Does eID Easy have any unpatched vulnerabilities?

No. All known vulnerabilities in eID Easy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is eID Easy compatible with WordPress 6.8.5?

According to WordPress.org data, eID Easy 4.9.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is eID Easy updated?

eID Easy was last updated on Jan 15, 2026. Frequent updates are generally a positive security signal.

What is eID Easy's security score?

eID Easy has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

eID Easy Security & Risk Analysis

wordpress.org/plugins/smart-id

Short Description: Secure identification and Qualified Electronic Signature plugin for WordPress using eID methods and eideasy.com Oauth 2.0 protocol.

100 active installs v4.9.10 PHP + WP 4.5+ Updated Jan 15, 2026

bank-idfranceconnectitsmesmart-idspid

A · Safe

CVEs total2

Unpatched0

Last CVESep 10, 2025

Plugin page Download

Safety Verdict

Is eID Easy Safe to Use in 2026?

Generally Safe

Score 98/100

eID Easy has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 10, 2025Updated 2mo ago

Risk Assessment

The "smart-id" plugin version 4.9.10 exhibits a generally positive security posture, with several strengths evident in the static analysis. Notably, all SQL queries are prepared, there are no dangerous function calls, no direct file operations, and all detected entry points (shortcodes) appear to have adequate nonce and capability checks. The output escaping is also quite robust, with only a small percentage of outputs potentially lacking proper sanitization, which is a good sign for preventing basic cross-site scripting issues.

However, concerns arise from the presence of "flows with unsanitized paths" identified in the taint analysis, even though they are not classified as critical or high severity. This suggests a potential for unexpected behavior or even localized vulnerabilities if these unsanitized paths are triggered. Furthermore, the plugin's history of two medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the last one being relatively recent, indicates a recurring pattern that warrants attention. While currently unpatched CVEs are zero, the historical context suggests a past tendency for XSS to be present.

In conclusion, "smart-id" v4.9.10 demonstrates good security practices in areas like SQL sanitization and input validation for its entry points. Nevertheless, the presence of unsanitized paths and the historical trend of XSS vulnerabilities are weaknesses that should be monitored and addressed to maintain a strong security profile.

Key Concerns

Taint flows with unsanitized paths present
History of medium severity XSS vulnerabilities
Minor percentage of unescaped outputs

Vulnerabilities

eID Easy Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-9128medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Sep 10, 2025 Patched in 4.9.4 (30d)

CVE-2021-34650medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

eID Easy <= 4.6 - Reflected Cross-Site Scripting

Sep 17, 2021 Patched in 4.7 (857d)

Code Analysis

Analyzed Mar 16, 2026

eID Easy Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

88% escaped67 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

wpInitProcess (smart-id.php:190)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

eID Easy Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[smart_id] smart-id.php:541

[eid_easy] smart-id.php:542

[contract] smart-id.php:543

WordPress Hooks 9

actiondelete_usersmart-id.php:524

actionlogin_footersmart-id.php:526

actionlogin_enqueue_scriptssmart-id.php:527

actioninitsmart-id.php:529

actionadmin_noticessmart-id.php:533

actionadmin_menusmart-id.php:535

actionshow_user_profilesmart-id.php:537

actionedit_user_profilesmart-id.php:538

actionprofile_updatesmart-id.php:539

Maintenance & Trust

eID Easy Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 15, 2026

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

eID Easy Alternatives

Spider Analyser – WordPress搜索引擎蜘蛛分析插件

spider-analyser

100

Spider Analyser是一款用于跟踪WordPress网站各种搜索引擎蜘蛛爬行日志的插件，并进行详细的蜘蛛爬行数据统计、蜘蛛行为分析、蜘蛛爬取分析及伪蜘蛛拦截等。

4K No CVEs

Bot Traffic Shield – Block Bad Bots and Stop AI Bots Crawlers

bot-traffic-shield

100

A powerful and user-friendly plugin to block AI crawlers and malicious data scraper bots, protecting your content and server resources.

200 No CVEs

DBD Mailto Encoder

dbd-mailto-encoder

Spam is one of the most frustrating things about the internet.

100 No CVEs

HS Direct Booking

hotel-spider

Hotel Spider Direct Booking plugin is for implementing web based booking engine functionality on your website.

100 No CVEs

Robots Meta Whiz

robotswhiz

Easy way to discourage search engines from indexing only specific pages / posts with custom meta tags.

100 No CVEs

Developer Profile

eID Easy Developer Profile

eID Easy

2 plugins · 120 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

300 days

View full developer profile

Detection Fingerprints

How We Detect eID Easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-id/assets/css/smartid.css/wp-content/plugins/smart-id/assets/js/smartid.js/wp-content/plugins/smart-id/assets/js/common.js/wp-content/plugins/smart-id/assets/js/login.js/wp-content/plugins/smart-id/assets/js/register.js

Script Paths

/wp-content/plugins/smart-id/assets/js/smartid.js/wp-content/plugins/smart-id/assets/js/common.js/wp-content/plugins/smart-id/assets/js/login.js/wp-content/plugins/smart-id/assets/js/register.js

Version Parameters

smart-id/assets/css/smartid.css?ver=smart-id/assets/js/smartid.js?ver=smart-id/assets/js/common.js?ver=smart-id/assets/js/login.js?ver=smart-id/assets/js/register.js?ver=

HTML / DOM Fingerprints

CSS Classes

smartid-login-buttonsmartid-user-profile

Data Attributes

name="smartid_user_idcode"id="smartid_user_idcode"

JS Globals

eideasy_test_modeeideasyGetBaseUrleideasyTemplateFiles

Shortcode Output

[smartid_login][smartid_register]

FAQ

eID Easy Security & Risk Analysis

Is eID Easy Safe to Use in 2026?

Generally Safe

Key Concerns

eID Easy Security Vulnerabilities

CVEs by Year

Severity Breakdown

eID Easy Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

eID Easy Attack Surface

Shortcodes 3

eID Easy Maintenance & Trust

Maintenance Signals

Community Trust

eID Easy Alternatives

Spider Analyser – WordPress搜索引擎蜘蛛分析插件

Bot Traffic Shield – Block Bad Bots and Stop AI Bots Crawlers

DBD Mailto Encoder

HS Direct Booking

Robots Meta Whiz

eID Easy Developer Profile

How We Detect eID Easy

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about eID Easy