WP-Safety

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Security & Risk Analysis

wordpress.org/plugins/easy-login-woocommerce

Replace your old login/registration form with an interactive popup & inline form design

40K active installs v3.1.2 PHP + WP 3.0.1+ Updated Mar 3, 2026
loginpopupregistersignupwoocommerce
94
A · Safe
CVEs total6
Unpatched0
Last CVEJun 19, 2025
Plugin page Download
Safety Verdict

Is Login & Register Customizer – Popup | Slider | Inline | WooCommerce Safe to Use in 2026?

Generally Safe

Score 94/100

Login & Register Customizer – Popup | Slider | Inline | WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Jun 19, 2025Updated 2mo ago
Risk Assessment

The "easy-login-woocommerce" plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, several areas raise concern. The static analysis reveals a notable attack surface with 9 AJAX handlers, of which 4 lack authentication checks, representing a significant potential for unauthorized actions. Furthermore, two flows with unsanitized paths were identified in the taint analysis, although these did not escalate to critical or high severity.

The vulnerability history of this plugin is a major red flag. With 6 known CVEs, including one high and five medium severity vulnerabilities, it indicates a recurring pattern of security weaknesses. The common vulnerability types listed (Missing Authorization, CSRF, XSS) align with the findings from the static analysis, particularly the unprotected AJAX handlers and the potential for unsanitized input. The recency of the last vulnerability (2025-06-19) suggests ongoing security issues. While there are currently no unpatched CVEs, the historical trend necessitates a cautious approach.

In conclusion, the plugin has strengths in its secure SQL handling and output escaping. However, the presence of unprotected AJAX endpoints, unsanitized taint flows, and a history of multiple medium and high severity vulnerabilities, including common types like missing authorization and XSS, significantly increase its risk profile. The plugin is not recommended for use without thorough review and mitigation of identified security concerns, especially the unprotected AJAX endpoints.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 2 flows with unsanitized paths
  • 1 high severity vulnerability in history
  • 5 medium severity vulnerabilities in history
  • Bundled library: Select2
Vulnerabilities
6 published

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
5

6 total CVEs

CVE-2025-50027medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Login/Signup Popup <= 2.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 2.9.5 (22d)
CVE-2025-1064medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode

Feb 19, 2025 Patched in 2.8.6 (1d)
CVE-2024-5665medium · 4.3Missing Authorization

Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure

Jun 5, 2024 Patched in 2.7.3 (1d)
WF-3fa62b8f-1c2f-4bc9-9f2a-8b9765c2d30d-easy-login-woocommercemedium · 4.3Cross-Site Request Forgery (CSRF)

Login/Signup Popup <= 2.3 - Cross-Site Request Forgery to Settings Reset

Jun 26, 2023 Patched in 2.4 (211d)
WF-3b8ea0b1-5050-43fc-8b80-b6a501a607fe-easy-login-woocommercemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.1 - Reflected Cross-Site Scripting

Nov 17, 2021 Patched in 2.2 (797d)
CVE-2020-36715high · 7.4Missing Authorization

Login/Signup Popup < 1.5 - Missing Authorization

May 14, 2020 Patched in 1.5 (1349d)
Version History

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Release Timeline

v3.1.2Current
v3.1.1
v3.1.0
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.9.6
v2.9.5
v2.9.41 CVE
CVE-2025-50027
v2.9.31 CVE
CVE-2025-50027
v2.9.21 CVE
CVE-2025-50027
v2.9.11 CVE
CVE-2025-50027
v2.9.01 CVE
CVE-2025-50027
v2.8.91 CVE
CVE-2025-50027
v2.8.81 CVE
CVE-2025-50027
v2.8.71 CVE
CVE-2025-50027
v2.8.61 CVE
CVE-2025-50027
v2.8.52 CVEs
CVE-2025-50027 CVE-2025-1064
Code Analysis
Analyzed Mar 16, 2026

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
61
340 escaped
Nonce Checks
8
Capability Checks
7
File Operations
2
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

