Does RapID Secure Login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is RapID Secure Login compatible with WordPress 6.0.11?

According to WordPress.org data, RapID Secure Login 2.0.15 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is RapID Secure Login updated?

RapID Secure Login was last updated on Jan 19, 2023. Frequent updates are generally a positive security signal.

What is RapID Secure Login's security score?

RapID Secure Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RapID Secure Login Security & Risk Analysis

wordpress.org/plugins/rapid-secure-login

RapID Secure Login (RapID-SL) is a simple and convenient authentication plugin.

10 active installs v2.0.15 PHP + WP 4.5+ Updated Jan 19, 2023

2faauthenticationfingerprintloginsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RapID Secure Login Safe to Use in 2026?

Generally Safe

Score 85/100

RapID Secure Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "rapid-secure-login" plugin v2.0.15 presents a mixed security posture. On the positive side, the plugin demonstrates a strong commitment to secure coding practices by exclusively using prepared statements for all SQL queries and avoiding dangerous functions. Its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin exposes a large attack surface, with 27 out of 30 entry points lacking authentication checks. This is further exacerbated by the taint analysis revealing 9 unsanitized path flows, 7 of which are classified as high severity. These unsanitized paths, combined with the unprotected entry points, create a substantial risk of unauthorized access, data manipulation, or even remote code execution if an attacker can leverage these weaknesses.

While the absence of known vulnerabilities is a good sign, the high number of unprotected entry points and critical taint flows overshadows this strength. The plugin's developers need to prioritize implementing proper authentication and authorization checks on all AJAX handlers and thoroughly sanitize the identified unsanitized paths to mitigate the substantial risks identified.

Key Concerns

Large attack surface without auth checks
High severity unsanitized taint flows
Unsanitized path flows
Moderate output escaping
Bundled TCPDF library

