WP-Safety

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Security & Risk Analysis

wordpress.org/plugins/wp-edit-password-protected

Create easily Password protected page or posts in your WordPress website with conditional display options.

3K active installs v1.3.7 PHP 7.4+ WP 6.0+ Updated Dec 3, 2025
login-formmember-only-pagepasswordprotected-pageuser-only-page
98
A · Safe
CVEs total2
Unpatched0
Last CVEAug 21, 2025
Plugin page Download
Safety Verdict

Is Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Safe to Use in 2026?

Generally Safe

Score 98/100

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 21, 2025Updated 4mo ago
Risk Assessment

The "wp-edit-password-protected" plugin version 1.3.7 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface and vulnerability history. The plugin exposes 5 AJAX handlers, with a concerning 4 of them lacking proper authentication checks. This creates a substantial entry point for potential attacks that could be leveraged by authenticated users, or if further vulnerabilities exist to gain initial access. The presence of a `create_function` call, though only one instance, is a notable code smell that can lead to security issues if not handled with extreme care. Furthermore, the plugin has a history of 2 medium severity CVEs, specifically related to 'Open Redirect' and 'Missing Authorization'. While currently unpatched, this history suggests a recurring pattern of vulnerabilities in authorization logic, which aligns with the static analysis findings of unprotected AJAX handlers. The last vulnerability being in 2025 indicates a recent history of security flaws. In conclusion, while the plugin has some solid security implementations, the significant number of unprotected AJAX endpoints and its past vulnerability record, particularly concerning authorization, present tangible risks that require attention.

Key Concerns

  • 4 unprotected AJAX handlers
  • Dangerous function used (create_function)
  • 2 medium severity CVEs in history
  • History of Missing Authorization vulnerabilities
Vulnerabilities
2

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-9034medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Wp Edit Password Protected <= 1.3.4 - Open Redirect

Aug 21, 2025 Patched in 1.3.5 (36d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-wp-edit-password-protectedmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.2.4 (699d)
Code Analysis
Analyzed Mar 16, 2026

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
28
226 escaped
Nonce Checks
3
Capability Checks
6
File Operations
3
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');admin\src\class.settings-api.php:108

