Does Tim's Nextcloud SSO OAuth2 have any unpatched vulnerabilities?

No. All known vulnerabilities in Tim's Nextcloud SSO OAuth2 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tim's Nextcloud SSO OAuth2 compatible with WordPress 6.8.5?

According to WordPress.org data, Tim's Nextcloud SSO OAuth2 2.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Tim's Nextcloud SSO OAuth2 compatible with PHP 8.0+?

Tim's Nextcloud SSO OAuth2 requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tim's Nextcloud SSO OAuth2 updated?

Tim's Nextcloud SSO OAuth2 was last updated on May 22, 2025. Frequent updates are generally a positive security signal.

What is Tim's Nextcloud SSO OAuth2's security score?

Tim's Nextcloud SSO OAuth2 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tim's Nextcloud SSO OAuth2 Security & Risk Analysis

wordpress.org/plugins/tims-nextcloud-sso-oauth2

Enables you to login to your WordPress site with your Nextcloud account with OAuth2

300 active installs v2.0.3 PHP 8.0+ WP 4.0.0+ Updated May 22, 2025

loginnextcloudoauth-2-0single-sign-onwordpress-sso

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tim's Nextcloud SSO OAuth2 Safe to Use in 2026?

Generally Safe

Score 100/100

Tim's Nextcloud SSO OAuth2 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "tims-nextcloud-sso-oauth2" plugin v2.0.3 demonstrates a generally strong security posture with several positive indicators. The absence of known CVEs and a clean vulnerability history are significant strengths, suggesting a well-maintained and secure codebase over time. The static analysis reveals a limited attack surface with no unprotected entry points, and all SQL queries utilize prepared statements, mitigating the risk of SQL injection. The plugin also performs file operations and external HTTP requests, which are common and often necessary functions, but these are not flagged as immediately problematic in the static analysis.

Key Concerns

Only 36% of outputs are properly escaped
No nonce checks found
Two flows with unsanitized paths found

Vulnerabilities

None known

Tim's Nextcloud SSO OAuth2 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tim's Nextcloud SSO OAuth2 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

36% escaped100 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

tims_nso_run (includes\functions.php:90)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Tim's Nextcloud SSO OAuth2 Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_tims_nso_test_connectionincludes\functions.php:340

Shortcodes 2

[nextcloud_login] includes\button-shortcode.php:42

[nextcloud_login_link] includes\button-shortcode.php:54

WordPress Hooks 7

actionwpincludes\functions.php:89

actionwp_loadedincludes\functions.php:331

actionlogin_formincludes\functions.php:338

actionlogin_headincludes\functions.php:410

actionadmin_menuincludes\options-page.php:5

actionadmin_initincludes\options-page.php:10

actionadmin_enqueue_scriptsincludes\options-page.php:20

Maintenance & Trust

Tim's Nextcloud SSO OAuth2 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 22, 2025

PHP min version8.0

Downloads5K

Community Trust

Rating100/100

Number of ratings8

Active installs300

Alternatives

Tim's Nextcloud SSO OAuth2 Alternatives

Snapplify Single Sign On

snapplify-single-sign-on

100

WordPress User Single Sign On authentication with a Snapplify User Account.

0 No CVEs

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs

Lana Single Sign On

lana-sso

100

Creates the ability to login using Single Sign On via OAuth 2.0

20 No CVEs

SAML Single Sign On – SSO Login

miniorange-saml-20-single-sign-on

SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]

10K 6 CVEs

SAML IDP (Identity Provider) – Login with Website Users

miniorange-wp-as-saml-idp

Single sign on (SSO) login with WordPress Users into any Service Provider like Tableau, Thinkific, Zoom, Moodle LMS, Canvas LMS, Absorb LMS, TalentLMS

600 2 CVEs

Developer Profile

Tim's Nextcloud SSO OAuth2 Developer Profile

Tim Oxendale

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tim's Nextcloud SSO OAuth2

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tims-nextcloud-sso-oauth2/assets/css/options-page.css

HTML / DOM Fingerprints

CSS Classes

tims_nso_ssotims-nextcloud-boxdisable-checker-on-change

Data Attributes

data-text

FAQ