Account Switcher Security & Risk Analysis

wordpress.org/plugins/account-switcher

With Account Switcher, you can add a new and super feature to your sites, especially by eliminating a big deficiency of your social WordPress sites.

0 active installs v1.0.2 PHP 8.1+ WP 5.0+ Updated May 22, 2025
account-switchermultiple-accountswpml
67
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 19, 2026
Safety Verdict

Is Account Switcher Safe to Use in 2026?

Use With Caution

Score 67/100

Account Switcher has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 19, 2026Updated 1yr ago
Risk Assessment

The 'account-switcher' plugin version 1.0.2 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, the exclusive use of prepared statements for all SQL queries, and the 100% proper output escaping are significant strengths. Furthermore, the lack of any recorded vulnerabilities in its history, including critical or high severity ones, suggests a well-maintained and secure codebase. The limited attack surface, with zero unprotected entry points, is also a positive indicator. However, the complete absence of capability checks is a notable concern. While the current code may not directly expose vulnerabilities, it relies on WordPress's core authorization mechanisms implicitly, and any future development or integration could introduce risks if capability checks are not explicitly implemented for sensitive operations. This plugin appears to follow good security practices but lacks explicit authorization enforcement in its current form, which is a minor area for potential improvement.

Key Concerns

  • Missing capability checks
Vulnerabilities
1 published

Account Switcher Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-6456high · 8.8Improper Authentication

Account Switcher <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation

May 19, 2026Unpatched
Version History

Account Switcher Release Timeline

v1.0.2Current1 CVE
v1.0.11 CVE
Code Analysis
Analyzed Apr 16, 2026

Account Switcher Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
14 prepared
Unescaped Output
0
190 escaped
Nonce Checks
2
Capability Checks
0
File Operations
7
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared14 total queries

Output Escaping

100% escaped190 total outputs
Attack Surface

Account Switcher Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 30
filterauth_cookie_expirationapp/Hooks.php:29
filterwoocommerce_account_menu_itemsapp/Hooks.php:31
filterwoocommerce_get_endpoint_urlapp/Hooks.php:32
actioninitapp/Hooks.php:35
actionwp_footerapp/Hooks.php:37
actioninitapp/Loader.php:33
actioninitapp/PluginHero/BaseAPI.php:35
actionrest_api_initapp/PluginHero/BaseAPI.php:43
filterrest_pre_dispatchapp/PluginHero/BaseAPI.php:71
actioninitapp/PluginHero/Helpers/Feedback.php:69
actionrest_api_initapp/PluginHero/Helpers/Feedback.php:75
actionadmin_enqueue_scriptsapp/PluginHero/Helpers/Feedback.php:114
actionadmin_footerapp/PluginHero/Helpers/Feedback.php:129
actionrest_api_initapp/PluginHero/Helpers/Feedback.php:155
actionadmin_initapp/PluginHero/Helpers/Redirect.php:25
actiontemplate_redirectapp/PluginHero/Helpers/Redirect.php:37
filtertheme_page_templatesapp/PluginHero/Helpers/Template.php:85
filtertemplate_includeapp/PluginHero/Helpers/Template.php:90
actionadmin_noticesapp/PluginHero/Helpers.php:79
actionadmin_noticesapp/PluginHero/Helpers.php:96
actionadmin_noticesapp/PluginHero/Helpers.php:104
actionadmin_noticesapp/PluginHero/Helpers.php:112
actionadmin_noticesapp/PluginHero/Helpers.php:120
actionadmin_noticesapp/PluginHero/Helpers.php:128
actionadmin_noticesapp/PluginHero/Helpers.php:139
actionadmin_menuapp/PluginHero/Page.php:40
actionadmin_enqueue_scriptsapp/PluginHero/Plugin.php:68
actionwp_enqueue_scriptsapp/PluginHero/Plugin.php:77
actioninitapp/PluginHero/Plugin.php:96
actioninitapp/PluginHero/Plugin.php:144
Maintenance & Trust

Account Switcher Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 22, 2025
PHP min version8.1
Downloads626

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Account Switcher Developer Profile

BeycanPress LLC

22 plugins · 240 total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
85 days
View full developer profile
Detection Fingerprints

How We Detect Account Switcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/account-switcher/assets/css/style.css/wp-content/plugins/account-switcher/assets/js/script.js
Script Paths
/wp-content/plugins/account-switcher/assets/js/script.js
Version Parameters
account-switcher?ver=style.css?ver=script.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-account-switcher-id
JS Globals
accountSwitcher
FAQ

Frequently Asked Questions about Account Switcher