WP-Safety

Features of this Plugin A clean, user friendly WP admin U/I. Users can login via hosted page. Log generation functionality.

0 active installs v4.4.0 PHP + WP 3.5+ Updated Dec 9, 2022
authenticationciamcloud-authenticationhosted-registrationuser-registration
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is LoginRadius CIAM Safe to Use in 2026?

Generally Safe

Score 85/100

LoginRadius CIAM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "loginradius-customer-identity-and-access-management" plugin v4.4.0 presents a mixed security posture. While the absence of known vulnerabilities and a generally low count of entry points are positive indicators, the static analysis reveals several concerning areas. The fact that 100% of its SQL queries are not using prepared statements is a significant risk, potentially exposing the application to SQL injection vulnerabilities. Furthermore, the low percentage of properly escaped output (28%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as data displayed to users may not be sanitized, allowing attackers to inject malicious scripts. The presence of file operations without clear indications of sanitization is another point of concern.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a strong positive sign, suggesting that the developers may have a good security awareness or that previous versions have not been extensively targeted or found to be vulnerable. However, the static analysis findings, particularly concerning SQL and output escaping, indicate potential weaknesses that could lead to vulnerabilities. It is crucial to address these static code issues to maintain a strong security profile. The current lack of exploitable issues is a strength, but the underlying code quality concerns in the static analysis warrant attention.

Key Concerns

  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
  • File operations present without clear sanitization
  • No nonce checks
Vulnerabilities
None known

LoginRadius CIAM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

LoginRadius CIAM Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
68
27 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

28% escaped95 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<helper> (authentication\front\helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

LoginRadius CIAM Attack Surface

Entry Points9
Unprotected0

Shortcodes 9

[ciam_login_form] authentication\front\pages\login.php:33
[ciam_forgot_form] authentication\front\pages\passwordhandler.php:24
[ciam_password_form] authentication\front\pages\passwordhandler.php:26
[ciam_registration_form] authentication\front\pages\registration.php:26
[ciam_wp_default_login] authentication\front\wp-default-login.php:21
[ciam_login_form] hosted\front\hosted-page.php:86
[ciam_password_form] hosted\front\hosted-page.php:88
[ciam_forgot_form] hosted\front\hosted-page.php:89
[ciam_registration_form] hosted\front\hosted-page.php:90
WordPress Hooks 86
actionactivate_pluginactivation\activation.php:44
actioninitactivation\activation.php:45
actionciam_debugactivation\activation.php:102
actionadmin_menuactivation\activation.php:104
actioninitactivation\admin\class-activation.php:22
actionadmin_initactivation\admin\class-activation.php:44
actionadmin_enqueue_scriptsactivation\admin\class-activation.php:45
actionadmin_initauthentication\admin\class-authentication.php:20
actioninitauthentication\admin\class-authentication.php:21
actiondelete_userauthentication\admin\class-authentication.php:28
actionwpmu_new_userauthentication\admin\class-authentication.php:31
actionwpmu_delete_userauthentication\admin\class-authentication.php:32
actionpersonal_options_updateauthentication\admin\class-authentication.php:36
actionedit_user_profile_updateauthentication\admin\class-authentication.php:37
actionuser_registerauthentication\admin\class-authentication.php:40
filteruser_profile_update_errorsauthentication\admin\class-authentication.php:43
actionadmin_enqueue_scriptsauthentication\admin\class-authentication.php:203
actionciam_admin_menuauthentication\authentication.php:55
filterget_avatarauthentication\front\helper.php:16
actiontemplate_redirectauthentication\front\login.php:17
actionwp_logoutauthentication\front\login.php:18
actionwp_footerauthentication\front\login.php:144
actionwp_footerauthentication\front\login.php:165
actionwp_footerauthentication\front\login.php:174
actionwp_footerauthentication\front\login.php:181
actioninitauthentication\front\pages\backupcode.php:17
actionshow_user_profileauthentication\front\pages\backupcode.php:25
actioninitauthentication\front\pages\common.php:21
actionwp_headauthentication\front\pages\common.php:30
actionwp_headauthentication\front\pages\common.php:31
actionadmin_headauthentication\front\pages\common.php:32
actionwp_headauthentication\front\pages\common.php:33
actioninitauthentication\front\pages\header.php:16
actioninitauthentication\front\pages\login.php:18
actioninitauthentication\front\pages\login.php:20
filterlogin_urlauthentication\front\pages\login.php:32
actionwp_headauthentication\front\pages\login.php:34
filterregister_urlauthentication\front\pages\login.php:36
actionwp_footerauthentication\front\pages\login.php:174
actioninitauthentication\front\pages\passwordhandler.php:15
actionwp_headauthentication\front\pages\passwordhandler.php:25
filterlostpassword_urlauthentication\front\pages\passwordhandler.php:27
actionadmin_initauthentication\front\pages\passwordhandler.php:92
actioninitauthentication\front\pages\profile.php:16
actionadmin_headauthentication\front\pages\profile.php:40
actionadmin_headauthentication\front\pages\profile.php:41
actionadmin_headauthentication\front\pages\profile.php:42
actionshow_user_profileauthentication\front\pages\profile.php:43
actionedit_user_profileauthentication\front\pages\profile.php:44
actionshow_user_profileauthentication\front\pages\profile.php:48
actionedit_user_profileauthentication\front\pages\profile.php:49
actionadmin_headauthentication\front\pages\profile.php:50
actionadmin_headauthentication\front\pages\profile.php:53
actionadmin_headauthentication\front\pages\profile.php:54
actionshow_user_profileauthentication\front\pages\profile.php:55
actionadmin_headauthentication\front\pages\profile.php:59
actionshow_user_profileauthentication\front\pages\profile.php:60
actionadmin_headauthentication\front\pages\profile.php:63
actionadmin_headauthentication\front\pages\profile.php:67
actionadmin_noticesauthentication\front\pages\profile.php:344
actionadmin_noticesauthentication\front\pages\profile.php:348
actioninitauthentication\front\pages\registration.php:17
filterregister_urlauthentication\front\pages\registration.php:30
actionwp_headauthentication\front\pages\registration.php:31
actionwp_footerauthentication\front\pages\registration.php:60
actioninitauthentication\front\social-login.php:22
actionwp_authenticateauthentication\front\wp-default-login.php:23
actionafter_setup_themeauthentication\front\wp-default-login.php:27
actionhosted_pagehosted\admin\settings.php:20
actioninithosted\front\hosted-page.php:11
actioninithosted\front\hosted-page.php:31
filterlostpassword_urlhosted\front\hosted-page.php:33
filterregister_urlhosted\front\hosted-page.php:34
actionwp_footerhosted\front\hosted-page.php:37
actionadmin_inithosted\front\hosted-page.php:39
filterlogin_urlhosted\front\hosted-page.php:41
actioninithosted\hosted.php:25
actionadmin_initsso\admin\class-sso-admin.php:19
actionwp_headsso\front\front-sso.php:27
actionadmin_headsso\front\front-sso.php:28
actionciam_sso_logoutsso\front\front-sso.php:29
actionwp_headsso\front\front-sso.php:31
actionwp_headsso\front\front-sso.php:67
actioninitsso\sso.php:25
actionciam_admin_menusso\sso.php:45
actionwp_enqueue_scriptssso\sso.php:94
Maintenance & Trust