Vulnerabilities

None known

RapID Secure Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

RapID Secure Login Release Timeline

v2.0.15Current

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

Code Analysis

Analyzed Apr 16, 2026

RapID Secure Login Code Analysis

Dangerous Functions

Raw SQL Queries

68 prepared

Unescaped Output

152 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF

SQL Query Safety

100% prepared68 total queries

Output Escaping

68% escaped222 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

<rpsl_ajax> (rpsl_ajax.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

27 unprotected

RapID Secure Login Attack Surface

Entry Points30

Unprotected27

AJAX Handlers 27

noprivwp_ajax_rpsl_generate_login_qrcoderpsl_main.php:66

authwp_ajax_rpsl_generate_login_qrcoderpsl_main.php:67

noprivwp_ajax_rpsl_login_authorizationrpsl_main.php:70

authwp_ajax_rpsl_login_authorizationrpsl_main.php:71

noprivwp_ajax_rpsl_add_userrpsl_main.php:74

authwp_ajax_rpsl_add_userrpsl_main.php:75

noprivwp_ajax_rpsl_prevent_accessrpsl_main.php:78

authwp_ajax_rpsl_prevent_accessrpsl_main.php:79

authwp_ajax_rpsl_generate_registration_qrcoderpsl_main.php:85

authwp_ajax_rpsl_registerrpsl_main.php:87

noprivwp_ajax_rpsl_registerrpsl_main.php:88

authwp_ajax_rpsl_credential_confirmationrpsl_main.php:90

noprivwp_ajax_rpsl_credential_confirmationrpsl_main.php:91

noprivwp_ajax_rpsl_generate_self_registration_qrcoderpsl_main.php:97

authwp_ajax_rpsl_generate_self_registration_qrcoderpsl_main.php:98

noprivwp_ajax_rpsl_self_registration_create_userrpsl_main.php:101

authwp_ajax_rpsl_self_registration_create_userrpsl_main.php:102

authwp_ajax_rpsl_check_user_existence_by_emailrpsl_main.php:104

noprivwp_ajax_rpsl_check_user_existence_by_emailrpsl_main.php:105

authwp_ajax_rpsl_generate_site_registration_qrcoderpsl_main.php:111

noprivwp_ajax_rpsl_site_registrationrpsl_main.php:114

authwp_ajax_rpsl_site_registrationrpsl_main.php:115

noprivwp_ajax_rpsl_launch_apprpsl_main.php:118

authwp_ajax_rpsl_launch_apprpsl_main.php:119

authwp_ajax_rpsl_rename_devicerpsl_main.php:128

authwp_ajax_rpsl_delete_devicerpsl_main.php:129

authwp_ajax_rpsl_list_devicesrpsl_main.php:130

Shortcodes 3

[rpsl_direct_enrolment] rpsl_direct_enrolment.php:322

[rpsl_secure_login] rpsl_login.php:172

[rpsl_my_devices] rpsl_my_devices.php:281

WordPress Hooks 16

filterauthenticaterpsl_authenticate.php:282

filterwp_mail_content_typerpsl_direct_enrolment.php:99

actioninitrpsl_main.php:51

actionadmin_menurpsl_main.php:125

actionlogin_footerrpsl_main.php:133

actionlogin_footerrpsl_main.php:134

actionshow_user_profilerpsl_main.php:137

actionedit_user_profilerpsl_main.php:138

actionsignup_extra_fieldsrpsl_main.php:141

actionregister_formrpsl_main.php:142

actionadmin_enqueue_scriptsrpsl_main.php:145

actionlogin_enqueue_scriptsrpsl_main.php:146

actionplugins_loadedrpsl_main.php:152

actionadmin_enqueue_scriptsrpsl_main.php:187

actionlogin_enqueue_scriptsrpsl_main.php:188

actionwp_enqueue_scriptsrpsl_main.php:189

Maintenance & Trust

RapID Secure Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJan 19, 2023

PHP min version

Downloads5K

Community Trust

Rating86/100

Number of ratings4

Active installs10

Alternatives

RapID Secure Login Alternatives

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Llavero.io

llavero-io

Este plugin permite vincular las cuentas de usuario de WordPress con Llavero.io para tener un segundo factor de authenticación (2FA) en el login de lo …

10 No CVEs

PassClip Auth for WordPress

passclip-auth-for-wordpress

"PassClip Auth" provides strong and easy authentication. "PassClip Auth for WordPress" is the plugin to launch PassClip Auth to Wo …

10 No CVEs

4Login for Secure And Smart Access

4login-for-secure-and-smart-access

100

4Login will give you an easy and powerful authentication (connect to an external server for authentication).

0 No CVEs

AV 2FA

av-2fa

100

A simple and secure Two-Factor Authentication plugin that sends a verification code to your email.

0 No CVEs

Developer Profile

RapID Secure Login Developer Profile

intercede01

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RapID Secure Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rapid-secure-login/css/rpsl_style.css/wp-content/plugins/rapid-secure-login/js/rpsl_login.js/wp-content/plugins/rapid-secure-login/js/rpsl_registration.js/wp-content/plugins/rapid-secure-login/js/rpsl_devices.js/wp-content/plugins/rapid-secure-login/js/rpsl_adduser.js/wp-content/plugins/rapid-secure-login/js/rpsl_useraccess.js/wp-content/plugins/rapid-secure-login/js/rpsl_my_devices.js/wp-content/plugins/rapid-secure-login/js/rpsl_diagnostics.js+1 more

Script Paths

/wp-content/plugins/rapid-secure-login/js/rpsl_login.js/wp-content/plugins/rapid-secure-login/js/rpsl_registration.js/wp-content/plugins/rapid-secure-login/js/rpsl_devices.js/wp-content/plugins/rapid-secure-login/js/rpsl_adduser.js/wp-content/plugins/rapid-secure-login/js/rpsl_useraccess.js/wp-content/plugins/rapid-secure-login/js/rpsl_my_devices.js+2 more

Version Parameters

rapid-secure-login/css/rpsl_style.css?ver=rapid-secure-login/js/rpsl_login.js?ver=rapid-secure-login/js/rpsl_registration.js?ver=rapid-secure-login/js/rpsl_devices.js?ver=rapid-secure-login/js/rpsl_adduser.js?ver=rapid-secure-login/js/rpsl_useraccess.js?ver=rapid-secure-login/js/rpsl_my_devices.js?ver=rapid-secure-login/js/rpsl_diagnostics.js?ver=rapid-secure-login/js/rpsl_direct_enrolment.js?ver=

HTML / DOM Fingerprints

CSS Classes

rpsl-login-containerrpsl-registration-containerrpsl-devices-containerrpsl-adduser-containerrpsl-useraccess-containerrpsl-mydevices-containerrpsl-diagnostics-containerrpsl-directenrolment-container

HTML Comments

+30 more

Data Attributes

data-rpsl-actiondata-rpsl-nonce

JS Globals

window.rpsl_login_ajax_objectwindow.rpsl_registration_ajax_objectwindow.rpsl_devices_ajax_objectwindow.rpsl_adduser_ajax_objectwindow.rpsl_useraccess_ajax_objectwindow.rpsl_mydevices_ajax_object+2 more

REST Endpoints

/wp-json/rpsl/v1/login/wp-json/rpsl/v1/register/wp-json/rpsl/v1/devices/wp-json/rpsl/v1/adduser/wp-json/rpsl/v1/useraccess/wp-json/rpsl/v1/mydevices/wp-json/rpsl/v1/diagnostics/wp-json/rpsl/v1/directenrolment

Shortcode Output

[rpsl_secure_login][rpsl_my_devices][rpsl_direct_enrolment]

FAQ