Does JAY Login & Register have any unpatched vulnerabilities?

No. All known vulnerabilities in JAY Login & Register have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is JAY Login & Register compatible with WordPress 6.9.4?

According to WordPress.org data, JAY Login & Register 2.6.05 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is JAY Login & Register updated?

JAY Login & Register was last updated on Feb 15, 2026. Frequent updates are generally a positive security signal.

What is JAY Login & Register's security score?

JAY Login & Register has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JAY Login & Register Security & Risk Analysis

wordpress.org/plugins/jay-login-register

All-in-One Mobile OTP Login, Registration & Content Restriction plugin. Supports SMS, Email, Google, Digits & WooCommerce with Inline Forms.

60 active installs v2.6.05 PHP + WP 5.5+ Updated Feb 15, 2026

digitsgravity-formsloginotpregister

A · Safe

CVEs total3

Unpatched0

Last CVEFeb 7, 2026

Download

Safety Verdict

Is JAY Login & Register Safe to Use in 2026?

Generally Safe

Score 85/100

JAY Login & Register has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 7, 2026Updated 1mo ago

Risk Assessment

The 'jay-login-register' plugin version 2.6.05 exhibits a mixed security posture. On the positive side, it demonstrates good practices in several areas, with a high percentage of SQL queries using prepared statements and a similarly high rate of output escaping. The absence of dangerous functions, file operations, and critical taint flows are also strengths. However, significant concerns arise from the substantial attack surface and the presence of unprotected entry points.

The static analysis reveals 7 AJAX handlers lacking authentication checks, which represent a direct vulnerability. While taint analysis did not find critical or high severity issues in the analyzed flows, the two flows with unsanitized paths are concerning and could potentially lead to vulnerabilities if they interact with sensitive data or functionalities. The plugin's history of vulnerabilities, particularly two critical and one high severity CVEs, is a major red flag. The types of past vulnerabilities, such as Improper Privilege Management and Reliance on Cookies without Validation, suggest recurring issues that attackers might exploit.

In conclusion, while the plugin has some sound security foundations in its coding practices, the unprotected AJAX handlers, the historical trend of critical vulnerabilities, and the presence of unsanitized flows necessitate a cautious approach. The developers need to address the authentication checks on AJAX handlers and ensure all past critical vulnerabilities are thoroughly patched and prevented in future versions.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint analysis
History of 2 critical CVEs
History of 1 high CVE
Reliance on Cookies without Validation history
Improper Privilege Management history

Vulnerabilities

JAY Login & Register Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

3 total CVEs

CVE-2025-15100high · 8.8Improper Privilege Management

JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile

Feb 7, 2026 Patched in 2.6.04 (1d)

CVE-2025-15027critical · 9.8Improper Privilege Management

JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user

Feb 7, 2026 Patched in 2.6.04 (1d)

CVE-2025-14440critical · 9.8Reliance on Cookies without Validation and Integrity Checking

JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie

Dec 12, 2025 Patched in 2.5.01 (7d)

Code Analysis

Analyzed Mar 16, 2026

JAY Login & Register Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

781 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared20 total queries

Output Escaping

97% escaped805 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

jay_login_register_ajax_render_change_phone_form (includes\jay-login-register-ajax-handler.php:1579)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

JAY Login & Register Attack Surface

Entry Points62

Unprotected7

AJAX Handlers 58

noprivwp_ajax_jay_login_register_gf_verify_otpincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:332

authwp_ajax_jay_login_register_gf_verify_otpincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:333

noprivwp_ajax_jay_login_register_gf_resend_otpincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:443

authwp_ajax_jay_login_register_gf_resend_otpincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:444

noprivwp_ajax_jay_login_register_check_user_inputincludes\jay-login-register-ajax-handler.php:106

authwp_ajax_jay_login_register_check_user_inputincludes\jay-login-register-ajax-handler.php:107

noprivwp_ajax_jay_login_register_verify_otp_registerincludes\jay-login-register-ajax-handler.php:384

noprivwp_ajax_jay_login_register_check_national_code_loginincludes\jay-login-register-ajax-handler.php:458

noprivwp_ajax_jay_login_register_check_passport_loginincludes\jay-login-register-ajax-handler.php:496

