Does ElIoT Pro Passwordless Login have any unpatched vulnerabilities?

No. All known vulnerabilities in ElIoT Pro Passwordless Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ElIoT Pro Passwordless Login compatible with WordPress 6.1.10?

According to WordPress.org data, ElIoT Pro Passwordless Login 1.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is ElIoT Pro Passwordless Login compatible with PHP 7.0+?

ElIoT Pro Passwordless Login requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ElIoT Pro Passwordless Login updated?

ElIoT Pro Passwordless Login was last updated on Mar 30, 2023. Frequent updates are generally a positive security signal.

What is ElIoT Pro Passwordless Login's security score?

ElIoT Pro Passwordless Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ElIoT Pro Passwordless Login Security & Risk Analysis

wordpress.org/plugins/eliot-pro

ElIoT Pro eliminates passwords using one-time tokens delivered via ultrasounds.

0 active installs v1.0 PHP 7.0+ WP 5.4.1+ Updated Mar 30, 2023

2faauthenticationcybersecuritypasswordlesssonic-authentication

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ElIoT Pro Passwordless Login Safe to Use in 2026?

Generally Safe

Score 85/100

ElIoT Pro Passwordless Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "eliot-pro" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. There are no recorded vulnerabilities, including CVEs, which suggests a generally stable and well-maintained codebase in the past. The absence of file operations and dangerous functions further contributes to a perceived lower risk profile. However, the plugin has a significant security concern: a single REST API route that lacks proper permission callbacks. This creates an unprotected entry point that could be exploited by unauthenticated users. The static analysis also indicates zero nonce checks, which is a concern for AJAX handlers, although there are no AJAX handlers to begin with. The lack of taint analysis results might be due to the plugin's limited complexity or the analysis tool's capabilities. Overall, while the plugin shows strengths in database interaction and output handling, the unprotected REST API route is a critical vulnerability that needs immediate attention. The absence of vulnerabilities in its history is a positive indicator but does not negate the current identified risk.

Key Concerns

Unprotected REST API route
No nonce checks found
High percentage of unescaped output (14%)

Vulnerabilities

None known

ElIoT Pro Passwordless Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ElIoT Pro Passwordless Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped7 total outputs

Attack Surface

1 unprotected

ElIoT Pro Passwordless Login Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/api/login/inc\eliotpro-login.php:12

WordPress Hooks 5

actionadmin_menuinc\eliotpro-class.php:7

actionadmin_initinc\eliotpro-class.php:8

actionadmin_initinc\eliotpro-class.php:9

actionrest_api_initinc\eliotpro-login.php:11

actionlogin_enqueue_scriptsinc\eliotpro-scripts.php:43

Maintenance & Trust

ElIoT Pro Passwordless Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 30, 2023

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ElIoT Pro Passwordless Login Alternatives

Keyless Auth – Login without Passwords

keyless-auth

100

Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.

30 No CVEs

Dolutech Passwordless Login

dolutech-passwordless-login

100

Permite login seguro sem senha com tecnologia passwordless e autenticação de dois fatores (2FA) via TOTP.

0 No CVEs

Two Factor

two-factor

100

Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.

100K No CVEs

WP 2FA – Two-factor authentication for WordPress

wp-2fa

Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.

100K 9 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Developer Profile

ElIoT Pro Passwordless Login Developer Profile

piotrwolski1

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ElIoT Pro Passwordless Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eliot-pro/js/cyberuskey.min.js/wp-content/plugins/eliot-pro/js/integration.js/wp-content/plugins/eliot-pro/css/style.css

Script Paths

/wp-content/plugins/eliot-pro/js/cyberuskey.min.js/wp-content/plugins/eliot-pro/js/integration.js

HTML / DOM Fingerprints

JS Globals

eliotpro_ajax_object

REST Endpoints

/wp-json/api/login/

FAQ