WP-Safety

Web3 – Crypto wallet Login & NFT token gating Security & Risk Analysis

wordpress.org/plugins/web3-authentication

Users can sign up for your WordPress using their crypto wallets. Gate content based on NFTs owned. Web3 authentication plugin supports crypto wallets …

100 active installs v3.1.4 PHP 7.0+ WP 2.0.2+ Updated Apr 3, 2024
ethereumnftpolygonsolanaweb3
88
A · Safe
CVEs total2
Unpatched0
Last CVEJan 17, 2024
Plugin page Download
Safety Verdict

Is Web3 – Crypto wallet Login & NFT token gating Safe to Use in 2026?

Generally Safe

Score 88/100

Web3 – Crypto wallet Login & NFT token gating has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 17, 2024Updated 2yr ago
Risk Assessment

The web3-authentication plugin v3.1.4 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several areas. The absence of dangerous functions, raw SQL queries, and file operations is commendable. The plugin also shows a high degree of output escaping and implements nonce and capability checks, indicating a good understanding of WordPress security fundamentals. However, the presence of two past critical vulnerabilities, both related to Authentication Bypass Using an Alternate Path or Channel, is a significant concern. While currently unpatched vulnerabilities are zero, this history suggests a recurring pattern of weaknesses that attackers could exploit if similar flaws are reintroduced. The taint analysis, while showing no critical or high severity flows, did reveal that all analyzed flows had unsanitized paths, which, combined with the history of authentication bypass, warrants careful scrutiny. The limited attack surface with all entry points protected is a strength, but the history of critical vulnerabilities cannot be overlooked.

Key Concerns

  • History of 2 critical vulnerabilities
  • All taint flows with unsanitized paths
  • External HTTP requests present
Vulnerabilities
2

Web3 – Crypto wallet Login & NFT token gating Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
2

2 total CVEs

CVE-2023-6036critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Web3 <= 2.8.0 - Authentication Bypass

Jan 17, 2024 Patched in 3.0.0 (66d)
CVE-2023-3249critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass

Jun 29, 2023 Patched in 2.7.0 (208d)
Code Analysis
Analyzed Mar 16, 2026

Web3 – Crypto wallet Login & NFT token gating Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
275 escaped
Nonce Checks
14
Capability Checks
2
File Operations
0
External Requests
7
Bundled Libraries
0

Output Escaping

98% escaped280 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
type_of_request (classes\common\Web3\controller\class-moweb3flowhandler.php:340)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Web3 – Crypto wallet Login & NFT token gating Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

noprivwp_ajax_type_of_requestclasses\common\Web3\controller\class-moweb3flowhandler.php:61
authwp_ajax_type_of_requestclasses\common\Web3\controller\class-moweb3flowhandler.php:62
WordPress Hooks 16
actionadmin_menuclasses\common\Base\class-moweb3basestructure.php:48
actionadmin_enqueue_scriptsclasses\common\Base\class-moweb3loader.php:101
actionadmin_enqueue_scriptsclasses\common\Base\class-moweb3loader.php:102
actionadmin_noticesclasses\common\class-moweb3utils.php:141
actionadmin_noticesclasses\common\class-moweb3utils.php:149
actionadmin_initclasses\common\Demo\controller\class-moweb3democontroller.php:33
actionadmin_initclasses\common\Feedback\class-moweb3feedbacksettings.php:50
actionadmin_footerclasses\common\Feedback\class-moweb3feedbacksettings.php:51
actionplugins_loadedclasses\common\Migration\class-moweb3migrationhandler.php:35
actionadmin_initclasses\common\Settings\class-moweb3settings.php:55
actioninitclasses\common\Web3\controller\class-moweb3flowhandler.php:64
actionadmin_initclasses\common\Web3\controller\class-moweb3flowhandler.php:65
actionadmin_initclasses\common\Web3\controller\class-moweb3flowhandler.php:66
actionadmin_initclasses\common\Web3\controller\class-moweb3flowhandler.php:67
actionlogin_formclasses\common\Web3\view\Button\class-moweb3view.php:47
filterscript_loader_tagclasses\common\Web3\view\Button\class-moweb3view.php:85
Maintenance & Trust

Web3 – Crypto wallet Login & NFT token gating Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 3, 2024
PHP min version7.0
Downloads13K

Community Trust

Rating94/100
Number of ratings23
Active installs100
Alternatives

Web3 – Crypto wallet Login & NFT token gating Alternatives

Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site

Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site

kredeum-nfts

A
91

Sell your NFTs directly on your WordPress site in an easy and fast way.

40 1 CVE
WordThree – Easily Login & Register Using Your MetaMask Wallet

WordThree – Easily Login & Register Using Your MetaMask Wallet

wordthree

A
85

Allow users to login and register using their MetaMask wallet.

20 No CVEs
Opensea NFT Gallery

Opensea NFT Gallery

gallery-openseanft

A
92

In just few clicks you can display NFTs (from Opensea) on your Wordpress website.

10 No CVEs
Web3 Wallet Login

Web3 Wallet Login

web3-wallet-login

A
85

This module allows for users to login to their wordpress account via their web3 wallet.

0 No CVEs
WPSmartContracts

WPSmartContracts

wp-smart-contracts

B
72

WP Smart Contracts: The first WordPress plugin bringing blockchain technology to your fingertips since 2019.

200 1 unpatched
Developer Profile

Web3 – Crypto wallet Login & NFT token gating Developer Profile

miniOrange

38 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect Web3 – Crypto wallet Login & NFT token gating

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/web3-authentication/resources/css/prod/style_settings.min.css/wp-content/plugins/web3-authentication/resources/css/prod/phone.min.css/wp-content/plugins/web3-authentication/resources/js/prod/phone.min.js
Script Paths
resources/js/prod/phone.min.js
Version Parameters
web3-authentication/resources/css/prod/style_settings.min.css?ver=web3-authentication/resources/css/prod/phone.min.css?ver=web3-authentication/resources/js/prod/phone.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
moweb3-login-btnmoweb3-login-btn-textmoweb3-btnmoweb3-input
HTML Comments
<!-- Custom JS to handle redirection--><!-- Web3 Login/Register Form--><!-- Web3 Login Button-->
Data Attributes
data-modal-iddata-wallet-type
JS Globals
moweb3_login_popupMoWeb3ConstantsMOWEB3_URL
Shortcode Output
[mo_web3_login_button][mo_web3_login_form][mo_web3_logout_button]
FAQ

Frequently Asked Questions about Web3 – Crypto wallet Login & NFT token gating