Does OneCode Login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is OneCode Login compatible with WordPress 6.9.4?

According to WordPress.org data, OneCode Login 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is OneCode Login compatible with PHP 7.4+?

OneCode Login requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OneCode Login updated?

OneCode Login was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is OneCode Login's security score?

OneCode Login has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OneCode Login Security & Risk Analysis

wordpress.org/plugins/onecode-login

Simple and secure passwordless login using email verification codes. No passwords to remember, just enter your email and verify with a 6-digit code.

10 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Jan 5, 2026

authenticationemailloginotppasswordless

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is OneCode Login Safe to Use in 2026?

Generally Safe

Score 100/100

OneCode Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "onecode-login" plugin v1.0.0 exhibits a generally good security posture regarding common WordPress vulnerabilities. The code analysis shows excellent practices with 100% of SQL queries using prepared statements and all output being properly escaped. Furthermore, there are no dangerous functions, file operations, or external HTTP requests detected. The presence of nonce and capability checks on entry points is also a positive sign. However, the taint analysis reveals a significant concern: all 7 analyzed flows have unsanitized paths, with 5 classified as high severity. This indicates that data processed by the plugin might not be sufficiently validated or cleansed, potentially leading to unexpected behavior or vulnerabilities if that data is user-controlled or originates from an untrusted source. The plugin also has no recorded vulnerability history, which is a strong positive, suggesting a history of secure development or a lack of past exploitation. Despite the promising foundation, the high number of unsanitized taint flows is a notable weakness that requires careful investigation and remediation.

Key Concerns

High severity unsanitized taint flows
Unsanitized paths in all taint flows

Vulnerabilities

None known

OneCode Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

OneCode Login Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

OneCode Login Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

240 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared23 total queries

Output Escaping

100% escaped241 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

render_login_page (includes/class-wp-login-integration.php:104)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

OneCode Login Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 6

authwp_ajax_onecode_login_send_codeincludes/class-login-handler.php:60

noprivwp_ajax_onecode_login_send_codeincludes/class-login-handler.php:61

authwp_ajax_onecode_login_verify_codeincludes/class-login-handler.php:62

noprivwp_ajax_onecode_login_verify_codeincludes/class-login-handler.php:63

authwp_ajax_onecode_login_resend_codeincludes/class-login-handler.php:64

noprivwp_ajax_onecode_login_resend_codeincludes/class-login-handler.php:65

Shortcodes 1

[onecode_login] includes/class-shortcode.php:60

WordPress Hooks 12

actionadmin_menuincludes/class-admin-settings.php:56

actionadmin_initincludes/class-admin-settings.php:57

actionadmin_enqueue_scriptsincludes/class-admin-settings.php:58

actiononecode_login_cleanupincludes/class-code-handler.php:67

actioninitincludes/class-gutenberg-block.php:52

actionenqueue_block_editor_assetsincludes/class-gutenberg-block.php:53

actioninitincludes/class-login-handler.php:68

actiononecode_login_cleanupincludes/class-rate-limiter.php:91

actionlogin_initincludes/class-wp-login-integration.php:58

filterlogin_urlincludes/class-wp-login-integration.php:59

actionwp_logoutincludes/class-wp-login-integration.php:60

actionwp_enqueue_scriptsonecode-login.php:92

Scheduled Events 1

onecode_login_cleanup

Maintenance & Trust

OneCode Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 5, 2026

PHP min version7.4

Downloads179

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

OneCode Login Alternatives

Authyo Passwordless Login

authyo-passwordless-login

100

Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.

0 No CVEs

Password Less Login

password-less-login

100

A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.

0 No CVEs

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 4 CVEs

Email OTP Authenticator – Login, Register, 2FA & Session Lock

email-otp-authenticator

100

An advanced OTP-powered plugin for Login, Registration, 2FA Protection and Dynamic Session Security. It is FAST, FRIENDLY, SMART, SMOOTH & SECURE.

100 No CVEs

Email OTP Login

email-otp-login

100

Adds OTP (One-Time Password) verification after login for enhanced security in WordPress. OTP is sent to the user's email.

30 No CVEs

Developer Profile

OneCode Login Developer Profile

oaron

3 plugins · 230 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OneCode Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/onecode-login/assets/css/frontend.css/wp-content/plugins/onecode-login/assets/js/frontend.js

Script Paths

/wp-content/plugins/onecode-login/assets/js/frontend.js

Version Parameters

onecode-login.css?ver=frontend.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-action-type="login_code"data-action-type="login_code_resend"data-action-type="login_code_verify"data-action-type="magic_link_request"

JS Globals

onecodeLogin

FAQ