Does Email Notification on Login have any unpatched vulnerabilities?

Yes — Email Notification on Login currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Email Notification on Login compatible with WordPress 6.9.4?

According to WordPress.org data, Email Notification on Login 1.7.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Notification on Login compatible with PHP 5.5+?

Email Notification on Login requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Email Notification on Login updated?

Email Notification on Login was last updated on Jan 27, 2026. Frequent updates are generally a positive security signal.

What is Email Notification on Login's security score?

Email Notification on Login has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Notification on Login Security & Risk Analysis

wordpress.org/plugins/email-notification-on-login

Receive an email after each successful login with the user information

1K active installs v1.7.0 PHP 5.5+ WP 4.0.1+ Updated Jan 27, 2026

admin-login-notificationemail-notificationemail-notify-on-admin-loginemail-notify-on-loginlogin-notification

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMay 7, 2025

Download

Safety Verdict

Is Email Notification on Login Safe to Use in 2026?

Mostly Safe

Score 78/100

Email Notification on Login is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: May 7, 2025Updated 2mo ago

Risk Assessment

The "email-notification-on-login" plugin version 1.7.0 presents a mixed security posture. On the positive side, the static analysis shows no direct attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events, and all SQL queries utilize prepared statements. However, a significant concern is the low percentage (25%) of properly escaped output, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The absence of nonces on any entry points, while not explicitly a risk given the limited attack surface, is a missed security best practice that could be problematic if new entry points were added without proper security controls. The vulnerability history is a major red flag, with one known medium severity CVE for XSS that remains unpatched. This suggests a history of security weaknesses that are not being adequately addressed, posing a real risk to users.

Key Concerns

Unpatched Medium Severity CVE
Low percentage of properly escaped output
Missing nonce checks on entry points

Vulnerabilities

Email Notification on Login Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-47622medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Notification on Login <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Email Notification on Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped4 total outputs

Attack Surface

Email Notification on Login Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionwp_loginemail-notification-on-login.php:124

actionwp_logoutemail-notification-on-login.php:126

actionadmin_initemail-notification-on-login.php:160

actionadmin_initemail-notification-on-login.php:177

actionadmin_menuemail-notification-on-login.php:179

actioninitemail-notification-on-login.php:199

Maintenance & Trust

Email Notification on Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version5.5

Downloads20K

Community Trust

Rating76/100

Number of ratings11

Active installs1K

Alternatives

Email Notification on Login Alternatives

Simple Login Notification

simple-login-notification

100

Sends a notification email when admins and other users log in to your site.

1K No CVEs

Email notification on admin login

email-notification-on-admin-login

Sends an email to a pointed email address when an admin user logs in

200 No CVEs

Kaya Login Notification

kaya-login-notification

100

Sends email notification on successful login, with fully customizable settings.

100 No CVEs

KolorWeb Access Admin Notification: extreme rescue for unauthorized admin logins

kolorweb-access-admin-notification

100

Extreme rescue for unauthorized admin logins.

70 No CVEs

The Hack Repair Guy's Admin Login Notifier

the-hack-repair-guys-admin-login-notifier

The Hack Repair Guy's Admin Login Notifier notifies you the moment an Administrator user logs into your WordPress dashboard.

100 No CVEs

Developer Profile

Email Notification on Login Developer Profile

apasionados

28 plugins · 61K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

326 days

View full developer profile

Detection Fingerprints

How We Detect Email Notification on Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