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

89% escaped254 total outputs
Attack Surface
4 unprotected

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_kirki_fonts_google_all_getadmin\kirki\packages\kirki-framework\googlefonts\src\GoogleFonts.php:47
noprivwp_ajax_kirki_fonts_google_all_getadmin\kirki\packages\kirki-framework\googlefonts\src\GoogleFonts.php:48
authwp_ajax_kirki_fonts_standard_all_getadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Google.php:88
noprivwp_ajax_kirki_fonts_standard_all_getadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Google.php:89
authwp_ajax_wpepp_dismiss_update_noticewp-edit-password-protected.php:262
WordPress Hooks 136
actioninitadmin\kirki\admin-page-setup.php:597
actioncustomize_registeradmin\kirki\packages\kirki-framework\compatibility\src\Aliases.php:152
filterkirki_configadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:4
filterkirki_control_typesadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:8
filterkirki_section_typesadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:12
filterkirki_section_types_excludeadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:16
filterkirki_control_types_excludeadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:20
filterkirki_controlsadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:24
filterkirki_fieldsadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:28
filterkirki_modulesadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:32
filterkirki_panel_typesadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:36
filterkirki_setting_typesadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:40
filterkirki_variableadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:44
filterkirki_values_get_valueadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:48
actioninitadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:52
filterkirki_enqueue_google_fontsadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:82
filterkirki_styles_arrayadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:86
filterkirki_dynamic_css_methodadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:90
filterkirki_postmessage_scriptadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:94
filterkirki_fonts_alladmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:98
filterkirki_fonts_standard_fontsadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:102
filterkirki_fonts_google_fontsadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:106
filterkirki_googlefonts_load_methodadmin\kirki\packages\kirki-framework\compatibility\src\deprecated\filters.php:110
actionwp_loadedadmin\kirki\packages\kirki-framework\compatibility\src\Init.php:43
filterkirki_control_typesadmin\kirki\packages\kirki-framework\compatibility\src\Init.php:44
actioncustomize_registeradmin\kirki\packages\kirki-framework\compatibility\src\Init.php:46
actionadmin_noticesadmin\kirki\packages\kirki-framework\compatibility\src\Init.php:48
actionadmin_initadmin\kirki\packages\kirki-framework\compatibility\src\Init.php:49
actioncustomize_registeradmin\kirki\packages\kirki-framework\compatibility\src\Init.php:102
actioncustomize_registeradmin\kirki\packages\kirki-framework\compatibility\src\Init.php:103
actionafter_setup_themeadmin\kirki\packages\kirki-framework\compatibility\src\Modules.php:48
actionafter_setup_themeadmin\kirki\packages\kirki-framework\compatibility\src\Modules.php:49
actionwp_enqueue_scriptsadmin\kirki\packages\kirki-framework\compatibility\src\Scripts.php:38
actionadmin_register_scriptsadmin\kirki\packages\kirki-framework\compatibility\src\Scripts.php:39
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\compatibility\src\Scripts.php:40
filterkirki_output_item_argsadmin\kirki\packages\kirki-framework\control-image\src\Field\Image.php:56
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\control-image\src\Field\Image.php:57
actioncustomize_preview_initadmin\kirki\packages\kirki-framework\control-react-colorful\src\Field\ReactColorful.php:60
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\control-react-colorful\src\Field\ReactColorful.php:61
filterkirki_field_add_setting_argsadmin\kirki\packages\kirki-framework\data-option\src\Option.php:27
filterkirki_field_add_control_argsadmin\kirki\packages\kirki-framework\data-option\src\Option.php:28
filterkirki_get_valueadmin\kirki\packages\kirki-framework\data-option\src\Option.php:29
actionwp_loadedadmin\kirki\packages\kirki-framework\field\src\Field.php:90
actionwpadmin\kirki\packages\kirki-framework\field\src\Field.php:97
actioncustomize_registeradmin\kirki\packages\kirki-framework\field\src\Field.php:107
actioncustomize_registeradmin\kirki\packages\kirki-framework\field\src\Field.php:110
actioncustomize_registeradmin\kirki\packages\kirki-framework\field\src\Field.php:113
filterkirki_field_add_setting_argsadmin\kirki\packages\kirki-framework\field\src\Field.php:116
filterkirki_field_add_control_argsadmin\kirki\packages\kirki-framework\field\src\Field.php:117
actioncustomize_preview_initadmin\kirki\packages\kirki-framework\field-background\src\Background.php:246
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\field-background\src\Background.php:247
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\field-dimensions\src\Dimensions.php:43
actioncustomize_preview_initadmin\kirki\packages\kirki-framework\field-dimensions\src\Dimensions.php:44
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\field-dimensions\src\Dimensions.php:45
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\field-multicolor\src\Field\Multicolor.php:41
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\field-typography\src\Field\Typography.php:209
actioncustomize_preview_initadmin\kirki\packages\kirki-framework\field-typography\src\Field\Typography.php:210
filterkirki_output_control_classnamesadmin\kirki\packages\kirki-framework\field-typography\src\Field\Typography.php:211
actionplugins_loadedadmin\kirki\packages\kirki-framework\l10n\src\L10n.php:62
