WP-Safety

EZ Login | ورود پیامکی و OTP Security & Risk Analysis

wordpress.org/plugins/ez-login

ورود پیامکی (OTP) برای وردپرس + ویجت المنتور + کپچای Cloudflare Turnstile. سبک و سریع (حدود 85 کیلوبایت).

80 active installs v1.4 PHP 7.4+ WP 5.8+ Updated Unknown
%d9%85%d9%88%d8%a8%d8%a7%db%8c%d9%84%d9%88%d8%b1%d9%88%d8%af%da%a9%d8%af%d8%aa%d8%a7%db%8c%db%8c%d8%af%d9%be%db%8c%d8%a7%d9%85%da%a9%d8%a7%d9%84%d9%85%d9%86%d8%aa%d9%88%d8%b1
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EZ Login | ورود پیامکی و OTP Safe to Use in 2026?

Generally Safe

Score 100/100

EZ Login | ورود پیامکی و OTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "ez-login" plugin v1.4 exhibits a generally strong security posture based on the static analysis. The plugin has no known vulnerabilities, and its code demonstrates good practices such as the high percentage of properly escaped output and the use of prepared statements for the majority of its SQL queries. The presence of nonce checks and capability checks on its AJAX handlers is also a positive indicator of security awareness.

However, a key concern arises from the taint analysis, which identified two flows with unsanitized paths. While these did not reach a critical or high severity in this analysis, unsanitized paths are a common precursor to security vulnerabilities, especially if they involve user-supplied input. The plugin also makes external HTTP requests, which, while not inherently insecure, can introduce risks if the remote endpoints are compromised or if data is transmitted insecurely.

Overall, "ez-login" v1.4 appears to be a well-developed plugin with a clean vulnerability history. The primary area for improvement lies in thoroughly sanitizing all paths identified by the taint analysis to mitigate potential future risks. The robust implementation of other security features provides a solid foundation, but the unsanitized paths warrant careful review and remediation.

Key Concerns

  • Taint flows with unsanitized paths
Vulnerabilities
None known

EZ Login | ورود پیامکی و OTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

EZ Login | ورود پیامکی و OTP Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
8
146 escaped
Nonce Checks
6
Capability Checks
3
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

95% escaped154 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ez_login_maybe_override_wp_login_page (includes\force-login.php:11)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EZ Login | ورود پیامکی و OTP Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_ez_login_admin_preview_formincludes\admin-settings.php:220
authwp_ajax_ez_sms_send_otpincludes\sms-login.php:138
noprivwp_ajax_ez_sms_send_otpincludes\sms-login.php:139
authwp_ajax_ez_sms_verify_otpincludes\sms-login.php:433
noprivwp_ajax_ez_sms_verify_otpincludes\sms-login.php:434
authwp_ajax_ez_sms_send_test_otpincludes\sms-login.php:596
authwp_ajax_ez_sms_verify_test_otpincludes\sms-login.php:626

Shortcodes 1

[ez-login] includes\shortcodes.php:71
WordPress Hooks 25
actionplugins_loadedez-login.php:105
filterauthenticateincludes\admin-auth.php:77
actionadmin_enqueue_scriptsincludes\admin-settings.php:36
actionadmin_initincludes\admin-settings.php:51
actionadmin_headincludes\admin-settings.php:68
actionadmin_menuincludes\admin-settings.php:112
actionadmin_initincludes\admin-settings.php:156
actionadmin_noticesincludes\admin-settings.php:176
actionelementor/elements/categories_registeredincludes\elementor-widget.php:16
actionelementor/widgets/registerincludes\elementor-widget.php:26
actionplugins_loadedincludes\elementor-widget.php:34
actionlogin_enqueue_scriptsincludes\force-login.php:41
actionlogin_enqueue_scriptsincludes\force-login.php:42
filterlogin_form_middleincludes\force-login.php:56
actionlogin_initincludes\force-login.php:82
filterlogin_redirectincludes\force-login.php:136
actionadmin_initincludes\force-login.php:161
filterwoocommerce_locate_templateincludes\force-login.php:230
actioninitincludes\google-login.php:127
actionwp_enqueue_scriptsincludes\helpers.php:37
actionelementor/editor/before_enqueue_stylesincludes\helpers.php:39
actionelementor/editor/before_enqueue_scriptsincludes\helpers.php:40
actionelementor/frontend/after_register_stylesincludes\helpers.php:41
actionelementor/frontend/after_register_scriptsincludes\helpers.php:42
actionwp_enqueue_scriptsincludes\styles.php:21
Maintenance & Trust

