Does LoginPress | wp-login Custom Login Page Customizer have any unpatched vulnerabilities?

No. All known vulnerabilities in LoginPress | wp-login Custom Login Page Customizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LoginPress | wp-login Custom Login Page Customizer compatible with WordPress 6.9.4?

According to WordPress.org data, LoginPress | wp-login Custom Login Page Customizer 6.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is LoginPress | wp-login Custom Login Page Customizer's security score?

LoginPress | wp-login Custom Login Page Customizer has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoginPress | wp-login Custom Login Page Customizer Security & Risk Analysis

wordpress.org/plugins/loginpress

LoginPress is a Custom Login Page Customizer plugin allows you to easily customize the layout of login, admin login, client login, register pages.

200K active installs v6.1.2 PHP + WP 4.0+ Updated Feb 11, 2026

custom-loginloginlogin-customizerwordpress-loginwp-login

A · Safe

CVEs total6

Unpatched0

Last CVEMar 13, 2025

Plugin page Download

Safety Verdict

Is LoginPress | wp-login Custom Login Page Customizer Safe to Use in 2026?

Generally Safe

Score 94/100

LoginPress | wp-login Custom Login Page Customizer has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Mar 13, 2025Updated 1mo ago

Risk Assessment

The LoginPress plugin, version 6.1.2, exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of SQL prepared statements and properly escaped output, there are significant concerns that lower its overall security. The presence of AJAX handlers without authentication checks directly exposes a part of the attack surface to potential unauthorized actions. Furthermore, the taint analysis revealing flows with unsanitized paths, although not critical or high severity in this specific analysis, indicates a potential for vulnerabilities if such paths are exploited. The plugin's history of six known CVEs, including high and medium severity vulnerabilities like CSRF, missing authorization, XSS, and SQL injection, is a major red flag. The fact that the last vulnerability was in early 2025 suggests a recurring pattern of security weaknesses despite efforts to patch. This history, coupled with the identified unprotected entry point, indicates a need for continued vigilance and development focus on robust security measures.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
History of High severity CVEs (2)
History of Medium severity CVEs (4)

Vulnerabilities

LoginPress | wp-login Custom Login Page Customizer Security Vulnerabilities

CVEs by Year

2 CVEs in 2018

2018

1 CVE in 2019

2019

2 CVEs in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2025-1764high · 7.5Cross-Site Request Forgery (CSRF)

LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

Mar 13, 2025 Patched in 4.0.0 (1d)

CVE-2022-41839medium · 5.3Missing Authorization

LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes

Nov 7, 2022 Patched in 1.6.3 (442d)

CVE-2022-0347medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter

Feb 14, 2022 Patched in 1.5.12 (708d)

CVE-2019-15871medium · 6.3Missing Authorization

LoginPress | Custom Login Page Customizer <= 1.1.13 - Unauthorized Settings Update

Jul 11, 2019 Patched in 1.1.14 (1657d)

WF-65fc55bb-2b86-466a-b43b-554628283f02-loginpressmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LoginPress <= 1.1.15 - Authenticated Stored Cross-SIte Scripting

Dec 7, 2018 Patched in 1.1.16 (1873d)

CVE-2019-15872high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import

Dec 7, 2018 Patched in 1.1.16 (1873d)

Code Analysis

Analyzed Mar 16, 2026

LoginPress | wp-login Custom Login Page Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

1135 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

73% prepared11 total queries

Output Escaping

93% escaped1224 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

activate_addon (classes\class-loginpress-ajax.php:88)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

LoginPress | wp-login Custom Login Page Customizer Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_dismiss_notificationclasses\class-loginpress-setup.php:48

authwp_ajax_rdn_fetch_notificationsinclude\class-remote-notification-client.php:122

