Does Login rebuilder have any unpatched vulnerabilities?

No. All known vulnerabilities in Login rebuilder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Login rebuilder compatible with WordPress 6.9.0?

According to WordPress.org data, Login rebuilder 2.8.8 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Login rebuilder compatible with PHP 5.6+?

Login rebuilder requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Login rebuilder updated?

Login rebuilder was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is Login rebuilder's security score?

Login rebuilder has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Login rebuilder Security & Risk Analysis

wordpress.org/plugins/login-rebuilder

This plugin will create a new login page for your site. You can also create separate login pages for administrators and for other users.

20K active installs v2.8.8 PHP 5.6+ WP 3.2.0+ Updated Jan 19, 2026

A · Safe

CVEs total2

Unpatched0

Last CVEMay 2, 2023

Plugin page Download

Safety Verdict

Is Login rebuilder Safe to Use in 2026?

Generally Safe

Score 99/100

2 known CVEsLast CVE: May 2, 2023Updated 2mo ago

Risk Assessment

The login-rebuilder plugin version 2.8.8 exhibits a generally good security posture with a strong emphasis on implementing proper security checks. The static analysis reveals a commendable lack of critical or high-severity issues in taint analysis and a complete absence of dangerous functions. The code also demonstrates good practices in its use of prepared statements for all SQL queries, a significant number of nonce and capability checks, and robust output escaping for the majority of its outputs.

However, the plugin's history of known vulnerabilities, including past instances of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), indicates a recurring pattern of potential input validation or output sanitization weaknesses. While there are currently no unpatched CVEs, the existence of a past high and medium severity vulnerability warrants continued vigilance. The attack surface, though small and seemingly protected by authentication checks, could still pose a risk if any of those checks are ever found to be insufficient or bypassed.

In conclusion, the login-rebuilder plugin has made significant strides in improving its security, as evidenced by the current static analysis. The use of prepared statements and robust checks are strengths. Nevertheless, the historical vulnerability profile suggests that ongoing security scrutiny and thorough testing are crucial to prevent the re-emergence of similar issues.

Key Concerns

Past high and medium severity vulnerabilities
83% of outputs properly escaped

Vulnerabilities

Login rebuilder Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-2223medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 2, 2023 Patched in 2.8.1 (266d)

CVE-2014-3882high · 8.8Cross-Site Request Forgery (CSRF)

May 14, 2014 Patched in 1.2.0 (3541d)

Code Analysis

Analyzed Mar 16, 2026

Login rebuilder Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

162 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

83% escaped195 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

download_log (login-rebuilder.php:3228)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Login rebuilder Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_login_rebuilder_try_savelogin-rebuilder.php:170

authwp_ajax_login_rebuilder_lock_existslogin-rebuilder.php:171

authwp_ajax_login_rebuilder_download_loglogin-rebuilder.php:172

WordPress Hooks 34

actionadmin_menulogin-rebuilder.php:166

actionadmin_initlogin-rebuilder.php:167

actionadmin_enqueue_scriptslogin-rebuilder.php:168

filterplugin_row_metalogin-rebuilder.php:175

filtersite_urllogin-rebuilder.php:176

filternetwork_site_urllogin-rebuilder.php:177

filterwp_redirectlogin-rebuilder.php:178

actionallow_password_resetlogin-rebuilder.php:179

actionvalidate_password_resetlogin-rebuilder.php:180

actionlogin_initlogin-rebuilder.php:183

actionlogin_initlogin-rebuilder.php:189

actionset_logged_in_cookielogin-rebuilder.php:193

actionwp_login_failedlogin-rebuilder.php:196

filterauthenticatelogin-rebuilder.php:198

filterauthenticatelogin-rebuilder.php:200

filterredirect_canonicallogin-rebuilder.php:208

actiontemplate_redirectlogin-rebuilder.php:209

filterwp_sitemaps_add_providerlogin-rebuilder.php:210

filteroembed_response_datalogin-rebuilder.php:214

filterrest_pre_dispatchlogin-rebuilder.php:217

filteruser_request_action_email_contentlogin-rebuilder.php:220

filterlogin_errorslogin-rebuilder.php:223

filterlogin_messageslogin-rebuilder.php:224

filterdetermine_localelogin-rebuilder.php:226

filterrest_pre_dispatchlogin-rebuilder.php:229

filtersend_auth_cookieslogin-rebuilder.php:233

actionpre_user_querylogin-rebuilder.php:2700

filterxmlrpc_enabledlogin-rebuilder.php:3057

filterauthenticatelogin-rebuilder.php:3059

filterxmlrpc_methodslogin-rebuilder.php:3061

actionpre_pinglogin-rebuilder.php:3063

filterxmlrpc_methodslogin-rebuilder.php:3065

filterpingback_ping_source_urilogin-rebuilder.php:3072

filterxmlrpc_pingback_errorlogin-rebuilder.php:3073

Maintenance & Trust

Login rebuilder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedJan 19, 2026

PHP min version5.6

Downloads259K

Community Trust

Rating100/100

Number of ratings7

Active installs20K

Alternatives

Login rebuilder Alternatives

No alternatives data available yet.

Developer Profile

Login rebuilder Developer Profile

tmatsuur

8 plugins · 21K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

1904 days

View full developer profile

Detection Fingerprints

How We Detect Login rebuilder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/login-rebuilder/css/login-rebuilder.css/wp-content/plugins/login-rebuilder/css/login-rebuilder-admin.css/wp-content/plugins/login-rebuilder/js/login-rebuilder.js/wp-content/plugins/login-rebuilder/js/login-rebuilder-admin.js/wp-content/plugins/login-rebuilder/js/login-rebuilder-admin-setting.js

Script Paths

/wp-content/plugins/login-rebuilder/js/login-rebuilder.js/wp-content/plugins/login-rebuilder/js/login-rebuilder-admin.js/wp-content/plugins/login-rebuilder/js/login-rebuilder-admin-setting.js

Version Parameters

login-rebuilder/css/login-rebuilder.css?ver=login-rebuilder/css/login-rebuilder-admin.css?ver=login-rebuilder/js/login-rebuilder.js?ver=login-rebuilder/js/login-rebuilder-admin.js?ver=login-rebuilder/js/login-rebuilder-admin-setting.js?ver=

HTML / DOM Fingerprints

CSS Classes

login-rebuilder-messagelogin-rebuilder-message-error

HTML Comments

Data Attributes

data-login-rebuilder-noncedata-login-rebuilder-ajax-nonce

JS Globals

login_rebuilder_ajax_object

REST Endpoints

/wp-json/login-rebuilder/v1/settings

FAQ