WP-Safety

Age Verification & Identity Verification by Token of Trust Security & Risk Analysis

wordpress.org/plugins/token-of-trust

Verify age at checkout, protect pages from underage visitors, or set up advanced identity verification checks. Setup wizard gets you going in minutes.

50 active installs v3.32.2 PHP 7.2.5+ WP 5.3.0+ Updated Mar 12, 2026
age-gateage-verificationidentity-verificationkycverify-age
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Age Verification & Identity Verification by Token of Trust Safe to Use in 2026?

Generally Safe

Score 100/100

Age Verification & Identity Verification by Token of Trust has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The 'token-of-trust' plugin v3.32.2 exhibits a concerning security posture due to a significant number of unprotected entry points. While the plugin has no recorded vulnerability history, indicating a potentially low historical risk, the static analysis reveals several areas that warrant attention. Specifically, 6 out of 8 AJAX handlers and 1 out of 1 REST API route lack authentication checks, creating a substantial attack surface accessible to unauthenticated users. Furthermore, the taint analysis shows 6 flows with unsanitized paths, a critical indicator of potential vulnerabilities, even though they are not classified as critical or high severity in this specific scan. The moderate percentage of proper output escaping and the usage of prepared statements for SQL queries are positive signs, but the unescaped output and raw SQL queries still present a risk. The presence of bundled libraries like Guzzle and Select2 is standard, but their security depends on their individual patch status, which is not detailed here. Overall, the plugin's strengths lie in its lack of historical vulnerabilities and some good coding practices like prepared statements. However, the numerous unprotected entry points and unsanitized code paths are significant weaknesses that could be exploited.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Flows with unsanitized paths
  • SQL queries not using prepared statements
  • Output not properly escaped
  • Nonce checks present
  • Capability checks present
Vulnerabilities
None known

Age Verification & Identity Verification by Token of Trust Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Age Verification & Identity Verification by Token of Trust Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
1 prepared
Unescaped Output
173
169 escaped
Nonce Checks
3
Capability Checks
14
File Operations
15
External Requests
13
Bundled Libraries
2

Bundled Libraries

GuzzleSelect2

SQL Query Safety

33% prepared3 total queries

Output Escaping

49% escaped342 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths
get_settings_page (Modules\Shared\Settings\Page.php:246)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Age Verification & Identity Verification by Token of Trust Attack Surface

Entry Points11
Unprotected7

AJAX Handlers 8

authwp_ajax_tot_quickstart_settingsadmin\class-quickstart.php:22
authwp_ajax_tot_verify_personapi\client-api-verify-person.php:83
noprivwp_ajax_tot_verify_personapi\client-api-verify-person.php:84
authwp_ajax_tot_wc_order_unquarantineintegrations\woocommerce\class-admin.php:38
authwp_ajax_tot_wc_email_reminderintegrations\woocommerce\class-admin.php:39
authwp_ajax_tot_woo_order_syncintegrations\woocommerce\class-admin.php:40
authwp_ajax_woocommerce_load_variationsintegrations\woocommerce\class-variation-sync.php:19
authwp_ajax_woocommerce_save_variationsintegrations\woocommerce\class-variation-sync.php:20

REST API Routes 1

POST/wp-json/tot/v1/check-verification-requiredintegrations\woocommerce\blocks\Block_Checkout.php:60

