Does TrustedLogin Connector have any unpatched vulnerabilities?

No. All known vulnerabilities in TrustedLogin Connector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TrustedLogin Connector compatible with WordPress 6.6.5?

According to WordPress.org data, TrustedLogin Connector 1.2.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is TrustedLogin Connector compatible with PHP 7.2+?

TrustedLogin Connector requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TrustedLogin Connector updated?

TrustedLogin Connector was last updated on Sep 13, 2024. Frequent updates are generally a positive security signal.

What is TrustedLogin Connector's security score?

TrustedLogin Connector has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TrustedLogin Connector Security & Risk Analysis

wordpress.org/plugins/trustedlogin-connector

Empower support team members to securely and easily log into client sites using TrustedLogin.

10 active installs v1.2.1 PHP 7.2+ WP + Updated Sep 13, 2024

loginsecuritysupport

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is TrustedLogin Connector Safe to Use in 2026?

Generally Safe

Score 92/100

TrustedLogin Connector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The trustedlogin-connector plugin version 1.2.1 demonstrates a generally strong security posture based on static analysis. The absence of any recorded vulnerabilities, including critical or high severity ones, in its history is a significant positive indicator. The code signals reveal a low attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication or permission checks. Furthermore, the use of prepared statements for all SQL queries and a high percentage of properly escaped output suggest good development practices against common web vulnerabilities like SQL injection and XSS. Nonce and capability checks are also present.

However, there is one notable concern indicated by the taint analysis. A single identified flow with an unsanitized path, rated as high severity, warrants attention. While the attack surface is minimal, this specific flow could potentially be exploited if an attacker can control the path input. The plugin also performs file operations and external HTTP requests, which, although not explicitly flagged as problematic in this analysis, are areas that can introduce vulnerabilities if not handled with extreme care and robust validation. The presence of file operations and an external HTTP request, coupled with the high-severity taint flow, suggests that while the plugin is well-protected against many common threats, there's a specific area requiring closer scrutiny.

In conclusion, trustedlogin-connector v1.2.1 appears to be a secure plugin with a proactive approach to security, evidenced by its clean vulnerability history and robust handling of database operations and output escaping. The low attack surface and inclusion of security checks are commendable. The primary weakness identified is a single high-severity taint flow related to unsanitized paths, which, despite the overall good security, presents a specific risk that should be addressed. The plugin's strengths significantly outweigh its weaknesses, but the identified taint flow is a critical point for potential improvement.

Key Concerns

High severity unsanitized path flow
File operations present
External HTTP requests present

Vulnerabilities

None known

TrustedLogin Connector Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TrustedLogin Connector Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped16 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<Helpers> (php\Helpers.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TrustedLogin Connector Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_menuphp\MenuPage.php:72

actionadmin_enqueue_scriptsphp\MenuPage.php:73

actioninitsrc\trustedlogin-settings\init.php:15

actionadmin_enqueue_scriptssrc\trustedlogin-settings\init.php:82

actionrest_api_inittrustedlogin-connector.php:79

actiontemplate_redirecttrustedlogin-connector.php:82

actionadmin_inittrustedlogin-connector.php:85

actionadmin_inittrustedlogin-connector.php:98

Maintenance & Trust

TrustedLogin Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 13, 2024

PHP min version7.2

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

TrustedLogin Connector Alternatives

NNFP – Passwordless Email OTP Login

no-need-for-password

100

Short Description: Enable secure passwordless login and registration using secure email-based one-time passwords (OTP).

0 No CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

TrustedLogin Connector Developer Profile

TrustedLogin

3 plugins · 31K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TrustedLogin Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trustedlogin-connector/dist/css/trustedlogin-settings.css/wp-content/plugins/trustedlogin-connector/dist/js/trustedlogin-settings.js

Script Paths

/wp-content/plugins/trustedlogin-connector/dist/js/trustedlogin-settings.js

Version Parameters

trustedlogin-connector/dist/css/trustedlogin-settings.css?ver=trustedlogin-connector/dist/js/trustedlogin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

trustedlogin-settings-pagetrustedlogin-apptrustedlogin-teams-pagetrustedlogin-helpdesks-pagetl-settings-reset-button

HTML Comments

Data Attributes

id="trustedlogin-settings"data-tl-settingsdata-tl-teamsdata-tl-helpdesksdata-tl-access-key-login

JS Globals

window.tlVendorvar tlVendorData

REST Endpoints

/wp-json/trustedlogin/v1/settings/wp-json/trustedlogin/v1/users/wp-json/trustedlogin/v1/teams/wp-json/trustedlogin/v1/helpdesks/wp-json/trustedlogin/v1/save-settings/wp-json/trustedlogin/v1/delete-team/wp-json/trustedlogin/v1/delete-helpdesk/wp-json/trustedlogin/v1/get-helpdesk-options

FAQ