Mm Ajax Login Security & Risk Analysis

wordpress.org/plugins/mm-ajax-login

A custom lightbox login form that serves as a gatekeeper for links with the class "ajax-login-trigger".

10 active installs v1.0.0 PHP + WP 3.8+ Updated Dec 7, 2015
ajaxformlightboxlogin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Mm Ajax Login Safe to Use in 2026?

Generally Safe

Score 85/100

Mm Ajax Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'mm-ajax-login' v1.0.0 plugin demonstrates a generally good security posture based on the static analysis. All identified entry points, specifically the four AJAX handlers, appear to have authorization checks in place, which is a significant strength. The complete absence of direct SQL queries and reliance on prepared statements is commendable, and the high percentage of properly escaped output further mitigates common web vulnerabilities.

However, there are a few areas that warrant attention. While there are nonce checks present, their limited number (2) in relation to the four AJAX handlers suggests that not all handlers might be covered by nonce validation, which could be a potential weakness. More critically, the static analysis shows zero capability checks implemented. This means that even if AJAX handlers are authenticated, they are not verifying if the logged-in user has the necessary permissions to perform the action, opening the door to privilege escalation if an attacker can trick a privileged user into triggering an action they shouldn't be able to.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the positive static analysis findings regarding SQL and output handling, suggests a developer who is mindful of secure coding practices. Nevertheless, the lack of capability checks is a significant oversight that needs to be addressed to ensure robust security. The current implementation, while not actively exploited, has the potential for privilege-related issues.

Key Concerns

  • Missing capability checks on AJAX handlers
  • Potentially insufficient nonce checks on AJAX handlers
  • High percentage of unescaped output
Vulnerabilities
None known

Mm Ajax Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Mm Ajax Login Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

Mm Ajax Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
17 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

77% escaped22 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
mm_ajax_login_process_form_submission (mm-ajax-login.php:167)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mm Ajax Login Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_mm_is_user_logged_inmm-ajax-login.php:40
noprivwp_ajax_mm_is_user_logged_inmm-ajax-login.php:41
authwp_ajax_mm_do_ajax_loginmm-ajax-login.php:42
noprivwp_ajax_mm_do_ajax_loginmm-ajax-login.php:43
WordPress Hooks 3
actionplugins_loadedmm-ajax-login.php:20
actionwp_enqueue_scriptsmm-ajax-login.php:33
actionwp_footermm-ajax-login.php:34
Maintenance & Trust

Mm Ajax Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 7, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Mm Ajax Login Developer Profile

Braad

6 plugins · 2K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mm Ajax Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mm-ajax-login/js/mm-ajax-login.js/wp-content/plugins/mm-ajax-login/css/mm-ajax-login.css
Script Paths
js/mm-ajax-login.js
Version Parameters
mm-ajax-login/js/mm-ajax-login.js?ver=mm-ajax-login/css/mm-ajax-login.css?ver=

HTML / DOM Fingerprints

CSS Classes
mm-ajax-loginmm-ajax-login-innerclose-buttonmm-ajax-login-form-titlemm-ajax-login-statususernamepasswordlogin-remember+3 more
Data Attributes
id="mm-ajax-login-form"id="mm-ajax-login-status"id="mm-ajax-login-username"id="mm-ajax-login-password"id="mm-ajax-login-rememberme"id="mm-ajax-login-lost-password"+1 more
JS Globals
mm_ajax_login_vars
FAQ

Frequently Asked Questions about Mm Ajax Login