Does Dynamic Password have any unpatched vulnerabilities?

No. All known vulnerabilities in Dynamic Password have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dynamic Password compatible with WordPress 4.8.28?

According to WordPress.org data, Dynamic Password 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

Is Dynamic Password compatible with PHP 5.4+?

Dynamic Password requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dynamic Password updated?

Dynamic Password was last updated on Sep 26, 2017. Frequent updates are generally a positive security signal.

What is Dynamic Password's security score?

Dynamic Password has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dynamic Password Security & Risk Analysis

wordpress.org/plugins/dynamic-password

Change your PASSWORD dynamically Every Minute! Every Hour! Every Day! Every WeekDay! Every Month or Every Year! AUTOMATICALLY!!!

0 active installs v1.0 PHP 5.4+ WP 3.8+ Updated Sep 26, 2017

dynamicpasswordprotectionsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dynamic Password Safe to Use in 2026?

Generally Safe

Score 85/100

Dynamic Password has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'dynamic-password' plugin v1.0 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs), uses prepared statements for all SQL queries, and has a single nonce check. This suggests some attention to fundamental security practices. However, significant concerns arise from the static analysis. The plugin has a small but concerning attack surface with one unprotected AJAX handler. Furthermore, the taint analysis revealed one flow with unsanitized paths, which, while not classified as critical or high, still presents a potential risk of unintended behavior or data exposure if exploited.

The lack of any recorded vulnerabilities in its history is a strength, indicating a potentially stable codebase. However, this could also be due to a lack of rigorous security auditing or a small user base, making it less of a target. The plugin's most critical weakness is the unprotected AJAX handler, which represents a direct entry point for attackers. The unsanitized path flow also warrants attention. While the overall history is clean, the code analysis itself highlights areas that could be improved to further strengthen its security.

Key Concerns

Unprotected AJAX handler
Flow with unsanitized paths
Low output escaping percentage

Vulnerabilities

None known

Dynamic Password Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Dynamic Password Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

40% escaped15 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

dyPwdPreview (inc\backend.php:127)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Dynamic Password Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_dy_pwd_previewinc\backend.php:27

WordPress Hooks 11

filterwp_authenticate_userinc\authenticate.php:8

actionadmin_menuinc\backend.php:24

actionshow_user_profileinc\backend.php:30

actionedit_user_profileinc\backend.php:31

actionpersonal_options_updateinc\backend.php:34

actionedit_user_profile_updateinc\backend.php:35

actionadmin_enqueue_scriptsinc\backend.php:38

actionadmin_bar_menuinc\backend.php:41

actionadmin_initinc\backend.php:44

actionadmin_noticesinc\backend.php:47

actionlogin_forminc\backend.php:50

Maintenance & Trust

Dynamic Password Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 26, 2017

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Dynamic Password Alternatives

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Protect Uploads

protect-uploads

100

Protect your uploads directory. Prevent browsing, add watermarks, disable right-click, and password-protect files. For more information, visit protect …

30K 1 CVE