Does Frontend Reset Password have any unpatched vulnerabilities?

No. All known vulnerabilities in Frontend Reset Password have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Frontend Reset Password compatible with WordPress 6.9.4?

According to WordPress.org data, Frontend Reset Password 1.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Frontend Reset Password updated?

Frontend Reset Password was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is Frontend Reset Password's security score?

Frontend Reset Password has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Frontend Reset Password Security & Risk Analysis

wordpress.org/plugins/frontend-reset-password

Let your users reset their forgotten passwords from the frontend of your website.

10K active installs v1.3.3 PHP + WP 4.4+ Updated Jan 30, 2026

loginlost-passwordpasswordreset-password

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Frontend Reset Password Safe to Use in 2026?

Generally Safe

Score 100/100

Frontend Reset Password has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'frontend-reset-password' plugin v1.3.3 presents a generally good security posture, with a strong adherence to secure coding practices. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and a high percentage of properly escaped output are commendable. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs, suggesting a mature and well-maintained codebase. The presence of nonce and capability checks on a majority of its entry points also contributes positively to its security.

However, concerns arise from the identified attack surface. Out of 17 total entry points, 5 are unprotected. This includes a significant number of REST API routes (5 out of 15) that lack permission callbacks and an AJAX handler without authentication checks. While no critical or high-severity taint flows were identified, these unprotected entry points represent potential avenues for unauthorized actions or information disclosure if not properly secured by the application context. The plugin also performs file operations and external HTTP requests, which, while not inherently insecure, warrant careful review in conjunction with the unprotected entry points.

In conclusion, while the plugin demonstrates solid core security practices and a clean vulnerability record, the presence of unprotected entry points in its attack surface is a notable weakness. Addressing these unprotected endpoints with appropriate authentication and authorization checks would significantly strengthen its overall security. The current state suggests a plugin that is largely secure but has specific areas that require developer vigilance.

Key Concerns

Unprotected REST API routes (5)
Unprotected AJAX handler (1)
File operations (6)
External HTTP requests (4)

Vulnerabilities

None known

Frontend Reset Password Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Frontend Reset Password Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

92 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped103 total outputs

Attack Surface

5 unprotected

Frontend Reset Password Attack Surface

Entry Points17

Unprotected5

AJAX Handlers 1

authwp_ajax_wpe_settings_get_post_listincludes\settings\organization\wp-enhanced\class-common-settings.php:127

REST API Routes 15

POST/wp-json/de/v1/validate-licenseincludes\settings\organization\divi-engine\rest-endpoints\class-license-rest-endpoint.php:20

POST/wp-json/de/v1/deactivate-licenseincludes\settings\organization\divi-engine\rest-endpoints\class-license-rest-endpoint.php:26

GET/wp-json/de/v1/get-licensesincludes\settings\organization\divi-engine\rest-endpoints\class-license-rest-endpoint.php:31

GET/wp-json/de/v1/product-categoriesincludes\settings\organization\divi-engine\rest-endpoints\class-rest-endpoint.php:13

GET/wp-json/de/v1/incomplete-achievementsincludes\settings\organization\divi-engine\rest-endpoints\class-rest-endpoint.php:32

GET/wp-json/de/v1/completed-achievementsincludes\settings\organization\divi-engine\rest-endpoints\class-rest-endpoint.php:105

GET/wp-json/de/v1/settings/(?P<plugin>[a-z0-9\-]+)includes\settings\organization\divi-engine\rest-endpoints\class-settings-endpoint.php:4

POST/wp-json/wpe/v1/validate-licenseincludes\settings\organization\wp-enhanced\rest-endpoints\class-license-rest-endpoint.php:19

POST/wp-json/wpe/v1/deactivate-licenseincludes\settings\organization\wp-enhanced\rest-endpoints\class-license-rest-endpoint.php:25

GET/wp-json/wpe/v1/get-licensesincludes\settings\organization\wp-enhanced\rest-endpoints\class-license-rest-endpoint.php:30

GET/wp-json/wpe/v1/incomplete-achievementsincludes\settings\organization\wp-enhanced\rest-endpoints\class-rest-endpoint.php:33

GET/wp-json/wpe/v1/completed-achievementsincludes\settings\organization\wp-enhanced\rest-endpoints\class-rest-endpoint.php:39

GET/wp-json/wpe/v1/plugins-statusincludes\settings\organization\wp-enhanced\rest-endpoints\class-rest-endpoint.php:45

POST/wp-json/wpe/v1/plugin-actionincludes\settings\organization\wp-enhanced\rest-endpoints\class-rest-endpoint.php:51

GET/wp-json/wpe/v1/settings/(?P<plugin>[a-z0-9\-]+)includes\settings\organization\wp-enhanced\rest-endpoints\class-settings-endpoint.php:4

