WP-Safety

Login Registration Kit Security & Risk Analysis

wordpress.org/plugins/login-registration-kit

Simply great frontend user and registration tool. We created it for us but think it will helpful for you too.

0 active installs v1.1 PHP 7.0+ WP 5.5+ Updated Nov 10, 2021
frontend-loginfrontend-registrationlogin-formregistrationuser-profile
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Login Registration Kit Safe to Use in 2026?

Generally Safe

Score 85/100

Login Registration Kit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'login-registration-kit' v1.1 plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of output escaping, significant security concerns are present due to a substantial number of unprotected AJAX handlers. The static analysis revealed 8 AJAX handlers, all of which lack authentication checks, creating a broad attack surface accessible to unauthenticated users. Additionally, two taint analysis flows were found with unsanitized paths, indicating potential vulnerabilities in how data is processed, though they were not classified as critical or high severity.

The plugin's vulnerability history is remarkably clean, with no recorded CVEs, which is a positive indicator of past development diligence. However, the absence of historical vulnerabilities does not negate the immediate risks identified in the current static analysis. The lack of nonce checks across all identified entry points, especially the unprotected AJAX handlers, is a critical oversight. The presence of bundled libraries like Select2 also warrants attention, as outdated versions could introduce known vulnerabilities.

In conclusion, while the plugin benefits from secure SQL handling and good output sanitization, the numerous unprotected AJAX endpoints and the presence of unsanitized path flows pose significant risks. The clean vulnerability history is encouraging but must be weighed against the current static analysis findings. Immediate attention should be given to securing the AJAX handlers and addressing the identified taint flows to improve the overall security of the plugin.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 2 flows with unsanitized paths
  • 0 Nonce checks on entry points
  • Bundled library (Select2)
Vulnerabilities
None known

Login Registration Kit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Login Registration Kit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
78
450 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

85% escaped528 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
output (includes\admin\class-lrk-admin-settings.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Login Registration Kit Attack Surface

Entry Points13
Unprotected8

AJAX Handlers 8

authwp_ajax_lrk_sign_in_actionincludes\frontend\class-lrk-frontend.php:50
noprivwp_ajax_lrk_sign_in_actionincludes\frontend\class-lrk-frontend.php:51
authwp_ajax_lrk_register_actionincludes\frontend\class-lrk-frontend.php:54
noprivwp_ajax_lrk_register_actionincludes\frontend\class-lrk-frontend.php:55
authwp_ajax_lrk_user_settings_updateincludes\frontend\class-lrk-frontend.php:58
noprivwp_ajax_lrk_user_settings_updateincludes\frontend\class-lrk-frontend.php:59
authwp_ajax_lrk_lost_passwordincludes\frontend\class-lrk-frontend.php:62
noprivwp_ajax_lrk_lost_passwordincludes\frontend\class-lrk-frontend.php:63

Shortcodes 5

[user_registration_kit_sign] includes\frontend\class-lrk-frontend.php:37
[user_registration_kit_register] includes\frontend\class-lrk-frontend.php:38
[user_registration_kit_both] includes\frontend\class-lrk-frontend.php:39
[user_registration_kit_my_account] includes\frontend\class-lrk-frontend.php:40
[user_registration_kit_dropdown] includes\frontend\class-lrk-frontend.php:41
WordPress Hooks 22
actioninitincludes\admin\class-lrk-admin.php:23
actioninitincludes\admin\class-lrk-admin.php:32
actionadmin_menuincludes\admin\class-lrk-admin.php:35
actionadmin_initincludes\admin\class-lrk-admin.php:38
actionadmin_enqueue_scriptsincludes\admin\class-lrk-admin.php:41
filternav_menu_meta_box_objectincludes\admin\class-lrk-admin.php:44
actionadmin_noticesincludes\admin\class-lrk-admin.php:90
actionadmin_noticesincludes\admin\class-lrk-admin.php:158
actionwp_enqueue_scriptsincludes\frontend\class-lrk-frontend.php:31
actionwp_enqueue_scriptsincludes\frontend\class-lrk-frontend.php:34
filterblock_categories_allincludes\frontend\class-lrk-frontend.php:44
actioninitincludes\frontend\class-lrk-frontend.php:47
actioninitincludes\frontend\class-lrk-frontend.php:66
filterwp_nav_menu_itemsincludes\frontend\class-lrk-frontend.php:69
actioninitincludes\frontend\class-lrk-frontend.php:72
filterpre_get_avatar_dataincludes\frontend\class-lrk-frontend.php:75
actionwp_footerincludes\frontend\class-lrk-frontend.php:78
actionwp_enqueue_scriptsincludes\frontend\class-lrk-frontend.php:84
actionbp_core_activated_userincludes\frontend\class-lrk-frontend.php:87
actioninitincludes\frontend\class-lrk-frontend.php:90
actionelementor/elements/categories_registeredincludes\frontend\class-lrk-frontend.php:94
actionelementor/widgets/widgets_registeredincludes\frontend\class-lrk-frontend.php:95
Maintenance & Trust

Login Registration Kit Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedNov 10, 2021
PHP min version7.0
Downloads997

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Login Registration Kit Alternatives

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

userswp

A
89

Light weight Front-end login form, User Registration, User Profile and Members Directory plugin.

20K 14 CVEs
Pie Register – User Registration, Profiles & Content Restriction

Pie Register – User Registration, Profiles & Content Restriction

pie-register

D
40

Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more. Pie Register is a User Registration p …

2K 1 unpatched
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B
76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 70 CVEs
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B
76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 41 CVEs
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 30 CVEs
Developer Profile

Login Registration Kit Developer Profile

Crumina

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Login Registration Kit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/login-registration-kit/assets/css/lrk-admin.css/wp-content/plugins/login-registration-kit/assets/css/select2.css/wp-content/plugins/login-registration-kit/assets/js/jquery.tipTip.js/wp-content/plugins/login-registration-kit/assets/js/lrk-admin.js/wp-content/plugins/login-registration-kit/assets/js/selectWoo.full.js
Script Paths
/wp-content/plugins/login-registration-kit/assets/js/lrk-admin.js
Version Parameters
login-registration-kit/assets/css/lrk-admin.css?ver=login-registration-kit/assets/js/jquery.tipTip.js?ver=login-registration-kit/assets/js/lrk-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
lrk-admin-wraplrk-input-grouplrk-input-wraplrk-form-fieldlrk-settings-sectionlrk-form-builder
HTML Comments
<!-- Login Registration Kit Admin Panel -->
Data Attributes
data-lrk-field-typedata-lrk-form-id
JS Globals
window.lrk_admin_optionsvar lrk_form_builder_config
REST Endpoints
/wp-json/lrk/v1/settings/wp-json/lrk/v1/forms
Shortcode Output
[user_registration_kit_my_account][login_registration_kit_form]
FAQ

Frequently Asked Questions about Login Registration Kit