SignUp & SignIn Security & Risk Analysis

wordpress.org/plugins/signup-signin

SignUp & SignIn is a flexible, open-source plugin built on WordPress. Easy way to built signup and login process in your wordpress site

10 active installs v1.0.0 PHP 5.6+ WP 4.9+ Updated Jan 10, 2020
ajax-loginajax-signupforgot-passwordloginsigup
55
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is SignUp & SignIn Safe to Use in 2026?

Use With Caution

Score 55/100

SignUp & SignIn has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 6yr ago
Risk Assessment

The "signup-signin" v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the lack of recorded vulnerabilities in its history suggests a development team that is either very cautious or has not yet encountered significant security issues. However, there are several areas of concern that warrant attention. The plugin has a moderate attack surface consisting of three shortcodes. Critically, none of these entry points have associated capability checks or nonce checks, meaning any authenticated user could potentially interact with these shortcodes, and there's no mechanism to verify the legitimate origin of the request. While taint analysis and code signals show a good percentage of properly escaped outputs, the remaining unescaped outputs present a potential Cross-Site Scripting (XSS) vulnerability risk if user-controlled data is passed through them without sanitization.

Key Concerns

  • Shortcode entry points without capability checks
  • Shortcode entry points without nonce checks
  • Unescaped output detected
Vulnerabilities
1 published

SignUp & SignIn Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2026-12417critical · 9.8Weak Password Recovery Mechanism for Forgotten Password

SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover

Jun 23, 2026Unpatched
Version History

SignUp & SignIn Release Timeline

v1.0.0Current1 CVE
Code Analysis
Analyzed Mar 17, 2026

SignUp & SignIn Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

67% escaped3 total outputs
Attack Surface

SignUp & SignIn Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[pravel_login_form] templates\shortcodes.php:41
[pravel_signup_form] templates\shortcodes.php:127
[pravel_forgotpassword_form] templates\shortcodes.php:219
WordPress Hooks 3
actionwp_enqueue_scriptsindex.php:39
actionplugins_loadedindex.php:44
actionactivated_pluginindex.php:50
Maintenance & Trust

SignUp & SignIn Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJan 10, 2020
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

SignUp & SignIn Developer Profile

pravel

3 plugins · 30 total installs

70
trust score
Avg Security Score
65/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SignUp & SignIn

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/signup-signin/assets/css/style.css/wp-content/plugins/signup-signin/assets/js/main.js/wp-content/plugins/signup-signin/assets/js/pravel-verification-code.min.js/wp-content/plugins/signup-signin/assets/image/loader.gif
Script Paths
/wp-content/plugins/signup-signin/assets/js/main.js/wp-content/plugins/signup-signin/assets/js/pravel-verification-code.min.js
Version Parameters
signup-signin/assets/css/style.css?ver=signup-signin/assets/js/main.js?ver=signup-signin/assets/js/pravel-verification-code.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
sign_up_bgsign_up_mainsign-titlelogin-formerror_pravelinput-boxfield_errorlogin-form-btn+17 more
Data Attributes
form_on
Shortcode Output
[pravel_login_form][pravel_signup_form][pravel_forgotpassword_form]
FAQ

Frequently Asked Questions about SignUp & SignIn