WP-Safety

onID SSO by SAML 2.0 Security & Risk Analysis

wordpress.org/plugins/onid-sso-by-saml-2-0

WordPress Passwordless login just by scanning a one time QR code; no configuration needed. For admin console and end users too, of course.

0 active installs v3.1.13 PHP 5.6+ WP 3.1+ Updated Jan 27, 2025
loginpasswordlesssamlsingle-sign-onsso
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is onID SSO by SAML 2.0 Safe to Use in 2026?

Generally Safe

Score 92/100

onID SSO by SAML 2.0 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "onid-sso-by-saml-2-0" plugin, version 3.1.13, exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant positive. The code also demonstrates good development practices, with all SQL queries utilizing prepared statements and all output being properly escaped. The plugin also incorporates adequate nonce and capability checks, and avoids dangerous functions and unsanitized file paths. The vulnerability history is also clean, with no known CVEs recorded for this plugin.

Vulnerabilities
None known

onID SSO by SAML 2.0 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

onID SSO by SAML 2.0 Release Timeline

v3.1.13Current
Code Analysis
Analyzed Apr 16, 2026

onID SSO by SAML 2.0 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
0
148 escaped
Nonce Checks
8
Capability Checks
3
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

100% escaped148 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
onid_saml_login_validate (class-onid-saml-login-validate.php:39)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

onID SSO by SAML 2.0 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 13
actioninitclass-onid-saml-login-validate.php:30
actionadmin_noticesclass-onid-saml-utilities.php:724
actionadmin_noticesclass-onid-saml-utilities.php:733
actionadmin_enqueue_scriptslogin.php:38
actionadmin_enqueue_scriptslogin.php:39
actionadmin_initlogin.php:41
actionadmin_initlogin.php:42
actionadmin_menulogin.php:44
actionadmin_noticeslogin.php:45
actionlogin_formlogin.php:46
actionplugins_loadedlogin.php:48
actionwp_authenticatelogin.php:49
actionadmin_noticeslogin.php:153
Maintenance & Trust

onID SSO by SAML 2.0 Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 27, 2025
PHP min version5.6
Downloads459

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

onID SSO by SAML 2.0 Alternatives

SSO Login – Universal (OAuth + SAML)

SSO Login – Universal (OAuth + SAML)

authress

A
100

SSO Login provides user login, business authentication, SSO, Social login, and Single Sign-On for all sites.

10 No CVEs
Frontegg SAML SSO

Frontegg SAML SSO

frontegg-saml-sso

A
92

Replace the WordPress login and logout flows with secure SAML-based authentication via Frontegg. Easily configure your SSO app from the admin panel.

0 No CVEs
SAML Single Sign On – SSO Login

SAML Single Sign On – SSO Login

miniorange-saml-20-single-sign-on

A
98

SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]

10K 6 CVEs
OAuth Single Sign On – SSO (OAuth Client)

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

B
82

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs
OneLogin SAML SSO

OneLogin SAML SSO

onelogin-saml-sso

A
96

This plugin provides single sign-on via SAML and gives users one-click access to their WordPress accounts from identity providers like OneLogin.

7K 5 CVEs
Developer Profile

onID SSO by SAML 2.0 Developer Profile

doID

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect onID SSO by SAML 2.0

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/onid-sso-by-saml-2-0/css//wp-content/plugins/onid-sso-by-saml-2-0/js/
Script Paths
/wp-content/plugins/onid-sso-by-saml-2-0/js/onid-saml-admin-scripts.js/wp-content/plugins/onid-sso-by-saml-2-0/js/onid-saml-public-scripts.js
Version Parameters
onid-sso-by-saml-2-0/css/onid-saml-admin-styles.css?ver=onid-sso-by-saml-2-0/js/onid-saml-admin-scripts.js?ver=onid-sso-by-saml-2-0/js/onid-saml-public-scripts.js?ver=onid-sso-by-saml-2-0/resources/lang/

HTML / DOM Fingerprints

CSS Classes
onid-saml-logoonid-saml-notice-contentonid-saml-trial-notice-banner
HTML Comments
by_ONID: START reset to factory defaultby_ONID: END reset to factory default
Data Attributes
data-onid-saml-admin-url
JS Globals
onid_saml_php_vars
FAQ

Frequently Asked Questions about onID SSO by SAML 2.0