Shortcodes 2

[tot-reputation-status] Modules\Verification\Shared\shortcode-tot-reputation-status.php:20
[tot-wp-embed] Modules\Verification\Shared\shortcode-tot-wp-embed.php:3
WordPress Hooks 124
actionactivated_pluginadmin\class-plugin-updates.php:23
actiondeactivated_pluginadmin\class-plugin-updates.php:26
filterupgrader_pre_installadmin\class-plugin-updates.php:29
actionupgrader_process_completeadmin\class-plugin-updates.php:32
actioninitadmin\class-quickstart.php:17
actionwidgets_initadmin\class-webhooks.php:13
actiontot_webhook_successadmin\class-webhooks.php:14
actiontot_webhook_rejectedadmin\class-webhooks.php:15
actionwpadmin\class-webhooks.php:18
actionin_admin_headeradmin\embed-avoma-scheduler.php:13
actionadmin_initadmin\plugin-activation.php:15
actionadmin_initadmin\settings-page\fields.php:19
actionload-toplevel_page_totsettingsadmin\settings-page\fields.php:27
actionadmin_enqueue_scriptsadmin\settings-page\fields.php:372
actionadmin_menuadmin\settings-page\menu-item.php:3
actionadmin_enqueue_scriptsadmin\settings-page\menu-item.php:4
actionrest_api_initadmin\setup-wizard\class-setup-wizard.php:35
actionadmin_enqueue_scriptsadmin\setup-wizard\class-setup-wizard.php:45
filtermanage_users_columnsadmin\user-panels.php:6
filtermanage_users_custom_columnadmin\user-panels.php:7
actionshow_user_profileadmin\user-panels.php:8
actionedit_user_profileadmin\user-panels.php:9
actiontot_set_connection_successexamples\action--set-connection.php:13
actiontot_set_connection_failedexamples\action--set-connection.php:14
filtertot_set_connection_app_dataexamples\filter--set-connection-app-data.php:13
filtertot_is_verification_required_for_orderexamples\filter--wc-is_verification_required_for_order.php:13
filtertot_order_verification_dataexamples\filter--wc-order-verification-data.php:11
filtertot_verify_person_dataexamples\filter--wc-order-verification-data.php:12
filtertot_process_order_set_quarantineexamples\filter--wc-process-order-set-quarantine.php:15
filterblock_categories_allgutenberg-blocks\class-blocks-controller.php:15
actioninitgutenberg-blocks\class-blocks-controller.php:21
filterum_account_page_default_tabs_hookintegrations\ultimate-member\um_account_page.php:3
filterum_account_content_hook_verificationintegrations\ultimate-member\um_account_page.php:5
filterum_profile_tabsintegrations\ultimate-member\um_profile_page.php:6
actionadmin_menuintegrations\ultimate-member\um_settings_menu.php:5
actionadmin_initintegrations\ultimate-member\um_settings_menu.php:6
actionadmin_enqueue_scriptsintegrations\ultimate-member\um_settings_menu.php:7
actionplugins_loadedintegrations\woocommerce\abstract-product-sync.php:150
actioninitintegrations\woocommerce\abstract-product-sync.php:155
actionrest_api_initintegrations\woocommerce\blocks\Block_Checkout.php:34
actionwoocommerce_blocks_checkout_block_registrationintegrations\woocommerce\blocks\Block_Checkout.php:48
actionwoocommerce_store_api_cart_errorsintegrations\woocommerce\blocks\Block_Checkout.php:72
actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\blocks\Block_Checkout.php:83
actionwidgets_initintegrations\woocommerce\class-admin.php:18
actionbefore_woocommerce_initintegrations\woocommerce\class-admin.php:21
actionadd_meta_boxesintegrations\woocommerce\class-admin.php:36
actionadmin_enqueue_scriptsintegrations\woocommerce\class-admin.php:37
filtermanage_edit-shop_order_columnsintegrations\woocommerce\class-admin.php:46
actionmanage_shop_order_posts_custom_columnintegrations\woocommerce\class-admin.php:47
filtermanage_woocommerce_page_wc-orders_columnsintegrations\woocommerce\class-admin.php:50
actionmanage_woocommerce_page_wc-orders_custom_columnintegrations\woocommerce\class-admin.php:51
actionwp_enqueue_scriptsintegrations\woocommerce\class-checkout.php:63
filterwc_order_statusesintegrations\woocommerce\class-checkout.php:64
actionwoocommerce_review_order_before_submitintegrations\woocommerce\class-checkout.php:67
actionwoocommerce_checkout_processintegrations\woocommerce\class-checkout.php:68
actionwoocommerce_checkout_update_order_metaintegrations\woocommerce\class-checkout.php:72
actionwoocommerce_checkout_order_createdintegrations\woocommerce\class-checkout.php:73
actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:74
actionwoocommerce_order_status_changedintegrations\woocommerce\class-checkout.php:75
actionwoocommerce_before_template_partintegrations\woocommerce\class-checkout.php:77
filterbody_classintegrations\woocommerce\class-checkout.php:78
actiontot_webhook_successintegrations\woocommerce\class-checkout.php:81
