WP-Safety

Stitchz Social Login Security & Risk Analysis

wordpress.org/plugins/stitchz-social-login

The Stitchz Social Login plugin adds the option to authenticate with one or more of the 22+ social identities providers supported by Stitchz.

10 active installs v1.0.4 PHP + WP 3.9.2+ Updated Dec 29, 2015
facebookgooglesocial-logintwitteruser-authentication
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stitchz Social Login Safe to Use in 2026?

Generally Safe

Score 85/100

Stitchz Social Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "stitchz-social-login" v1.0.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped output, indicating a proactive approach to preventing common web vulnerabilities like SQL injection and XSS. The absence of any known CVEs also suggests a history of stable security.

However, there are notable concerns. The plugin has a small but significant attack surface with one unprotected AJAX handler. While the total number of flows analyzed is low, the presence of two flows with unsanitized paths raises a red flag, even if they are not categorized as critical or high severity. The lack of a nonce check on the unprotected AJAX handler is a direct pathway for potential CSRF attacks or unauthorized actions if the handler performs sensitive operations.

Overall, the plugin has a decent foundation with its handling of SQL and output escaping. The vulnerability history is reassuring. Nevertheless, the unprotected AJAX endpoint and the unsanitized paths in taint analysis are critical areas that require immediate attention to mitigate potential security risks.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • AJAX handler without nonce check
Vulnerabilities
None known

Stitchz Social Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Stitchz Social Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
12
53 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

82% escaped65 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
stitchz_social_login_admin_provider_list (views\admin.php:268)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Stitchz Social Login Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_stitchz_social_login_provider_liststitchz_social_login.php:64

Shortcodes 1

[stitchz_social_login_shortcode] stitchz_social_login.php:88
WordPress Hooks 15
filterquery_varsstitchz_social_login.php:72
actionparse_requeststitchz_social_login.php:73
actioninitstitchz_social_login.php:78
filterlogin_messagetools\auth.php:69
filterlogin_messagetools\auth.php:393
actionadmin_initviews\admin.php:10
actionadmin_menuviews\admin.php:12
actionadmin_footerviews\admin.php:92
actionlogin_enqueue_scriptsviews\ui.php:13
actionlogin_formviews\ui.php:21
actionregister_formviews\ui.php:29
actionwp_enqueue_scriptsviews\ui.php:39
actioncomment_form_topviews\ui.php:40
actionadmin_enqueue_scriptsviews\ui.php:392
actionshow_user_profileviews\user.php:43
Maintenance & Trust

Stitchz Social Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 29, 2015
PHP min version
Downloads2K

Community Trust

Rating50/100
Number of ratings2
Active installs10
Alternatives

Stitchz Social Login Alternatives

Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

C
56

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo …

10K 1 unpatched
UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
OPAL SOCIAL LOGIN

OPAL SOCIAL LOGIN

opal-social-login

A
85

It's fundamental factor to attract more and more customers for any business site these days by supporting Social Login function as users prefer t …

10 No CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
Developer Profile

Stitchz Social Login Developer Profile

stitchzdotnet

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Stitchz Social Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stitchz-social-login/styles/stitchz_social_login.css
Version Parameters
/wp-content/plugins/stitchz-social-login/styles/stitchz_social_login.css?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
stitchz_social_login_provider_list_block
Shortcode Output
[stitchz_social_login_shortcode]
FAQ

Frequently Asked Questions about Stitchz Social Login