WP-Safety

Login, Registration and Lost Password Blocks Security & Risk Analysis

wordpress.org/plugins/frontend-login-and-registration-blocks

Login, Registration and Lost Password Blocks plugin provides blocks helps you to add login, register, lost password forms from front end.

30 active installs v1.2.1 PHP 7.4+ WP 6.1+ Updated Jan 7, 2026
custom-loginlogin-blocklogin-formlost-password-blockwp-login
93
A · Safe
CVEs total2
Unpatched0
Last CVEMay 8, 2025
Plugin page Download
Safety Verdict

Is Login, Registration and Lost Password Blocks Safe to Use in 2026?

Generally Safe

Score 93/100

Login, Registration and Lost Password Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 8, 2025Updated 2mo ago
Risk Assessment

The static analysis for the 'frontend-login-and-registration-blocks' plugin v1.2.1 reveals a mixed security posture. While the plugin demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having a relatively clean output escaping rate (71%), there are concerning areas. The presence of 10 AJAX handlers with no apparent authentication checks is a significant weakness, creating a substantial attack surface. Furthermore, the vulnerability history is alarming, with two previously disclosed CVEs, including one critical and one high severity vulnerability, focusing on authorization bypass and unverified password changes. The fact that the last vulnerability was reported as recently as May 8, 2025, and is currently unpatched, is a major red flag.

Key Concerns

  • 10 AJAX handlers without auth checks
  • Unescaped output rate below 90%
  • 1 critical CVE historically
  • 1 high CVE historically
  • Currently unpatched vulnerability
Vulnerabilities
2

Login, Registration and Lost Password Blocks Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1

2 total CVEs

CVE-2025-3605critical · 9.8Authorization Bypass Through User-Controlled Key

Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover

May 8, 2025 Patched in 1.2.0 (100d)
CVE-2025-3607high · 8.8Unverified Password Change

Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset

Apr 23, 2025 Patched in 1.0.9 (92d)
Code Analysis
Analyzed Mar 16, 2026

Login, Registration and Lost Password Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
28
67 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

71% escaped95 total outputs
Attack Surface

Login, Registration and Lost Password Blocks Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

noprivwp_ajax_flrblocksloginhandleinc\class-flr-blocks-login.php:23
authwp_ajax_flrblocksloginhandleinc\class-flr-blocks-login.php:24
noprivwp_ajax_flrblocksresetpasswordhandleinc\class-flr-blocks-lost-password.php:41
authwp_ajax_flrblocksresetpasswordhandleinc\class-flr-blocks-lost-password.php:45
noprivwp_ajax_flrblocksresetrequesthandleinc\class-flr-blocks-lost-password.php:50
authwp_ajax_flrblocksresetrequesthandleinc\class-flr-blocks-lost-password.php:54
noprivwp_ajax_flrblocksregisterhandleinc\class-flr-blocks-registration.php:26
authwp_ajax_flrblocksregisterhandleinc\class-flr-blocks-registration.php:27
noprivwp_ajax_flrblocksusersettingsupdatehandleinc\class-flr-blocks-user-settings.php:26
authwp_ajax_flrblocksusersettingsupdatehandleinc\class-flr-blocks-user-settings.php:30
WordPress Hooks 9
actioninitinc\class-flr-blocks-block-handler.php:23
actionenqueue_block_editor_assetsinc\class-flr-blocks-block-handler.php:24
actionwp_enqueue_scriptsinc\class-flr-blocks-block-handler.php:25
actionwp_login_failedinc\class-flr-blocks-login.php:29
actioninitinc\class-flr-blocks-login.php:34
actionwp_logoutinc\class-flr-blocks-logout.php:48
filterwp_mail_content_typeinc\class-flr-blocks-mail.php:22
actionadmin_menuinc\class-flr-blocks-options.php:30
actionadmin_initinc\class-flr-blocks-options.php:35
Maintenance & Trust

Login, Registration and Lost Password Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 7, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating80/100
Number of ratings3
Active installs30
Alternatives

Login, Registration and Lost Password Blocks Alternatives

MC Login Code

MC Login Code

mc-login-code

A
92

Adds an authentication code field to your login form for better security and a block to brute-force attacks.

10 No CVEs
WPS Hide Login

WPS Hide Login

wps-hide-login

A
95

Change wp-login.php to anything you want.

2.0M 10 CVEs
LoginPress | wp-login Custom Login Page Customizer

LoginPress | wp-login Custom Login Page Customizer

loginpress

A
94

LoginPress is a Custom Login Page Customizer plugin allows you to easily customize the layout of login, admin login, client login, register pages.

200K 6 CVEs
Custom Login Page Customizer

Custom Login Page Customizer

login-customizer

A
94

Custom Login Customizer allows you to easily customize your admin login page, straight from your WordPress Customizer!

90K 1 CVE
All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

A
96

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs
Developer Profile

Login, Registration and Lost Password Blocks Developer Profile

Kadim Gültekin

5 plugins · 750 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
96 days
View full developer profile
Detection Fingerprints

How We Detect Login, Registration and Lost Password Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/frontend-login-and-registration-blocks/admin/css/flr-blocks-admin.css/wp-content/plugins/frontend-login-and-registration-blocks/admin/js/flr-blocks-admin.js/wp-content/plugins/frontend-login-and-registration-blocks/build/login-form/wp-content/plugins/frontend-login-and-registration-blocks/build/register-form/wp-content/plugins/frontend-login-and-registration-blocks/build/reset-password-form/wp-content/plugins/frontend-login-and-registration-blocks/build/user-activation/wp-content/plugins/frontend-login-and-registration-blocks/build/welcome-card/wp-content/plugins/frontend-login-and-registration-blocks/build/user-settings-form+1 more
Script Paths
/wp-content/plugins/frontend-login-and-registration-blocks/admin/js/flr-blocks-admin.js
Version Parameters
/wp-content/plugins/frontend-login-and-registration-blocks/admin/css/flr-blocks-admin.css?ver=/wp-content/plugins/frontend-login-and-registration-blocks/admin/js/flr-blocks-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
flr-blocks-login-formflr-blocks-register-formflr-blocks-reset-password-formflr-blocks-user-activationflr-blocks-welcome-cardflr-blocks-user-settings-formflr-blocks-logout-nav-menu-item
Data Attributes
data-login-formdata-register-formdata-reset-password-formdata-user-activationdata-welcome-carddata-user-settings-form+1 more
JS Globals
window.frontend_login_and_registration_blocks
FAQ

Frequently Asked Questions about Login, Registration and Lost Password Blocks