WP-Safety

StranoWeb Ajax Login Security & Risk Analysis

wordpress.org/plugins/stranoweb-ajax-login

Stranoweb Ajax Login replaces default Wordpress login, register and lost password forms with a beautiful ajax modal popup and comes with a lot of amaz …

100 active installs v2.0.4 PHP 5.2.4+ WP 4.4+ Updated Dec 19, 2023
ajaxloginlogoutpopupregister
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is StranoWeb Ajax Login Safe to Use in 2026?

Generally Safe

Score 85/100

StranoWeb Ajax Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The stranoweb-ajax-login v2.0.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, exclusively employing prepared statements for SQL queries, and having a relatively high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history are also strong indicators of a well-maintained codebase. However, significant security concerns arise from its attack surface. A substantial portion of its AJAX handlers, specifically 9 out of 9, lack authentication checks, presenting a direct pathway for unauthorized actions. Furthermore, the taint analysis revealed 5 flows with unsanitized paths, even though they were not categorized as critical or high severity, these still represent potential vulnerabilities if data manipulation occurs. The plugin also has 3 capability checks, which is a positive, but this is overshadowed by the numerous unprotected AJAX endpoints. While the plugin has strengths in its SQL handling and output escaping, the unprotected AJAX handlers and unsanitized paths in taint analysis are significant weaknesses that demand attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
Vulnerabilities
None known

StranoWeb Ajax Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

StranoWeb Ajax Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
166
504 escaped
Nonce Checks
10
Capability Checks
3
File Operations
6
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

75% escaped670 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
swal_admin_old_submenu_alert (includes\class-sw-ajax-login.php:830)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

StranoWeb Ajax Login Attack Surface

Entry Points22
Unprotected9

AJAX Handlers 9

noprivwp_ajax_getLoginFormsincludes\functions\functions-ajax.php:11
authwp_ajax_getLoginFormsincludes\functions\functions-ajax.php:12
noprivwp_ajax_ajaxforgotpasswordincludes\functions\functions-ajax.php:16
noprivwp_ajax_ajaxlogoutincludes\functions\functions-ajax.php:18
noprivwp_ajax_swal-fbloginincludes\functions\functions-ajax.php:19
noprivwp_ajax_swal-twloginincludes\functions\functions-ajax.php:20
noprivwp_ajax_reset_passincludes\functions\functions-ajax.php:22
authwp_ajax_reset_passincludes\functions\functions-ajax.php:23
noprivwp_ajax_swal-getstatesincludes\functions\functions-ajax.php:26

