Does Social Login have any unpatched vulnerabilities?

No. All known vulnerabilities in Social Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Social Login compatible with WordPress 6.7.5?

According to WordPress.org data, Social Login 5.10.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Social Login compatible with PHP 5.4+?

Social Login requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Social Login updated?

Social Login was last updated on Dec 2, 2024. Frequent updates are generally a positive security signal.

What is Social Login's security score?

Social Login has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social Login Security & Risk Analysis

wordpress.org/plugins/oa-social-login

With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs

5K active installs v5.10.0 PHP 5.4+ WP 3.0+ Updated Dec 2, 2024

facebook-loginlinkedin-loginsocial-logintiktok-logintwitter-login

A · Safe

CVEs total1

Unpatched0

Last CVENov 22, 2024

Plugin page Download

Safety Verdict

Is Social Login Safe to Use in 2026?

Generally Safe

Score 89/100

Social Login has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 22, 2024Updated 1yr ago

Risk Assessment

The "oa-social-login" v5.10.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and implementing nonce checks for its AJAX endpoints. The absence of file operations and bundled libraries is also a good indicator. However, several significant concerns emerge from the static analysis. A critical weakness lies in the output escaping, with only 7% of outputs being properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for insecure data handling or privilege escalation. The plugin's history of one critical, albeit now patched, vulnerability of the "Authentication Bypass Using an Alternate Path or Channel" type is also a concern, hinting at past design flaws that could be re-introduced. While the plugin is actively maintained and current vulnerabilities are patched, the ongoing presence of high-severity taint flows and a very low rate of proper output escaping present immediate risks that require attention.

Key Concerns

High severity taint flows with unsanitized paths
Very low percentage of properly escaped output
History of a critical authentication bypass vulnerability

Vulnerabilities

Social Login Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2024-10961critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider

Nov 22, 2024 Patched in 5.10.0 (89d)

Code Analysis

Analyzed Mar 16, 2026

Social Login Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

7% escaped87 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

oa_social_login_callback (includes\communication.php:6)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Social Login Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 2

authwp_ajax_oa_social_login_autodetect_api_connection_handlerincludes\admin.php:296

authwp_ajax_oa_social_login_check_api_settingsincludes\admin.php:404

Shortcodes 3

[oa_social_link] includes\user_interface.php:418

[oa_social_login] includes\user_interface.php:458

[oa_social_login_test] includes\user_interface.php:505

WordPress Hooks 40

filtermanage_users_columnsincludes\admin.php:19

actionmanage_users_custom_columnincludes\admin.php:85

filtermanage_users_sortable_columnsincludes\admin.php:86

actionadmin_enqueue_scriptsincludes\admin.php:112

actionadmin_initincludes\admin.php:113

actionadmin_noticesincludes\admin.php:114

actionadmin_noticesincludes\admin.php:115

actionadmin_menuincludes\admin.php:118

actionpre_comment_approvedincludes\admin.php:153

actionlogin_headincludes\user_interface.php:69

actionwp_headincludes\user_interface.php:70

actionlogin_headincludes\user_interface.php:73

actionwp_headincludes\user_interface.php:74

actionshow_user_profileincludes\user_interface.php:77

actionshow_user_profileincludes\user_interface.php:400

actionoa_social_linkincludes\user_interface.php:437

filterbp_core_fetch_avatarincludes\user_interface.php:575

filterget_avatarincludes\user_interface.php:658

filtercomment_form_defaultsincludes\user_interface.php:684

actioncomment_form_topincludes\user_interface.php:707

actionthesis_hook_comment_form_topincludes\user_interface.php:710

actionafter_signup_formincludes\user_interface.php:734

actionbp_before_account_details_fieldsincludes\user_interface.php:737

actionwoocommerce_register_form_endincludes\user_interface.php:740

actionwoocommerce_before_checkout_formincludes\user_interface.php:743

actionwppb_before_loginincludes\user_interface.php:763

actionbp_before_sidebar_login_formincludes\user_interface.php:766

actionva_after_admin_bar_login_formincludes\user_interface.php:769

actionsidebar_login_widget_logged_out_content_endincludes\user_interface.php:772

actionwoocommerce_login_form_endincludes\user_interface.php:775

actionlogin_formincludes\user_interface.php:816

actionregister_formincludes\user_interface.php:865

actionoa_social_loginincludes\user_interface.php:879

filteroa_social_login_customincludes\user_interface.php:890

actionwp_footerincludes\user_interface.php:1200

actionadmin_footerincludes\user_interface.php:1201

actionwp_loadedincludes\user_interface.php:1243

actionwidgets_initincludes\widget.php:132

filterplugin_action_linksoa-social-login.php:59

actioninitoa-social-login.php:96

Maintenance & Trust

Social Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 2, 2024

PHP min version5.4

Downloads942K

Community Trust

Rating86/100

Number of ratings364

Active installs5K

Alternatives

Social Login Alternatives

UsersWP – Social Login

userswp-social-login

100

Social Login addon for UsersWP.

2K No CVEs

Heateor Social Login WordPress

heateor-social-login

One click login and registration via Facebook, Twitter, Linkedin, Google and 23 others.

1K 1 unpatched

Happy Social Login

happy-social-login

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs

WP Social AutoConnect

wp-fb-autoconnect

A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike. Supports Buddypress.

500 1 unpatched

Heateor Login – Social Login Plugin

heateor-login

Allow your website visitors to login to your website via their Facebook accounts

10 1 CVE

Developer Profile

Social Login Developer Profile

Claude

2 plugins · 5K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

89 days

View full developer profile

Detection Fingerprints

How We Detect Social Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oa-social-login/assets/css/admin.css/wp-content/plugins/oa-social-login/assets/css/frontend.css/wp-content/plugins/oa-social-login/assets/js/admin.js/wp-content/plugins/oa-social-login/assets/js/frontend.js

Script Paths

/wp-content/plugins/oa-social-login/assets/js/admin.js/wp-content/plugins/oa-social-login/assets/js/frontend.js

Version Parameters

oa-social-login/assets/css/admin.css?ver=oa-social-login/assets/css/frontend.css?ver=oa-social-login/assets/js/admin.js?ver=oa-social-login/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

oa_social_login_widget_containeroa_social_login_user_provider

HTML Comments

+1 more

Data Attributes

data-provider-login-urldata-login-urldata-dialog-login-urldata-dialog-register-urldata-redirect-url

JS Globals

oa_social_login_vars

REST Endpoints

/wp-json/oa-social-login/v1/nonce

Shortcode Output

[oa_social_login][oa_social_login login_url=[oa_social_login register_url=[oa_social_login providers=

FAQ