WP-Safety

UsersWP – Social Login Security & Risk Analysis

wordpress.org/plugins/userswp-social-login

Social Login addon for UsersWP.

2K active installs v1.5.6 PHP + WP 6.1+ Updated Jan 20, 2026
facebook-logingoogle-loginlinkedin-loginsocial-logintwitter-login
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is UsersWP – Social Login Safe to Use in 2026?

Generally Safe

Score 100/100

UsersWP – Social Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "userswp-social-login" v1.5.6 plugin presents a mixed security posture. On the positive side, it shows a strong reliance on prepared statements for SQL queries and avoids external HTTP requests or file operations, which are common attack vectors. The absence of any recorded vulnerabilities in its history is also a promising sign of good development practices. However, significant concerns arise from the static analysis. The plugin has a total of 2 entry points, both of which are AJAX handlers lacking authentication checks. This directly exposes critical functionality to unauthenticated users, creating a substantial risk. Furthermore, the taint analysis revealed 3 flows with unsanitized paths, with one classified as high severity. This indicates a potential for attackers to manipulate input that is not properly validated or sanitized before being used in sensitive operations, possibly leading to code execution or data compromise. The lack of nonce checks on AJAX actions exacerbates this risk, as it provides an easy avenue for Cross-Site Request Forgery (CSRF) attacks. While the plugin avoids dangerous functions and has a relatively small attack surface in terms of shortcodes and cron events, the unprotected AJAX endpoints and unsanitized taint flows are critical weaknesses that need immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flow
  • Unsanitized paths in taint flows
  • Lack of nonce checks
  • Low percentage of properly escaped output
  • Bundled library (Guzzle)
Vulnerabilities
None known

UsersWP – Social Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

UsersWP – Social Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
10 prepared
Unescaped Output
41
64 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

91% prepared11 total queries

Output Escaping

61% escaped105 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
uwp_social_authenticate_process (includes\social.php:34)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

UsersWP – Social Login Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_uwp_social_dismiss_authuri_noticeincludes\class-uwp-social.php:110
authwp_ajax_uwp_social_dismiss_authuri_noticeincludes\class-uwp-social.php:111
WordPress Hooks 36
filteruwp_settings_tabs_arrayadmin\class-uwp-settings-social.php:29
actionuwp_get_settings_uninstalladmin\class-uwp-settings-social.php:34
actionlogin_form_middleincludes\class-uwp-social.php:25
actionuwp_social_fieldsincludes\class-uwp-social.php:26
actionwpmu_delete_userincludes\class-uwp-social.php:27
actiondelete_userincludes\class-uwp-social.php:28
actionuwp_get_widgetsincludes\class-uwp-social.php:29
actionlogin_enqueue_scriptsincludes\class-uwp-social.php:30
actioninitincludes\class-uwp-social.php:31
actionuwp_social_after_wp_insert_userincludes\class-uwp-social.php:32
actionuwp_social_after_wp_insert_userincludes\class-uwp-social.php:33
actionlogin_formincludes\class-uwp-social.php:34
actionregister_formincludes\class-uwp-social.php:35
actionuwp_options_for_translationincludes\class-uwp-social.php:36
actiontemplate_redirectincludes\class-uwp-social.php:37
actionuwp_after_process_accountincludes\class-uwp-social.php:38
actionuwp_template_display_noticesincludes\class-uwp-social.php:39
filteruwp_social_login_button_urlincludes\class-uwp-social.php:41
actionuwp_social_authenticate_startincludes\class-uwp-social.php:42
actionuwp_clear_user_php_sessionincludes\class-uwp-social.php:44
actionwp_logoutincludes\class-uwp-social.php:45
actionadmin_initincludes\class-uwp-social.php:48
actionadmin_initincludes\class-uwp-social.php:49
filteruwp_get_settings_pagesincludes\class-uwp-social.php:50
actionadmin_noticesincludes\class-uwp-social.php:108
actionadmin_footerincludes\class-uwp-social.php:109
filteruwp_social_register_form_idincludes\class-uwp-social.php:166
filterquery_varsincludes\social.php:2
actioninitincludes\social.php:10
filteruwp_social_require_emailincludes\social.php:796
filteruwp_social_change_usernameincludes\social.php:807
actiontemplate_redirectincludes\social.php:837
actionprofile_updateincludes\social.php:882
actionuwp_new_email_activation_successincludes\social.php:894
actionadmin_noticesuwp-social.php:39
actionplugins_loadeduwp-social.php:84
Maintenance & Trust

UsersWP – Social Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version
Downloads129K

Community Trust

Rating66/100
Number of ratings4
Active installs2K
Alternatives

UsersWP – Social Login Alternatives

Social Login

Social Login

oa-social-login

A
89

With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs

5K 1 CVE
Happy Social Login

Happy Social Login

happy-social-login

A
92

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs
Heateor Social Login WordPress

Heateor Social Login WordPress

heateor-social-login

C
62

One click login and registration via Facebook, Twitter, Linkedin, Google and 23 others.

1K 1 unpatched
WP Social AutoConnect

WP Social AutoConnect

wp-fb-autoconnect

B
74

A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike. Supports Buddypress.

500 1 unpatched
Social Login by BestWebSoft

Social Login by BestWebSoft

social-login-bws

A
100

Add social media login, registration, and commenting to your WordPress website.

90 1 CVE
Developer Profile

UsersWP – Social Login Developer Profile

Stiofan

12 plugins · 90K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
191 days
View full developer profile
Detection Fingerprints

How We Detect UsersWP – Social Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/userswp-social-login/assets/css/uwp-social-login.css/wp-content/plugins/userswp-social-login/assets/js/uwp-social-login.js/wp-content/plugins/userswp-social-login/vendor/hybridauth/hybridauth/hybridauth/hybridauth.css/wp-content/plugins/userswp-social-login/vendor/hybridauth/hybridauth/hybridauth/hybridauth.min.js
Script Paths
/wp-content/plugins/userswp-social-login/assets/js/uwp-social-login.js/wp-content/plugins/userswp-social-login/vendor/hybridauth/hybridauth/hybridauth/hybridauth.min.js
Version Parameters
userswp-social-login/assets/css/uwp-social-login.css?ver=userswp-social-login/assets/js/uwp-social-login.js?ver=

HTML / DOM Fingerprints

CSS Classes
uwp-social-login-buttonsuwp-social-login-widget-containeruserswp-social-login-wrap
Data Attributes
data-plugindata-userswp-social-login-ajax-url
JS Globals
uwp_social_params
Shortcode Output
[userswp_social_login]
FAQ

Frequently Asked Questions about UsersWP – Social Login