85% escaped401 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
handle_usage_click_response (includes\xoo-framework\admin\class-xoo-admin-settings.php:115)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 9

authwp_ajax_xoo_el_form_actionincludes\class-xoo-el-form-handler.php:18
noprivwp_ajax_xoo_el_form_actionincludes\class-xoo-el-form-handler.php:19
authwp_ajax_xoo_el_code_form_submitincludes\verification\class-xoo-el-code-form.php:57
noprivwp_ajax_xoo_el_code_form_submitincludes\verification\class-xoo-el-code-form.php:58
authwp_ajax_xoo_admin_settings_saveincludes\xoo-framework\admin\class-xoo-admin-settings.php:51
authwp_ajax_xoo_admin_settings_exportincludes\xoo-framework\admin\class-xoo-admin-settings.php:52
authwp_ajax_xoo_admin_settings_importincludes\xoo-framework\admin\class-xoo-admin-settings.php:53
authwp_ajax_xoo_aff_save_settingsxoo-form-fields-fw\admin\class-xoo-aff-fields.php:36
authwp_ajax_xoo_aff_reset_settingsxoo-form-fields-fw\admin\class-xoo-aff-fields.php:43

Shortcodes 3

[xoo_el_action] includes\class-xoo-el-frontend.php:30
[xoo_el_pop] includes\class-xoo-el-frontend.php:32
[xoo_el_inline_form] includes\xoo-el-functions.php:226
WordPress Hooks 94
actioninitadmin\class-xoo-el-admin-settings.php:27
actionadmin_menuadmin\class-xoo-el-admin-settings.php:28
filterxoo_aff_add_fieldsadmin\class-xoo-el-admin-settings.php:32
actionxoo_aff_field_selectoradmin\class-xoo-el-admin-settings.php:33
actionadmin_enqueue_scriptsadmin\class-xoo-el-admin-settings.php:34
actionadmin_footeradmin\class-xoo-el-admin-settings.php:35
actionwp_loadedadmin\class-xoo-el-admin-settings.php:37
actionwp_loadedadmin\class-xoo-el-admin-settings.php:39
actionxoo_tab_page_startadmin\class-xoo-el-admin-settings.php:41
actionxoo_tab_page_endadmin\class-xoo-el-admin-settings.php:46
actionxoo_tab_page_endadmin\class-xoo-el-admin-settings.php:49
filteradmin_body_classadmin\class-xoo-el-admin-settings.php:50
actionxoo_tab_page_startadmin\class-xoo-el-admin-settings.php:51
filtertiny_mce_before_initadmin\class-xoo-el-admin-settings.php:54
actionxoo_admin_settings_easy-login-woocommerce_savedadmin\class-xoo-el-admin-settings.php:59
actionxoo_aff_admin_page_display_startadmin\class-xoo-el-admin-settings.php:63
actionxoo_aff_easy-login-woocommerce_add_predefined_fieldsadmin\class-xoo-el-aff-fields.php:10
filterxoo_aff_easy-login-woocommerce_before_fields_updateadmin\class-xoo-el-aff-fields.php:11
filterxoo_aff_easy-login-woocommerce_default_field_settingsadmin\class-xoo-el-aff-fields.php:12
filterxoo_aff_easy-login-woocommerce_field_setting_optionsadmin\class-xoo-el-aff-fields.php:13
filterxoo_aff_easy-login-woocommerce_default_field_typesadmin\class-xoo-el-aff-fields.php:14
actionxoo_aff_easy-login-woocommerce_add_predefined_fieldsadmin\class-xoo-el-aff-fields.php:16
actionadmin_head-nav-menus.phpadmin\class-xoo-el-menu-settings.php:10
actionshow_user_profileadmin\class-xoo-el-user-profile.php:24
actionedit_user_profileadmin\class-xoo-el-user-profile.php:25
actionpersonal_options_updateadmin\class-xoo-el-user-profile.php:27
actionedit_user_profile_updateadmin\class-xoo-el-user-profile.php:28
filtermanage_users_columnsadmin\class-xoo-el-user-profile.php:30
filtermanage_users_custom_columnadmin\class-xoo-el-user-profile.php:31
actionadmin_noticesincludes\class-xoo-el-core.php:29
actioninitincludes\class-xoo-el-core.php:79
actionadmin_noticesincludes\class-xoo-el-core.php:80
actionadmin_headincludes\class-xoo-el-core.php:81
filterxoo_aff_enable_autocompadrincludes\class-xoo-el-core.php:82
actionadmin_noticesincludes\class-xoo-el-core.php:97
actiontemplate_redirectincludes\class-xoo-el-form-handler.php:22
actiontemplate_redirectincludes\class-xoo-el-form-handler.php:23
