.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Nonce checks missing on AJAX handlers
Capability checks missing on AJAX handlers

Vulnerabilities

None known

Beyond Identity Passwordless Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Beyond Identity Passwordless Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Beyond Identity Passwordless Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

68 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped68 total outputs

Attack Surface

3 unprotected

Beyond Identity Passwordless Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 2

authwp_ajax_openid-connect-authorizeopenid-connect/includes/openid-connect-generic-client-wrapper.php:78

noprivwp_ajax_openid-connect-authorizeopenid-connect/includes/openid-connect-generic-client-wrapper.php:79

REST API Routes 1

GET/wp-json/beyondidentity/v1/passkeySuccessbeyond-identity-passwordless.php:33

Shortcodes 2

[beyond_identity_login_button] openid-connect/includes/openid-connect-generic-login-form.php:37

[beyond_identity_auth_url] openid-connect/openid-connect-generic.php:130

WordPress Hooks 18

actionrest_api_initbeyond-identity-passwordless.php:32

filterallowed_redirect_hostsopenid-connect/includes/openid-connect-generic-client-wrapper.php:66

filterlogout_redirectopenid-connect/includes/openid-connect-generic-client-wrapper.php:67

filterbeyond-identity-passwordless-alter-requestopenid-connect/includes/openid-connect-generic-client-wrapper.php:71

actionparse_requestopenid-connect/includes/openid-connect-generic-client-wrapper.php:86

actionwp_loadedopenid-connect/includes/openid-connect-generic-client-wrapper.php:91

actioninitopenid-connect/openid-connect-generic.php:256

actiontemplate_redirectopenid-connect/openid-connect-generic.php:259

filterthe_content_feedopenid-connect/openid-connect-generic.php:260

filterthe_excerpt_rssopenid-connect/openid-connect-generic.php:261

filtercomment_text_rssopenid-connect/openid-connect-generic.php:262

filterlogin_messagesrc/login-form.php:17

actionadmin_menusrc/settings.php:30

actionadmin_initsrc/settings.php:33

filtermanage_users_columnssrc/users-page.php:14

filtermanage_users_custom_columnsrc/users-page.php:15

filterviews_userssrc/users-page.php:16

actionpre_get_userssrc/users-page.php:19

Maintenance & Trust

Beyond Identity Passwordless Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 16, 2023

PHP min version7.2

Downloads721

Community Trust

Rating40/100

Number of ratings1

Active installs0

Alternatives

Beyond Identity Passwordless Alternatives

Bye Bye Passwords

bye-bye-passwords

100

Enable passwordless authentication for WordPress using WebAuthn/Passkeys. More secure, more convenient.

20 No CVEs

Login by Magic

magiclabs

Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.

10 No CVEs

Dolutech Passwordless Login

dolutech-passwordless-login

100

Permite login seguro sem senha com tecnologia passwordless e autenticação de dois fatores (2FA) via TOTP.

0 No CVEs

Elevation Magic Link Login

elevation-magic-link

100

Add a secure, passwordless login option to the default WordPress login form.

0 No CVEs

LoginEase

loginease

100

Passwordless login via secure magic links on the WordPress login form.

0 No CVEs

Developer Profile

Beyond Identity Passwordless Developer Profile

Anna Garcia

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Beyond Identity Passwordless

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/beyond-identity-passwordless/css/beyond-identity-passwordless.css/wp-content/plugins/beyond-identity-passwordless/js/beyond-identity-passwordless.js

Script Paths

/wp-content/plugins/beyond-identity-passwordless/js/beyond-identity-passwordless.js

Version Parameters

beyond-identity-passwordless/css/beyond-identity-passwordless.css?ver=beyond-identity-passwordless/js/beyond-identity-passwordless.js?ver=

HTML / DOM Fingerprints

CSS Classes

beyond_identity_passkey_form

JS Globals

BYNDID_OpenID_Connect_Generic

REST Endpoints

/beyondidentity/v1/passkeySuccess

Shortcode Output

[beyond_identity_auth_url]

FAQ

Beyond Identity Passwordless Security & Risk Analysis

Is Beyond Identity Passwordless Safe to Use in 2026?

Generally Safe

Key Concerns

Beyond Identity Passwordless Security Vulnerabilities

Beyond Identity Passwordless Release Timeline

Beyond Identity Passwordless Code Analysis

SQL Query Safety

Output Escaping

Beyond Identity Passwordless Attack Surface

AJAX Handlers 2

REST API Routes 1

Shortcodes 2

Beyond Identity Passwordless Maintenance & Trust

Maintenance Signals

Community Trust

Beyond Identity Passwordless Alternatives

Bye Bye Passwords

Login by Magic

Dolutech Passwordless Login

Elevation Magic Link Login

LoginEase

Beyond Identity Passwordless Developer Profile

How We Detect Beyond Identity Passwordless

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Beyond Identity Passwordless