WP-Safety

miniOrange Digital Identity Login Security & Risk Analysis

wordpress.org/plugins/digital-identity-login

This plugin allows secure logins through digital identity, leveraging various digital wallets.

0 active installs v1.0.2 PHP 7.0+ WP 4.0+ Updated Dec 27, 2024
decentralizeddiddigital-credential-verifierdigital-identitydigital-login
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is miniOrange Digital Identity Login Safe to Use in 2026?

Generally Safe

Score 92/100

miniOrange Digital Identity Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "digital-identity-login" v1.0.2 plugin exhibits a concerning security posture, primarily due to a significant lack of authentication and authorization checks on its exposed entry points. While the plugin demonstrates good practices in SQL query handling and output escaping, the presence of 5 unprotected entry points, including all 4 AJAX handlers and the sole REST API route, creates a substantial attack surface. This means unauthenticated users could potentially interact with and exploit these functionalities, leading to unintended consequences. The taint analysis did reveal 2 flows with unsanitized paths, though they were not classified as critical or high severity, this still represents a potential area for concern that warrants further investigation.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This suggests a proactive approach to security by the developers or a lack of past exploitation attempts. However, the absence of past vulnerabilities does not negate the current risks identified through static analysis. The strength lies in its proper use of prepared statements and output escaping, mitigating common risks like SQL injection and cross-site scripting for most outputs. The weakness, however, is a critical flaw in its fundamental security design concerning access control, making it vulnerable to unauthorized access and manipulation through its exposed endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • Flows with unsanitized paths
Vulnerabilities
None known

miniOrange Digital Identity Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

miniOrange Digital Identity Login Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

miniOrange Digital Identity Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
166 escaped
Nonce Checks
9
Capability Checks
3
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

99% escaped167 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<class-mo-digital-identity-login-dock-handler> (admin/handler/class-mo-digital-identity-login-dock-handler.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

miniOrange Digital Identity Login Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 4

authwp_ajax_mo_delete_walletadmin/partials/configure-wallet/class-mo-digital-identity-login-configure-wallet.php:33
noprivwp_ajax_mo_digital_id_requestincludes/class-mo-digital-identity-login.php:143
authwp_ajax_mo_digital_id_requestincludes/class-mo-digital-identity-login.php:144
authwp_ajax_mo_digital_id_admin_requestincludes/class-mo-digital-identity-login.php:146

REST API Routes 1

POST/wp-json/digital-identity-login/v1/callbackadmin/handler/class-mo-digital-identity-login-route-handler.php:56
WordPress Hooks 16
actionadmin_post_mo_digital_identity_contact_us_query_optionadmin/partials/support/class-mo-digital-identity-login-support.php:29
actionadmin_noticesadmin/partials/support/class-mo-digital-identity-login-support.php:30
actionadmin_noticesadmin/partials/support/class-mo-digital-identity-login-support.php:31
actionadmin_noticesadmin/utils/class-mo-digital-identity-login-utils.php:105
actionadmin_noticesadmin/utils/class-mo-digital-identity-login-utils.php:113
actionplugins_loadedincludes/class-mo-digital-identity-login.php:122
actionadmin_enqueue_scriptsincludes/class-mo-digital-identity-login.php:136
actionadmin_enqueue_scriptsincludes/class-mo-digital-identity-login.php:137
actionadmin_menuincludes/class-mo-digital-identity-login.php:138
actionadmin_initincludes/class-mo-digital-identity-login.php:139
actionrest_api_initincludes/class-mo-digital-identity-login.php:140
actionadmin_footerincludes/class-mo-digital-identity-login.php:147
actionwp_enqueue_scriptsincludes/class-mo-digital-identity-login.php:161
actionwp_enqueue_scriptsincludes/class-mo-digital-identity-login.php:162
actioninitincludes/class-mo-digital-identity-login.php:164
actionlogin_formincludes/class-mo-digital-identity-login.php:165
Maintenance & Trust

miniOrange Digital Identity Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedDec 27, 2024
PHP min version7.0
Downloads520

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

miniOrange Digital Identity Login Alternatives

Friends

Friends

friends

A
96

A self-hosted social reader for WordPress: follow people via RSS and ActivityPub, with multiple themes and a plugin ecosystem.

1K 3 CVEs
Pedido Mínimo para WooCommerce

Pedido Mínimo para WooCommerce

wc-pedido-minimo

A
100

Plugin para configurar valor mínimo ou quantidade mínima de items para finalização de pedidos no WooCommerce. O plugin também permite selecionar funçã &hellip;

1K No CVEs
Web3Press – Migrating to 3ook.com Decentralized Bookstore

Web3Press – Migrating to 3ook.com Decentralized Bookstore

likecoin

A
99

FINAL LEGACY VERSION: Read-only maintenance version before 3ook.com transition. No new publishing features.

400 1 CVE
WZ Followed Posts – Display what visitors are reading

WZ Followed Posts – Display what visitors are reading

where-did-they-go-from-here

A
99

Show "Readers who viewed this page, also viewed" a.k.a. followed posts on your page. Much like Amazon.com's product pages.

400 1 CVE
HT Politic – For Political WordPress Themes / Website

HT Politic – For Political WordPress Themes / Website

wp-politic

A
99

HT Politic is a Political WordPress Plugin.

200 2 CVEs
Developer Profile

miniOrange Digital Identity Login Developer Profile

miniOrange

41 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect miniOrange Digital Identity Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/digital-identity-login/admin/css/dev/mo-digital-identity-login-admin.css/wp-content/plugins/digital-identity-login/admin/css/prod/mo-digital-identity-login-admin.min.css/wp-content/plugins/digital-identity-login/admin/css/phone.min.css/wp-content/plugins/digital-identity-login/admin/css/font-awesome.min.css/wp-content/plugins/digital-identity-login/admin/css/fontNunito.min.css/wp-content/plugins/digital-identity-login/admin/js/dev/mo-digital-identity-login-admin.js/wp-content/plugins/digital-identity-login/admin/js/prod/mo-digital-identity-login-admin.min.js/wp-content/plugins/digital-identity-login/admin/js/phone.min.js
Version Parameters
mo-digital-identity-login-admin-css?ver=mo-digital-identity-login-phone-css?ver=mo-digital-identity-login-fontNunito-css?ver=mo-digital-identity-login-admin-js?ver=mo-digital-identity-login-phone-js?ver=

HTML / DOM Fingerprints

CSS Classes
mo_digital_id_utility_object
JS Globals
mo_digital_id_utility_object
FAQ

Frequently Asked Questions about miniOrange Digital Identity Login