Does Rainbow Secure – Advanced MFA & SSO Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Rainbow Secure – Advanced MFA & SSO Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Rainbow Secure – Advanced MFA & SSO Plugin 1.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Rainbow Secure – Advanced MFA & SSO Plugin compatible with PHP 7.2+?

Rainbow Secure – Advanced MFA & SSO Plugin requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rainbow Secure – Advanced MFA & SSO Plugin updated?

Rainbow Secure – Advanced MFA & SSO Plugin was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is Rainbow Secure – Advanced MFA & SSO Plugin's security score?

Rainbow Secure – Advanced MFA & SSO Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rainbow Secure – Advanced MFA & SSO Plugin Security & Risk Analysis

wordpress.org/plugins/rainbow-secure

Boost your WordPress site’s security with advanced multi-layer MFA and seamless SSO integration.

0 active installs v1.3.0 PHP 7.2+ WP 5.0+ Updated Mar 8, 2026

loginmfaotpsamlsso

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Rainbow Secure – Advanced MFA & SSO Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Rainbow Secure – Advanced MFA & SSO Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'rainbow-secure' plugin version 1.3.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices with all SQL queries utilizing prepared statements and a relatively high percentage of output escaping. The absence of recorded historical vulnerabilities and CVEs is also a strong indicator of a historically well-maintained codebase. However, a significant concern arises from the substantial attack surface presented by its AJAX handlers. All five AJAX handlers lack authentication checks, making them direct entry points for potential attackers. While taint analysis did not reveal critical or high-severity unsanitized flows, the presence of three flows with unsanitized paths warrants attention. This, combined with the unprotected AJAX endpoints, suggests a risk of unauthorized actions or data manipulation if these flows can be triggered through the exposed handlers. The plugin also performs file operations and external HTTP requests, which, without proper validation or sanitization tied to the unprotected AJAX endpoints, could introduce further vulnerabilities.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Bundled outdated jQuery v3.4.1

Vulnerabilities

None known

Rainbow Secure – Advanced MFA & SSO Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Rainbow Secure – Advanced MFA & SSO Plugin Release Timeline

v1.3

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 17, 2026

Rainbow Secure – Advanced MFA & SSO Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesjQuery3.4.1

SQL Query Safety

100% prepared2 total queries

Output Escaping

73% escaped161 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

rainbow_secure_saml_custom_login_footer (inc\functions.php:94)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Rainbow Secure – Advanced MFA & SSO Plugin Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_fetch_subscription_datainc\Api\Ajax\FetchSubscriptionDataHandler.php:8

authwp_ajax_request_otp_api1inc\Api\Ajax\OtpAjaxHandler.php:8

authwp_ajax_check_user_subscription_limitinc\Api\Ajax\SubscriptionCheckAjaxHandler.php:8

authwp_ajax_sync_users_api2inc\Api\Ajax\SyncUsersAjaxHandler.php:8

authwp_ajax_rainbow_send_activity_emailinc\functions.php:1214

WordPress Hooks 26

actionadmin_menuinc\Api\SettingsApi.php:23

actionadmin_initinc\Api\SettingsApi.php:27

actionadmin_enqueue_scriptsinc\Base\Enqueue.php:12

actionadmin_footerinc\functions.php:903

actionadmin_footerinc\functions.php:964

actionadmin_enqueue_scriptsinc\functions.php:1012

actionadmin_enqueue_scriptsinc\functions.php:1015

actionadmin_initinc\functions.php:1073

actionshutdowninc\functions.php:1079

actionadmin_noticesinc\functions.php:1113

actionadmin_initinc\Pages\Admin.php:22

actioninitinc\Pages\Admin.php:80

actionadmin_post_upload_metadatainc\Pages\Admin.php:81

actionadmin_post_download_sp_metadatainc\Pages\Admin.php:83

filterupload_mimesinc\Pages\Admin.php:149

actionwp_enqueue_scriptsinc\validate.php:28

actioninitrainbow-secure.php:92

actioninitrainbow-secure.php:95

actioninitrainbow-secure.php:107

actioninitrainbow-secure.php:111

actioninitrainbow-secure.php:128

actioninitrainbow-secure.php:141

filterlogin_messagerainbow-secure.php:143

actionregister_formrainbow-secure.php:148

actionlogin_enqueue_scriptsrainbow-secure.php:156

actionadmin_enqueue_scriptsrainbow-secure.php:190

Maintenance & Trust

Rainbow Secure – Advanced MFA & SSO Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version7.2