WordPress Hooks 110

actioninitclasses\class-loginpress-addons-meta.php:33

actionregister_formclasses\class-loginpress-custom-password.php:61

actionregister_new_userclasses\class-loginpress-custom-password.php:62

filterregistration_errorsclasses\class-loginpress-custom-password.php:63

filterwp_new_user_notification_emailclasses\class-loginpress-custom-password.php:64

filterloginpress_remember_meclasses\class-loginpress-developer-hooks.php:41

actionlogin_formclasses\class-loginpress-developer-hooks.php:57

actionlogin_headclasses\class-loginpress-developer-hooks.php:60

actionuser_registerclasses\class-loginpress-force-password-reset.php:63

actionafter_password_resetclasses\class-loginpress-force-password-reset.php:64

actionprofile_updateclasses\class-loginpress-force-password-reset.php:65

actionwp_loginclasses\class-loginpress-force-password-reset.php:66

filterlogin_messageclasses\class-loginpress-force-password-reset.php:67

filterauthenticateclasses\class-loginpress-login-order.php:60

actionadmin_initclasses\class-loginpress-notifications.php:45

actionadmin_noticesclasses\class-loginpress-notifications.php:76

actionadmin_noticesclasses\class-loginpress-notifications.php:260

actionadmin_noticesclasses\class-loginpress-notifications.php:314

actionregistration_errorsclasses\class-loginpress-password-strength.php:55

actionlogin_enqueue_scriptsclasses\class-loginpress-password-strength.php:58

actionvalidate_password_resetclasses\class-loginpress-password-strength.php:61

filterpassword_hintclasses\class-loginpress-password-strength.php:64

filterwoocommerce_get_script_dataclasses\class-loginpress-password-strength.php:67

filterwoocommerce_get_script_dataclasses\class-loginpress-password-strength.php:69

filterloginpress_settings_tabclasses\class-loginpress-promotion-tabs.php:42

actionadmin_enqueue_scriptsclasses\class-loginpress-settings-api.php:54

actionadmin_initclasses\class-loginpress-setup.php:45

actionadmin_menuclasses\class-loginpress-setup.php:46

actionadmin_noticesclasses\class-loginpress-setup.php:47

filterlogin_titleclasses\customizer\class-loginpress-customizer.php:114

filterlogin_headerurlclasses\customizer\class-loginpress-customizer.php:115

filterlogin_headertitleclasses\customizer\class-loginpress-customizer.php:117

filterlogin_headertextclasses\customizer\class-loginpress-customizer.php:119

filterlogin_errorsclasses\customizer\class-loginpress-customizer.php:122

filterlogin_messageclasses\customizer\class-loginpress-customizer.php:123

actioncustomize_registerclasses\customizer\class-loginpress-customizer.php:124

actionlogin_footerclasses\customizer\class-loginpress-customizer.php:125

filtersite_icon_meta_tagsclasses\customizer\class-loginpress-customizer.php:126

actionlogin_headclasses\customizer\class-loginpress-customizer.php:127

actionwoocommerce_login_formclasses\customizer\class-loginpress-customizer.php:128

actioninitclasses\customizer\class-loginpress-customizer.php:129

actionadmin_menuclasses\customizer\class-loginpress-customizer.php:130

filterwp_login_errorsclasses\customizer\class-loginpress-customizer.php:131

actionlogin_enqueue_scriptsclasses\customizer\class-loginpress-customizer.php:132

filterlogin_display_language_dropdownclasses\customizer\class-loginpress-customizer.php:135

actioncustomize_controls_enqueue_scriptsclasses\customizer\class-loginpress-customizer.php:141

actioncustomize_preview_initclasses\customizer\class-loginpress-customizer.php:151

filterwoocommerce_process_login_errorsclasses\customizer\class-loginpress-customizer.php:152

filtersanitize_userclasses\customizer\class-loginpress-customizer.php:158

filtergettextclasses\customizer\class-loginpress-customizer.php:535

filtergettextclasses\customizer\class-loginpress-customizer.php:536

actioncustomize_controls_print_stylesclasses\customizer\class-loginpress-presets.php:407

actioncustomize_controls_print_stylesclasses\customizer\class-loginpress-promo.php:175

actioncustomize_controls_print_stylesclasses\customizer\controls\class-loginpress-background-gallery-control.php:195

actioncustomize_controls_enqueue_scriptsclasses\customizer\controls\class-loginpress-spacing-control.php:39

filterlostpassword_urlclasses\customizer\loginpress-customizer-layout-trait.php:240