filterwp_new_user_notification_emailincludes\class-xoo-el-form-handler.php:24
filterlostpassword_urlincludes\class-xoo-el-form-handler.php:25
filterwoocommerce_get_endpoint_urlincludes\class-xoo-el-form-handler.php:26
actionwoocommerce_reset_password_notificationincludes\class-xoo-el-form-handler.php:28
actionwp_enqueue_scriptsincludes\class-xoo-el-frontend.php:27
actionwp_enqueue_scriptsincludes\class-xoo-el-frontend.php:28
actionwp_footerincludes\class-xoo-el-frontend.php:29
filterxoo_easy-login-woocommerce_get_templateincludes\class-xoo-el-frontend.php:34
actionxoo_el_after_formincludes\class-xoo-el-frontend.php:36
actionxoo_el_login_add_fieldsincludes\class-xoo-el-func.php:35
actionxoo_el_single_add_fieldsincludes\class-xoo-el-func.php:36
filterwoocommerce_email_classesincludes\class-xoo-el-func.php:38
actioninitincludes\verification\class-xoo-el-code-forms.php:39
filterwp_nav_menu_objectsincludes\xoo-el-functions.php:104
actionxoo_el_before_formincludes\xoo-el-functions.php:135
filterwc_get_templateincludes\xoo-el-functions.php:362
actionwoocommerce_edit_account_formincludes\xoo-el-functions.php:422
actionwoocommerce_save_account_detailsincludes\xoo-el-functions.php:450
filterpre_option_woocommerce_registration_generate_passwordincludes\xoo-el-functions.php:458
actioninitincludes\xoo-el-functions.php:461
actionxoo_el_created_customerincludes\xoo-el-functions.php:489
filterxoo_el_login_redirectincludes\xoo-el-functions.php:496
filterxoo_el_registration_redirectincludes\xoo-el-functions.php:501
actioninitincludes\xoo-el-functions.php:506
actionxoo_el_before_headerincludes\xoo-el-functions.php:574
actionxoo_el_after_formincludes\xoo-el-functions.php:597
filterxoo_ml_el_login_form_input_fieldsincludes\xoo-el-functions.php:629
filterxoo_el_register_new_customer_dataincludes\xoo-el-functions.php:645
actioninitincludes\xoo-el-functions.php:658
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:57
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:58
actionadmin_enqueue_scriptsincludes\xoo-framework\admin\class-xoo-admin-settings.php:62
actionwp_loadedincludes\xoo-framework\admin\class-xoo-admin-settings.php:64
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:65
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:66
actionadmin_noticesincludes\xoo-framework\admin\class-xoo-admin-settings.php:72
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:73
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:74
actioninitincludes\xoo-framework\class-xoo-helper.php:41
actionadmin_initincludes\xoo-framework\class-xoo-helper.php:42
filterwp_mail_fromincludes\xoo-framework\class-xoo-helper.php:430
filterwp_mail_from_nameincludes\xoo-framework\class-xoo-helper.php:431
filterwp_mail_content_typeincludes\xoo-framework\class-xoo-helper.php:432
actionplugins_loadedxoo-el-main.php:44
filterxoo_aff_export_optionsxoo-form-fields-fw\admin\class-xoo-aff-admin.php:21
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-admin.php:25
actionadmin_enqueue_scriptsxoo-form-fields-fw\admin\class-xoo-aff-admin.php:26
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-admin.php:27
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-fields.php:30
actioninitxoo-form-fields-fw\admin\class-xoo-aff-fields.php:31
actionadmin_initxoo-form-fields-fw\admin\class-xoo-aff-fields.php:39
actioninitxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:21
actionxoo_tab_page_startxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:24
actionadmin_initxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:30
actioninitxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:31
actionadmin_enqueue_scriptsxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:34
actioninitxoo-form-fields-fw\includes\class-xoo-aff.php:23
Maintenance & Trust

