WP-Safety

TomS Social Login Security & Risk Analysis

wordpress.org/plugins/toms-social-login

Support users use their Facebook,Google,Paypal,Github,Wechat,QQ,Weibo,Dingtalk accounts to login your wordpress site. Compatibility Woocommerce, Ultim …

10 active installs v1.1.0 PHP 7.0+ WP 5.8+ Updated Apr 1, 2023
accountgoogleloginprofilesocial-login
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is TomS Social Login Safe to Use in 2026?

Generally Safe

Score 85/100

TomS Social Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The toms-social-login plugin version 1.1.0 exhibits a generally strong security posture based on the provided static analysis. A significant portion of its SQL queries are prepared, and a high percentage of outputs are properly escaped, indicating good development practices for preventing common vulnerabilities like SQL injection and XSS. The plugin also demonstrates good security hygiene by including a substantial number of nonce and capability checks, and importantly, has no recorded vulnerabilities or CVEs, suggesting a history of secure development and maintenance.

However, there are some areas that warrant attention. The presence of four taint flows with unsanitized paths, while not classified as critical or high severity, represents a potential risk. While the analysis didn't find direct evidence of exploitability, unsanitized paths can be a precursor to vulnerabilities if user input is not handled rigorously throughout the code. Additionally, the plugin makes several external HTTP requests, which can introduce risks if not carefully managed, though no specific issues are highlighted in this regard from the provided data.

Overall, the plugin appears to be developed with security in mind, evidenced by its lack of historical vulnerabilities and good practices in handling SQL and output. The primary concern lies in the identified taint flows with unsanitized paths, which, though unexploited in this version, should be investigated further to ensure robust input validation and sanitization. The absence of any critical or high severity issues and the lack of known CVEs are positive indicators, but the identified taint flows suggest a need for vigilance.

Key Concerns

  • Taint flows with unsanitized paths
Vulnerabilities
None known

TomS Social Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TomS Social Login Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

TomS Social Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
47
464 escaped
Nonce Checks
11
Capability Checks
4
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

80% prepared5 total queries

Output Escaping

91% escaped511 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
TSSL_Binding_Button (library\toms-binding-btn.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TomS Social Login Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 2

authwp_ajax_save_TSSL_ordertoms-social-login.php:39
authwp_ajax_save_TSSL_bindingtoms-social-login.php:40

Shortcodes 2

[TSSL_Binding_Button] library\toms-binding-btn.php:9
[TSSL_Login_Button] library\toms-login-btn.php:14
WordPress Hooks 33
actionplugins_loadeddefault-supported-plugins\default-supported-plugins.php:8
actionwoocommerce_login_formdefault-supported-plugins\default-supported-plugins.php:38
actionwoocommerce_register_formdefault-supported-plugins\default-supported-plugins.php:39
actionwoocommerce_edit_account_formdefault-supported-plugins\default-supported-plugins.php:43
actionum_after_form_fieldsdefault-supported-plugins\default-supported-plugins.php:49
actionum_after_account_generaldefault-supported-plugins\default-supported-plugins.php:52
actionuser_registration_after_field_rowdefault-supported-plugins\default-supported-plugins.php:70
actionuser_registration_login_formdefault-supported-plugins\default-supported-plugins.php:71
actionuser_registration_account_dashboarddefault-supported-plugins\default-supported-plugins.php:74
filterTomSUserMetadefault-supported-plugins\default-supported-plugins.php:94
filterTomSRedirectURLdefault-supported-plugins\default-supported-plugins.php:105
actioninitinc\toms-dingtalk-login.php:9
actioninitinc\toms-facebook-login.php:9
actioninitinc\toms-github-login.php:9
actioninitinc\toms-google-login.php:9
actioninitinc\toms-paypal-login.php:9
actioninitinc\toms-qq-login.php:9
actioninitinc\toms-wechat-login.php:9
actioninitinc\toms-weibo-login.php:9
filterget_avatarlibrary\toms-avatar.php:8
filterdefault_avatar_selectlibrary\toms-avatar.php:9
filterget_avatar_urllibrary\toms-avatar.php:10
actionshow_user_profilelibrary\toms-binding-btn.php:8
actionlogin_formlibrary\toms-login-btn.php:9
actionregister_formlibrary\toms-login-btn.php:10
actionlostpassword_formlibrary\toms-login-btn.php:11
actionadmin_headlibrary\toms-user-lists.php:8
filtermanage_users_columnslibrary\toms-user-lists.php:9
filtermanage_users_custom_columnlibrary\toms-user-lists.php:10
actioninittoms-social-login.php:34
actionadmin_menutoms-social-login.php:35
filterplugin_action_linkstoms-social-login.php:43
actionadmin_enqueue_scriptstoms-social-login.php:136
Maintenance & Trust

TomS Social Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 1, 2023
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

TomS Social Login Alternatives

Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

C
56

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo …

10K 1 unpatched
UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
One Tap Google Sign in

One Tap Google Sign in

one-tap-google-sign-in

A
85

Allows users to add Google One Tap Sign-in Or Sign-up to wordpress website.

1K No CVEs
Happy Social Login

Happy Social Login

happy-social-login

A
92

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs
Developer Profile

TomS Social Login Developer Profile

TomS Caprice

7 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TomS Social Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/toms-social-login/admin/assets/css/toms-social-login-global.css/wp-content/plugins/toms-social-login/library/assets/css/iconfont.css/wp-content/plugins/toms-social-login/admin/assets/css/toms-social-login.css/wp-content/plugins/toms-social-login/admin/assets/js/toms-social-login.js
Script Paths
/wp-content/plugins/toms-social-login/admin/assets/css/toms-social-login-global.css/wp-content/plugins/toms-social-login/library/assets/css/iconfont.css/wp-content/plugins/toms-social-login/admin/assets/css/toms-social-login.css/wp-content/plugins/toms-social-login/admin/assets/js/toms-social-login.js

HTML / DOM Fingerprints

CSS Classes
toms-menu-itemtoms-menu-text
HTML Comments
<!-- IMPORTANT: Dont remove this file --><!-- TomS Social Login admin-->
Data Attributes
data-nonce-unbinddata-nonce-order
JS Globals
tomsSocialLogin
FAQ

Frequently Asked Questions about TomS Social Login