actionadmin_noticesclasses\traits\loginpress-rest-trait.php:122

actionadmin_noticesclasses\traits\loginpress-settings-trait.php:76

actionadmin_headclasses\traits\loginpress-settings-trait.php:108

filterinitinclude\class-loginpress-compatibility.php:18

actioninitinclude\class-loginpress-compatibility.php:23

actionwp_print_scriptsinclude\class-loginpress-compatibility.php:110

actionlogin_headerurlinclude\class-loginpress-compatibility.php:111

actioninitinclude\class-loginpress-compatibility.php:112

actionplugins_loadedinclude\class-loginpress-compatibility.php:117

actioninitinclude\class-loginpress-compatibility.php:118

actionlogin_enqueue_scriptsinclude\class-loginpress-compatibility.php:125

filtertemplate_includeinclude\class-loginpress-compatibility.php:132

actioninitinclude\class-loginpress-compatibility.php:139

actionlogin_headinclude\class-loginpress-compatibility.php:146

filterwhl_logged_in_redirectinclude\class-loginpress-compatibility.php:153

filterwps_hide_login_before_redirectinclude\class-loginpress-compatibility.php:154

filterwp_redirectinclude\class-loginpress-compatibility.php:266

filtersite_urlinclude\class-loginpress-compatibility.php:267

filternetwork_site_urlinclude\class-loginpress-compatibility.php:268

actionwp_loadedinclude\class-loginpress-compatibility.php:269

filteroption_aio_wp_security_configsinclude\class-loginpress-compatibility.php:456

actionpassword_protected_login_headinclude\class-loginpress-compatibility.php:492

filterpassword_protected_login_headerurlinclude\class-loginpress-compatibility.php:493

filterpassword_protected_login_headertitleinclude\class-loginpress-compatibility.php:494

filterregistration_errorsinclude\class-loginpress-domains.php:66

filterloginpress_social_login_register_emailinclude\class-loginpress-domains.php:67

actionwpmu_new_bloginclude\class-loginpress-page-create.php:53

filterpage_attributes_dropdown_pages_argsinclude\class-loginpress-theme-template.php:68

filtertheme_page_templatesinclude\class-loginpress-theme-template.php:71

filterwp_insert_post_datainclude\class-loginpress-theme-template.php:75

filtertemplate_includeinclude\class-loginpress-theme-template.php:78

actionplugins_loadedinclude\class-loginpress-theme-template.php:166

actionplugins_loadedinclude\class-remote-notification-client.php:113

actionadmin_print_stylesinclude\class-remote-notification-client.php:117

actionadmin_noticesinclude\class-remote-notification-client.php:118

actionadmin_footerinclude\class-remote-notification-client.php:119

filterheartbeat_receivedinclude\class-remote-notification-client.php:123

actionregister_forminclude\privacy-policy.php:13

filterregistration_errorsinclude\privacy-policy.php:16

actionlogin_headinclude\template-loginpress.php:66

actionlogin_headinclude\template-loginpress.php:68

actionrest_api_initloginpress.php:255

actionadmin_menuloginpress.php:256

actioninitloginpress.php:257

filterplugin_row_metaloginpress.php:258

actionadmin_enqueue_scriptsloginpress.php:259

actionadmin_footerloginpress.php:260

filterplugin_action_linksloginpress.php:261

actionadmin_initloginpress.php:262

filterauth_cookie_expirationloginpress.php:263

actionwp_wpb_sdk_after_uninstallloginpress.php:264

actionadmin_initloginpress.php:266

actionadmin_initloginpress.php:267

filterwpseo_exclude_from_sitemap_by_post_idsloginpress.php:284

Maintenance & Trust

LoginPress | wp-login Custom Login Page Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 11, 2026

PHP min version

Downloads7.2M

Community Trust

Rating96/100

Number of ratings1,063

Active installs200K

Alternatives

LoginPress | wp-login Custom Login Page Customizer Alternatives

MyWP Login Form

mywp-login-form

Your Login Form anywhere within WordPress.

30 No CVEs

Advanced Login Page Customizer

advanced-login-page-customizer

Personalize, White label & Rebrand your login page without any coding. Easy setup and live preview.