actiontemplate_redirectintegrations\woocommerce\class-checkout.php:82
actionwoocommerce_checkout_update_order_reviewintegrations\woocommerce\class-checkout.php:89
actionwoocommerce_review_order_before_order_totalintegrations\woocommerce\class-checkout.php:90
actionwoocommerce_before_calculate_totalsintegrations\woocommerce\class-checkout.php:91
actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:92
actionwoocommerce_initintegrations\woocommerce\class-checkout.php:2385
actionadmin_initintegrations\woocommerce\class-checkout.php:2390
actionwpintegrations\woocommerce\class-checkout.php:2392
actionwoocommerce_cart_item_removedintegrations\woocommerce\class-checkout.php:2403
actionwoocommerce_add_to_cartintegrations\woocommerce\class-checkout.php:2404
actionwoocommerce_after_cart_item_quantity_updateintegrations\woocommerce\class-checkout.php:2405
actionwoocommerce_cart_calculate_feesintegrations\woocommerce\class-checkout.php:2408
actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2411
actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\class-checkout.php:2412
actionwoocommerce_order_payment_status_changedintegrations\woocommerce\class-checkout.php:2415
actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2417
actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2423
actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\class-checkout.php:2424
actionwoocommerce_order_payment_status_changedintegrations\woocommerce\class-checkout.php:2427
actioninitintegrations\woocommerce\class-donations.php:96
actionwoocommerce_product_options_general_product_dataintegrations\woocommerce\class-product-sync.php:59
actionwoocommerce_admin_process_product_objectintegrations\woocommerce\class-product-sync.php:61
actionwoocommerce_product_options_general_product_dataintegrations\woocommerce\class-product-sync.php:66
actionwoocommerce_admin_process_product_objectintegrations\woocommerce\class-product-sync.php:68
filterwoocommerce_product_export_column_namesintegrations\woocommerce\class-product-sync.php:72
filterwoocommerce_product_export_product_default_columnsintegrations\woocommerce\class-product-sync.php:73
filterwoocommerce_csv_product_import_mapping_optionsintegrations\woocommerce\class-product-sync.php:88
filterwoocommerce_product_import_pre_insert_product_objectintegrations\woocommerce\class-product-sync.php:89
filterwoocommerce_csv_product_import_mapping_default_columnsintegrations\woocommerce\class-product-sync.php:90
actionwoocommerce_initintegrations\woocommerce\class-settings.php:19
actionadmin_menuintegrations\woocommerce\class-settings.php:27
actionadmin_noticesintegrations\woocommerce\class-settings.php:28
actionadmin_initintegrations\woocommerce\class-settings.php:29
actionwoocommerce_product_after_variable_attributesintegrations\woocommerce\class-variation-sync.php:28
actionwoocommerce_save_product_variationintegrations\woocommerce\class-variation-sync.php:29
actionwoocommerce_ajax_save_product_variationsintegrations\woocommerce\class-variation-sync.php:30
actionbefore_woocommerce_initintegrations\woocommerce\wc-admin.php:77
filtercron_schedulesintegrations\woocommerce\wc-cron.php:5
actioninitintegrations\woocommerce\wc-cron.php:18
actiontot_sync_ordersintegrations\woocommerce\wc-cron.php:28
actioninitintegrations\woocommerce\woocommerce.php:33
actionadmin_enqueue_scriptsModules\Shared\Settings\Page.php:143
actiontot_webhook_successModules\Shared\Settings.php:35
actionadmin_initModules\Tax\token-of-trust-taxes.php:36
actionadmin_noticesModules\Tax\token-of-trust-taxes.php:54
actioninitModules\Verification\Shared\cron.php:6
actiontot_get_faq_pageModules\Verification\Shared\cron.php:17
actionshutdownModules\Verification\Shared\Debugger.php:43
actionshutdownModules\Verification\Shared\Debugger.php:46
actionadmin_noticesModules\Verification\Shared\flash-notice-queue.php:58
actionwp_headersModules\Verification\Shared\shortcode-tot-reputation-status.php:8
actionwidgets_initModules\Verification\Shared\tot-request-utils.php:6
actionwp_loadedModules\Verification\Shared\tot-request-utils.php:7
actiontemplate_redirectModules\Verification\Shared\verification_requirements.php:9
actionwp_footerModules\Verification\Shared\verification_requirements.php:10
actionwidgets_initModules\Verification\Shared\verification_requirements.php:18
actionplugins_loadedtoken-of-trust.php:62
actioninittoken-of-trust.php:84
filterauto_update_pluginupgrades\detection.php:23
actionadmin_initupgrades\detection.php:47
actionadmin_noticesupgrades\detection.php:105
actionuser_registerusers\new-user-tot-connection.php:3

