Does Ajax Login have any unpatched vulnerabilities?

No. All known vulnerabilities in Ajax Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ajax Login compatible with WordPress 4.3.34?

According to WordPress.org data, Ajax Login 1.0.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Ajax Login updated?

Ajax Login was last updated on Oct 22, 2015. Frequent updates are generally a positive security signal.

What is Ajax Login's security score?

Ajax Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ajax Login Security & Risk Analysis

wordpress.org/plugins/els-ajax-login

Ajax Login is a sample login interface that you login your admin panel by using ajax.

10 active installs v1.0.1 PHP + WP 4.0+ Updated Oct 22, 2015

admin-loginajax-loginajax-admin-loginpage-loginsidebar-ajax-login

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ajax Login Safe to Use in 2026?

Generally Safe

Score 85/100

Ajax Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "els-ajax-login" v1.0.1 plugin exhibits a generally good security posture, particularly concerning its handling of SQL queries and the absence of known vulnerabilities. The static analysis shows that all SQL queries utilize prepared statements, which is a strong defense against SQL injection. Furthermore, the plugin has no recorded CVEs, indicating a stable history with no persistent exploitable flaws. The limited attack surface, with only one AJAX handler and one shortcode, also contributes positively to its security. However, a significant concern arises from the low percentage of properly escaped output (20%). This means that user-supplied data displayed back to the user is likely unescaped in 80% of instances, opening the door for Cross-Site Scripting (XSS) vulnerabilities. The lack of capability checks on the AJAX handler is another potential weakness, as it doesn't enforce user roles or permissions, which could lead to unauthorized actions if combined with other weaknesses or if the AJAX handler performs sensitive operations.

Key Concerns

Low output escaping percentage (20%)
Missing capability checks on AJAX handler

Vulnerabilities

None known

Ajax Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Ajax Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped30 total outputs

Attack Surface

Ajax Login Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

noprivwp_ajax_elsAjaxLoginels-ajax-login.php:100

Shortcodes 1

[els_login] els-ajax-login.php:136

WordPress Hooks 5

actionadmin_menuels-ajax-login.php:25

actionwp_enqueue_scriptsels-ajax-login.php:68

filterwidget_textels-ajax-login.php:142

actionlogin_footerels-ajax-login.php:174

actionwidgets_initels_widget_ajax_login.php:93

Maintenance & Trust

Ajax Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedOct 22, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Ajax Login Alternatives

Admin Custom Login

admin-custom-login

Customize Your WordPress Login Screen Amazingly - Add Own Logo, Add Social Profiles, Login Form Positions, Background Image Slide Show

20K 2 CVEs

Rename wp-admin login

rename-wp-admin-login

100

Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want

7K No CVEs

Email Notification on Login

email-notification-on-login

Receive an email after each successful login with the user information

1K 1 unpatched

Simple Login Notification

simple-login-notification

100

Sends a notification email when admins and other users log in to your site.

1K No CVEs

Use Administrator Password

use-administrator-password

100

900 No CVEs

Developer Profile

Ajax Login Developer Profile

sagormax

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ajax Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/els-ajax-login/js/els-ajax-login-def.js/wp-content/plugins/els-ajax-login/css/els-ajax-login-css.css

Script Paths

/wp-content/plugins/els-ajax-login/js/els-ajax-login-def.js

Version Parameters

els-ajax-login/style.css?ver=1.0.1els-ajax-login/script.js?ver=1.0.1

HTML / DOM Fingerprints

CSS Classes

elsLoginTitleelsLoginStatusels_lost_pwdels_ajax_submit_buttonlogin_button

Data Attributes

id="elsLogin"id="els_username"id="els_password"

JS Globals

els_ajax_objels_backend_obj

Shortcode Output

[els_login][els_login title="Login"][els_login title="Sign In" submit="Join"]

FAQ