Does Next Active Directory Integration have any unpatched vulnerabilities?

No. All known vulnerabilities in Next Active Directory Integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Next Active Directory Integration compatible with WordPress 6.9.4?

According to WordPress.org data, Next Active Directory Integration 3.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Next Active Directory Integration updated?

Next Active Directory Integration was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Next Active Directory Integration's security score?

Next Active Directory Integration has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Next Active Directory Integration Security & Risk Analysis

wordpress.org/plugins/next-active-directory-integration

Next Active Directory Integration allows WordPress to authenticate, authorize, create and update users against Microsoft Active Directory.

2K active installs v3.2.1 PHP + WP 5.6+ Updated Nov 28, 2025

active-directoryauthenticationldapssowindows

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Next Active Directory Integration Safe to Use in 2026?

Generally Safe

Score 100/100

Next Active Directory Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "next-active-directory-integration" plugin version 3.2.1 presents a mixed security posture. While it shows a commendable effort in using prepared statements for all SQL queries and implementing nonce and capability checks, significant concerns arise from its taint analysis results and the presence of dangerous functions. The fact that all four analyzed taint flows have unsanitized paths, with a high severity for all of them, is a critical indicator of potential vulnerabilities, even though no critical or high severity issues were explicitly reported. This suggests that input data might not be adequately validated or sanitized before being used in sensitive operations, which could lead to various injection attacks if an attacker can control the input. The usage of dangerous functions like `preg_replace(/e)`, `proc_open`, and `unserialize` further exacerbates this risk, as these functions can be exploited for code execution or deserialization vulnerabilities if not handled with extreme care and strict input validation.

Despite the lack of recorded CVEs and a clean vulnerability history, which is a positive sign of past development focus on security, the static analysis reveals inherent risks within the codebase itself. The absence of any reported vulnerabilities could simply mean that these specific taint flows and dangerous functions haven't been publicly exploited or discovered yet. The plugin's attack surface appears minimal with zero entry points, which is a strong positive. However, the identified taint issues and dangerous functions suggest that the existing entry points, however few, might be susceptible to exploitation if not properly secured against the identified unsanitized flows. Therefore, a proactive approach to addressing the taint analysis findings and a thorough review of how the dangerous functions are used is strongly recommended.

Key Concerns

High severity unsanitized taint flows found
Use of dangerous function: preg_replace with /e modifier
Use of dangerous function: proc_open
Use of dangerous function: unserialize
Low output escaping percentage

Vulnerabilities

None known

Next Active Directory Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Next Active Directory Integration Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/([\x00-\x1F\*\\\\])/e'src\shared\AdLdap\AdLdap.php:3496

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor-repackaged\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:122

unserialize$this->__unserialize(unserialize($data));vendor-repackaged\twig\twig\src\Profiler\Profile.php:179

SQL Query Safety

100% prepared14 total queries

Output Escaping

24% escaped34 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

wpAjaxListener (src\plug-in\Ui\NadiSingleSiteConfigurationPage.php:321)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Next Active Directory Integration Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 40

actionplugins_loadedindex.php:47

actioninitindex.php:50

actionadmin_initindex.php:53

actionset_current_userindex.php:58

actionset_current_userindex.php:64

actionplugins_loadedsrc\compat-v2\stubs.php:49

filterauthenticatesrc\plug-in\Authentication\LoginService.php:93

filterallow_password_resetsrc\plug-in\Authentication\LoginService.php:101

actionlost_passwordsrc\plug-in\Authentication\LoginService.php:102

filterwp_authenticate_usersrc\plug-in\Authentication\LoginService.php:106

filtercheck_passwordsrc\plug-in\Authentication\PasswordValidationService.php:55

actionwp_logoutsrc\plug-in\Authentication\SingleSignOn\Service.php:78

actioninitsrc\plug-in\Authentication\SingleSignOn\Service.php:79

actionlogin_formsrc\plug-in\Authentication\SingleSignOn\Ui\ShowSingleSignOnLink.php:29

filterauthenticatesrc\plug-in\Authorization\Service.php:68

filterauthorizesrc\plug-in\Authorization\Service.php:71

actioninitsrc\plug-in\Cron\UrlTrigger.php:54

filterwpmu_blogs_columnssrc\plug-in\Multisite\Site\Ui\ExtendSiteList.php:46

actionmanage_sites_custom_columnsrc\plug-in\Multisite\Site\Ui\ExtendSiteList.php:47

