WP-Safety

Simple Social Login by Astoundify Security & Risk Analysis

wordpress.org/plugins/simple-social-login

Social login options for WordPress. Currently supports: Facebook Twitter Google Documentation Usage instructions for this plugin can be found on …

100 active installs v1.3.0 PHP 5.6.0+ WP 4.9.0+ Updated Nov 27, 2020
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Social Login by Astoundify Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Social Login by Astoundify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "simple-social-login" v1.3.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs, along with robust use of prepared statements for SQL queries and a high percentage of properly escaped output, are positive indicators. The plugin also demonstrates good practices by not performing file operations or external HTTP requests. The presence of a nonce check is a positive sign for handling user-initiated actions, although the lack of capability checks on AJAX handlers and REST API routes is a notable omission.

Despite the absence of critical or high-severity issues in the taint analysis, the presence of two "flows with unsanitized paths" warrants attention. While the severity is not explicitly stated as critical or high, it indicates potential areas where user-supplied data might not be adequately validated before being used in a way that could lead to vulnerabilities, such as path traversal. The plugin's attack surface, though currently zero, could expand with future features, and the lack of explicit capability checks on potential entry points leaves room for improvement.

In conclusion, the plugin has a solid foundation with good security practices in place. However, the identified "flows with unsanitized paths" and the absence of capability checks on AJAX handlers and REST API routes present minor risks that should be addressed to further harden the plugin's security. The lack of vulnerability history is a positive sign, suggesting a history of responsible development, but it doesn't negate the need to review the identified code signals.

Key Concerns

  • Flows with unsanitized paths
  • Capability checks missing on AJAX handlers
  • Capability checks missing on REST API routes
  • Output escaping not fully proper
Vulnerabilities
None known

Simple Social Login by Astoundify Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Social Login by Astoundify Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
123 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

93% escaped132 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
astoundify_simple_social_login_wordpress_admin_add_error_notices (app\functions-wordpress.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Simple Social Login by Astoundify Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 34
actionadmin_initapp\admin\functions-settings-facebook.php:29
filterastoundify_simple_social_login_settings_tabsapp\admin\functions-settings-facebook.php:67
actionastoundify_simple_social_login_panel_facebookapp\admin\functions-settings-facebook.php:131
actionadmin_initapp\admin\functions-settings-google.php:29
filterastoundify_simple_social_login_settings_tabsapp\admin\functions-settings-google.php:67
actionastoundify_simple_social_login_panel_googleapp\admin\functions-settings-google.php:132
actionadmin_initapp\admin\functions-settings-twitter.php:29
filterastoundify_simple_social_login_settings_tabsapp\admin\functions-settings-twitter.php:67
actionastoundify_simple_social_login_panel_twitterapp\admin\functions-settings-twitter.php:132
actionastoundify_simple_social_login_display_choicesapp\admin\functions-settings-woocommerce.php:26
actionadmin_initapp\admin\functions-settings.php:29
actionadmin_menuapp\admin\functions-settings.php:64
actionastoundify_simple_social_login_panel_settingsapp\admin\functions-settings.php:186
actionadmin_enqueue_scriptsapp\admin\functions-settings.php:206
actionwoocommerce_login_form_startapp\functions-woocommerce.php:56
actionwoocommerce_after_edit_account_formapp\functions-woocommerce.php:80
actiontemplate_redirectapp\functions-woocommerce.php:120
filterastoundify_simple_social_login_setup_profile_urlapp\functions-woocommerce.php:133
filterastoundify_simple_social_login_wordpress_admin_email_setup_redirectapp\functions-woocommerce.php:142
actionwp_enqueue_scriptsapp\functions-woocommerce.php:162
actionlogin_footerapp\functions-wordpress.php:44
actionlogin_formapp\functions-wordpress.php:54
actionshow_user_profileapp\functions-wordpress.php:87
filterwp_login_errorsapp\functions-wordpress.php:120
actionadmin_noticesapp\functions-wordpress.php:165
actiontemplate_redirectapp\functions-wordpress.php:193
actionlogin_enqueue_scriptsapp\functions-wordpress.php:218
actionadmin_enqueue_scriptsapp\functions-wordpress.php:240
filterquery_varsapp\functions.php:153
filtertemplate_includeapp\functions.php:167
actionastoundify_simple_social_login_process_doneapp\functions.php:195
actionastoundify_simple_social_login_processapp\functions.php:217
actionadmin_noticesastoundify-simple-social-login.php:47
actionplugins_loadedbootstrap\app.php:23
Maintenance & Trust

Simple Social Login by Astoundify Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedNov 27, 2020
PHP min version5.6.0
Downloads15K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Simple Social Login by Astoundify Alternatives

No alternatives data available yet.

Developer Profile

Simple Social Login by Astoundify Developer Profile

Astoundify

10 plugins · 23K total installs

81
trust score
Avg Security Score
90/100
Avg Patch Time
31 days
View full developer profile
Detection Fingerprints

How We Detect Simple Social Login by Astoundify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-social-login/assets/css/backend.css/wp-content/plugins/simple-social-login/assets/css/frontend.css/wp-content/plugins/simple-social-login/assets/js/backend.js/wp-content/plugins/simple-social-login/assets/js/frontend.js
Script Paths
/wp-content/plugins/simple-social-login/assets/js/backend.js/wp-content/plugins/simple-social-login/assets/js/frontend.js
Version Parameters
simple-social-login/assets/css/backend.css?ver=simple-social-login/assets/css/frontend.css?ver=simple-social-login/assets/js/backend.js?ver=simple-social-login/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
astoundify-simple-social-login-settingsastoundify-simple-social-login-nav-tabsastoundify-simple-social-login-panel
Data Attributes
name="astoundify_simple_social_login[display][]"name="astoundify_simple_social_login[providers][]"name="astoundify_simple_social_login"value="astoundify_simple_social_login"
JS Globals
astoundify_simple_social_login_settings
FAQ

Frequently Asked Questions about Simple Social Login by Astoundify