Does DocCheck Login have any unpatched vulnerabilities?

No. All known vulnerabilities in DocCheck Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DocCheck Login compatible with WordPress 6.8.5?

According to WordPress.org data, DocCheck Login 1.1.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is DocCheck Login updated?

DocCheck Login was last updated on Aug 12, 2025. Frequent updates are generally a positive security signal.

What is DocCheck Login's security score?

DocCheck Login has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DocCheck Login Security & Risk Analysis

wordpress.org/plugins/doccheck-login

Open source DocCheck plugin for authenticating healthcare professionals via secure DocCheck login integration.

200 active installs v1.1.8 PHP + WP 5.5+ Updated Aug 12, 2025

authenticationdoccheckhcploginmedical

A · Safe

CVEs total1

Unpatched0

Last CVEJul 3, 2025

Download

Safety Verdict

Is DocCheck Login Safe to Use in 2026?

Generally Safe

Score 99/100

DocCheck Login has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 3, 2025Updated 7mo ago

Risk Assessment

The doccheck-login plugin v1.1.8 exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and an impressive 99% of output being properly escaped. The plugin also correctly implements nonce checks and appears to have a limited attack surface, with no unprotected entry points identified. Furthermore, the absence of unpatched vulnerabilities and the low number of identified CVEs (only one historical, now patched) suggest a proactive approach to security maintenance. The taint analysis also indicates no critical or high-severity issues, with only one flow showing unsanitized paths, which warrants attention but isn't immediately critical.

However, there are a few areas that temper the overall positive assessment. The complete lack of capability checks on any of the entry points is a significant concern, as it implies that any authenticated user, regardless of their role, could potentially interact with functionalities that might have unintended consequences or be exploited in conjunction with other vulnerabilities. The presence of one unsanitized path in the taint analysis, while not critical, also suggests a potential for vulnerabilities if not addressed. The historical vulnerability of 'Improper Access Control' also echoes the concern about the lack of capability checks, indicating a recurring pattern that needs vigilance. Despite these points, the plugin's commitment to prepared SQL and output escaping is commendable, making it a reasonably secure option, but with room for improvement in access control.

In conclusion, the doccheck-login plugin v1.1.8 is a relatively well-secured plugin due to its strong data sanitization and SQL practices. The limited attack surface and lack of currently unpatched vulnerabilities are positive indicators. The primary weakness lies in the absence of capability checks across its entry points and a minor untainted path, which, while not critical in this version, could be exploited if combined with other factors or in future versions. Addressing the lack of capability checks would significantly enhance its security posture.

Key Concerns

No capability checks on entry points
1 flow with unsanitized paths
Historical CVE with Improper Access Control

Vulnerabilities

DocCheck Login Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-6786medium · 5.3Improper Access Control

DocCheck Login <= 1.1.5 - Unauthorized Post Access

Jul 3, 2025 Patched in 1.1.6 (22d)

Code Analysis

Analyzed Mar 16, 2026

DocCheck Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

124 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

Output Escaping

99% escaped125 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

dcl_redirect_to_login (client\class-dcl-client.php:576)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DocCheck Login Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[dc-login] client\class-dcl-shortcodes.php:24

[dc-logout-link] client\class-dcl-shortcodes.php:25

[dc-hide-content] client\class-dcl-shortcodes.php:26

[dc-html-sitemap] client\class-dcl-shortcodes.php:27

WordPress Hooks 22

actionplugins_loadedincludes\class-dcl.php:99

actionadmin_initincludes\class-dcl.php:116

actionadmin_menuincludes\class-dcl.php:117

actionadd_meta_boxesincludes\class-dcl.php:127

actionadd_meta_boxesincludes\class-dcl.php:128

actionsave_postincludes\class-dcl.php:129

actionadmin_enqueue_scriptsincludes\class-dcl.php:130

actionadmin_enqueue_scriptsincludes\class-dcl.php:131

filtermanage_posts_columnsincludes\class-dcl.php:139

filtermanage_pages_columnsincludes\class-dcl.php:140

actionmanage_posts_custom_columnincludes\class-dcl.php:141

actionmanage_pages_custom_columnincludes\class-dcl.php:142

actionadmin_headincludes\class-dcl.php:143

actioninitincludes\class-dcl.php:161

actionpre_get_postsincludes\class-dcl.php:162

filterwp_get_nav_menu_itemsincludes\class-dcl.php:163

actiontemplate_redirectincludes\class-dcl.php:164

actionadmin_post_dcl_logoutincludes\class-dcl.php:165

actionadmin_post_nopriv_dcl_logoutincludes\class-dcl.php:166

actioninitincludes\class-dcl.php:174

filternocache_headersincludes\class-dcl.php:182

actionwpincludes\class-dcl.php:183

Maintenance & Trust

DocCheck Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 12, 2025

PHP min version

Downloads12K

Community Trust

Rating20/100

Number of ratings1

Active installs200

Alternatives

DocCheck Login Alternatives

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Limit Login Attempts

limit-login-attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs

WPS Limit Login

wps-limit-login

WPS Limit login limit connection attempts by IP address

100K 3 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Developer Profile

DocCheck Login Developer Profile

DocCheck agency (antwerpes)

1 plugin · 200 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

22 days

View full developer profile

Detection Fingerprints

How We Detect DocCheck Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/doccheck-login/admin/css/chosen.min.css/wp-content/plugins/doccheck-login/admin/js/chosen.jquery.min.js

Script Paths

plugin_dir_url(__FILE__) . 'js/chosen.jquery.min.js'

Version Parameters

doccheck-login/css/chosen.min.css?ver=doccheck-login/js/chosen.jquery.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

dcl_restrict_accessdcl_all_group

Data Attributes

id="dcl_restrict_access"id="dcl_all_group"id="dcl_all_group_wrapper"id="dcl_group_routing_wrapper"name="dcl_restrict_access"name="dcl_all_group"

JS Globals

toggleCheckboxestoggleSelectbox

FAQ