Does VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) have any unpatched vulnerabilities?

No. All known vulnerabilities in VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) compatible with WordPress 6.9.4?

According to WordPress.org data, VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) 1.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Security & Risk Analysis

wordpress.org/plugins/ventraconnect-social-login

Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.

20 active installs v1.2.0 PHP 7.4+ WP 6.2+ Updated Feb 25, 2026

email-otpmagic-linkoauthpasswordless-loginsocial-login

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Safe to Use in 2026?

Generally Safe

Score 100/100

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The ventraconnect-social-login plugin v1.2.0 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a significant number of nonce and capability checks, several areas of concern are present. The attack surface is moderately sized with 17 entry points, but notably, 4 of these lack proper authentication or permission checks. This is a significant risk, as unauthenticated entry points can be exploited by attackers. The taint analysis reveals 3 flows with unsanitized paths, with 2 identified as high severity. This indicates potential for attackers to inject malicious input that is not properly validated or escaped, leading to vulnerabilities such as cross-site scripting (XSS) or remote code execution (RCE) depending on the context.

The plugin has no recorded vulnerability history, which is a positive sign suggesting a lack of publicly known exploits and potentially a proactive approach to security by the developers. However, the presence of high-severity taint flows, even without historical CVEs, warrants immediate attention. The plugin's strengths lie in its diligent use of prepared statements and authorization checks in many areas. Nevertheless, the identified unprotected entry points and unsanitized taint flows represent clear weaknesses that could be exploited. Developers should prioritize addressing these specific code-level risks to improve the overall security of the plugin.

Key Concerns

Unprotected REST API routes (1)
Unprotected AJAX handlers (3)
High severity taint flows (2)
Flows with unsanitized paths (3)
Low percentage of properly escaped outputs (52%)

Vulnerabilities

None known

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

706

773 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

94% prepared16 total queries

Output Escaping

52% escaped1479 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

<class-settings> (includes\class-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Attack Surface

Entry Points17

Unprotected4

AJAX Handlers 15

authwp_ajax_vc_save_provider_orderincludes\class-admin\serviceprovider.php:28

authwp_ajax_ventraconnect_sl_save_provider_orderincludes\class-admin\serviceprovider.php:30

authwp_ajax_ventraconnect_sl_save_provider_settingsincludes\class-admin\serviceprovider.php:32

authwp_ajax_ventraconnect_sl_run_diagnosticsincludes\class-diagnostics.php:11

noprivwp_ajax_ventraconnect_sl_oauth_callbackincludes\class-oauth.php:26

authwp_ajax_ventraconnect_sl_oauth_callbackincludes\class-oauth.php:27

authwp_ajax_ventraconnect_sl_site_diagnosticsincludes\diagnostics\class-ajax.php:15

authwp_ajax_ventraconnect_sl_profile_resyncincludes\services\class-profile-sync.php:48

authwp_ajax_ventraconnect_sl_profile_resync_bulkincludes\services\class-profile-sync.php:49

noprivwp_ajax_ventraconnect_sl_magic_link_sendincludes\services\class-token-auth.php:105

authwp_ajax_ventraconnect_sl_magic_link_sendincludes\services\class-token-auth.php:106

noprivwp_ajax_ventraconnect_sl_otp_sendincludes\services\class-token-auth.php:107

authwp_ajax_ventraconnect_sl_otp_sendincludes\services\class-token-auth.php:108

noprivwp_ajax_ventraconnect_sl_otp_verifyincludes\services\class-token-auth.php:109

authwp_ajax_ventraconnect_sl_otp_verifyincludes\services\class-token-auth.php:110

REST API Routes 1

GET/wp-json/ventraconnect_sl/v1/oauth/(?P<provider>[a-z0-9_-]+)includes\class-oauth.php:341

