Does NeonCRM Sign-In have any unpatched vulnerabilities?

No. All known vulnerabilities in NeonCRM Sign-In have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is NeonCRM Sign-In compatible with WordPress 5.1.22?

According to WordPress.org data, NeonCRM Sign-In 1.2.0 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is NeonCRM Sign-In updated?

NeonCRM Sign-In was last updated on Sep 3, 2019. Frequent updates are generally a positive security signal.

What is NeonCRM Sign-In's security score?

NeonCRM Sign-In has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NeonCRM Sign-In Security & Risk Analysis

wordpress.org/plugins/neoncrm-sign-in

60 active installs v1.2.0 PHP + WP 4.0+ Updated Sep 3, 2019

crmneonneoncrmnonprofitsso

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NeonCRM Sign-In Safe to Use in 2026?

Generally Safe

Score 85/100

NeonCRM Sign-In has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "neoncrm-sign-in" plugin v1.2.0 exhibits a generally good security posture based on the provided static analysis. The absence of critical or high-severity taint flows and the consistent use of prepared statements for SQL queries are positive indicators. Additionally, the plugin's limited attack surface, with no unprotected AJAX handlers or REST API routes, further enhances its security. However, there are a couple of areas that warrant attention. While the plugin has a clean vulnerability history with no known CVEs, this does not guarantee future safety and should be monitored. The presence of external HTTP requests (6 total) without further context on their purpose and implementation could introduce risks if not handled securely. Furthermore, the lack of explicit nonce checks, coupled with the fact that there are no recorded capability checks on the identified entry points (shortcodes), represents a potential weakness for ensuring legitimate user actions.

Key Concerns

0 Nonce checks on entry points
6 External HTTP requests without context
2 Shortcodes without capability checks

Vulnerabilities

None known

NeonCRM Sign-In Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

NeonCRM Sign-In Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped68 total outputs

Attack Surface

NeonCRM Sign-In Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[neon_sign_in_link] neoncrm-sso.php:109

[neon_sign_in_link_return] neoncrm-sso.php:880

WordPress Hooks 19

actionadmin_menuneoncrm-sso-admin-page.php:8

actionadmin_initneoncrm-sso-admin-page.php:25

actionadmin_initneoncrm-sso-menu-page.php:82

actionshow_user_profileneoncrm-sso-profile-page.php:130

actionedit_user_profileneoncrm-sso-profile-page.php:137

actionshow_user_profileneoncrm-sso-profile-page.php:173

actionedit_user_profileneoncrm-sso-profile-page.php:180

actionpersonal_options_updateneoncrm-sso-profile-page.php:201

actionedit_user_profile_updateneoncrm-sso-profile-page.php:208

actionlogin_formneoncrm-sso.php:70

filterauthenticateneoncrm-sso.php:116

filterlogin_messageneoncrm-sso.php:255

filterlogin_messageneoncrm-sso.php:270

filterlogin_messageneoncrm-sso.php:398

filterlogin_messageneoncrm-sso.php:449

filterlogin_messageneoncrm-sso.php:456

filterlogin_messageneoncrm-sso.php:830

actionafter_setup_themeneoncrm-sso.php:838

actionwp_logoutneoncrm-sso.php:905

Maintenance & Trust

NeonCRM Sign-In Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedSep 3, 2019

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings4

Active installs60

Alternatives

NeonCRM Sign-In Alternatives

NeonCRM Events Widget

neoncrm-events-widget

Displays a feed of upcoming events retrieved from NeonCRM.

10 No CVEs

CiviEvent Widget

civievent-widget

Display widgets for CiviCRM events: the next public event or a whole list. Embed widgets as shortcodes, too!

200 No CVEs

Office 365 User Authentication for WordPress

o365-user-authentication

100

Authenticate and log in WordPress users securely with Office 365 / Azure Active Directory single sign-on.

20 No CVEs

Flamingo

flamingo

100

A trustworthy message storage plugin for Contact Form 7.

800K 1 CVE

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 2 CVEs

Developer Profile

NeonCRM Sign-In Developer Profile

colinpizarek

2 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NeonCRM Sign-In

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neoncrm-sign-in/css/neoncrm-sso-styles.css/wp-content/plugins/neoncrm-sign-in/js/neoncrm-sso-script.js

Script Paths

/wp-content/plugins/neoncrm-sign-in/js/neoncrm-sso-script.js

Version Parameters

neoncrm-sign-in/css/neoncrm-sso-styles.css?ver=neoncrm-sign-in/js/neoncrm-sso-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

neonsso-login-button

Shortcode Output

<a href="

FAQ