Does Magic Link – Secure one click passwordless login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Magic Link – Secure one click passwordless login compatible with WordPress 6.9.4?

According to WordPress.org data, Magic Link – Secure one click passwordless login 1.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Magic Link – Secure one click passwordless login compatible with PHP 5.6+?

Magic Link – Secure one click passwordless login requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Magic Link – Secure one click passwordless login's security score?

Magic Link – Secure one click passwordless login has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Magic Link – Secure one click passwordless login Security & Risk Analysis

wordpress.org/plugins/magic-link

Secure one click passwordless login

10 active installs v1.2.3 PHP 5.6+ WP 6.7+ Updated Unknown

email-loginloginmagic-loginone-click-loginpasswordless-login

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Magic Link – Secure one click passwordless login Safe to Use in 2026?

Generally Safe

Score 100/100

Magic Link – Secure one click passwordless login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The magic-link plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries, performing a significant number of nonce checks, and having no recorded vulnerability history. This suggests a developer who is aware of and attempts to implement common WordPress security measures. However, concerns arise from the static analysis. The plugin has an unprotected AJAX handler, representing a direct entry point without authentication, which is a significant risk. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input could be manipulated to affect application behavior. While the vulnerability history is clean, the presence of high-severity taint flows and an unprotected AJAX handler warrants attention.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows
Taint flows with unsanitized paths
Low percentage of properly escaped output

Vulnerabilities

None known

Magic Link – Secure one click passwordless login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Magic Link – Secure one click passwordless login Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Magic Link – Secure one click passwordless login Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

158 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared7 total queries

Output Escaping

74% escaped213 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

add_magic_link_button (lite\includes\Frontend.php:188)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Magic Link – Secure one click passwordless login Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 4

authwp_ajax_magic_link_manage_pluginlite\includes\Ajax.php:10

authwp_ajax_generate_magic_linklite\includes\Plugin.php:122

noprivwp_ajax_request_magic_linklite\includes\Shortcode.php:11

authwp_ajax_request_magic_linklite\includes\Shortcode.php:12

Shortcodes 1

[magic_link_form] lite\includes\Shortcode.php:9

WordPress Hooks 27

filterwpsf_register_settings_kc_mllite\includes\Admin\admin-settings.php:25

filterkc_ml_settings_validatelite\includes\Admin\admin-settings.php:26

actionadmin_menulite\includes\Admin\Settings.php:29

actionadmin_initlite\includes\Install.php:41

actionadmin_initlite\includes\Install.php:42

actionadmin_enqueue_scriptslite\includes\Plugin.php:113

actionadmin_enqueue_scriptslite\includes\Plugin.php:114

actionadmin_menulite\includes\Plugin.php:116

actionadmin_print_scriptslite\includes\Plugin.php:118

actionmanage_users_columnslite\includes\Plugin.php:120

actionmanage_users_custom_columnlite\includes\Plugin.php:121

actionin_plugin_update_message-magic-link/magic-link.phplite\includes\Plugin.php:124

filteradmin_footer_textlite\includes\Plugin.php:125

filterset-screen-optionlite\includes\Plugin.php:127

actioninitlite\includes\Plugin.php:135

actioninitlite\includes\Plugin.php:136

actionlogin_form_loginlite\includes\Plugin.php:137

actionlogin_form_magic_linklite\includes\Plugin.php:138

actionlogin_footerlite\includes\Plugin.php:141

actionlogin_headlite\includes\Plugin.php:142

actionadmin_initlite\includes\Settings.php:103

actionadmin_noticeslite\includes\Settings.php:111

actionadmin_enqueue_scriptslite\includes\Settings.php:113

actionafter_uninstalllite\includes\Uninstall.php:14

filterplugin_iconmagic-link.php:79

actionadmin_noticesmagic-link.php:114

actionplugins_loadedmagic-link.php:175

Maintenance & Trust

Magic Link – Secure one click passwordless login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Magic Link – Secure one click passwordless login Alternatives

Magic Login – Passwordless Authentication for WordPress – Login Without Password

magic-login

100

Passwordless login for WordPress. Streamline the login process by sending magic links to your users.

2K No CVEs

Magic Login Link

magic-link-login

Enables the user to login without entering a password. Instead a mail with a login is sent.

80 No CVEs

Temporary Login Without Password

temporary-login-without-password

100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE

Temporary Login

temporary-login

Create a secure, temporary URL for easy access to your WP admin.

40K 1 CVE

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 4 CVEs

Developer Profile

Magic Link – Secure one click passwordless login Developer Profile

KaizenCoders

15 plugins · 31K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

153 days

View full developer profile

Detection Fingerprints

How We Detect Magic Link – Secure one click passwordless login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/magic-link/lite/dist/scripts/magic-link.js/wp-content/plugins/magic-link/lite/dist/styles/app.css/wp-content/plugins/magic-link/lite/dist/styles/magic-link-admin.css

Script Paths

/wp-content/plugins/magic-link/lite/dist/scripts/magic-link.js

Version Parameters

magic-link/style.css?ver=magic-link/script.js?ver=magic-link-script?ver=magic-link-main?ver=magic-link-admin?ver=

HTML / DOM Fingerprints

CSS Classes

generate-magic-linkmagic-linkcopy-magic-link

Data Attributes

data-user-idmagicLinkAjax

JS Globals

magicLinkAjax

FAQ