Shortcodes 1

[ventraconnect_sl_social_login] includes\class-shortcodes.php:30

WordPress Hooks 45

actionadmin_initincludes\admin\class-vcs-admin.php:16

actionadmin_menuincludes\class-admin\serviceprovider.php:22

actionadmin_enqueue_scriptsincludes\class-admin\serviceprovider.php:25

actionshow_user_profileincludes\class-admin-user.php:14

actionedit_user_profileincludes\class-admin-user.php:15

filtermanage_users_columnsincludes\class-admin-user.php:16

filtermanage_users_custom_columnincludes\class-admin-user.php:17

actionadmin_enqueue_scriptsincludes\class-admin-user.php:18

filtersafe_style_cssincludes\class-buttons.php:16

actionwp_enqueue_scriptsincludes\class-buttons.php:24

actionlogin_enqueue_scriptsincludes\class-buttons.php:31

filterventraconnect_sl_can_create_userincludes\class-hooks.php:29

actioninitincludes\class-hooks.php:32

actioninitincludes\class-hooks.php:33

actionadmin_noticesincludes\class-hooks.php:114

actionwp_footerincludes\class-hooks.php:118

actionventraconnect_sl_redirect_debugincludes\class-hooks.php:169

filterallowed_redirect_hostsincludes\class-oauth.php:29

actionrest_api_initincludes\class-oauth.php:30

actionadmin_initincludes\class-privacy.php:12

filterwp_privacy_personal_data_exportersincludes\class-privacy.php:14

filterwp_privacy_personal_data_erasersincludes\class-privacy.php:15

filterventraconnect_sl_redirect_urlincludes\class-redirectresolver.php:299

actionadmin_initincludes\class-settings.php:50

actioninitincludes\class-shortcodes.php:27

filterventraconnect_sl_oauth_state_extraincludes\class-shortcodes.php:35

actionwoocommerce_account_dashboardincludes\integrations\class-integration-woo.php:20

actionwoocommerce_account_contentincludes\integrations\class-integration-woo.php:21

filterventraconnect_sl_can_unlinkincludes\integrations\class-integration-woo.php:22

actionlogin_formincludes\integrations\class-integration-wp.php:16

filterlogin_messageincludes\integrations\class-integration-wp.php:17

actionregister_formincludes\integrations\class-integration-wp.php:18

actioncomment_form_topincludes\integrations\class-integration-wp.php:19

filterventraconnect_sl_oauth_state_extraincludes\integrations\class-integration-wp.php:20

actionventraconnect_sl_login_successincludes\services\class-profile-sync.php:43

filterget_avatarincludes\services\class-profile-sync.php:44

actionprofile_updateincludes\services\class-profile-sync.php:46

actiontemplate_redirectincludes\services\class-token-auth.php:111

filterwp_mail_from_nameincludes\services\class-token-auth.php:264

actionplugins_loadedventraconnect-social-login.php:104

actionadmin_initventraconnect-social-login.php:122

filterpre_update_option_ventraconnect_sl_settingsventraconnect-social-login.php:132

actioninitventraconnect-social-login.php:232

actionplugins_loadedventraconnect-social-login.php:248

actionventraconnect_sl_purge_tokens_dailyventraconnect-social-login.php:297

Scheduled Events 1

ventraconnect_sl_purge_tokens_daily

Maintenance & Trust

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads584

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Alternatives

MojoAuth Passwordless Authentication

mojoauth

MojoAuth provides a secure and delightful experience to your customer with passwordless. Here, you'll find comprehensive guides and documentation …

10 No CVEs

Wapu Auth – Google Social Login for WordPress & WooCommerce

wapu-auth-social-login

100

Google Social Login for WordPress & WooCommerce -- free. Let users register and login with their Google account in one click. No passwords, no forms.

0 No CVEs

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 2 CVEs

Magic Login – Passwordless Authentication for WordPress – Login Without Password

magic-login

100

Passwordless login for WordPress. Streamline the login process by sending magic links to your users.

2K No CVEs

Postmatic Social Commenting

postmatic-social-commenting

A tiny, fast, and convenient way to let your readers comment using their social profiles.

50 No CVEs

Developer Profile

VentraConnect – Social Login, Magic Link & Email OTP (Passwordless) Developer Profile

Fahad Aslam

2 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ventraconnect-social-login/assets/css/frontend.css/wp-content/plugins/ventraconnect-social-login/assets/js/frontend.js

Script Paths

/wp-content/plugins/ventraconnect-social-login/assets/js/frontend.js

Version Parameters

ventraconnect-social-login/assets/css/frontend.css?ver=ventraconnect-social-login/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

ventraconnect-social-login-buttonsventraconnect-social-login-button

Data Attributes

data-vcs-login-form-nonce

JS Globals

VCSL_i18nVCSL_frontend_params

REST Endpoints

/wp-json/ventraconnect-social-login/v1/auth

Shortcode Output

[ventraconnect_social_login]

FAQ