Does Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress 1.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Security & Risk Analysis

wordpress.org/plugins/login-me-now

Login Me Now combines Passwordless Login, Email Magic Links, Phone OTP Verification, Temporary Logins, Social Logins (Google & Facebook), User Swi …

400 active installs v1.15 PHP 7.4+ WP 5.6+ Updated Apr 4, 2026

loginpasswordsecure-loginsocial-loginwp-login

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 26, 2025

Download

Safety Verdict

Is Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Safe to Use in 2026?

Generally Safe

Score 98/100

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 26, 2025Updated 1mo ago

Risk Assessment

The "login-me-now" v1.14 plugin presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and a significant portion of outputs being properly escaped. The presence of numerous nonce and capability checks indicates an effort to secure its entry points. However, the static analysis reveals specific areas of concern, notably the use of the `unserialize` function, which is inherently risky and can lead to remote code execution if not handled with extreme care. Furthermore, the taint analysis identified four high-severity flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited by attackers to manipulate application behavior or gain unauthorized access. The plugin's vulnerability history, with a past high-severity CVE related to Authentication Bypass Using an Alternate Path or Channel, reinforces the importance of scrutinizing its input validation and access control mechanisms.

Key Concerns

Dangerous function detected: unserialize
High severity unsanitized taint flows
History of high severity CVE

Vulnerabilities

1 published

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-1717high · 8.1Authentication Bypass Using an Alternate Path or Channel

Feb 26, 2025 Patched in 1.7.3 (73d)

Version History

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Release Timeline

v1.15Current

v1.14

v1.13

v1.12

v1.11

v1.10

v1.9

v1.8

v1.7.3

v1.7.21 CVE

v1.7.11 CVE

v1.7.01 CVE

v1.6.21 CVE

v1.6.11 CVE

v1.6.01 CVE

v1.5.01 CVE

v1.4.01 CVE

v1.3.31 CVE

v1.3.21 CVE

v1.3.11 CVE

Code Analysis

Analyzed Mar 16, 2026

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

190 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$results[$key]->meta_value = unserialize( $results[$key]->meta_value );app\Models\TemporaryLoginModel.php:118

unserialize$results[$key]->meta_value = unserialize( $results[$key]->meta_value );app\Models\UserToken.php:118

Bundled Libraries

Guzzle

SQL Query Safety

95% prepared19 total queries

Output Escaping

85% escaped224 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

<Controller> (app\Logins\FacebookLogin\Controller.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[login_me_now_facebook_button] app\Logins\FacebookLogin\Button.php:17

[login_me_now_google_button] app\Logins\GoogleLogin\Button.php:17

[login_me_now_email_magic_link_button] app\Logins\MagicLinkLogin\Button.php:17

[login_me_now_phone_otp_button] app\Logins\PhoneOTPLogin\Button.php:17

WordPress Hooks 74

filteradmin_footer_textapp\Admin\Admin.php:22

actionswitch_themeapp\Admin\Appsero\Insights.php:135

actionswitch_themeapp\Admin\Appsero\Insights.php:136

actionadmin_footerapp\Admin\Appsero\Insights.php:153

actionadmin_noticesapp\Admin\Appsero\Insights.php:170

actionadmin_initapp\Admin\Appsero\Insights.php:173

filtercron_schedulesapp\Admin\Appsero\Insights.php:179

filteradmin_headapp\Admin\Menu.php:24

actionadmin_initapp\Admin\Notices\BlackFridayNotice.php:9

actionadmin_noticesapp\Admin\Notices\BlackFridayNotice.php:10

filterlogin_me_now_settings_fieldsapp\Admin\Settings.php:14

actionshow_user_profileapp\Admin\UserProfile.php:15

actionedit_user_profileapp\Admin\UserProfile.php:16

actionpersonal_options_updateapp\Admin\UserProfile.php:17

actionedit_user_profile_updateapp\Admin\UserProfile.php:18

actionuser_profile_update_errorsapp\Admin\UserProfile.php:19

filtermanage_users_columnsapp\Admin\UserProfile.php:21

filtermanage_users_custom_columnapp\Admin\UserProfile.php:22

actionadmin_head-profile.phpapp\Admin\UserProfile.php:24

actionadmin_head-user-edit.phpapp\Admin\UserProfile.php:25

actionadmin_head-users.phpapp\Admin\UserProfile.php:26

actionrest_api_initapp\Common\RouteBase.php:23

actionatbdp_before_login_form_endapp\Integrations\Directorist\Directorist.php:22

actionatbdp_before_user_registration_submitapp\Integrations\Directorist\Directorist.php:23

filterlogin_me_now_settings_fieldsapp\Integrations\Directorist\Settings.php:17

actionedd_login_fields_afterapp\Integrations\EasyDigitalDownloads\EasyDigitalDownloads.php:22

actionedd_register_form_fields_afterapp\Integrations\EasyDigitalDownloads\EasyDigitalDownloads.php:23

filterlogin_me_now_settings_fieldsapp\Integrations\EasyDigitalDownloads\Settings.php:17

actionlogin_form_topapp\Integrations\FluentSupport\FluentSupport.php:22

filterlogin_me_now_settings_fieldsapp\Integrations\FluentSupport\Settings.php:17

filterlogin_me_now_settings_fieldsapp\Integrations\SimpleHistory\Settings.php:17

filtersimple_history/row_sender_image_outputapp\Integrations\SimpleHistory\SimpleHistory.php:21

