WP-Safety

Login for Google Apps Security & Risk Analysis

wordpress.org/plugins/google-apps-login

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K active installs v3.5.2 PHP 7.2+ WP 5.5+ Updated May 8, 2025
authenticationgoogleloginoauthsso
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 1, 2022
Plugin page Download
Safety Verdict

Is Login for Google Apps Safe to Use in 2026?

Generally Safe

Score 100/100

Login for Google Apps has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 1, 2022Updated 10mo ago
Risk Assessment

The 'google-apps-login' plugin version 3.5.2 exhibits a generally positive security posture with a strong emphasis on secure coding practices. The absence of any unprotected entry points, a high percentage of properly escaped output, and the exclusive use of prepared statements for SQL queries are commendable. Furthermore, the plugin demonstrates an awareness of WordPress security by implementing nonce and capability checks. However, the presence of the `unserialize` function, even if not immediately exploitable due to limited attack surface, represents a potential point of concern that could be leveraged if input handling were to change in future versions. The plugin's vulnerability history, with a single medium severity Cross-Site Scripting (XSS) vulnerability patched in late 2022, suggests a track record of addressing security issues promptly. While the attack surface is commendably low and no critical or high severity taint flows were detected, the use of `unserialize` warrants careful monitoring and consideration for mitigation if possible.

Key Concerns

  • Use of unserialize function
  • Flows with unsanitized paths
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Login for Google Apps Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-3840medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 1, 2022 Patched in 3.4.5 (418d)
Code Analysis
Analyzed Mar 16, 2026

Login for Google Apps Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
6
118 escaped
Nonce Checks
1
Capability Checks
2
File Operations
14
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize($data);core\Google\Cache\File.php:73

Output Escaping

95% escaped124 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
attempt_upload (core\keyfile_uploader.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Login for Google Apps Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
filterallowed_redirect_hostscore\core_google_apps_login.php:651
actionadmin_noticescore\core_google_apps_login.php:846
actionnetwork_admin_noticescore\core_google_apps_login.php:849
filteruser_profile_picture_descriptioncore\core_google_apps_login.php:856
actionplugins_loadedcore\core_google_apps_login.php:1734
actionlogin_enqueue_scriptscore\core_google_apps_login.php:1736
actionlogin_formcore\core_google_apps_login.php:1737
filterauthenticatecore\core_google_apps_login.php:1738
filterlogin_redirectcore\core_google_apps_login.php:1740
actioninitcore\core_google_apps_login.php:1741
actionadmin_initcore\core_google_apps_login.php:1743
filtergal_get_clientidcore\core_google_apps_login.php:1747
actionupgrader_process_completecore\core_google_apps_login.php:1749
filternetwork_admin_plugin_action_linkscore\core_google_apps_login.php:1752
filterplugin_action_linkscore\core_google_apps_login.php:1755
actionadmin_noticesgoogle_apps_login.php:203
actionnetwork_admin_noticesgoogle_apps_login.php:206
Maintenance & Trust

Login for Google Apps Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 8, 2025
PHP min version7.2
Downloads662K

Community Trust

Rating92/100
Number of ratings64
Active installs10K
Alternatives

Login for Google Apps Alternatives

Log in with Google

Log in with Google

login-with-google

A
100

Minimal plugin that allows WordPress users to log in using Google.

6K No CVEs
DigitaDive Login with Google One Tap

DigitaDive Login with Google One Tap

digitadive-login-with-google-one-tap

A
100

Secure login with Google One Tap and a button for WordPress with a shortcode and site-wide prompt.

0 No CVEs
GOAuth

GOAuth

goauth

A
85

Go and OAuthenticate plugin for WordPress.

0 No CVEs
Login with GitHub

Login with GitHub

login-with-github

A
100

Minimal plugin that allows WordPress users to log in using GitHub.

0 No CVEs
OAuth Single Sign On – SSO (OAuth Client)

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

B
82

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs
Developer Profile

Login for Google Apps Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect Login for Google Apps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/google-apps-login/img/basic_loginupgrade.png/wp-content/plugins/google-apps-login/img/basic_driveplugin.png

HTML / DOM Fingerprints

CSS Classes
gal-tablerightgal-tablecellgaltabul-disc
Data Attributes
id="gal-tableright"id="domain-section"
FAQ

Frequently Asked Questions about Login for Google Apps