WP-Safety

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Security & Risk Analysis

wordpress.org/plugins/login-with-azure

Enable secure Azure AD Single Sign On for WordPress and integrate SharePoint, Power BI, Outlook, Dynamics 365, Microsoft Graph Email, and more

600 active installs v2.2.6 PHP 7.0+ WP 3.0.1+ Updated Feb 19, 2026
azure-ad-ssoazure-loginazure-ssopower-bisharepoint
93
A · Safe
CVEs total2
Unpatched0
Last CVEMar 2, 2026
Plugin page Download
Safety Verdict

Is All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Safe to Use in 2026?

Generally Safe

Score 93/100

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 2, 2026Updated 1mo ago
Risk Assessment

The 'login-with-azure' plugin v2.2.6 exhibits a generally good security posture, with strong adherence to best practices such as 100% SQL prepared statements and a high percentage of properly escaped output. The static analysis reveals a limited attack surface with no unprotected entry points. Nonce and capability checks are present on the identified entry points (shortcodes), indicating an effort to secure these interactions.

However, the vulnerability history is a significant concern. The plugin has two known CVEs, one of which was critical, and the other medium. While there are currently no unpatched vulnerabilities, the historical presence of critical and medium severity issues, including Authentication Bypass and Cross-site Scripting, suggests a pattern of past security weaknesses that required significant remediation. The taint analysis, while showing no critical or high severity flows, did identify 5 flows with unsanitized paths, which, combined with the historical XSS vulnerability, warrants attention and potentially a closer manual review of these unsanitized paths.

In conclusion, while the current version demonstrates improved security practices and a clean slate of unpatched vulnerabilities, the past critical security incidents cannot be ignored. The presence of unsanitized paths in the taint analysis, though not leading to critical issues in this scan, is a red flag. Users should remain vigilant and ensure they are always on the latest version, as past critical vulnerabilities indicate a potential for future risks if development practices are not consistently robust.

Key Concerns

  • Historical critical severity vulnerability
  • Historical medium severity vulnerability
  • Taint analysis found unsanitized paths
Vulnerabilities
2

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2026-2628critical · 9.8Authentication Bypass Using an Alternate Path or Channel

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass

Mar 2, 2026 Patched in 2.2.6 (1d)
WF-44cbaa25-7e91-4b2e-81c4-ba1d7ba02350-login-with-azuremedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting

Aug 30, 2021 Patched in 1.4.5 (876d)
Code Analysis
Analyzed Mar 16, 2026

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
506 escaped
Nonce Checks
3
Capability Checks
15
File Operations
0
External Requests
16
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

96% escaped526 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
moazure_test_config_redirect (class-moazure-widget.php:229)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[MOAZURE_LOGIN] class-moazure.php:27
[MOAZURE_SPS_SHAREPOINT] class-moazure.php:33
[MOAZURE_API_POWER_BI] class-moazure.php:34
WordPress Hooks 17
actionwp_enqueue_scriptsclass-moazure-widget.php:25
actionwp_logoutclass-moazure-widget.php:26
actionlogin_formclass-moazure-widget.php:27
actionwidgets_initclass-moazure-widget.php:1115
actioninitclass-moazure-widget.php:1116
actionadmin_initclass-moazure.php:25
actionadmin_footerclass-moazure.php:28
actionupgrader_process_completeclass-moazure.php:29
actionadmin_initclass-moazure.php:30
actionadmin_initclass-moazure.php:31
actionrest_api_initclass-moazure.php:35
actionuser_registerclass-moazure.php:37
actionadmin_enqueue_scriptsincludes\class-moazure-client.php:64
actionadmin_enqueue_scriptsincludes\class-moazure-client.php:65
actionadmin_menuincludes\class-moazure-client.php:66
actionadmin_enqueue_scriptsincludes\class-moazure-client.php:67
actionadmin_enqueue_scriptsincludes\class-moazure-client.php:68
Maintenance & Trust

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.0
Downloads28K

Community Trust

Rating78/100
Number of ratings7
Active installs600
Alternatives

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Alternatives

WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

wpo365-login

A
90

WordPress + Microsoft Entra | Ext. ID | B2C | M365 Integration for your Digital Workplace. For SSO, Mail, Roles, Access, Profiles, SharePoint, PowerBI &hellip;

10K 4 CVEs
miniOrange Embed Files for SharePoint/OneDrive

miniOrange Embed Files for SharePoint/OneDrive

embed-sharepoint-onedrive-documents

A
100

Embed, manage, and sync Microsoft SharePoint and OneDrive documents, folders, lists, and files within WordPress pages, posts, or the media library.

800 No CVEs
PowerBI Embed Reports

PowerBI Embed Reports

embed-power-bi-reports

A
98

Embed Microsoft Power BI reports, tiles, dashboards, Q&A, etc in WordPress site with support for Row-level security (RLS).[24*7 Support]

500 2 CVEs
Office 365 User Authentication for WordPress

Office 365 User Authentication for WordPress

o365-user-authentication

A
100

Authenticate and log in WordPress users securely with Office 365 / Azure Active Directory single sign-on.

20 No CVEs
Developer Profile

All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Developer Profile

miniOrange

38 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/login-with-azure/js/modernizr.min.js/wp-content/plugins/login-with-azure/js/bootstrap/popper.min.js/wp-content/plugins/login-with-azure/js/bootstrap/bootstrap.min.js/wp-content/plugins/login-with-azure/css/bootstrap/bootstrap.min.css/wp-content/plugins/login-with-azure/admin/partials/apps/partials/customization.min.js
Script Paths
js/modernizr.min.jsjs/bootstrap/popper.min.jsjs/bootstrap/bootstrap.min.jscustomization.min.js
Version Parameters
login-with-azure/style.css?ver=login-with-azure/admin/partials/apps/partials/customization.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
moazure_table_layoutmoazure_app_customizationmoazure_outer_divmoazure_customization_headermoazure-flexmoazure_attribute_map_headingmoazure_positionmoazure_tooltip+3 more
Data Attributes
data-toggle="tooltip"
JS Globals
MO_AZURE_CSS_JS_VERSIONMO_AZURE_PLUGIN_BASENAME
FAQ

Frequently Asked Questions about All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login