Does Login With Ajax – Fast Logins, 2FA, Redirects have any unpatched vulnerabilities?

No. All known vulnerabilities in Login With Ajax – Fast Logins, 2FA, Redirects have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Login With Ajax – Fast Logins, 2FA, Redirects compatible with WordPress 6.9.4?

According to WordPress.org data, Login With Ajax – Fast Logins, 2FA, Redirects 4.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Login With Ajax – Fast Logins, 2FA, Redirects compatible with PHP 5.2+?

Login With Ajax – Fast Logins, 2FA, Redirects requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Login With Ajax – Fast Logins, 2FA, Redirects updated?

Login With Ajax – Fast Logins, 2FA, Redirects was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Login With Ajax – Fast Logins, 2FA, Redirects's security score?

Login With Ajax – Fast Logins, 2FA, Redirects has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Login With Ajax – Fast Logins, 2FA, Redirects Security & Risk Analysis

wordpress.org/plugins/login-with-ajax

Add beautiful login forms with smooth AJAX login/registration effects, 2FA support, custom redrection options and many more login-related features!

20K active installs v4.5.1 PHP 5.2+ WP 4.8+ Updated Dec 3, 2025

2faloginpasskeysregistrationsecurity

A · Safe

CVEs total6

Unpatched0

Last CVEApr 10, 2024

Plugin page Download

Safety Verdict

Is Login With Ajax – Fast Logins, 2FA, Redirects Safe to Use in 2026?

Generally Safe

Score 97/100

Login With Ajax – Fast Logins, 2FA, Redirects has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Apr 10, 2024Updated 4mo ago

Risk Assessment

The login-with-ajax plugin, version 4.5.1, presents a mixed security posture. While it demonstrates good practices in areas like prepared SQL statements and a significant portion of output escaping, there are notable concerns. The presence of 7 unprotected AJAX handlers, out of a total of 11, represents a substantial attack surface that could be exploited by unauthenticated users. Although no critical or high severity taint flows were detected, the 2 flows with unsanitized paths warrant attention, as they could lead to unexpected behavior or potential vulnerabilities if not properly handled downstream.

The plugin's history of 6 medium severity CVEs, with common types including missing authorization, CSRF, and XSS, is a significant red flag. This pattern suggests recurring security weaknesses within the plugin's codebase, particularly in how it handles user input and authorization. The fact that none of these are currently unpatched is positive, but the historical trend indicates a need for ongoing vigilance and potentially more robust secure coding practices. Overall, while the plugin has some strengths, the unprotected entry points and historical vulnerability patterns indicate a moderate to high risk that requires careful consideration and prompt mitigation of identified issues.

Key Concerns

Unprotected AJAX handlers found
Flows with unsanitized paths
History of medium severity CVEs
Missing authorization in AJAX handlers
Common vulnerability types: CSRF, XSS

Vulnerabilities

Login With Ajax – Fast Logins, 2FA, Redirects Security Vulnerabilities

CVEs by Year

2 CVEs in 2012

2012

1 CVE in 2013

2013

1 CVE in 2017

2017

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2024-30546medium · 4.3Cross-Site Request Forgery (CSRF)

Apr 10, 2024 Patched in 4.2 (8d)

CVE-2023-49859medium · 5.3Missing Authorization

Dec 7, 2023 Patched in 4.2 (79d)

WF-64a0bfa9-beb3-4926-bfed-af55a101aff1-login-with-ajaxmedium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apr 11, 2017 Patched in 3.1.7 (2478d)

CVE-2013-2707medium · 6.3Cross-Site Request Forgery (CSRF)

May 6, 2013 Patched in 3.1 (3914d)

CVE-2012-2759medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 18, 2012 Patched in 3.0.4.1 (4267d)

CVE-2012-4283medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 7, 2012 Patched in 3.0.5 (4278d)

Code Analysis

Analyzed Mar 16, 2026

Login With Ajax – Fast Logins, 2FA, Redirects Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

162

345 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared8 total queries

Output Escaping

68% escaped507 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths

setup_verify_ajax (2FA\2FA-account.php:166)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Login With Ajax – Fast Logins, 2FA, Redirects Attack Surface

