Does Fluistr Authentication have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Fluistr Authentication compatible with WordPress 6.8.5?

According to WordPress.org data, Fluistr Authentication 1.2.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Fluistr Authentication compatible with PHP 7.4+?

Fluistr Authentication requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fluistr Authentication updated?

Fluistr Authentication was last updated on May 29, 2025. Frequent updates are generally a positive security signal.

What is Fluistr Authentication's security score?

Fluistr Authentication has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fluistr Authentication Security & Risk Analysis

wordpress.org/plugins/fluistr-authentication

Zero Password - One touch - Two Factor Authentication. Secure your WordPress site with a passwordless, simple and intuitive 2-factor authentication.

10 active installs v1.2.4 PHP 7.4+ WP 6.0+ Updated May 29, 2025

authenticationloginmobile-apppasswordlesstwo-factor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Fluistr Authentication Safe to Use in 2026?

Generally Safe

Score 100/100

Fluistr Authentication has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The fluistr-authentication v1.2.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no known historical vulnerabilities. However, the plugin presents a notable concern regarding its attack surface, with 4 out of 7 AJAX handlers lacking authentication checks. This directly correlates with the taint analysis, which identified 3 critical severity flows with unsanitized paths. These findings suggest a significant risk of unauthorized access and potential manipulation through these unprotected AJAX endpoints. The lack of historical vulnerabilities might indicate diligent development or simply a lack of extensive security auditing or exploitation attempts targeting this specific plugin.

Key Concerns

Unprotected AJAX handlers
Taint flows with unsanitized paths (critical)
Unescaped output detected

Vulnerabilities

None known

Fluistr Authentication Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Fluistr Authentication Release Timeline

v1.2.4Current

v1.2.0

v1.0.1

Code Analysis

Analyzed Apr 16, 2026

Fluistr Authentication Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

72 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

68% escaped106 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

ajax_disconnect (modules/fluistr-login/class.FluistrLoginController.php:362)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Fluistr Authentication Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 7

noprivwp_ajax_fluistr_validate_usernamemodules/fluistr-login/class.FluistrLoginController.php:67

authwp_ajax_fluistr_validate_usernamemodules/fluistr-login/class.FluistrLoginController.php:68

authwp_ajax_fluistr_checkmodules/fluistr-login/class.FluistrLoginController.php:70

noprivwp_ajax_fluistr_checkmodules/fluistr-login/class.FluistrLoginController.php:71

authwp_ajax_fluistr_disconnectmodules/fluistr-login/class.FluistrLoginController.php:73

noprivwp_ajax_fluistr_disconnectmodules/fluistr-login/class.FluistrLoginController.php:74

authwp_ajax_fluistr_users_togglemodules/fluistr-users/ajax-switch.php:70

WordPress Hooks 45

actionadmin_initaddons/addon-caching.php:45

actionwp_fluistr_modulesaddons/addon-caching.php:172

actionfluistr_appsignonaddons/addon-itsec.php:51

actionwp_fluistr_modulesaddons/addon-itsec.php:73

actionfluistr_validate_username_failedaddons/addon-wordfence.php:47

actionfluistr_appsignonaddons/addon-wordfence.php:48

actionfluistr_applogoutaddons/addon-wordfence.php:49

actionwp_fluistr_modulesaddons/addon-wordfence.php:110

actionadmin_noticescore/class.WPFluistrAuth.php:34

actionadmin_initcore/class.WPFluistrAuth.php:35

actioninitcore/class.WPFluistrAuth.php:36

filtershow_password_fieldscore/class.WPFluistrAuth.php:205

actionplugins_loadedfluistr-authentication.php:47

actionlogin_enqueue_scriptsmodules/fluistr-login/class.FluistrLoginController.php:76

