Login with NEAR Security & Risk Analysis

wordpress.org/plugins/near-login

The Login with NEAR WordPress plugin empowers users to effortlessly register/login with NEAR wallets directly on your WordPress site.

10 active installs v0.3.3 PHP 7.4+ WP 6.0.1+ Updated Nov 10, 2025
loginnear
75
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Download
Safety Verdict

Is Login with NEAR Safe to Use in 2026?

Mostly Safe

Score 75/100

Login with NEAR is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 8mo ago
Risk Assessment

The "near-login" plugin v0.3.3 exhibits a concerning security posture, primarily due to a significant number of unprotected entry points. With 4 out of 5 total entry points lacking authentication checks, the plugin presents a broad attack surface to unauthenticated users. This is a critical weakness, as it could allow unauthorized access to sensitive functionalities. While the plugin demonstrates good practices in other areas, such as 100% prepared SQL statements and properly escaped output, the absence of capability or nonce checks on its AJAX handlers severely undermines its overall security. The lack of any recorded vulnerabilities in its history might suggest a lack of past scrutiny or exploit attempts, but it does not negate the current inherent risks presented by the unauthenticated entry points. Therefore, despite its strengths in data handling, the plugin's security is significantly compromised by its unprotected AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • No nonce checks on AJAX handlers
  • No capability checks
Vulnerabilities
1 published

Login with NEAR Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-8994high · 8.1Improper Authentication

Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

May 26, 2026Unpatched
Version History

Login with NEAR Release Timeline

v0.3.21 CVE
v0.3.11 CVE
v0.3.01 CVE
v0.2.91 CVE
v0.2.81 CVE
v0.2.71 CVE
v0.2.61 CVE
v0.2.51 CVE
v0.2.41 CVE
v0.2.31 CVE
v0.2.21 CVE
v0.2.11 CVE
v0.2.01 CVE
v0.1.91 CVE
v0.1.81 CVE
v0.1.71 CVE
v0.1.61 CVE
v0.1.51 CVE
v0.1.41 CVE
v0.1.31 CVE
Code Analysis
Analyzed Mar 16, 2026

Login with NEAR Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
29 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped29 total outputs
Attack Surface
4 unprotected

Login with NEAR Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

noprivwp_ajax_loginWithNearLoginControllers\UserLoginController.php:16
authwp_ajax_loginWithNearLoginControllers\UserLoginController.php:17
noprivwp_ajax_logoutWithNearControllers\UserLoginController.php:19
authwp_ajax_logoutWithNearControllers\UserLoginController.php:20

Shortcodes 1

[login_near_link] Controllers\LoginShortcodeCreator.php:12
WordPress Hooks 4
actionadmin_menuModel\Abstractions\AdminPages.php:17
actionadmin_initModel\Abstractions\AdminPages.php:18
filtergetLoginWithNearOptionsModel\Constructor\ConfigPage.php:43
actioninitModel\Constructor\Constructor.php:97
Maintenance & Trust

Login with NEAR Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 10, 2025
PHP min version7.4
Downloads6K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Developer Profile

Login with NEAR Developer Profile

Learn NEAR Club

3 plugins · 30 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Login with NEAR

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/near-login/vendor/learndash/learndash-core/src/Blocks/LearndashCourseBlock.php
Script Paths
/wp-content/plugins/near-login/vendor/learndash/learndash-core/src/Blocks/LearndashCourseBlock.php
Version Parameters
main.1762711978552.js?ver=

HTML / DOM Fingerprints

CSS Classes
login-with-near-linklogout-with-near-link
JS Globals
near_login
Shortcode Output
<a class=' logout-with-near-link' login-with-near-link' href='javascript:;' onclick='window.logOutAction(); return false;'>
FAQ

Frequently Asked Questions about Login with NEAR