filteroverride_load_textdomainadmin\kirki\packages\kirki-framework\l10n\src\L10n.php:66
actionkirki_field_initadmin\kirki\packages\kirki-framework\module-css\src\CSS.php:82
actioninitadmin\kirki\packages\kirki-framework\module-css\src\CSS.php:83
actionwpadmin\kirki\packages\kirki-framework\module-css\src\CSS.php:96
actionwp_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-css\src\CSS.php:106
actionwp_headadmin\kirki\packages\kirki-framework\module-css\src\CSS.php:108
actionadmin_initadmin\kirki\packages\kirki-framework\module-editor-styles\src\Editor_Styles.php:80
actionenqueue_block_editor_assetsadmin\kirki\packages\kirki-framework\module-editor-styles\src\Editor_Styles.php:107
actionafter_setup_themeadmin\kirki\packages\kirki-framework\module-editor-styles\src\Editor_Styles.php:108
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-field-dependencies\src\Field_Dependencies.php:38
filterkirki_field_add_control_argsadmin\kirki\packages\kirki-framework\module-field-dependencies\src\Field_Dependencies.php:39
actioncustomize_registeradmin\kirki\packages\kirki-framework\module-panels\src\Panel.php:63
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-panels\src\Panel.php:65
actioncustomize_registeradmin\kirki\packages\kirki-framework\module-panels\src\Panel.php:112
actioncustomize_preview_initadmin\kirki\packages\kirki-framework\module-postmessage\src\Postmessage.php:37
actionkirki_field_add_setting_argsadmin\kirki\packages\kirki-framework\module-postmessage\src\Postmessage.php:38
actioncustomize_controls_print_footer_scriptsadmin\kirki\packages\kirki-framework\module-preset\src\Preset.php:38
filterkirki_field_add_control_argsadmin\kirki\packages\kirki-framework\module-preset\src\Preset.php:39
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-section-icons\src\Section_Icons.php:56
actionkirki_panel_addedadmin\kirki\packages\kirki-framework\module-section-icons\src\Section_Icons.php:57
actionkirki_section_addedadmin\kirki\packages\kirki-framework\module-section-icons\src\Section_Icons.php:58
actioncustomize_registeradmin\kirki\packages\kirki-framework\module-sections\src\Section.php:65
actioncustomize_registeradmin\kirki\packages\kirki-framework\module-sections\src\Section.php:68
actioncustomize_controls_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-sections\src\Section.php:70
actioncustomize_controls_print_footer_scriptsadmin\kirki\packages\kirki-framework\module-sections\src\Section.php:71
actioncustomize_registeradmin\kirki\packages\kirki-framework\module-sections\src\Section.php:142
filterkirki_field_add_setting_argsadmin\kirki\packages\kirki-framework\module-selective-refresh\src\Selective_Refresh.php:35
actioncustomize_controls_print_footer_scriptsadmin\kirki\packages\kirki-framework\module-tooltips\src\Tooltips.php:41
filterkirki_field_add_control_argsadmin\kirki\packages\kirki-framework\module-tooltips\src\Tooltips.php:42
actionwp_headadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Async.php:82
actionwp_headadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Async.php:83
actionadmin_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Async.php:86
actionadmin_enqueue_scriptsadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Async.php:87
actionwpadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Embed.php:72
actionkirki_dynamic_cssadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts\Embed.php:85
actionkirki_field_initadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts.php:51
actionwp_loadedadmin\kirki\packages\kirki-framework\module-webfonts\src\Webfonts.php:52
filterhttp_request_argsadmin\kirki\packages\kirki-framework\util\src\Util.php:37
actionkirki_field_initadmin\kirki\packages\kirki-framework\util\src\Util.php:38
actioninitadmin\kirki\password-protect-settings.php:447
actionadmin_noticesadmin\nt-class.php:176
actionadmin_noticesadmin\nt-class.php:253
actionadmin_noticesadmin\nt-class.php:270
actioninitadmin\nt-class.php:284
actionadmin_noticesadmin\nt-class.php:316
actioninitadmin\pagetemplater.php:47
filterpage_attributes_dropdown_pages_argsadmin\pagetemplater.php:61
filtertheme_page_templatesadmin\pagetemplater.php:68
filterwp_insert_post_dataadmin\pagetemplater.php:75
filtertemplate_includeadmin\pagetemplater.php:83
actionplugins_loadedadmin\pagetemplater.php:181
actionadmin_enqueue_scriptsadmin\src\class.settings-api.php:30
actionwsa_form_top_pp_new_basic_settingsadmin\wp_edit_pass_options.php:19
actionadmin_initadmin\wp_edit_pass_options.php:20
actionadmin_menuadmin\wp_edit_pass_options.php:21
actionadd_meta_boxesincludes\conditional-meta\class-conditional-meta.php:57
actionsave_postincludes\conditional-meta\class-conditional-meta.php:60
actionadmin_enqueue_scriptsincludes\conditional-meta\class-conditional-meta.php:63
actionwp_enqueue_scriptsincludes\conditional-meta\class-conditional-meta.php:64
filterthe_contentincludes\conditional-meta\class-conditional-meta.php:67
filterthe_titleincludes\conditional-meta\class-conditional-meta.php:70
filterpost_thumbnail_htmlincludes\conditional-meta\class-conditional-meta.php:71
filterrest_prepare_postincludes\conditional-meta\class-conditional-meta.php:73
filterrest_prepare_pageincludes\conditional-meta\class-conditional-meta.php:74
filterrest_prepare_postincludes\conditional-meta\class-conditional-meta.php:76
filterrest_prepare_pageincludes\conditional-meta\class-conditional-meta.php:77
filterthe_password_formincludes\wp_edit_pass_customize.php:15
actionwp_loadedincludes\wp_edit_pass_customize.php:16
actionplugins_loadedwp-edit-password-protected.php:97
actioninitwp-edit-password-protected.php:99
actioninitwp-edit-password-protected.php:101
actionadmin_enqueue_scriptswp-edit-password-protected.php:183
actionwp_login_failedwp-edit-password-protected.php:184
actionwp_enqueue_scriptswp-edit-password-protected.php:185
actioncustomize_controls_enqueue_scriptswp-edit-password-protected.php:186
filterrest_prepare_pagewp-edit-password-protected.php:284
filterrest_prepare_postwp-edit-password-protected.php:285
Maintenance & Trust