noprivwp_ajax_jay_login_register_register_with_national_codeincludes\jay-login-register-ajax-handler.php:540

noprivwp_ajax_jay_login_register_register_with_passportincludes\jay-login-register-ajax-handler.php:645

noprivwp_ajax_jay_login_register_verify_email_otp_registerincludes\jay-login-register-ajax-handler.php:694

noprivwp_ajax_jay_login_register_create_final_userincludes\jay-login-register-ajax-handler.php:757

noprivwp_ajax_jay_login_register_login_with_passwordincludes\jay-login-register-ajax-handler.php:1077

noprivwp_ajax_jay_login_register_send_otp_smsincludes\jay-login-register-ajax-handler.php:1131

noprivwp_ajax_jay_login_register_send_otp_baleincludes\jay-login-register-ajax-handler.php:1149

noprivwp_ajax_jay_login_register_send_otp_for_loginincludes\jay-login-register-ajax-handler.php:1193

noprivwp_ajax_jay_login_register_verify_otp_for_loginincludes\jay-login-register-ajax-handler.php:1242

authwp_ajax_jay_login_register_send_change_phone_otpincludes\jay-login-register-ajax-handler.php:1333

authwp_ajax_jay_login_register_verify_change_phone_otpincludes\jay-login-register-ajax-handler.php:1404

authwp_ajax_jay_login_register_resend_change_phone_otpincludes\jay-login-register-ajax-handler.php:1479

noprivwp_ajax_jay_login_register_resend_otpincludes\jay-login-register-ajax-handler.php:1527

authwp_ajax_jay_login_register_render_change_phone_formincludes\jay-login-register-ajax-handler.php:1578

noprivwp_ajax_jay_login_register_handle_eitaa_loginincludes\jay-login-register-ajax-handler.php:1596

noprivwp_ajax_jay_login_register_send_email_otpincludes\jay-login-register-ajax-handler.php:1712

noprivwp_ajax_jay_login_register_verify_email_otpincludes\jay-login-register-ajax-handler.php:1790

noprivwp_ajax_jay_login_register_resend_email_otpincludes\jay-login-register-ajax-handler.php:1848

noprivwp_ajax_jay_login_register_resend_email_otp_registerincludes\jay-login-register-ajax-handler.php:1856

authwp_ajax_jay_login_register_send_test_emailincludes\jay-login-register-ajax-handler.php:1881

noprivwp_ajax_jay_login_register_send_otp_bale_loginincludes\jay-login-register-ajax-handler.php:1915

noprivwp_ajax_jay_login_register_resend_otp_bale_loginincludes\jay-login-register-ajax-handler.php:1968

noprivwp_ajax_jay_check_username_availabilityincludes\jay-login-register-helpers.php:785

noprivwp_ajax_jay_get_inline_lock_formincludes\jay-login-register-inline-handler.php:9

noprivwp_ajax_jay_check_inline_inputincludes\jay-login-register-inline-handler.php:123

noprivwp_ajax_jay_send_inline_otp_specificincludes\jay-login-register-inline-handler.php:350

noprivwp_ajax_jay_verify_inline_otpincludes\jay-login-register-inline-handler.php:500

authwp_ajax_jay_submit_inline_detailsincludes\jay-login-register-inline-handler.php:625

noprivwp_ajax_jay_resend_inline_otp_loginincludes\jay-login-register-inline-handler.php:854

noprivwp_ajax_jay_resend_inline_otp_registerincludes\jay-login-register-inline-handler.php:855

authwp_ajax_jay_toggle_edit_accessincludes\jay-login-register-permission-toggle.php:9

authwp_ajax_jay_panel_send_old_mobile_otpincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:48

authwp_ajax_jay_panel_verify_old_mobileincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:95

authwp_ajax_jay_panel_send_new_mobile_otpincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:142

authwp_ajax_jay_panel_verify_new_mobileincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:231

authwp_ajax_jay_panel_send_old_email_otpincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:282

authwp_ajax_jay_panel_verify_old_emailincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:338

authwp_ajax_jay_panel_send_new_email_otpincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:400

authwp_ajax_jay_panel_verify_new_emailincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:451