Entry Points15

Unprotected7

AJAX Handlers 11

noprivwp_ajax_lwa_2FA_setup2FA\2FA-account.php:22

authwp_ajax_lwa_2FA_setup2FA\2FA-account.php:23

noprivwp_ajax_lwa_2FA_setup_verify2FA\2FA-account.php:24

authwp_ajax_lwa_2FA_setup_verify2FA\2FA-account.php:25

authwp_ajax_lwa-admin-popup-modaladmin\admin-modals.php:11

authwp_ajax_lwa_dismiss_admin_noticeadmin\notices\admin-notices.php:30

authwp_ajax_lwa_dismiss_network_admin_noticeadmin\notices\admin-notices.php:34

noprivwp_ajax_login-with-ajaxlogin-with-ajax.php:132

authwp_ajax_lwa_passkeyspasskeys\passkeys-server.php:12

noprivwp_ajax_lwa_passkeyspasskeys\passkeys-server.php:13

noprivwp_ajax_lwa_passkey_loginpasskeys\passkeys-server.php:14

Shortcodes 4

[lwa_2FA_editor] 2FA\2FA-account.php:28

[login-with-ajax] login-with-ajax.php:137

[lwa] login-with-ajax.php:138

[lwa_passkeys_editor] passkeys\passkeys-account.php:28

WordPress Hooks 89

actionshow_user_profile2FA\2FA-account.php:11

actionedit_user_profile2FA\2FA-account.php:12

actionpersonal_options_update2FA\2FA-account.php:13

actionedit_user_profile_update2FA\2FA-account.php:14

actionadmin_enqueue_scripts2FA\2FA-account.php:18

actionlwa_ajax_2FA_setup_save2FA\2FA-account.php:26

actionbp_core_general_settings_before_submit2FA\2FA-account.php:31

actionbp_core_general_settings_after_save2FA\2FA-account.php:32

actionwoocommerce_edit_account_form2FA\2FA-account.php:35

actionwoocommerce_save_account_details2FA\2FA-account.php:36

actionlwa_settings_security2FA\2FA-admin.php:9

actionlwa_2FA_form_after2FA\2FA-backup.php:19

actionlwa_2FA_loaded2FA\2FA-backup.php:236

actionlwa_2FA_loaded2FA\2FA-email.php:44

actionlwa_2FA_form_after2FA\2FA-method-transport.php:15

actionlwa_2FA_loaded2FA\2FA-totp.php:207

actionlwa_register_scripts2FA\2FA.php:65

actionlwa_login_form2FA\2FA.php:66

actionlwa_enqueue2FA\2FA.php:67

actionlogin_enqueue_scripts2FA\2FA.php:68

actionlogin_footer2FA\2FA.php:69

actionwoocommerce_login_form2FA\2FA.php:71

filterlwa_authenticate2FA\2FA.php:73

filterlwa_login2FA\2FA.php:74

filterlwa_ajax_2FA2FA\2FA.php:76

actionwp_footer2FA\2FA.php:94

actionset_logged_in_cookie2FA\2FA.php:238

actionwp_footer2FA\2FA.php:241

filteradmin_enqueue_scriptsadmin\admin-modals.php:10

filterlwa_admin_notice_review-nudge_messageadmin\admin-modals.php:12

filterlwa_admin_notice_promo-popup_messageadmin\admin-modals.php:14

filterlwa_admin_notice_expired-reminder_messageadmin\admin-modals.php:16

filterlwa_admin_notice_expiry-reminder_messageadmin\admin-modals.php:17

actionadmin_menuadmin\admin.php:10

actionadmin_noticesadmin\admin.php:18

actionadmin_enqueue_scriptsadmin\admin.php:43

actioninitadmin\admin.php:250

actionadmin_noticesadmin\notices\admin-notices.php:29

actionadmin_noticesadmin\notices\admin-notices.php:32

actionnetwork_admin_noticesadmin\notices\admin-notices.php:33

actionadmin_footeradmin\notices\admin-notices.php:169

filterwp_redirectadmin\notices\notices.php:30

actionplugins_loadedadmin\notices\notices.php:272

actionlwa_settings_page_generalajaxify\ajaxify-admin.php:8

actionlwa_register_scriptsajaxify\ajaxify.php:24

actionlogin_enqueue_scriptsajaxify\ajaxify.php:26

actionlogin_footerajaxify\ajaxify.php:27

actionlogin_headajaxify\ajaxify.php:28

actionem_login_footerajaxify\ajaxify.php:31

actionwoocommerce_after_customer_login_formajaxify\ajaxify.php:35

actionwoocommerce_login_form_endajaxify\ajaxify.php:36

actionlwa_enqueueajaxify\ajaxify.php:39

actionenqueue_block_editor_assetsblocks\login\login-block.php:19

actiondynamic_sidebar_beforeblocks\login\login-block.php:80

actiondynamic_sidebar_afterblocks\login\login-block.php:81

actionlwa_settings_page_generallogin-with-ajax-ajaxify.php:22

actionlogin_enqueue_scriptslogin-with-ajax-ajaxify.php:27

actionlogin_footerlogin-with-ajax-ajaxify.php:28

actionlogin_headlogin-with-ajax-ajaxify.php:29

filterwidget_types_to_hide_from_legacy_widget_blocklogin-with-ajax-widget.php:119