Shortcodes 1

[reset_password] includes\somfrp-functions.php:94

WordPress Hooks 38

actionrest_api_initincludes\settings\common\rest-endpoints\class-error-logs-endpoint.php:16

actionadmin_initincludes\settings\organization\divi-engine\class-common-settings.php:168

actionadmin_menuincludes\settings\organization\divi-engine\class-common-settings.php:171

actionadmin_initincludes\settings\organization\divi-engine\class-common-settings.php:172

actionadmin_enqueue_scriptsincludes\settings\organization\divi-engine\class-common-settings.php:175

actionadmin_headincludes\settings\organization\divi-engine\class-common-settings.php:177

actionrest_api_initincludes\settings\organization\divi-engine\rest-endpoints\class-license-rest-endpoint.php:8

actionrest_api_initincludes\settings\organization\divi-engine\rest-endpoints\class-rest-endpoint.php:8

actionrest_api_initincludes\settings\organization\divi-engine\rest-endpoints\class-settings-endpoint.php:3

actionplugins_loadedincludes\settings\organization\wp-enhanced\class-common-settings.php:114

actionplugins_loadedincludes\settings\organization\wp-enhanced\class-common-settings.php:117

actionadmin_menuincludes\settings\organization\wp-enhanced\class-common-settings.php:120

actionadmin_enqueue_scriptsincludes\settings\organization\wp-enhanced\class-common-settings.php:123

actionadmin_headincludes\settings\organization\wp-enhanced\class-common-settings.php:125

actionrest_api_initincludes\settings\organization\wp-enhanced\rest-endpoints\class-license-rest-endpoint.php:8

actionrest_api_initincludes\settings\organization\wp-enhanced\rest-endpoints\class-rest-endpoint.php:29

actionrest_api_initincludes\settings\organization\wp-enhanced\rest-endpoints\class-settings-endpoint.php:3

actionwpe_settings_register_pluginincludes\settings\specific\settings.php:20

filterwpe_typesense_configsincludes\settings\specific\settings.php:35

filterwpe_option_name_frontend-reset-password-genincludes\settings\specific\settings.php:52

filterwpe_option_name_frontend-reset-password-securityincludes\settings\specific\settings.php:56

filterwpe_option_name_frontend-reset-password-designincludes\settings\specific\settings.php:60

filterwpe_settings_sanitize_frontend-reset-password-genincludes\settings\specific\settings.php:68

filterwpe_settings_sanitize_frontend-reset-password-securityincludes\settings\specific\settings.php:135

filterwpe_settings_sanitize_frontend-reset-password-designincludes\settings\specific\settings.php:150

actioninitincludes\somfrp-functions.php:12

actionwp_enqueue_scriptsincludes\somfrp-functions.php:29

actionadmin_enqueue_scriptsincludes\somfrp-functions.php:37

actionwp_headincludes\somfrp-functions.php:43

filterlostpassword_urlincludes\somfrp-functions.php:83

actiontemplate_redirectincludes\somfrp-functions.php:314

actionsomfrp_post_requestincludes\somfrp-functions.php:328

actionsomfrp_lost_pass_actionincludes\somfrp-functions.php:372

filterwp_mail_content_typeincludes\somfrp-functions.php:428

actionsomfrp_post_requestincludes\somfrp-functions.php:579

actionsomfrp_reset_pass_actionincludes\somfrp-functions.php:639

actionadmin_menusom-frontend-reset-password.php:56

actionadmin_initsom-frontend-reset-password.php:76

Maintenance & Trust

Frontend Reset Password Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version

Downloads167K

Community Trust

Rating88/100

Number of ratings38

Active installs10K

Alternatives

Frontend Reset Password Alternatives

Clean Login

clean-login

A plugin for displaying useful forms in front-end only using shortcodes. Login, Registration, Profile Editor and Lost Password forms

6K 5 CVEs

AJAX Login and Registration modal popup + inline form

ajax-login-and-registration-modal-popup

Easy to integrate modal with Login and Registration features.

4K 2 CVEs

Password Reset Enforcement

password-reset-enforcement

100

Easily enforce password reset for WordPress users. Choose to force password changes site-wide, by user and/or by role, to boost your site's security.

100 No CVEs

Login, Registration and Lost Password Blocks

frontend-login-and-registration-blocks

Login, Registration and Lost Password Blocks plugin provides blocks helps you to add login, register, lost password forms from front end.

30 2 CVEs

WP RSlogin

wp-rslogin

An elegant jQuery Ajax Wordpress plugin that helps your users login without touching in the admin panel.

10 No CVEs

Developer Profile

Frontend Reset Password Developer Profile

Wp Enhanced

2 plugins · 14K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Frontend Reset Password

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/frontend-reset-password/assets/css/som-frontend-reset-password-style.css/wp-content/plugins/frontend-reset-password/assets/js/som-frontend-reset-password.js

Script Paths

/wp-content/plugins/frontend-reset-password/assets/js/som-frontend-reset-password.js

Version Parameters

frontend-reset-password/assets/css/som-frontend-reset-password-style.css?ver=frontend-reset-password/assets/js/som-frontend-reset-password.js?ver=

HTML / DOM Fingerprints

CSS Classes

som-frp-form-wrappersom-frp-login-buttonsom-frp-reset-button

HTML Comments

Data Attributes

data-somfrp-plugin-version="1.3.3"

JS Globals

window.somfrp_vars

REST Endpoints

/wp-json/de-settings/v1/settings/frontend-reset-password/wp-json/de-settings/v1/license/frontend-reset-password

FAQ