Product link: https://codecanyon.net/item/angry-frog-p...pt/9146226
Live preview: http://www.angry-frog.com/demo/
I am somewhat positive the security standards are up to par with this login script regarding protection from web app exploits. However, they are using a bad password hashing algorithm. The hashes are salted, but it is best to use bcrypt or scrypt especially if you are going to deploy as part of a public application.
Sorry, but you need at least 25 posts and 5 hours online time to unlock hidden content.
Virus scan: https://www.virustotal.com/en/file/25bc2...456599871/
P.S.: Not sure why the virus scan says it detected a webshell, probably something to do with the ACP, but if you are sketched out, go through every file manually and check the code.