WP-Safety

WP Login and Register using JWT Security & Risk Analysis

wordpress.org/plugins/login-register-using-jwt

WordPress login (WordPress Single Sign-On) using JWT token obtained from other WordPress sites or any other application. Synchronize user sessions bet …

200 active installs v3.2.0 PHP 5.6+ WP 3.0.1+ Updated Dec 11, 2025
apijson-web-tokenjwtloginsingle-sign-on
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 18, 2025
Plugin page Download
Safety Verdict

Is WP Login and Register using JWT Safe to Use in 2026?

Generally Safe

Score 99/100

WP Login and Register using JWT has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 18, 2025Updated 3mo ago
Risk Assessment

The 'login-register-using-jwt' plugin version 3.2.0 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for SQL queries and a high percentage of properly escaped outputs, significant concerns remain. The presence of one unprotected AJAX handler represents a direct attack vector. Taint analysis indicates unsanitized paths, suggesting potential for unexpected behavior or vulnerabilities if user input is not handled carefully, although no critical or high severity flows were detected. The plugin's history includes one medium-severity vulnerability, which was reportedly patched, and the absence of currently unpatched CVEs is a positive sign. However, the common vulnerability type of 'Missing Authorization' in its history, coupled with the unprotected AJAX handler in the current static analysis, suggests a recurring weakness that warrants attention. Overall, the plugin has strengths in data handling but requires vigilance regarding access control for its entry points.

Key Concerns

  • Unprotected AJAX handler
  • Taint analysis shows unsanitized paths
  • Past medium vulnerability (though patched)
Vulnerabilities
1

WP Login and Register using JWT Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12822medium · 4.3Missing Authorization

WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure

Nov 18, 2025 Patched in 3.1.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

WP Login and Register using JWT Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
28
343 escaped
Nonce Checks
11
Capability Checks
3
File Operations
58
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserializeextract(unserialize($partial));classes\common\JWT\RSAUtils\RSA.php:678

Output Escaping

92% escaped371 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
miniorange_jwt_save_settings (classes\common\Settings\class-settings.php:70)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Login and Register using JWT Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_mo_jwt_generate_new_api_keyclasses\common\Methods\class-jwtregister.php:119
WordPress Hooks 12
actionadmin_menuclasses\common\Base\class-basestructure.php:41
actionadmin_enqueue_scriptsclasses\common\Base\class-loader.php:40
actionadmin_enqueue_scriptsclasses\common\Base\class-loader.php:41
actionmo_clear_plug_cacheclasses\common\class-mjutils.php:54
actionadmin_noticesclasses\common\class-mjutils.php:95
actionadmin_noticesclasses\common\class-mjutils.php:124
actioninitclasses\common\JWTFlowHandler\class-jwtflowhandler.php:67
actionrest_api_initclasses\common\JWTFlowHandler\class-jwtflowhandler.php:68
actionadmin_initclasses\common\Settings\class-settings.php:59
actionadmin_initclasses\common\Settings\class-settings.php:60
actionadmin_initclasses\Free\class-freesettings.php:46
actionadmin_footerclasses\Free\class-freesettings.php:47
Maintenance & Trust

WP Login and Register using JWT Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version5.6
Downloads8K

Community Trust

Rating100/100
Number of ratings5
Active installs200
Alternatives

WP Login and Register using JWT Alternatives

Simple JWT Login – Allows you to use JWT on REST endpoints.

Simple JWT Login – Allows you to use JWT on REST endpoints.

simple-jwt-login

B
70

Enhance the WordPress REST API with JWT authentication for secure access by mobile apps, external sites, and third-party services.

5K 1 unpatched
Hippoo Auth

Hippoo Auth

hippoo-auth

A
100

Extend your WooCommerce Store API with secure authentication endpoints for social and manual login. Ideal for custom apps, headless themes, or fronten &hellip;

0 No CVEs
Simple JWT Auth

Simple JWT Auth

simple-jwt-auth

A
92

Extends the WP REST API using JSON Web Tokens for robust authentication, providing a secure and reliable way to access and manage WordPress data.

0 No CVEs
TokenLink SSO Login for Zendesk

TokenLink SSO Login for Zendesk

tokenlink-sso-login-for-zendesk

A
100

Provides secure JWT-based single sign-on (SSO) between WordPress and Zendesk. No third-party plugins, no tracking, no bloat. Totally free.

0 No CVEs
Twelve Legs Marketing SSO

Twelve Legs Marketing SSO

twelve-legs-marketing-sso

A
100

Single sign-on plugin for WordPress that accepts RS256 JWTs from the TWL SSO application for secure authentication.

0 No CVEs
Developer Profile

WP Login and Register using JWT Developer Profile

miniOrange

38 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect WP Login and Register using JWT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/login-register-using-jwt/resources/css/style_settings.min.css/wp-content/plugins/login-register-using-jwt/resources/css/phone.min.css/wp-content/plugins/login-register-using-jwt/resources/css/bootstrap/bootstrap.min.css/wp-content/plugins/login-register-using-jwt/resources/js/settings.min.js/wp-content/plugins/login-register-using-jwt/resources/js/phone.min.js
Version Parameters
login-register-using-jwt/resources/css/style_settings.min.css?ver=login-register-using-jwt/resources/css/phone.min.css?ver=login-register-using-jwt/resources/css/bootstrap/bootstrap.min.css?ver=login-register-using-jwt/resources/js/settings.min.js?ver=login-register-using-jwt/resources/js/phone.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
mo_jwt_admin_settings_stylemo_jwt_admin_settings_phone_stylemo-jwt_license
Data Attributes
data-tab
JS Globals
MJ_URL
FAQ

Frequently Asked Questions about WP Login and Register using JWT