Shortcodes 13

[swal_display_login_item] includes\functions\functions-custom-menu-items.php:90
[if-show-password] includes\functions\functions-email-templates.php:587
[if-show-random-password] includes\functions\functions-email-templates.php:609
[swal_account_forms] includes\functions\functions-forms.php:350
[swal_show_login_form] includes\functions\functions-forms.php:470
[swal_show_login_form_only] includes\functions\functions-forms.php:635
[swal_show_register_form] includes\functions\functions-forms.php:893
[swal_show_register_form_only] includes\functions\functions-forms.php:1041
[swal_show_forgot_password_form] includes\functions\functions-forms.php:1379
[swal_show_forgot_password_form_only] includes\functions\functions-forms.php:1521
[swal_show_reset_password_form] includes\functions\functions-forms.php:1657
[swal_show_logout_form] includes\functions\functions-forms.php:1791
[swal_socials_login_buttons] includes\functions\functions-social-login-buttons.php:13
WordPress Hooks 94
actionadmin_initadmin\admin-create-pages.php:7
filterdisplay_post_statesadmin\admin-create-pages.php:119
actionadmin_initadmin\sw-ajax-login-admin-advanced.php:14
actionadmin_initadmin\sw-ajax-login-admin-apparence.php:14
filterswal_admin_tabs_itemsadmin\sw-ajax-login-admin-emails.php:12
actionadmin_initadmin\sw-ajax-login-admin-forgot-password.php:14
actionswal_admin_header_baradmin\sw-ajax-login-admin-header.php:7
actionadmin_initadmin\sw-ajax-login-admin-login-window.php:11
actionadmin_initadmin\sw-ajax-login-admin-logout-window.php:14
actionadmin_initadmin\sw-ajax-login-admin-menu.php:14
actionupdated_optionadmin\sw-ajax-login-admin-menu.php:23
actionadmin_initadmin\sw-ajax-login-admin-menu.php:51
filterswal_admin_tabs_itemsadmin\sw-ajax-login-admin-messages.php:11
actionadmin_initadmin\sw-ajax-login-admin-messages.php:29
actionadmin_initadmin\sw-ajax-login-admin-permalinks.php:11
actionswal_permalinks_sectionadmin\sw-ajax-login-admin-permalinks.php:12
filterswal_options_to_flush_when_savingadmin\sw-ajax-login-admin-permalinks.php:21
actionadmin_initadmin\sw-ajax-login-admin-recaptcha.php:12
actionswal_admin_register_tabadmin\sw-ajax-login-admin-recaptcha.php:13
actionadmin_initadmin\sw-ajax-login-admin-redirects.php:14
actionadmin_initadmin\sw-ajax-login-admin-register-window.php:14
actionadmin_menuadmin\sw-ajax-login-admin-settings.php:7
actionswal_loadedadmin\sw-ajax-login-admin-settings.php:25
actionadmin_initadmin\sw-ajax-login-admin-socials.php:14
actionuser_new_formadmin\sw-ajax-login-admin-user.php:7
actionuser_registeradmin\sw-ajax-login-admin-user.php:9
actionedit_user_profileadmin\sw-ajax-login-admin-user.php:12
actionshow_user_profileadmin\sw-ajax-login-admin-user.php:15
filtermanage_users_columnsadmin\sw-ajax-login-admin-user.php:18
actionmanage_users_custom_columnadmin\sw-ajax-login-admin-user.php:21
filtermanage_users_sortable_columnsadmin\sw-ajax-login-admin-user.php:24
filteruser_row_actionsadmin\sw-ajax-login-admin-user.php:27
actionadmin_initincludes\class-sw-ajax-login-custom-nav.php:27
actionwp_enqueue_scriptsincludes\class-sw-ajax-login.php:55
actionwp_enqueue_scriptsincludes\class-sw-ajax-login.php:56
filterscript_loader_tagincludes\class-sw-ajax-login.php:59
actionadmin_headincludes\class-sw-ajax-login.php:62
actionadmin_enqueue_scriptsincludes\class-sw-ajax-login.php:63
filtertemplate_includeincludes\class-sw-ajax-login.php:66
actiontemplate_redirectincludes\class-sw-ajax-login.php:69
actionadmin_noticesincludes\class-sw-ajax-login.php:72
filterquery_varsincludes\class-sw-ajax-login.php:75
actionadmin_bar_menuincludes\class-sw-ajax-login.php:78
actionadmin_menuincludes\class-sw-ajax-login.php:81
actionswal_admin_tabs_menuincludes\class-sw-ajax-login.php:84
filtermce_external_pluginsincludes\class-sw-ajax-login.php:87
filtermce_external_pluginsincludes\class-sw-ajax-login.php:88
filtermce_buttonsincludes\class-sw-ajax-login.php:91
actionswal_register_end_of_formincludes\class-sw-ajax-login.php:94
filternonce_user_logged_outincludes\class-sw-ajax-login.php:100
actionwp_footerincludes\class-sw-ajax-login.php:108
actionwp_footerincludes\class-sw-ajax-login.php:111
actionwp_login_failedincludes\class-sw-ajax-login.php:114
actioninitincludes\class-sw-ajax-login.php:127
actioninitincludes\class-sw-ajax-login.php:133
filterelementor/maintenance_mode/is_login_pageincludes\class-sw-ajax-login.php:598
filtertemplate_includeincludes\class-sw-ajax-login.php:605
actionadmin_initincludes\functions\functions-adds-on-logo.php:7
actionswal_settings_after_popup_layoutincludes\functions\functions-adds-on-logo.php:8
actionswal_forms_before_titleincludes\functions\functions-adds-on-logo.php:9
actionwp_headincludes\functions\functions-css.php:12
actioninitincludes\functions\functions-custom-menu-items.php:141
filterwp_nav_menu_objectsincludes\functions\functions-custom-menu-items.php:208
filterwp_nav_menu_objectsincludes\functions\functions-custom-menu-items.php:436
filternav_menu_link_attributesincludes\functions\functions-custom-menu-items.php:446
filterswal_reset_password_success_textincludes\functions\functions-email-templates.php:9
actioninitincludes\functions\functions-forms.php:14
filterlogin_urlincludes\functions\functions-forms.php:106
filterlostpassword_urlincludes\functions\functions-forms.php:133
filterregister_urlincludes\functions\functions-forms.php:161
filterregisterincludes\functions\functions-forms.php:258
actiontemplate_redirectincludes\functions\functions-forms.php:286
actionwp_print_footer_scriptsincludes\functions\functions-forms.php:321
filtermailster_register_form_signup_fieldincludes\functions\functions-forms.php:1879
actioninitincludes\functions\functions-google-login.php:12
actionswal_frontend_social_login_buttonsincludes\functions\functions-social-login-buttons.php:25
actionwp_footerincludes\functions\functions-social-login-buttons.php:305
actioninitincludes\functions\functions-twitter-login.php:15
actioninitincludes\functions\functions-twitter-login.php:78
actionwoocommerce_login_formincludes\functions\functions.php:9
filterswal_login_textincludes\functions\functions.php:12
filterswal_register_textincludes\functions\functions.php:13
filterswal_forgotpassword_textincludes\functions\functions.php:14
filterswal_logout_textincludes\functions\functions.php:15
actioninitincludes\functions\functions.php:49
filterpre_get_document_titleincludes\functions\functions.php:1003
filterget_avatarincludes\functions\functions.php:1144
actionwp_nav_menu_item_custom_fieldsincludes\functions\functions.php:2243
actionwp_update_nav_menu_itemincludes\functions\functions.php:2301
actionuser_registerincludes\functions\functions.php:2610
actioninitincludes\functions\wpml-integration.php:12
actionplugins_loadedsw-ajax-login.php:30
actionadmin_noticessw-ajax-login.php:54
filterthe_titletemplates\sw-ajax-login-forms.php:9
Maintenance & Trust