filterlogin_headertextmodules/fluistr-login/class.FluistrLoginController.php:77

filterlogin_body_classmodules/fluistr-login/class.FluistrLoginController.php:78

filterlogin_body_classmodules/fluistr-login/class.FluistrLoginController.php:79

actionlogin_headermodules/fluistr-login/class.FluistrLoginController.php:81

actionwp_logoutmodules/fluistr-login/class.FluistrLoginController.php:83

actionlogin_footermodules/fluistr-login/class.FluistrLoginController.php:493

actionlogin_headermodules/fluistr-login/class.FluistrLoginController.php:597

actionwp_fluistr_modulesmodules/fluistr-login/fluistr-login.php:31

filterwp_mail_from_namemodules/fluistr-login/pluggable.php:121

actionadmin_initmodules/fluistr-settings/class.WPFluistrSettingsPage.php:54

actionadmin_menumodules/fluistr-settings/class.WPFluistrSettingsPage.php:56

actionadmin_initmodules/fluistr-settings/class.WPFluistrSettingsPage.php:57

actionadmin_initmodules/fluistr-settings/class.WPFluistrSettingsPage.php:58

filteradd_admin_noticemodules/fluistr-settings/class.WPFluistrSettingsPage.php:142

filteradd_admin_noticemodules/fluistr-settings/class.WPFluistrSettingsPage.php:168

actionadmin_enqueue_scriptsmodules/fluistr-settings/class.WPFluistrSettingsPage.php:181

actionwp_fluistr_initmodules/fluistr-settings/fluistr-settings.php:29

actionwp_fluistr_modulesmodules/fluistr-settings/fluistr-settings.php:33

actionadmin_enqueue_scriptsmodules/fluistr-users/ajax-switch.php:63

actionadmin_footermodules/fluistr-users/ajax-switch.php:64

filtermanage_users_columnsmodules/fluistr-users/fluistr-users.php:33

actionshow_user_profilemodules/fluistr-users/fluistr-users.php:97

actionedit_user_profilemodules/fluistr-users/fluistr-users.php:98

filtermanage_users_custom_columnmodules/fluistr-users/fluistr-users.php:99

actionwp_fluistr_initmodules/fluistr-users/fluistr-users.php:104

actionwp_fluistr_modulesmodules/fluistr-users/fluistr-users.php:107

filteradmin_initmodules/license/class.FluistrLicense.php:47

filterwp_fluistr_sanitize_settings_pagemodules/license/class.FluistrLicense.php:48

actionadmin_noticesmodules/license/class.faLicenseManager.php:66

actionadmin_initmodules/license/class.faLicenseManager.php:69

actionwp_fluistr_modulesmodules/license/license.php:34

Maintenance & Trust

Fluistr Authentication Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 29, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Fluistr Authentication Alternatives

Authyo Passwordless Login

authyo-passwordless-login

100

Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.

0 No CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Duo Two-Factor Authentication

duo-wordpress

100

Easily add Duo Security two-factor authentication to your WordPress website. Enable two-factor authentication for your admins and/or users.

3K No CVEs

Developer Profile

Fluistr Authentication Developer Profile

3D Virge

4 plugins · 100K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

240 days

View full developer profile

Detection Fingerprints

How We Detect Fluistr Authentication

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fluistr-authentication/modules/fluistr-login/assets/fluistr-login.css/wp-content/plugins/fluistr-authentication/modules/fluistr-login/assets/qrcode.min.js/wp-content/plugins/fluistr-authentication/modules/fluistr-login/assets/fluistr-login.min.js

Script Paths

/wp-content/plugins/fluistr-authentication/modules/fluistr-login/assets/fluistr-login.min.js

Version Parameters

fluistr-authentication/modules/fluistr-login/assets/fluistr-login.css?ver=fluistr-authentication/modules/fluistr-login/assets/qrcode.min.js?ver=fluistr-authentication/modules/fluistr-login/assets/fluistr-login.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-plugin-name="fluistr-authentication"

JS Globals

fluistr

FAQ