LoginRadius CIAM Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedDec 9, 2022
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

LoginRadius CIAM Alternatives

Authentication by LoginRadius

Authentication by LoginRadius

loginradius-for-wordpress

A
85

The Authentication by LoginRadius WordPress plugin allow you to replace the default WordPress Authentication feature with diverse authentication metho &hellip;

100 No CVEs
JSON API User

JSON API User

json-api-user

A
97

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

A
93

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs
Limit Login Attempts

Limit Login Attempts

limit-login-attempts

B
82

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs
Developer Profile

LoginRadius CIAM Developer Profile

loginradius

2 plugins · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect LoginRadius CIAM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loginradius-customer-identity-and-access-management/auto-loader.php/wp-content/plugins/loginradius-customer-identity-and-access-management/activation/admin/class-activation.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/WPHttpClient.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/LoginRadiusSDK/Clients/IHttpClientInterface.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/LoginRadiusSDK/Clients/DefaultHttpClient.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/LoginRadiusSDK/LoginRadiusException.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/LoginRadiusSDK/Utility/Functions.php/wp-content/plugins/loginradius-customer-identity-and-access-management/authentication/lib/LoginRadiusSDK/CustomerRegistration/Advanced/ConfigurationAPI.php
Script Paths
/wp-content/plugins/loginradius-customer-identity-and-access-management/js/common.js/wp-content/plugins/loginradius-customer-identity-and-access-management/js/admin.js
Version Parameters
loginradius-customer-identity-and-access-management/js/common.js?ver=loginradius-customer-identity-and-access-management/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- LoginRadius CIAM Settings --><!-- End LoginRadius CIAM Settings -->
Data Attributes
data-plugin-name="loginradius-ciam"data-plugin-version="4.4.0"
JS Globals
LoginRadius_ObjlrAPIClientlrAppConfiglrAPIUrllrID
REST Endpoints
/wp-json/loginradius-ciam/v1/integration/status/wp-json/loginradius-ciam/v1/integration/enable/wp-json/loginradius-ciam/v1/integration/disable
Shortcode Output
[loginradius_login][loginradius_social_login][loginradius_registration][loginradius_forgot_password]
FAQ

Frequently Asked Questions about LoginRadius CIAM