Does Rundiz OAuth have any unpatched vulnerabilities?

No. All known vulnerabilities in Rundiz OAuth have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rundiz OAuth compatible with WordPress 7.0?

According to WordPress.org data, Rundiz OAuth 1.6.4 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Rundiz OAuth compatible with PHP 5.4+?

Rundiz OAuth requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rundiz OAuth updated?

Rundiz OAuth was last updated on Dec 18, 2025. Frequent updates are generally a positive security signal.

What is Rundiz OAuth's security score?

Rundiz OAuth has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rundiz OAuth Security & Risk Analysis

wordpress.org/plugins/okv-oauth

Use OAuth such as Google, LINE to login and register.

10 active installs v1.6.4 PHP 5.4+ WP 5.0+ Updated Dec 18, 2025

googleoauthsocial-connectsocial-login

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Rundiz OAuth Safe to Use in 2026?

Generally Safe

Score 100/100

Rundiz OAuth has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The okv-oauth plugin v1.6.4 presents a generally positive security posture, adhering to several best practices such as using prepared statements for all SQL queries and implementing nonce checks. The absence of known CVEs and a clean vulnerability history further contribute to this favorable assessment. However, the static analysis reveals areas that warrant attention. Specifically, the taint analysis shows that all 9 analyzed flows have unsanitized paths, with no critical or high severity issues identified but this still indicates a potential for unexpected behavior or unintended data manipulation if not handled carefully in subsequent logic.

The plugin's output escaping is also a concern, with 36% of outputs not properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed. While the attack surface appears minimal with no direct entry points like AJAX handlers or REST API routes exposed without authentication, the presence of 8 external HTTP requests and one file operation, coupled with the unsanitized taint flows and imperfect output escaping, suggests a need for vigilance and further review to ensure these operations do not introduce security weaknesses.

Key Concerns

Unsanitized paths in taint flows
Improper output escaping
External HTTP requests present
File operations present

Vulnerabilities

None known

Rundiz OAuth Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Rundiz OAuth Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

55 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

64% escaped86 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

wpCheckEmailNotExists (App\Libraries\MyOauth\Google.php:176)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Rundiz OAuth Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 49

actioninitApp\App.php:37

actionupgrader_process_completeApp\Controllers\Admin\Activation.php:244

filterplugin_action_linksApp\Controllers\Admin\Activation.php:247

filterplugin_row_metaApp\Controllers\Admin\Activation.php:249

actionadmin_enqueue_scriptsApp\Controllers\Admin\HookNetworkSettings.php:67

filterpre_update_site_option_registrationApp\Controllers\Admin\HookNetworkSettings.php:68

filtershow_password_fieldsApp\Controllers\Admin\HookProfilePage.php:23

actionadmin_menuApp\Controllers\Admin\Settings.php:93

actioninitApp\Controllers\Blocks\LoginLinks.php:37

actionlogin_initApp\Controllers\Front\HookLoginPage.php:415

actionlogin_enqueue_scriptsApp\Controllers\Front\HookLoginPage.php:418

filterlogin_headerurlApp\Controllers\Front\HookLoginPage.php:420

actionregister_formApp\Controllers\Front\HookLoginPage.php:424

actionsignup_extra_fieldsApp\Controllers\Front\HookLoginPage.php:426

actionbefore_signup_headerApp\Controllers\Front\HookLoginPage.php:427

actionwoocommerce_register_form_startApp\Controllers\Front\HookLoginPage.php:429

actionwoocommerce_after_checkout_registration_formApp\Controllers\Front\HookLoginPage.php:431