filterauthenticatelogin-with-ajax.php:105

actionwp_logoutlogin-with-ajax.php:134

filterlogout_urllogin-with-ajax.php:135

filterlogin_redirectlogin-with-ajax.php:136

actionwp_enqueue_scriptslogin-with-ajax.php:170

filterws_plugin__s2member_login_redirectlogin-with-ajax.php:246

actioninitlogin-with-ajax.php:986

actionwidgets_initlogin-with-ajax.php:987

filterlwa_2FA_login_responsepasskeys\2FA-passkeys.php:24

filterlwa_2FA_method_passkey_is_setuppasskeys\2FA-passkeys.php:133

actionlwa_2FA_loadedpasskeys\loader.php:11

filterlwa_2FA_account_show_profile_fields_titlepasskeys\passkeys-account.php:16

actionshow_user_profilepasskeys\passkeys-account.php:19

actionedit_user_profilepasskeys\passkeys-account.php:20

actionbp_core_general_settings_before_submitpasskeys\passkeys-account.php:23

actionwoocommerce_edit_account_formpasskeys\passkeys-account.php:26

actionlwa_settings_securitypasskeys\passkeys-admin.php:7

actionlwa_login_formpasskeys\passkeys-frontend.php:8

actionlogin_formpasskeys\passkeys-frontend.php:9

actionwoocommerce_login_form_endpasskeys\passkeys-frontend.php:10

filterws_plugin__s2member_login_redirectpasskeys\passkeys-server.php:258

filterauthenticatepasskeys\passkeys-server.php:261

actionlwa_enqueuepasskeys\passkeys.php:8

actionlogin_enqueue_scriptspasskeys\passkeys.php:9

filterlwa_js_varspasskeys\passkeys.php:10

actionadmin_enqueue_scriptspasskeys\passkeys.php:14

filternonce_user_logged_outpasskeys\passkeys.php:59

filterdetermine_current_userpasskeys\passkeys.php:60

actionrest_api_inittransports\trait-webhooks.php:30

Maintenance & Trust

Login With Ajax – Fast Logins, 2FA, Redirects Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.2

Downloads1.1M

Community Trust

Rating92/100

Number of ratings166

Active installs20K

Alternatives

Login With Ajax – Fast Logins, 2FA, Redirects Alternatives

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

WP Hide & Security Enhancer

wp-hide-security-enhancer

Protect your website by concealing vulnerable WordPress traces, plugins, themes, login/admin url. 2FA, Captcha, Firewall, Security Headers etc.

60K 3 CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

DoLogin Security

dologin

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs

Developer Profile

Login With Ajax – Fast Logins, 2FA, Redirects Developer Profile

Marcus (aka @msykes)

13 plugins · 176K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

1423 days

View full developer profile

Detection Fingerprints

How We Detect Login With Ajax – Fast Logins, 2FA, Redirects

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/login-with-ajax/login-with-ajax.css/wp-content/plugins/login-with-ajax/login-with-ajax.min.css/wp-content/plugins/login-with-ajax/login-with-ajax.source.js/wp-content/plugins/login-with-ajax/login-with-ajax.legacy.js/wp-content/plugins/login-with-ajax/login-with-ajax.js/wp-content/plugins/login-with-ajax/login-with-ajax.legacy.min.js/wp-content/plugins/login-with-ajax/widget.css

Script Paths

/wp-content/plugins/login-with-ajax/login-with-ajax.js/wp-content/plugins/login-with-ajax/login-with-ajax.min.js/wp-content/plugins/login-with-ajax/login-with-ajax.source.js/wp-content/plugins/login-with-ajax/login-with-ajax.legacy.js/wp-content/plugins/login-with-ajax/login-with-ajax.legacy.min.js

Version Parameters

login-with-ajax/login-with-ajax.css?ver=login-with-ajax/login-with-ajax.min.css?ver=login-with-ajax/login-with-ajax.source.js?ver=login-with-ajax/login-with-ajax.legacy.js?ver=login-with-ajax/login-with-ajax.js?ver=login-with-ajax/login-with-ajax.legacy.min.js?ver=login-with-ajax/widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

lwa-submitlwa-usernamelwa-passwordlwa-remembermelwa-loginlwa-registerlwa-lostpasswordlwa-logout

HTML Comments

+4 more

Data Attributes

data-login-ajax-url

JS Globals

LoginWithAjaxlwa_data

REST Endpoints

/wp-json/login-with-ajax/v1/login

Shortcode Output

[login-with-ajax][lwa]

FAQ