actionadmin_enqueue_scriptssrc\plug-in\Multisite\Ui\MultisiteMenu.php:72

actionadmin_enqueue_scriptssrc\plug-in\Ui\Menu\Menu.php:104

filterauthenticatesrc\plug-in\User\LoginSucceededService.php:69

filtersend_password_change_emailsrc\plug-in\User\Manager.php:374

filtersend_email_change_emailsrc\plug-in\User\Manager.php:375

actionshow_user_profilesrc\plug-in\User\Profile\Ui\PreventEmailChange.php:45

actionpersonal_options_updatesrc\plug-in\User\Profile\Ui\PreventEmailChange.php:46

actionuser_profile_update_errorssrc\plug-in\User\Profile\Ui\PreventEmailChange.php:47

filtersend_password_change_emailsrc\plug-in\User\Profile\Ui\PreventEmailChange.php:88

filtersend_email_change_emailsrc\plug-in\User\Profile\Ui\PreventEmailChange.php:89

filtershow_password_fieldssrc\plug-in\User\Profile\Ui\PreventPasswordChange.php:46

actionedit_user_profilesrc\plug-in\User\Profile\Ui\ProvideDisableUserOption.php:43

actionedit_user_profile_updatesrc\plug-in\User\Profile\Ui\ProvideDisableUserOption.php:48

actionshow_user_profilesrc\plug-in\User\Profile\Ui\ShowLdapAttributes.php:59

actionedit_user_profilesrc\plug-in\User\Profile\Ui\ShowLdapAttributes.php:60

actionpersonal_options_updatesrc\plug-in\User\Profile\Ui\TriggerActiveDirectorySynchronization.php:66

actionedit_user_profile_updatesrc\plug-in\User\Profile\Ui\TriggerActiveDirectorySynchronization.php:67

actionuser_profile_update_errorssrc\plug-in\User\Profile\Ui\TriggerActiveDirectorySynchronization.php:102

filtermanage_users_columnssrc\plug-in\User\Ui\ExtendUserList.php:46

filtermanage_users_custom_columnsrc\plug-in\User\Ui\ExtendUserList.php:47

actionmanage_sites_custom_columnsrc\shared\WordPress\Multisite\Ui\Table\ProfileAssignment.php:34

Maintenance & Trust

Next Active Directory Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version

Downloads159K

Community Trust

Rating96/100

Number of ratings16

Active installs2K

Alternatives

Next Active Directory Integration Alternatives

authLdap

authldap

Use your existing LDAP flexible as authentication backend for WordPress

5K 2 CVEs

Active Directory Integration / LDAP Integration

ldap-login-for-intranet-sites

Active Directory Integration/LDAP Integration enables login & sync in WordPress with Active Directory/LDAP Directory credentials, 24/7 ACTIVE SUPPORT

4K 7 CVEs

Simple LDAP Login

simple-ldap-login

Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.

1K 1 CVE

Active Directory/LDAP Integration for Cloud & Shared Hosting Platforms

miniorange-wp-ldap-login

100

Active Directory integration/LDAP integration enables authentication & login for WordPress sites on Shared Hosting like Bluehost, GoDaddy, SiteGro …

50 No CVEs

Office 365 User Authentication for WordPress

o365-user-authentication

100

Authenticate and log in WordPress users securely with Office 365 / Azure Active Directory single sign-on.

20 No CVEs

Developer Profile

Next Active Directory Integration Developer Profile

neosit

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Next Active Directory Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/next-active-directory-integration/css/style.css/wp-content/plugins/next-active-directory-integration/js/main.js

Script Paths

/wp-content/plugins/next-active-directory-integration/js/main.js

Version Parameters

next-active-directory-integration/style.css?ver=next-active-directory-integration/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

nadi-sync-to-ad-page

HTML Comments

Data Attributes

data-noncedata-authcodedata-blogurldata-domain-sid-setdata-sync-enableddata-sync-user-set+1 more

JS Globals

next_ad_intnext_ad_int_logger

FAQ