Does DAO Login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DAO Login compatible with WordPress 5.8.13?

According to WordPress.org data, DAO Login 0.2.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is DAO Login compatible with PHP 7.0.0+?

DAO Login requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DAO Login updated?

DAO Login was last updated on Dec 28, 2021. Frequent updates are generally a positive security signal.

What is DAO Login's security score?

DAO Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DAO Login Security & Risk Analysis

wordpress.org/plugins/dao-login

Enable signin with Ethereum on your site and allow users to register based on Governance tokens, NFT, and token balance. Demo site here

10 active installs v0.2.1 PHP 7.0.0+ WP 5.3.1+ Updated Dec 28, 2021

ethereumloginsigninssoweb3

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DAO Login Safe to Use in 2026?

Generally Safe

Score 85/100

DAO Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "dao-login" v0.2.1 plugin exhibits a generally good security posture, with several strengths evident in its code. The complete absence of dangerous functions, file operations, and raw SQL queries using prepared statements are positive indicators. Furthermore, the plugin demonstrates a strong commitment to output escaping, with 92% of outputs properly sanitized, and the presence of nonce and capability checks suggests an awareness of common WordPress security practices.

However, a significant concern arises from the static analysis, which reveals one REST API route exposed without permission callbacks. This represents a potential entry point that could be exploited if not properly secured through authorization checks. While taint analysis found no unsanitized paths, the single unprotected REST API route remains a critical oversight that could lead to unauthorized actions or data exposure depending on its functionality.

The plugin's vulnerability history is remarkably clean, with zero recorded CVEs of any severity. This lack of historical issues is a positive sign, suggesting either robust development practices or a relatively low profile that has not yet attracted widespread vulnerability discovery. Despite this clean history, the identified unprotected REST API route is a distinct weakness that needs to be addressed to maintain a strong security profile.

Key Concerns

REST API route without permission callbacks

Vulnerabilities

None known

DAO Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DAO Login Release Timeline

v0.2.1Current

Code Analysis

Analyzed Mar 17, 2026

DAO Login Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

92% escaped12 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<dao-login> (dao-login.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

DAO Login Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/dao-login/message-to-signdao-login.php:37

WordPress Hooks 14

actioninitdao-login.php:32

actionrest_api_initdao-login.php:34

actionlogin_enqueue_scriptsdao-login.php:62

filterauthenticatedao-login.php:121

actionshow_user_profiledao-login.php:160

actionedit_user_profiledao-login.php:161

actionpersonal_options_updatedao-login.php:175

actionedit_user_profile_updatedao-login.php:176

actionadmin_menudao-permissions.php:11

actionadmin_initdao-permissions.php:12

actioninitmembers-only.php:14

actionadd_meta_boxesmembers-only.php:17

actionsave_postmembers-only.php:36

filterthe_contentmembers-only.php:48

Maintenance & Trust

DAO Login Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedDec 28, 2021

PHP min version7.0.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

DAO Login Alternatives

Web3 Wallet Login

web3-wallet-login

This module allows for users to login to their wordpress account via their web3 wallet.

0 No CVEs

Login as User

100

30K No CVEs

Login for Google Apps

google-apps-login

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs

Log in with Google

100

Minimal plugin that allows WordPress users to log in using Google.

6K No CVEs

Developer Profile

DAO Login Developer Profile

Artur Piszek

6 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DAO Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dao-login/login-script.js

Script Paths