authwp_ajax_jay_panel_check_current_passwordincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:496

authwp_ajax_jay_panel_change_password_finalincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:517

authwp_ajax_jay_panel_check_username_liveincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:580

authwp_ajax_jay_panel_update_profileincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:621

authwp_ajax_jay_panel_check_national_code_liveincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:992

authwp_ajax_jay_panel_check_passport_liveincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:1031

authwp_ajax_jay_panel_upload_avatarincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:1067

authwp_ajax_jay_panel_delete_avatarincludes\user-panel\jay-login-register-ajax-handler-user-panel.php:1140

noprivwp_ajax_jay_login_register_get_math_captchajay-login-register.php:297

authwp_ajax_jay_login_register_get_math_captchajay-login-register.php:298

Shortcodes 4

[jay_content_lock] includes\jay-login-register-editor.php:37

[jay_login_register_form] includes\jay-login-register-shortcodes.php:7

[jay_login_register_user_panel] includes\user-panel\jay-login-register-user-panel-shortcode.php:9

[jay_user_time] includes\user-panel\jay-login-register-user-time.php:73

WordPress Hooks 66

actiongform_loadedincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:14

actiongform_field_standard_settingsincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:85

actiongform_editor_jsincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:120

filtergform_validationincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:143

actiongform_enqueue_scriptsincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:259

filtergform_get_form_filterincludes\addons\gravityforms\jay-login-register-gravityforms-addon.php:282

actionadmin_enqueue_scriptsincludes\addons\jay-login-register-addons-loader.php:5

actionadmin_menuincludes\addons\jay-login-register-addons-loader.php:25

actionadmin_initincludes\addons\jay-login-register-addons-loader.php:94

actionwp_dashboard_setupincludes\jay-login-register-dashboard.php:7

actionadmin_enqueue_scriptsincludes\jay-login-register-dashboard.php:135

actionmedia_buttonsincludes\jay-login-register-editor.php:7

actiontemplate_redirectincludes\jay-login-register-helpers.php:95

filterthe_contentincludes\jay-login-register-helpers.php:138

actioninitincludes\jay-login-register-helpers.php:427

actionwp_mail_failedincludes\jay-login-register-helpers.php:542

actionphpmailer_initincludes\jay-login-register-helpers.php:632

actionadd_meta_boxesincludes\jay-login-register-meta-box.php:5

actionsave_postincludes\jay-login-register-meta-box.php:105

actionadmin_enqueue_scriptsincludes\jay-login-register-permission-toggle.php:73

actionjay_render_user_edit_toggleincludes\jay-login-register-permission-toggle.php:101

filterviews_usersincludes\jay-login-register-permission-toggle.php:117

actionjay_login_register_after_toggle_edit_accessincludes\jay-login-register-permission-toggle.php:189

actionpre_get_usersincludes\jay-login-register-permission-toggle.php:197

actionadmin_enqueue_scriptsincludes\jay-login-register-scripts.php:7

actionwp_footerincludes\jay-login-register-scripts.php:44

actionadmin_enqueue_scriptsincludes\jay-login-register-scripts.php:276

actionenqueue_block_editor_assetsincludes\jay-login-register-scripts.php:327

actioninitincludes\jay-login-register-scripts.php:342

actionwp_enqueue_scriptsincludes\jay-login-register-scripts.php:370

actionwp_enqueue_scriptsincludes\jay-login-register-scripts.php:386

actionadmin_menuincludes\jay-login-register-settings.php:6

actionadmin_initincludes\jay-login-register-settings.php:71

actionadmin_initincludes\jay-login-register-settings.php:1587

filtermanage_users_columnsincludes\jay-login-register-user-columns.php:8

actionmanage_users_custom_columnincludes\jay-login-register-user-columns.php:45

filtermanage_users_sortable_columnsincludes\jay-login-register-user-columns.php:88