StranoWeb Ajax Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 19, 2023
PHP min version5.2.4
Downloads13K

Community Trust

Rating94/100
Number of ratings25
Active installs100
Alternatives

StranoWeb Ajax Login Alternatives

LogiNova

LogiNova

loginova

A
100

LogiNova adds elegant ajax popup login and registration functionality to your WordPress site.

0 No CVEs
TS Login – Frontend Login & Registration

TS Login – Frontend Login & Registration

ts-login

A
100

Frontend login, registration, and password recovery without using wp-admin.

0 No CVEs
Wonder Login

Wonder Login

wonder-login

A
85

Easy to implement login and registration by ajax .

0 No CVEs
Login & Register Customizer – Popup | Slider | Inline | WooCommerce

Login & Register Customizer – Popup | Slider | Inline | WooCommerce

easy-login-woocommerce

A
94

Replace your old login/registration form with an interactive popup & inline form design

40K 6 CVEs
Login Logout Menu

Login Logout Menu

login-logout-menu

A
100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE
Developer Profile

StranoWeb Ajax Login Developer Profile

beeky2

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect StranoWeb Ajax Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stranoweb-ajax-login/admin/css/admin-style.css/wp-content/plugins/stranoweb-ajax-login/admin/js/admin-scripts.js/wp-content/plugins/stranoweb-ajax-login/css/bootstrap.min.css/wp-content/plugins/stranoweb-ajax-login/css/bootstrap-grid.min.css/wp-content/plugins/stranoweb-ajax-login/css/fontawesome.min.css/wp-content/plugins/stranoweb-ajax-login/css/style.css/wp-content/plugins/stranoweb-ajax-login/js/ajax-login-script.js/wp-content/plugins/stranoweb-ajax-login/js/bootstrap.min.js+8 more
Script Paths
/wp-content/plugins/stranoweb-ajax-login/admin/js/admin-scripts.js/wp-content/plugins/stranoweb-ajax-login/js/ajax-login-script.js/wp-content/plugins/stranoweb-ajax-login/js/bootstrap.min.js/wp-content/plugins/stranoweb-ajax-login/js/custom.js/wp-content/plugins/stranoweb-ajax-login/js/jquery.validate.min.js/wp-content/plugins/stranoweb-ajax-login/js/login-ajax.js+5 more
Version Parameters
stranoweb-ajax-login/admin/css/admin-style.css?ver=stranoweb-ajax-login/admin/js/admin-scripts.js?ver=stranoweb-ajax-login/css/bootstrap.min.css?ver=stranoweb-ajax-login/css/bootstrap-grid.min.css?ver=stranoweb-ajax-login/css/fontawesome.min.css?ver=stranoweb-ajax-login/css/style.css?ver=stranoweb-ajax-login/js/ajax-login-script.js?ver=stranoweb-ajax-login/js/bootstrap.min.js?ver=stranoweb-ajax-login/js/custom.js?ver=stranoweb-ajax-login/js/jquery.validate.min.js?ver=stranoweb-ajax-login/js/login-ajax.js?ver=stranoweb-ajax-login/js/sweetalert.min.js?ver=stranoweb-ajax-login/js/toastr.min.js?ver=stranoweb-ajax-login/js/validation.js?ver=stranoweb-ajax-login/includes/tinymce/js/custom.js?ver=stranoweb-ajax-login/includes/tinymce/js/plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes
swal-login-buttonswal-register-buttonswal-dialogswal-contentswal-titleswal-bodyswal-footerswal-form-group+6 more
HTML Comments
<!-- Developer Details --><!-- Stranoweb Ajax Login - Developer Info -->
Data Attributes
data-swal-noncedata-swal-targetdata-swal-modal-iddata-swal-action
JS Globals
SWAL_AJAX_OBJECT
REST Endpoints
/wp-json/swal/v1/login/wp-json/swal/v1/register/wp-json/swal/v1/forgot-password
Shortcode Output
[swal_login_button][swal_register_button]
FAQ

Frequently Asked Questions about StranoWeb Ajax Login