Does Login with GitHub have any unpatched vulnerabilities?

No. All known vulnerabilities in Login with GitHub have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Login with GitHub compatible with WordPress 6.7.5?

According to WordPress.org data, Login with GitHub 1.0.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Login with GitHub compatible with PHP 7.4+?

Login with GitHub requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Login with GitHub updated?

Login with GitHub was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Login with GitHub's security score?

Login with GitHub has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Login with GitHub Security & Risk Analysis

wordpress.org/plugins/login-with-github

Minimal plugin that allows WordPress users to log in using GitHub.

0 active installs v1.0.3 PHP 7.4+ WP 5.5+ Updated Unknown

authenticationgithub-loginoauthsign-insso

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Login with GitHub Safe to Use in 2026?

Generally Safe

Score 100/100

No known CVEs

Risk Assessment

The login-with-github plugin v1.0.3 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for SQL, and a high percentage of properly escaped output are all positive indicators. Furthermore, the lack of external HTTP requests and file operations reduces the potential for common attack vectors. The plugin also has no recorded vulnerabilities, suggesting a history of secure development or a lack of active exploitation. However, a significant concern arises from the complete absence of nonce checks and capability checks across all entry points, including its single shortcode. While there are no unprotected entry points listed, the lack of these fundamental WordPress security mechanisms leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks and unauthorized privilege escalation if an attacker can trick a logged-in user into triggering the shortcode's functionality without their explicit consent. The bundled Guzzle library, while not inherently a vulnerability, also introduces a potential risk if it is an outdated version, as it could contain known security flaws.

Key Concerns

Missing nonce checks on all entry points
Missing capability checks on all entry points
Bundled library (Guzzle) without version info

Vulnerabilities

None known

Login with GitHub Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Login with GitHub Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

85% escaped13 total outputs

Attack Surface

Login with GitHub Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[lwg_auth_button] src\LoginWithGitHub.php:89

WordPress Hooks 10

actionplugins_loadedlogin-with-github.php:56

actioninitsrc\LoginOption.php:59

actionadmin_menusrc\LoginOption.php:60

actionadmin_initsrc\LoginOption.php:61

actionwp_enqueue_scriptssrc\LoginWithGitHub.php:67

actionlogin_enqueue_scriptssrc\LoginWithGitHub.php:68

actioninitsrc\LoginWithGitHub.php:69

actioninitsrc\LoginWithGitHub.php:70

actioninitsrc\LoginWithGitHub.php:71

actionlogin_formsrc\LoginWithGitHub.php:185

Maintenance & Trust

Login with GitHub Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedUnknown

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Login with GitHub Alternatives

Log in with Google

100

Minimal plugin that allows WordPress users to log in using Google.

6K No CVEs

Login for Google Apps

google-apps-login

100

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE

BlaatLogin: OAuth

blaatschaap-oauth

100

This plugin turns your WordPress website into an OAuth Consumer. It allowsallows your users to sign in with any OAuth provider.

10 No CVEs

Secufor_OAuth

wpoauth

100

Secufor_OAuth is a WordPress plugin that enables Single Sign-On (SSO) functionality using the OAuth protocol.

0 No CVEs

JWT Authentication for WP REST API

jwt-authentication-for-wp-rest-api

100

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

60K No CVEs

Developer Profile

Login with GitHub Developer Profile

Parth vataliya

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Login with GitHub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/login-with-github/assets/css/bootstrap.min.css/wp-content/plugins/login-with-github/assets/js/bootstrap.bundle.min.js

Script Paths

/wp-content/plugins/login-with-github/assets/js/bootstrap.bundle.min.js

Version Parameters

login-with-github/assets/css/bootstrap.min.css?ver=login-with-github/assets/js/bootstrap.bundle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

bi-github

Data Attributes

data-bs-toggledata-bs-target

Shortcode Output

[lwg_auth_button]

FAQ