actionpre_get_usersincludes\jay-login-register-user-columns.php:97

actionadmin_enqueue_scriptsincludes\jay-login-register-user-columns.php:161

filtermanage_users_columnsincludes\jay-login-register-user-columns.php:189

filteruser_row_actionsincludes\jay-login-register-user-switching.php:40

actioninitincludes\jay-login-register-user-switching.php:58

actionwp_footerincludes\jay-login-register-user-switching.php:103

actioninitincludes\jay-login-register-user-switching.php:152

actionadmin_bar_menuincludes\jay-login-register-user-switching.php:209

actionwp_enqueue_scriptsincludes\jay-login-register-user-switching.php:301

actionadmin_enqueue_scriptsincludes\jay-login-register-user-switching.php:302

filterpre_get_avatarincludes\user-panel\jay-login-register-avatar-handler.php:22

actionadmin_initincludes\user-panel\jay-login-register-user-panel-settings.php:9

actionadmin_enqueue_scriptsincludes\user-panel\jay-login-register-user-panel-settings.php:372

actionjay_show_user_timeincludes\user-panel\jay-login-register-user-time.php:57

filtertemplate_includejay-login-register.php:35

actionadmin_noticesjay-login-register.php:49

actionadmin_initjay-login-register.php:50

filterdisplay_post_statesjay-login-register.php:51

actionadmin_initjay-login-register.php:53

actiontemplate_redirectjay-login-register.php:61

actiontemplate_redirectjay-login-register.php:87

actionlogin_initjay-login-register.php:99

actionadmin_initjay-login-register.php:148

filtershow_admin_barjay-login-register.php:176

actionupdate_option_jay_login_register_settingsjay-login-register.php:181

actionadmin_initjay-login-register.php:223

actionjay_relog_display_captchajay-login-register.php:255

actionjay_relog_verify_captchajay-login-register.php:267

filterjay_relog_send_otpjay-login-register.php:331

Maintenance & Trust

JAY Login & Register Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 15, 2026

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs60

Alternatives

JAY Login & Register Alternatives

Wp Social Login and Register Social Counter

wp-social

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs

Theme My Login

theme-my-login

The ultimate login branding solution! Theme My Login offers matchless customization of your WordPress user experience!

60K 4 CVEs

Login & Register Customizer – Popup | Slider | Inline | WooCommerce

easy-login-woocommerce

Replace your old login/registration form with an interactive popup & inline form design

40K 6 CVEs

Google Authenticator

google-authenticator

Google Authenticator for your WordPress blog.

20K 1 CVE

Login Logout Menu

100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE

Developer Profile

JAY Login & Register Developer Profile

jayarsiech

2 plugins · 60 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect JAY Login & Register

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jay-login-register/assets/css/jay-login-register-admin.css/wp-content/plugins/jay-login-register/assets/css/jay-login-register-styles.css/wp-content/plugins/jay-login-register/assets/js/jay-login-register-admin.js/wp-content/plugins/jay-login-register/assets/js/jay-login-register-script.js/wp-content/plugins/jay-login-register/assets/js/jay-login-register-user-panel.js

Script Paths

/wp-content/plugins/jay-login-register/assets/js/jay-login-register-admin.js/wp-content/plugins/jay-login-register/assets/js/jay-login-register-script.js/wp-content/plugins/jay-login-register/assets/js/jay-login-register-user-panel.js

Version Parameters

jay-login-register/assets/css/jay-login-register-admin.css?ver=jay-login-register/assets/css/jay-login-register-styles.css?ver=jay-login-register/assets/js/jay-login-register-admin.js?ver=jay-login-register/assets/js/jay-login-register-script.js?ver=jay-login-register/assets/js/jay-login-register-user-panel.js?ver=

HTML / DOM Fingerprints

CSS Classes

jay-login-register-formjay-login-register-login-formjay-login-register-register-formjay-login-register-otp-formjay-login-register-inline-formjay-login-register-user-paneljay-login-register-dashboard-widget

HTML Comments

Data Attributes

data-plugin="jay-login-register"data-form-type="login"data-form-type="register"data-form-type="otp"

JS Globals

jayLoginRegisterAdminjayLoginRegisterScriptjayLoginRegisterUserPanel

REST Endpoints

/wp-json/jay-login-register/v1/login/wp-json/jay-login-register/v1/register/wp-json/jay-login-register/v1/otp-verification/wp-json/jay-login-register/v1/user-panel/update-profile

Shortcode Output

[jaylogin register_form][jaylogin login_form][jaylogin otp_form][jaylogin inline_form]

FAQ