filterregistration_errorsApp\Controllers\Front\HookLoginPage.php:434

filterwoocommerce_registration_errorsApp\Controllers\Front\HookLoginPage.php:436

filterwpmu_active_signupApp\Controllers\Front\HookLoginPage.php:438

actionlogin_formApp\Controllers\Front\HookLoginPage.php:442

actionwoocommerce_login_form_startApp\Controllers\Front\HookLoginPage.php:444

filterauth_cookie_expirationApp\Controllers\Front\HookLoginPage.php:446

filterauthenticateApp\Controllers\Front\HookLoginPage.php:448

actionlostpassword_formApp\Controllers\Front\HookLoginPage.php:452

actionlostpassword_postApp\Controllers\Front\HookLoginPage.php:454

actionretreive_passwordApp\Controllers\Front\HookLoginPage.php:455

actionretrieve_passwordApp\Controllers\Front\HookLoginPage.php:456

filtersend_retrieve_password_emailApp\Controllers\Front\HookLoginPage.php:457

filterallow_password_resetApp\Controllers\Front\HookLoginPage.php:459

actionadmin_noticesApp\Controllers\Front\HookLoginPage.php:463

actionuser_admin_noticesApp\Controllers\Front\HookLoginPage.php:465

actionpersonal_options_updateApp\Controllers\Front\HookLoginPage.php:467

filterwoocommerce_save_account_details_errorsApp\Controllers\Front\HookLoginPage.php:469

actionadmin_enqueue_scriptsApp\Controllers\Front\HookLoginPage.php:471

actionprofile_personal_optionsApp\Controllers\Front\HookLoginPage.php:473

actionwoocommerce_edit_account_form_startApp\Controllers\Front\HookLoginPage.php:475

actionload-profile.phpApp\Controllers\Front\HookLoginPage.php:477

actionrundiz_oauth_changeemail_successApp\Controllers\Front\HookLoginPage.php:479

actionwp_logoutApp\Controllers\Front\HookLoginPage.php:482

actionuser_profile_update_errorsApp\Controllers\Front\HookLoginPage.php:579

filterdocument_title_partsApp\Controllers\Front\RdOauth\Index.php:69

filterdocument_title_partsApp\Controllers\Front\RdOauth\Register.php:84

filterquery_varsApp\Controllers\Front\RewriteRules.php:74

actiontemplate_redirectApp\Controllers\Front\RewriteRules.php:75

actioninitApp\Controllers\Front\RewriteRules.php:77

actionadmin_enqueue_scriptsApp\Libraries\StylesAndScripts.php:23

actionwp_enqueue_scriptsApp\Libraries\StylesAndScripts.php:24

actionwidgets_initApp\Widgets\AutoRegisterWidgets.php:33

Maintenance & Trust

Rundiz OAuth Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedDec 18, 2025

PHP min version5.4

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Rundiz OAuth Alternatives

Social Login by BestWebSoft

social-login-bws

100

Add social media login, registration, and commenting to your WordPress website.

90 1 CVE

Wapu Auth – Google Social Login for WordPress & WooCommerce

wapu-auth-social-login

100

Google Social Login for WordPress & WooCommerce -- free. Let users register and login with their Google account in one click. No passwords, no forms.

0 No CVEs

Nextend Social Login and Register

nextend-facebook-connect

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs

Login for Google Apps

google-apps-login

100

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo …

10K 1 unpatched

Developer Profile

Rundiz OAuth Developer Profile

vee

7 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Rundiz OAuth

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/okv-oauth/assets/js/rd-oauth-adminnetworksettings.js/wp-content/plugins/okv-oauth/assets/css/rd-settings-tabs.css/wp-content/plugins/okv-oauth/assets/js/rd-settings-tabs.js/wp-content/plugins/okv-oauth/assets/css/rd-settings-customstyle.css

Script Paths

/wp-content/plugins/okv-oauth/assets/js/rd-oauth-adminnetworksettings.js/wp-content/plugins/okv-oauth/assets/js/rd-settings-tabs.js

Version Parameters

okv-oauth/assets/css/rd-settings-tabs.css?ver=okv-oauth/assets/js/rd-settings-tabs.js?ver=okv-oauth/ass

HTML / DOM Fingerprints

CSS Classes

rd-oauth-settings-tabs-wrap

Data Attributes

data-rd-oauth-provider-item

JS Globals

RdOauthAdminNetworkSettings

FAQ