WP-Safety

Email OTP Authenticator – Login, Register, 2FA & Session Lock Security & Risk Analysis

wordpress.org/plugins/email-otp-authenticator

An advanced OTP-powered plugin for Login, Registration, 2FA Protection and Dynamic Session Security. It is FAST, FRIENDLY, SMART, SMOOTH & SECURE.

100 active installs v6.3.5 PHP 7.3+ WP + Updated Mar 27, 2026
email-otpotp-loginpasswordless-loginsession-securitywordpress-2fa
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Email OTP Authenticator – Login, Register, 2FA & Session Lock Safe to Use in 2026?

Generally Safe

Score 100/100

Email OTP Authenticator – Login, Register, 2FA & Session Lock has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "email-otp-authenticator" plugin version 6.3.4 exhibits a generally strong security posture, characterized by robust use of prepared statements for SQL queries and a high percentage of properly escaped output. The plugin also demonstrates good practice by implementing nonce and capability checks on its entry points, including AJAX handlers. The absence of known CVEs and a clean vulnerability history further bolster confidence in its security. However, the presence of two instances of the `unserialize()` function warrants caution, as it can be a significant security risk if not handled with extreme care, particularly concerning user-supplied data. While no critical taint flows were identified in the static analysis, the potential for unserialize vulnerabilities should be a focus for future audits.

Key Concerns

  • Dangerous function unserialize() used
Vulnerabilities
None known

Email OTP Authenticator – Login, Register, 2FA & Session Lock Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Email OTP Authenticator – Login, Register, 2FA & Session Lock Release Timeline

v6.3.5Current
v6.3.4
v6.3.3
v6.3.2
v6.2.4
v6.2.3
v6.2.0
v6.1.1
v6.0.1
v6.0.0
v5.3.5
v5.2.6
v5.2.5
v5.2.1
v5.2.0
v5.1.2
v5.1.1
v5.0.1
v4.8.2
v4.7.5
Code Analysis
Analyzed Mar 16, 2026

Email OTP Authenticator – Login, Register, 2FA & Session Lock Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
26
160 escaped
Nonce Checks
4
Capability Checks
5
File Operations
18
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$templatesdata = unserialize($templatesdata);email-otp-authenticator.php:115
unserialize$templatesdata = unserialize($templatesdata);templates.php:44

Output Escaping

86% escaped186 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
emailotpauthn_update_settings (email-otp-authenticator.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Email OTP Authenticator – Login, Register, 2FA & Session Lock Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_emailotpauthntmplaplyemail-otp-authenticator.php:43
authwp_ajax_emailotpauthntpactionemail-otp-authenticator.php:44
noprivwp_ajax_emailotpauthnactionlib_old\emailotpauthn-class.php:21

Shortcodes 1

[email_otp_authn] lib_old\emailotpauthn-class.php:23
WordPress Hooks 12
filtermanage_nav-menus_columnsemail-otp-authenticator.php:35
actionwp_nav_menu_item_custom_fieldsemail-otp-authenticator.php:36
actionwp_update_nav_menu_itememail-otp-authenticator.php:37
filternav_menu_link_attributesemail-otp-authenticator.php:38
actionadmin_initemail-otp-authenticator.php:40
actionadmin_menuemail-otp-authenticator.php:41
actionadmin_post_emailotpauthnsettingsemail-otp-authenticator.php:45
actionwp_footerlib_old\emailotpauthn-class.php:20
actionwp_enqueue_scriptslib_old\emailotpauthn-class.php:22
filterpre_set_site_transient_update_pluginslib_old\wp_autoupdate.php:78
filterplugins_apilib_old\wp_autoupdate.php:81
actionupgrader_process_completelib_old\wp_autoupdate.php:84
Maintenance & Trust

Email OTP Authenticator – Login, Register, 2FA & Session Lock Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 27, 2026
PHP min version7.3
Downloads9K

Community Trust

Rating100/100
Number of ratings11
Active installs100
Alternatives

Email OTP Authenticator – Login, Register, 2FA & Session Lock Alternatives

Authyo Passwordless Login

Authyo Passwordless Login

authyo-passwordless-login

A
100

Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.

0 No CVEs
User Verification by PickPlugins

User Verification by PickPlugins

user-verification

A
87

Email verification for user registration to protect spam.

5K 4 CVEs
VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)

ventraconnect-social-login

A
100

Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.

30 No CVEs
Password Less Login

Password Less Login

password-less-login

A
100

A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.

0 No CVEs
Temporary Login Without Password

Temporary Login Without Password

temporary-login-without-password

A
100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE
Developer Profile

Email OTP Authenticator – Login, Register, 2FA & Session Lock Developer Profile

cs7.in

2 plugins · 100 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email OTP Authenticator – Login, Register, 2FA & Session Lock

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-login-register-template.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-login-register-template-dark.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-login-register-template-light.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-public-style.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-public-style-dark.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-public-style-light.css/wp-content/plugins/email-otp-authenticator/css/emailotpauthn-theme-builder.css/wp-content/plugins/email-otp-authenticator/js/emailotpauthn-public-scripts.js+1 more
Script Paths
https://eotpa.cs7.in/api_server/emailotpauthn-class-extreme_demo.txt
Version Parameters
email-otp-authenticator/css/emailotpauthn-login-register-template.css?ver=email-otp-authenticator/css/emailotpauthn-login-register-template-dark.css?ver=email-otp-authenticator/css/emailotpauthn-login-register-template-light.css?ver=email-otp-authenticator/css/emailotpauthn-public-style.css?ver=email-otp-authenticator/css/emailotpauthn-public-style-dark.css?ver=email-otp-authenticator/css/emailotpauthn-public-style-light.css?ver=email-otp-authenticator/css/emailotpauthn-theme-builder.css?ver=email-otp-authenticator/js/emailotpauthn-public-scripts.js?ver=email-otp-authenticator/js/emailotpauthn-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
emailotpauthn_login_form_containeremailotpauthn_register_form_containeremailotpauthn_lostpassword_form_containeremailotpauthn_template_id_1emailotpauthn_template_id_2emailotpauthn_template_id_3emailotpauthn_admin_noticeemailotpauthn_template_applied+1 more
HTML Comments
<!-- emailotpauthn_login_form_container --><!-- emailotpauthn_register_form_container --><!-- emailotpauthn_lostpassword_form_container --><!-- emailotpauthn_template_id_1 -->+3 more
Data Attributes
data-emailotpauthn-noncedata-emailotpauthn-action
JS Globals
emailotpauthn_public_ajax_objectemailotpauthn_admin_ajax_objectemailotpauthn_settings_nonceemailotpauthn_tmpl_nonceemailotpauthn_tp_nonce
REST Endpoints
/wp-json/emailotpauthn/v1/settings/wp-json/emailotpauthn/v1/template/apply
Shortcode Output
[email_otp_authn_login_form][email_otp_authn_register_form][email_otp_authn_lostpassword_form][email_otp_authn_templates]
FAQ

Frequently Asked Questions about Email OTP Authenticator – Login, Register, 2FA & Session Lock