Does Simple Login Custom have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Login Custom have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Login Custom compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Login Custom 1.6.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Login Custom compatible with PHP 7.0+?

Simple Login Custom requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Login Custom updated?

Simple Login Custom was last updated on Jun 26, 2025. Frequent updates are generally a positive security signal.

What is Simple Login Custom's security score?

Simple Login Custom has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Login Custom Security & Risk Analysis

wordpress.org/plugins/simple-login-custom

Un plugin facile pour personnaliser les formulaires de connexion et d'enregistrement via shortcodes dans WordPress.

10 active installs v1.6.6 PHP 7.0+ WP 4.0+ Updated Jun 26, 2025

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple Login Custom Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Login Custom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The "simple-login-custom" v1.6.6 plugin exhibits a generally good security posture, with several strengths that mitigate potential risks. The plugin utilizes prepared statements for all its SQL queries and demonstrates a high percentage of properly escaped output, significantly reducing the risk of SQL injection and cross-site scripting (XSS) vulnerabilities. The absence of dangerous functions, file operations, and known vulnerabilities further enhances its security profile. However, there are notable areas for improvement. The presence of two AJAX handlers without authentication checks represents a significant attack surface. If these handlers are accessible to unauthenticated users and process untrusted input, they could be exploited to perform unintended actions or gain unauthorized access. The vulnerability history being entirely clear suggests a diligent development team or a lack of past scrutiny, but it doesn't guarantee future security. The plugin's strengths lie in its secure handling of database interactions and output. Its primary weakness is the exposure of AJAX functionality without proper authorization checks, which requires immediate attention. Overall, while the plugin demonstrates good fundamental security practices, the unprotected AJAX endpoints introduce a critical risk that needs to be addressed.

Key Concerns

AJAX handlers without authentication checks

Vulnerabilities

None known

Simple Login Custom Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Login Custom Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped122 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

custom_register_user (admin\includes\ajax-handler.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Simple Login Custom Attack Surface

Entry Points16

Unprotected2

AJAX Handlers 14

noprivwp_ajax_custom_registeradmin\includes\ajax-handler.php:68

authwp_ajax_custom_registeradmin\includes\ajax-handler.php:69

authwp_ajax_customlogin_check_siretadmin\includes\ajax-handler.php:271

authwp_ajax_customlogin_check_dunsadmin\includes\ajax-handler.php:371

authwp_ajax_update_login_form_previewadmin\includes\settings.php:333

authwp_ajax_update_register_form_previewadmin\includes\settings.php:352

authwp_ajax_update_login_link_previewadmin\includes\settings.php:369

noprivwp_ajax_custom_registerpublic\includes\ajax-handler.php:70

authwp_ajax_custom_registerpublic\includes\ajax-handler.php:71

authwp_ajax_customlogin_check_siretpublic\includes\ajax-handler.php:309

authwp_ajax_customlogin_check_dunspublic\includes\ajax-handler.php:410

authwp_ajax_get_latest_loginssimple-login-custom.php:117

noprivwp_ajax_get_latest_loginssimple-login-custom.php:118

authwp_ajax_customlogin_test_siret_tokensimple-login-custom.php:143

Shortcodes 2

[customlogin_form] public\includes\shortcodes.php:135

[customlogin_link] public\includes\shortcodes.php:153

WordPress Hooks 13

actionadmin_initadmin\includes\settings.php:315

actionwp_enqueue_scriptspublic\includes\scripts.php:18

actioninitpublic\includes\scripts.php:24

actionplugins_loadedsimple-login-custom.php:24

actioncustomlogin_renew_siret_tokensimple-login-custom.php:65

actionadmin_menusimple-login-custom.php:96

actionwp_loginsimple-login-custom.php:111

filtermanage_users_columnssimple-login-custom.php:121

filtermanage_users_custom_columnsimple-login-custom.php:122

actionshow_user_profilesimple-login-custom.php:165

actionedit_user_profilesimple-login-custom.php:166

actionpersonal_options_updatesimple-login-custom.php:197

actionedit_user_profile_updatesimple-login-custom.php:198

Scheduled Events 1

customlogin_renew_siret_token

Maintenance & Trust

Simple Login Custom Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 26, 2025

PHP min version7.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Simple Login Custom Alternatives

No alternatives data available yet.

Developer Profile

Simple Login Custom Developer Profile

Thomas Lloancy

9 plugins · 120 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Login Custom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-login-custom/public/css/style.css/wp-content/plugins/simple-login-custom/public/js/custom-login.js/wp-content/plugins/simple-login-custom/public/js/siret-checker.js

Script Paths

/wp-content/plugins/simple-login-custom/public/js/custom-login.js/wp-content/plugins/simple-login-custom/public/js/siret-checker.js

Version Parameters

simple-login-custom/public/css/style.css?ver=simple-login-custom/public/js/custom-login.js?ver=simple-login-custom/public/js/siret-checker.js?ver=

HTML / DOM Fingerprints

CSS Classes

custom-login-form-wrappercustom-login-formcustom-login-form-groupcustom-login-form-controlcustom-login-button

HTML Comments

Data Attributes

data-nonce="custom_login_form_action"

JS Globals

customLoginVars

REST Endpoints

/wp-json/simple-login-custom/v1/check-siret

Shortcode Output

[simple_login_form][custom_login_form]

FAQ