WP-Safety

SB Login Page Security & Risk Analysis

wordpress.org/plugins/sb-login-page

SB Login Page is a plugin that allows user to custom WordPress login page.

10 active installs v1.1.1 PHP + WP 3.9+ Updated Apr 9, 2015
sbsb-login-pagesb-pluginsb-teamwordpress-login
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SB Login Page Safe to Use in 2026?

Generally Safe

Score 85/100

SB Login Page has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'sb-login-page' plugin v1.1.1 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs and a complete absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests. The use of prepared statements for all SQL queries is a significant strength. However, several areas of concern warrant attention.

The static analysis reveals a notable attack surface with 9 AJAX handlers, one of which lacks authentication checks. This is a direct entry point for potential unauthorized actions. Furthermore, the taint analysis indicates 3 flows with unsanitized paths, although they are not categorized as critical or high severity. This suggests a risk of input validation issues that could be exploited if malicious data is passed through these paths.

While the plugin has no recorded vulnerabilities, this could be due to a lack of past auditing or the recent development of exploitable flaws. The absence of proper output escaping on 78% of outputs (129 total outputs, 22% properly escaped) is a significant weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities. The presence of 6 nonce checks and 2 capability checks is good, but the single unprotected AJAX handler overshadows these positive aspects. Overall, the plugin has some strong security foundations but suffers from critical weaknesses in input sanitization for certain flows and potential XSS due to insufficient output escaping.

Key Concerns

  • AJAX handler without auth check
  • Flows with unsanitized paths (3)
  • Output escaping only 22% properly
Vulnerabilities
None known

SB Login Page Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SB Login Page Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
101
28 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

22% escaped129 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
<module-lost-password> (inc\module\module-lost-password.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

SB Login Page Attack Surface

Entry Points9
Unprotected1

AJAX Handlers 9

noprivwp_ajax_sb_login_page_logininc\sb-plugin-ajax.php:20
noprivwp_ajax_sb_login_page_verify_emailinc\sb-plugin-ajax.php:37
noprivwp_ajax_sb_login_page_lost_passwordinc\sb-plugin-ajax.php:60
noprivwp_ajax_sb_login_page_verify_activation_codeinc\sb-plugin-ajax.php:86
noprivwp_ajax_sb_login_page_reset_passwordinc\sb-plugin-ajax.php:106
noprivwp_ajax_sb_login_page_signupinc\sb-plugin-ajax.php:126
authwp_ajax_sb_login_page_change_emailinc\sb-plugin-ajax.php:160
authwp_ajax_sb_login_page_change_passwordinc\sb-plugin-ajax.php:194
authwp_ajax_sb_login_page_change_personal_infoinc\sb-plugin-ajax.php:238
WordPress Hooks 24
actionsb_admin_menuinc\sb-plugin-admin.php:5
filtersb_admin_tabsinc\sb-plugin-admin.php:11
actionsb_admin_initinc\sb-plugin-admin.php:33
filtersb_options_sanitizeinc\sb-plugin-admin.php:194
actionlogin_enqueue_scriptsinc\sb-plugin-hook.php:16
actionwp_enqueue_scriptsinc\sb-plugin-hook.php:38
filterlogin_headerurlinc\sb-plugin-hook.php:43
filterlogin_headertitleinc\sb-plugin-hook.php:48
actioninitinc\sb-plugin-hook.php:66
actionsb_login_page_initinc\sb-plugin-hook.php:125
filterbody_classinc\sb-plugin-hook.php:155
actionplugins_loadedinc\sb-plugin-hook.php:160
actionsb_login_page_activationinc\sb-plugin-hook.php:165
actionsb_login_page_deactivationinc\sb-plugin-hook.php:170
filterlogout_urlinc\sb-plugin-hook.php:177
filterlogin_urlinc\sb-plugin-hook.php:184
filteruser_contactmethodsinc\sb-plugin-hook.php:192
filtereditable_rolesinc\sb-plugin-hook.php:205
actionshow_user_profileinc\sb-plugin-hook.php:256
actionedit_user_profileinc\sb-plugin-hook.php:257
actionpersonal_options_updateinc\sb-plugin-hook.php:275
actionedit_user_profile_updateinc\sb-plugin-hook.php:276
actionadmin_noticesinc\sb-plugin-install.php:62
actionplugins_loadedinc\sb-plugin-install.php:76
Maintenance & Trust

SB Login Page Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedApr 9, 2015
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

SB Login Page Alternatives

SB Banner Widget

SB Banner Widget

sb-banner-widget

A
85

SB Banner Widget is a plugin that allows to add banner widget on your WordPress site.

10 No CVEs
SB Clean

SB Clean

sb-clean

A
85

SB Clean is a plugin that allows to clean up your WordPress site.

10 No CVEs
SB Comment

SB Comment

sb-comment

A
85

SB Comment is a plugin that allows to check spam comment on your WordPress site, improve the default comment template on your blog.

10 No CVEs
SB Login

SB Login

sb-login

A
85

Sb login widget that allows a user to login, register, reset their password, see recent activity,time,post and comment count & many more in one pl &hellip;

70 No CVEs
SB Tab Widget

SB Tab Widget

sb-tab-widget

A
85

SB Tab Widget is a plugin that allows to display widget on tabber.

10 No CVEs
Developer Profile

SB Login Page Developer Profile

skylarkcob

8 plugins · 190 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SB Login Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sb-login-page/css/sb-login-style.css/wp-content/plugins/sb-login-page/js/sb-login-script.js/wp-content/plugins/sb-login-page/css/sb-login-page-style.css/wp-content/plugins/sb-login-page/js/sb-login-page-script.js/wp-content/plugins/sb-login-page/css/sb-login-page-style.min.css/wp-content/plugins/sb-login-page/js/sb-login-page-script.min.js
Script Paths
/wp-content/plugins/sb-login-page/js/sb-login-script.js/wp-content/plugins/sb-login-page/js/sb-login-page-script.js/wp-content/plugins/sb-login-page/js/sb-login-page-script.min.js

HTML / DOM Fingerprints

CSS Classes
sb-login-pagesb-account-pagesb-verify-accountsb-lost-password-pagesb-register-pagesb-usersb-guest
JS Globals
pwsL10n
FAQ

Frequently Asked Questions about SB Login Page