Downloads774

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Rainbow Secure – Advanced MFA & SSO Plugin Alternatives

SAML IDP (Identity Provider) – Login with Website Users

miniorange-wp-as-saml-idp

Single sign on (SSO) login with WordPress Users into any Service Provider like Tableau, Thinkific, Zoom, Moodle LMS, Canvas LMS, Absorb LMS, TalentLMS

600 2 CVEs

Yubikey

yubikey

Enhanced login security for WordPress by requiring the presentation of a One Time Password (OTP) from a registered Yubikey

40 No CVEs

Logto – User Authentication and Authorization

logto

Enable beautiful and secure user authentication, including passwordless, social login, single sign-on, multi-factor authentication (MFA), and more.

20 No CVEs

SSO Login – Universal (OAuth + SAML)

authress

100

SSO Login provides user login, business authentication, SSO, Social login, and Single Sign-On for all sites.

10 No CVEs

Frontegg SAML SSO

frontegg-saml-sso

Replace the WordPress login and logout flows with secure SAML-based authentication via Frontegg. Easily configure your SSO app from the admin panel.

0 No CVEs

Developer Profile

Rainbow Secure – Advanced MFA & SSO Plugin Developer Profile

rsecurewp

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Rainbow Secure – Advanced MFA & SSO Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rainbow-secure/assets/hide-login-form.js/wp-content/plugins/rainbow-secure/assets/modal.css/wp-content/plugins/rainbow-secure/assets/modal.js/wp-content/plugins/rainbow-secure/assets/css/bootstrap.min.css/wp-content/plugins/rainbow-secure/assets/js/bootstrap.bundle.min.js/wp-content/plugins/rainbow-secure/assets/js/popper.min.js/wp-content/plugins/rainbow-secure/assets/css/dataTables.bootstrap5.min.css/wp-content/plugins/rainbow-secure/assets/js/dataTables.min.js+3 more

Script Paths

/wp-content/plugins/rainbow-secure/assets/hide-login-form.js/wp-content/plugins/rainbow-secure/assets/modal.js/wp-content/plugins/rainbow-secure/assets/js/bootstrap.bundle.min.js/wp-content/plugins/rainbow-secure/assets/js/popper.min.js/wp-content/plugins/rainbow-secure/assets/js/dataTables.min.js/wp-content/plugins/rainbow-secure/assets/js/dataTables.bootstrap5.min.js+2 more

Version Parameters

rainbow-secure/assets/hide-login-form.js?ver=rainbow-secure/assets/modal.css?ver=rainbow-secure/assets/modal.js?ver=rainbow-secure/assets/css/bootstrap.min.css?ver=rainbow-secure/assets/js/bootstrap.bundle.min.js?ver=rainbow-secure/assets/js/popper.min.js?ver=rainbow-secure/assets/css/dataTables.bootstrap5.min.css?ver=rainbow-secure/assets/js/dataTables.min.js?ver=rainbow-secure/assets/js/dataTables.bootstrap5.min.js?ver=rainbow-secure/assets/js/datatable-init.js?ver=rainbow-secure/assets/js/send-activity-email.js?ver=

HTML / DOM Fingerprints

CSS Classes

rainbow-secure-dataTables-bootstrap5-min-css

HTML Comments

+1 more

JS Globals

rainbowSecure

REST Endpoints

/wp-json/rainbow-secure/v1/ajax

FAQ