Scheduled Events 2

tot_sync_orders
tot_get_faq_page
Maintenance & Trust

Age Verification & Identity Verification by Token of Trust Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.2.5
Downloads43K

Community Trust

Rating86/100
Number of ratings15
Active installs50
Alternatives

Age Verification & Identity Verification by Token of Trust Alternatives

Didit Verify

Didit Verify

didit-verify

A
100

Add identity verification to any WordPress page or WooCommerce checkout using Didit.

10 No CVEs
Konfirmi Plugin

Konfirmi Plugin

konfirmi

A
85

KONFIRMI allows you to easily and automatically verify your customer's age, ID, address, and other information.

10 No CVEs
iDenfy for WooCommerce

iDenfy for WooCommerce

idenfy-for-woocommerce

A
100

Add identity verification to your WooCommerce store. Verify customers before checkout with ID checks — powered by iDenfy.

0 No CVEs
Age Gate

Age Gate

age-gate

A
90

A plugin to check the age of a visitor before view site or specified content

40K 5 CVEs
Age Gate Lite

Age Gate Lite

age-gate-lite

A
85

A lightweight, customisable age gate to lock content from younger audience.

2K No CVEs
Developer Profile

Age Verification & Identity Verification by Token of Trust Developer Profile

Token of Trust

1 plugin · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Age Verification & Identity Verification by Token of Trust

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/token-of-trust/token-of-trust.css/wp-content/plugins/token-of-trust/token-of-trust.js/wp-content/plugins/token-of-trust/Modules/Shared/Assets/tot-error-log.js/wp-content/plugins/token-of-trust/analytics/build/analyticsTracker.bundle.js/wp-content/plugins/token-of-trust/admin/plugin-deactivation/assets/scripts/plugin-deactivation.js
Script Paths
/wp-content/plugins/token-of-trust/token-of-trust.js/wp-content/plugins/token-of-trust/Modules/Shared/Assets/tot-error-log.js/wp-content/plugins/token-of-trust/analytics/build/analyticsTracker.bundle.js/wp-content/plugins/token-of-trust/admin/plugin-deactivation/assets/scripts/plugin-deactivation.js
Version Parameters
token-of-trust.css?ver=token-of-trust.js?ver=tot-error-log.js?ver=analyticsTracker.bundle.js?ver=plugin-deactivation.js?ver=

HTML / DOM Fingerprints

CSS Classes
tot-taxes-notice
Data Attributes
data-tot-hostdata-tot-versiondata-tot-app-domaindata-tot-rest-urldata-tot-noncedata-tot-app-user-email+1 more
JS Globals
totObjtotPluginDeactivationData
REST Endpoints
/wp-json/tot/v1/webhooks/wp-json/tot/v1/client-api/verify-person
FAQ

Frequently Asked Questions about Age Verification & Identity Verification by Token of Trust