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version
Downloads1.1M

Community Trust

Rating96/100
Number of ratings252
Active installs40K
Alternatives

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Alternatives

Lazy Signin

Lazy Signin

lazy-sign-in

A
100

Lazy Sign in lets you easily create a fully customizable AJAX powered responsive login and sign-up form for your website.

10 No CVEs
Force Authentification Before Checkout for WooCommerce

Force Authentification Before Checkout for WooCommerce

woo-force-authentification-before-checkout

A
100

Force customer to log in or register before checkout

6K No CVEs
WP Telegram Login & Register

WP Telegram Login & Register

wptelegram-login

A
100

Let your users login and register via Telegram, making it easier form them to get started on your website.

1K No CVEs
StranoWeb Ajax Login

StranoWeb Ajax Login

stranoweb-ajax-login

A
85

Stranoweb Ajax Login replaces default Wordpress login, register and lost password forms with a beautiful ajax modal popup and comes with a lot of amaz &hellip;

100 No CVEs
Nss Wooregistration Form

Nss Wooregistration Form

nss-wooregistration-form

A
92

Custom woocommerce login/registration form with custom fields.

70 No CVEs
Developer Profile

Login & Register Customizer – Popup | Slider | Inline | WooCommerce Developer Profile

xootix

6 plugins · 136K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
320 days
View full developer profile
Detection Fingerprints

How We Detect Login & Register Customizer – Popup | Slider | Inline | WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-login-woocommerce/assets/css/xoo-el-admin.css/wp-content/plugins/easy-login-woocommerce/assets/css/xoo-el-frontend.css/wp-content/plugins/easy-login-woocommerce/assets/css/xoo-el-helper.css/wp-content/plugins/easy-login-woocommerce/assets/js/xoo-el-admin.js/wp-content/plugins/easy-login-woocommerce/assets/js/xoo-el-frontend.js/wp-content/plugins/easy-login-woocommerce/assets/js/xoo-el-helper.js
Script Paths
/wp-content/plugins/easy-login-woocommerce/includes/xoo-framework/js/xoo-framework.js
Version Parameters
easy-login-woocommerce/assets/css/xoo-el-admin.css?ver=easy-login-woocommerce/assets/css/xoo-el-frontend.css?ver=easy-login-woocommerce/assets/css/xoo-el-helper.css?ver=easy-login-woocommerce/assets/js/xoo-el-admin.js?ver=easy-login-woocommerce/assets/js/xoo-el-frontend.js?ver=easy-login-woocommerce/assets/js/xoo-el-helper.js?ver=xoo-framework/js/xoo-framework.js?ver=

HTML / DOM Fingerprints

CSS Classes
xoo-el-adpopup-activexoo-el-admin-popupxoo-el-adpopxoo-el-adpopup-headxoo-el-adpop-bottomxoo-eladpop-menuxoo-el-adpop-autoopenxoo-el-adpopup-go+4 more
HTML Comments
<!-- Login & Register Customizer – Popup | Slider | Inline | WooCommerce --><!-- Exit if accessed directly --><!-- Add links to menu --><!-- Add the menu item -->+1 more
Data Attributes
data-xoo-el-option='sy_popup'data-xoo-el-option='gl_ao'data-xoo-el-option='gl_main'
JS Globals
Xoo_El_Core
FAQ

Frequently Asked Questions about Login & Register Customizer – Popup | Slider | Inline | WooCommerce