10 No CVEs

PrimeLogin Pro | Login Page Customizer

primelogin-pro

100

Customize your WordPress login with custom logo, background, colors & split-screen layouts. Fully responsive, secure & code-free. Free version.

10 No CVEs

Secure Admin Login With Customize

secure-admin-login-with-customize

Secure admin login with customize allows you to customize your WordPress admin login page within WordPress customizer.

10 No CVEs

LoginSuite – WordPress Login Page Customizer

wp-admin-logo-customization

100

Easily customize your WordPress login page with custom logo, background colors, images, and more.

10 No CVEs

Developer Profile

LoginPress | wp-login Custom Login Page Customizer Developer Profile

Adnan

11 plugins · 660K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

526 days

View full developer profile

Detection Fingerprints

How We Detect LoginPress | wp-login Custom Login Page Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loginpress/css/frontend.css/wp-content/plugins/loginpress/css/loginpress-admin.css/wp-content/plugins/loginpress/css/responsive.css/wp-content/plugins/loginpress/css/style.css/wp-content/plugins/loginpress/css/customizer.css/wp-content/plugins/loginpress/css/admin-bar.css/wp-content/plugins/loginpress/css/backend.css

Script Paths

/wp-content/plugins/loginpress/js/loginpress-customizer.js/wp-content/plugins/loginpress/js/loginpress-admin.js/wp-content/plugins/loginpress/js/loginpress-customize-color.js/wp-content/plugins/loginpress/js/loginpress-frontend.js/wp-content/plugins/loginpress/js/loginpress-google-fonts.js/wp-content/plugins/loginpress/js/loginpress-admin-bar.js+1 more

Version Parameters

loginpress/css/frontend.css?ver=loginpress/css/loginpress-admin.css?ver=loginpress/css/responsive.css?ver=loginpress/css/style.css?ver=loginpress/css/customizer.css?ver=loginpress/css/admin-bar.css?ver=loginpress/css/backend.css?ver=loginpress/js/loginpress-customizer.js?ver=loginpress/js/loginpress-admin.js?ver=loginpress/js/loginpress-customize-color.js?ver=loginpress/js/loginpress-frontend.js?ver=loginpress/js/loginpress-google-fonts.js?ver=loginpress/js/loginpress-admin-bar.js?ver=loginpress/js/loginpress-login.js?ver=

HTML / DOM Fingerprints

CSS Classes

loginpressloginpress-wrapperloginpress-social-loginloginpress-loginloginpress-formloginpress-forgotloginpress-registerloginpress-customizer+1 more

HTML Comments

+5 more

Data Attributes

data-loginpress-iddata-loginpress-url

JS Globals

LoginPress_Customizer_ObjectLoginPress_Admin_ObjectLoginPress_Frontend_ObjectLoginPress_Admin_Bar_ObjectLoginPress_Login_Object

REST Endpoints

/wp-json/loginpress/v1/settings/wp-json/loginpress/v1/customizer/wp-json/loginpress/v1/addons

FAQ

LoginPress | wp-login Custom Login Page Customizer Security & Risk Analysis

Is LoginPress | wp-login Custom Login Page Customizer Safe to Use in 2026?

Generally Safe

Key Concerns

LoginPress | wp-login Custom Login Page Customizer Security Vulnerabilities

CVEs by Year

Severity Breakdown

LoginPress | wp-login Custom Login Page Customizer Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

LoginPress | wp-login Custom Login Page Customizer Attack Surface

AJAX Handlers 2

LoginPress | wp-login Custom Login Page Customizer Maintenance & Trust

Maintenance Signals

Community Trust

LoginPress | wp-login Custom Login Page Customizer Alternatives

MyWP Login Form

Advanced Login Page Customizer

PrimeLogin Pro | Login Page Customizer

Secure Admin Login With Customize

LoginSuite – WordPress Login Page Customizer

LoginPress | wp-login Custom Login Page Customizer Developer Profile

How We Detect LoginPress | wp-login Custom Login Page Customizer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about LoginPress | wp-login Custom Login Page Customizer