EZ Login | ورود پیامکی و OTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs80
Alternatives

EZ Login | ورود پیامکی و OTP Alternatives

AWSA Shipping – Advanced Shipping for Woocommerce and Dokan

AWSA Shipping – Advanced Shipping for Woocommerce and Dokan

awsa-shipping

C
63

روش های حمل و نقل با تنظیمات پیشرفته

90 1 unpatched
Rahrayan WP SMS PLUGIN

Rahrayan WP SMS PLUGIN

rahrayan-wp-sms

A
85

این پلاگین توسط شرکت مهندسی ره رایان برای وردپرس و ووکامرس نوشته شده و به شما اجازه می‌دهد پنل پیامک را به وب سایت و فروشگاه اینترنتی خود متصل کنید.

10 No CVEs
افزونه صباپیامک SabaPayamak

افزونه صباپیامک SabaPayamak

sabapayamak

A
85

صباپیامک: ارسال پیامک هنگام رویدادهای مختلف (ورود کاربر، ثبت نظر جدید و...)، ورود دومرحله‌ای کاربران از طریق پیامک، ارسال و مدیریت پیامک‌های مربوط به …

10 No CVEs
المنتور فارسی

المنتور فارسی

persian-elementor

A
100

بسته کامل فارسی‌ساز المنتور با 13 فونت ایرانی، ترجمه المنتور و المنتور پرو، آیکون‌های ایرانی، تقویم شمسی، ویجت‌های نقشه نشان و آپارات.

50K No CVEs
افزونه پیامک ووکامرس Persian WooCommerce SMS

افزونه پیامک ووکامرس Persian WooCommerce SMS

persian-woocommerce-sms

B
72

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

50K 1 unpatched
Developer Profile

EZ Login | ورود پیامکی و OTP Developer Profile

Abolfazl Edalati

2 plugins · 140 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EZ Login | ورود پیامکی و OTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ez-login/assets/js/admin-settings.js/wp-content/plugins/ez-login/assets/js/google-login.js/wp-content/plugins/ez-login/assets/js/sms-login.js/wp-content/plugins/ez-login/assets/css/frontend.css/wp-content/plugins/ez-login/assets/js/frontend.js
Script Paths
/wp-content/plugins/ez-login/assets/js/admin-settings.js/wp-content/plugins/ez-login/assets/js/google-login.js/wp-content/plugins/ez-login/assets/js/sms-login.js/wp-content/plugins/ez-login/assets/js/frontend.js
Version Parameters
ez-login/assets/js/admin-settings.js?ver=ez-login/assets/js/google-login.js?ver=ez-login/assets/js/sms-login.js?ver=ez-login/assets/css/frontend.css?ver=ez-login/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ez-login-form-wrapperez-login-fieldez-login-submitez-login-messageez-login-google-buttonez-sms-login-formez-sms-login-buttonez-captcha-wrapper
HTML Comments
<!-- EZ-Login --><!-- EZ-Login Form Start --><!-- EZ-Login Form End --><!-- EZ-Login Google Button -->+1 more
Data Attributes
data-ez-login-noncedata-ez-login-field-namedata-ez-login-field-type
JS Globals
ezLoginAdminAjaxezLoginFrontendAjaxezGoogleLogin
Shortcode Output
[ez_login_form][ez_sms_login_form][ez_google_login_button]
FAQ

Frequently Asked Questions about EZ Login | ورود پیامکی و OTP