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version7.4
Downloads75K

Community Trust

Rating90/100
Number of ratings17
Active installs3K
Alternatives

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Alternatives

Passwordless Login

Passwordless Login

passwordless-login

A
100

Passwordless login form via a simple to use shortcode: [passwordless-login]

1K 1 CVE
Expire Password Protected Pages

Expire Password Protected Pages

expire-password-protected-pages

A
85

Description: This plugin will require visitors to type in the password each time they are visiting a password protected page.

200 No CVEs
NoMorePass Login

NoMorePass Login

nomorepass-forget-your-passwords

A
100

Use your mobile phone to login into wordpress. Allow users instant registration. Fully protection against force brute attacks

70 No CVEs
Login Links – Passwordless Login, Temporary Access Links & Custom Login Form

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form

login-links

A
100

Create secure self-expiring login links for temporary access and guest users, and enable passwordless login for registered ones.

40 No CVEs
Login, Registration and Lost Password Blocks

Login, Registration and Lost Password Blocks

frontend-login-and-registration-blocks

A
93

Login, Registration and Lost Password Blocks plugin provides blocks helps you to add login, register, lost password forms from front end.

30 2 CVEs
Developer Profile

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form Developer Profile

Noor Alam

102 plugins · 29K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-edit-password-protected/assets/css/wpps-fonts.css/wp-content/plugins/wp-edit-password-protected/assets/css/wppps-style.css/wp-content/plugins/wp-edit-password-protected/assets/css/admin.css/wp-content/plugins/wp-edit-password-protected/assets/js/admin.js/wp-content/plugins/wp-edit-password-protected/assets/css/wpepp-customizer.css
Script Paths
/wp-content/plugins/wp-edit-password-protected/assets/js/admin.js
Version Parameters
wp-edit-password-protected/assets/css/wpps-fonts.css?ver=wp-edit-password-protected/assets/css/wppps-style.css?ver=wp-edit-password-protected/assets/css/admin.css?ver=wp-edit-password-protected/assets/js/admin.js?ver=wp-edit-password-protected/assets/css/wpepp-customizer.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpepp_dismiss_notice
JS Globals
wpeppAdmin
FAQ

Frequently Asked Questions about Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form