filterlogin_me_now_settings_fieldsapp\Integrations\WooCommerce\Settings.php:17

actionwoocommerce_login_form_startapp\Integrations\WooCommerce\WooCommerce.php:22

actionlogin_me_now_after_registrationapp\Integrations\WooCommerce\WooCommerce.php:28

filterlogin_me_now_settings_fieldsapp\Logins\BrowserTokenLogin\Settings.php:14

actionlogin_me_now_after_loginapp\Logins\FacebookLogin\Profile.php:13

filterlogin_me_now_settings_fieldsapp\Logins\FacebookLogin\Settings.php:15

filterget_avatar_urlapp\Logins\GoogleLogin\Profile.php:16

actionlogin_me_now_after_loginapp\Logins\GoogleLogin\Profile.php:17

filterlogin_me_now_settings_fieldsapp\Logins\GoogleLogin\Settings.php:15

filterlogin_me_now_settings_fieldsapp\Logins\LinkLogin\Settings.php:12

filterlogin_me_now_settings_fieldsapp\Logins\MagicLinkLogin\Settings.php:14

filterlogin_me_now_settings_fieldsapp\Logins\PhoneOTPLogin\Settings.php:14

filterlogin_me_now_settings_fieldsapp\Logins\UserSwitchingLogin\Settings.php:17

filteruser_has_capapp\Logins\UserSwitchingLogin\user-switching.php:64

filtermap_meta_capapp\Logins\UserSwitchingLogin\user-switching.php:65

filteruser_row_actionsapp\Logins\UserSwitchingLogin\user-switching.php:66

actioninitapp\Logins\UserSwitchingLogin\user-switching.php:67

actioninitapp\Logins\UserSwitchingLogin\user-switching.php:68

actionall_admin_noticesapp\Logins\UserSwitchingLogin\user-switching.php:69

actionwp_logoutapp\Logins\UserSwitchingLogin\user-switching.php:70

actionwp_loginapp\Logins\UserSwitchingLogin\user-switching.php:71

filterms_user_row_actionsapp\Logins\UserSwitchingLogin\user-switching.php:74

filterlogin_messageapp\Logins\UserSwitchingLogin\user-switching.php:75

filterremovable_query_argsapp\Logins\UserSwitchingLogin\user-switching.php:76

actionwp_metaapp\Logins\UserSwitchingLogin\user-switching.php:77

filterplugin_row_metaapp\Logins\UserSwitchingLogin\user-switching.php:78

actionwp_footerapp\Logins\UserSwitchingLogin\user-switching.php:79

actionpersonal_optionsapp\Logins\UserSwitchingLogin\user-switching.php:80

actionadmin_bar_menuapp\Logins\UserSwitchingLogin\user-switching.php:81

actionbp_member_header_actionsapp\Logins\UserSwitchingLogin\user-switching.php:82

actionbp_directory_members_actionsapp\Logins\UserSwitchingLogin\user-switching.php:83

actionbbp_template_after_user_details_menu_itemsapp\Logins\UserSwitchingLogin\user-switching.php:84

actionwoocommerce_login_form_startapp\Logins\UserSwitchingLogin\user-switching.php:85

actionwoocommerce_admin_order_data_after_order_detailsapp\Logins\UserSwitchingLogin\user-switching.php:86

filterwoocommerce_account_menu_itemsapp\Logins\UserSwitchingLogin\user-switching.php:87

filterwoocommerce_get_endpoint_urlapp\Logins\UserSwitchingLogin\user-switching.php:88

actionswitch_to_userapp\Logins\UserSwitchingLogin\user-switching.php:89

actionswitch_back_userapp\Logins\UserSwitchingLogin\user-switching.php:90

filterattach_session_informationapp\Logins\UserSwitchingLogin\user-switching.php:1423

actionplugins_loadedapp\Logins\UserSwitchingLogin\UserSwitchingLogin.php:23

filtercron_schedulesapp\Utils\Cron.php:19

actionplugins_loadedlogin-me-now.php:48

Maintenance & Trust

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 4, 2026

PHP min version7.4

Downloads14K

Community Trust

Rating100/100

Number of ratings9

Active installs400

Alternatives

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Alternatives

Temporary Login Without Password

temporary-login-without-password

100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE

Password Reset Enforcement

password-reset-enforcement

100

Easily enforce password reset for WordPress users. Choose to force password changes site-wide, by user and/or by role, to boost your site's security.

100 No CVEs

NoMorePass Login

nomorepass-forget-your-passwords

Use your mobile phone to login into wordpress. Allow users instant registration. Fully protection against force brute attacks

70 No CVEs

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form

100

Create secure self-expiring login links for temporary access and guest users, and enable passwordless login for registered ones.

40 No CVEs

Login, Registration and Lost Password Blocks

frontend-login-and-registration-blocks

Login, Registration and Lost Password Blocks plugin provides blocks helps you to add login, register, lost password forms from front end.

30 2 CVEs

Developer Profile

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Developer Profile

Pluginly

2 plugins · 460 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

73 days

View full developer profile

Detection Fingerprints

How We Detect Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

user-switching-wrap

Data Attributes

id="user_switching_switcher"

FAQ

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Security & Risk Analysis

Is Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Safe to Use in 2026?

Generally Safe

Key Concerns

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Release Timeline

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Attack Surface

Shortcodes 4

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Maintenance & Trust

Maintenance Signals

Community Trust

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Alternatives

Temporary Login Without Password

Password Reset Enforcement

NoMorePass Login

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form

Login, Registration and Lost Password Blocks

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress Developer Profile

How We Detect Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress