IDer Login for WordPress Security & Risk Analysis
wordpress.org/plugins/ider-loginThis plugin provides functionality to register and connect to your WordPress via IDer Service.
Is IDer Login for WordPress Safe to Use in 2026?
Mostly Safe
Score 71/100IDer Login for WordPress is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.
The 'ider-login' plugin v2.1 exhibits a mixed security posture. On one hand, it demonstrates good practices by not making external HTTP requests, using prepared statements for all SQL queries, and having no critical or high severity taint flows. The attack surface also appears minimal with no unprotected entry points. However, significant concerns arise from the code analysis. A very low percentage of output is properly escaped (19%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the complete absence of nonce checks and capability checks for its entry points is a major security oversight, leaving it vulnerable to various forms of exploitation, especially if any user input is processed. The vulnerability history further compounds these concerns, with one known medium severity CVE related to XSS that is currently unpatched. This suggests a pattern of input sanitization issues that have not been fully addressed. While the plugin's core database interactions are secure, the handling of output and lack of authorization checks on its entry points present substantial risks that need immediate attention.
Key Concerns
- Unpatched medium CVE
- Low output escaping percentage
- Missing nonce checks
- Missing capability checks
IDer Login for WordPress Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
IDer Login for WordPress Code Analysis
Output Escaping
IDer Login for WordPress Attack Surface
Shortcodes 2
WordPress Hooks 18
Maintenance & Trust
IDer Login for WordPress Maintenance & Trust
Maintenance Signals
Community Trust
IDer Login for WordPress Alternatives
OAuth Single Sign On – SSO (OAuth Client)
miniorange-login-with-eve-online-google-facebook
WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].
WP OAuth Server ( Login with WordPress )
miniorange-oauth-20-server
Single Sign-On using WordPress - Login with WordPress to your application/sites using your WordPress account. [24/7 Support]
SAML IDP (Identity Provider) – Login with Website Users
miniorange-wp-as-saml-idp
Single sign on (SSO) login with WordPress Users into any Service Provider like Tableau, Thinkific, Zoom, Moodle LMS, Canvas LMS, Absorb LMS, TalentLMS
Snapplify Single Sign On
snapplify-single-sign-on
WordPress User Single Sign On authentication with a Snapplify User Account.
OpenID Connect Generic Client
daggerhart-openid-connect-generic
A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.
IDer Login for WordPress Developer Profile
60 plugins · 714K total installs
How We Detect IDer Login for WordPress
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/ider-login/assets/css/admin.css/wp-content/plugins/ider-login/assets/js/admin.js/wp-content/plugins/ider-login/assets/js/admin.jsider-login/style.css?ver=ider-login/script.js?ver=wposso_admin?ver=HTML / DOM Fingerprints
toplevel_page_wposso_settingsname="wposso_options[client_id]"name="wposso_options[client_secret]"name="wposso_options[extra_scopes]"name="wposso_options[login_form_button]"IDERConnect\IDEROpenIDClient::$IDERRedirectURLIDER_PLUGIN_URL[ider_login_button]