Does Office 365 User Authentication for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Office 365 User Authentication for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Office 365 User Authentication for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, Office 365 User Authentication for WordPress 2.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Office 365 User Authentication for WordPress compatible with PHP 5.6.36+?

Office 365 User Authentication for WordPress requires PHP 5.6.36 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Office 365 User Authentication for WordPress's security score?

Office 365 User Authentication for WordPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Office 365 User Authentication for WordPress Security & Risk Analysis

wordpress.org/plugins/o365-user-authentication

Authenticate and log in WordPress users securely with Office 365 / Azure Active Directory single sign-on.

20 active installs v2.7 PHP 5.6.36+ WP 3.5.2+ Updated Sep 8, 2025

authentication-loginazure-active-directory-ssodynamics-crmoffice-365sharepoint

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Office 365 User Authentication for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Office 365 User Authentication for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The plugin "o365-user-authentication" v2.7 exhibits a mixed security posture. While it presents a small attack surface with no apparent unprotected AJAX handlers or REST API routes, and has no recorded vulnerability history, several code signals raise concerns. The presence of the `unserialize` function, even if not immediately exploitable in the absence of taint analysis, is a known risk for deserialization vulnerabilities if the serialized data can be influenced by an attacker. Furthermore, the low percentage of properly escaped output (26%) indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed in the browser. The complete absence of nonce checks and capability checks on entry points, combined with a low output escaping rate, suggests a lack of robust protection against various web attacks. The single external HTTP request warrants scrutiny to ensure it's not susceptible to SSRF or other network-based attacks, though without specific taint data, this remains a general observation.

Key Concerns

Dangerous function 'unserialize' found
Low output escaping rate (26%)
No nonce checks
No capability checks
External HTTP requests without explicit checks

Vulnerabilities

None known

Office 365 User Authentication for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Office 365 User Authentication for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$role_based_redirect_url = unserialize( $user_mapping_data->role_based_redirect_url );function\o365_azure_login_settings.php:35

unserialize$user_auth_mapping_fields = unserialize( $user_mapping_data->user_auth_mapping_fields );function\o365_azure_login_settings.php:39

unserialize$user_mapping_data = unserialize( $user_mapping_data->azure_group_mapping_with_wprole );function\o365_azure_login_settings.php:43

unserialize$mapped_fields = unserialize( $azure_login_setting_flow->user_auth_mapping_fields );inc\o365_user_auth_online_class.php:255

SQL Query Safety

67% prepared3 total queries

Output Escaping

26% escaped47 total outputs

Attack Surface

Office 365 User Authentication for WordPress Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[o365_azure_login_url] inc\o365_user_auth_online_class.php:30

[o365_azure_logout_url] inc\o365_user_auth_online_class.php:31

WordPress Hooks 14

actioninitinc\o365_user_auth_online_class.php:23

filterauthenticateinc\o365_user_auth_online_class.php:25

actionlogin_forminc\o365_user_auth_online_class.php:27

actionwp_logoutinc\o365_user_auth_online_class.php:29

actiono365_user_auth_tab_titleo365-user-auth-online.php:38

actiono365_user_auth_html_contento365-user-auth-online.php:39

actionlogin_formo365-user-auth-online.php:41

filtero365_wp_restrict_auth_methodo365-user-auth-online.php:62

actionadmin_noticeso365-user-auth-online.php:72

actionadmin_inito365-user-auth-online.php:81

actionadmin_inito365-user-auth-online.php:84

actionadmin_noticeso365-user-auth-online.php:98

actioninito365-user-auth-online.php:107

actionadmin_noticeso365-user-auth-online.php:109

Maintenance & Trust

Office 365 User Authentication for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 8, 2025

PHP min version5.6.36

Downloads7K

Community Trust

Rating100/100

Number of ratings7

Active installs20

Alternatives

Office 365 User Authentication for WordPress Alternatives

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs

ICS Calendar

ics-calendar

Add the calendar you already use to Any WordPress site! Google Calendar, Microsoft 365, iCloud and more… no API keys or complicated setup required.

10K 1 CVE

WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

wpo365-login

WordPress + Microsoft Entra | Ext. ID | B2C | M365 Integration for your Digital Workplace. For SSO, Mail, Roles, Access, Profiles, SharePoint, PowerBI …

10K 4 CVEs

miniOrange Embed Files for SharePoint/OneDrive

embed-sharepoint-onedrive-documents

100

Embed, manage, and sync Microsoft SharePoint and OneDrive documents, folders, lists, and files within WordPress pages, posts, or the media library.

800 No CVEs

Dynamics 365 Integration

integration-dynamics

The easiest way to connect Dynamics 365 or Dynamics CRM with WordPress.

600 6 CVEs

Developer Profile

Office 365 User Authentication for WordPress Developer Profile

Wordpress Integration Services

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Office 365 User Authentication for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/o365-user-authentication/assests/css/o365_user_auth_style.css

HTML / DOM Fingerprints

CSS Classes

TabbedPanelsContent

JS Globals

O365_USER_AUTH_ONLINE_PLUGIN_URL

FAQ