Does Active Users List have any unpatched vulnerabilities?

No. All known vulnerabilities in Active Users List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Active Users List compatible with WordPress 5.2.24?

According to WordPress.org data, Active Users List 1.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Active Users List compatible with PHP 5.2.4+?

Active Users List requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Active Users List updated?

Active Users List was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Active Users List's security score?

Active Users List has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Active Users List Security & Risk Analysis

wordpress.org/plugins/active-users-list

List all the current active users

0 active installs v1.0 PHP 5.2.4+ WP 3.0+ Updated Unknown

active-usersavailable-usersonline-usersusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Active Users List Safe to Use in 2026?

Generally Safe

Score 100/100

Active Users List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'active-users-list' plugin v1.0 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs), and the static analysis reveals a limited attack surface with no identified AJAX handlers or REST API routes lacking authentication. Furthermore, there are no dangerous functions, file operations, external HTTP requests, or bundled libraries. This suggests a generally conservative approach to coding practices.

However, significant concerns arise from the code signals. The plugin uses raw SQL queries, with a concerning 67% not employing prepared statements, which is a substantial risk for SQL injection vulnerabilities. Critically, none of the identified outputs are properly escaped, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The absence of nonce checks and capability checks on its single shortcode entry point further exacerbates these risks, as it allows for potential unauthorized actions or data exposure.

While the lack of a vulnerability history is a good sign, it doesn't negate the inherent risks identified in the current code. The potential for SQL injection and XSS attacks, coupled with the absence of essential security checks, means that even without past incidents, this plugin presents a significant security risk to any WordPress installation. The strengths lie in its limited attack surface and lack of known past exploits, but the weaknesses in input sanitization and output escaping are critical.

Key Concerns

High percentage of SQL queries not using prepared statements
No output escaping for identified outputs
No nonce checks on shortcode
No capability checks on shortcode

Vulnerabilities

None known

Active Users List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Active Users List Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared3 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

Active Users List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[Available-Users] active-users-list.php:34

WordPress Hooks 4

actioninitactive-users-list.php:46

actionwp_logoutactive-users-list.php:57

actionwp_headactive-users-list.php:160

actionwp_footeractive-users-list.php:185

Maintenance & Trust

Active Users List Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedUnknown

PHP min version5.2.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Active Users List Alternatives

WP Online Active Users

online-active-users

100

WP Online Active Users is a lightweight, powerful plugin to monitor and display how many users are currently online active on your WordPress website.

2K No CVEs

Fullworks Active Users Monitor

fullworks-active-users-monitor

100

Real-time monitoring of logged-in WordPress users with visual indicators, filtering, and comprehensive admin tools.

30 No CVEs

Weblix – Online Users

weblix

Display online users and page views in the last 30 minutes, just like Google Analytics, but without slowing down your website.

80 No CVEs

Fake Who’s Online for WordPress

fake-whos-online-widget

Fake whos online is a plugin that allows you to make your site seem more popular by displaying a fake amount of users online on your Wordpress site.

70 No CVEs

Lord Linus Online Visitor Widget

lord-linus-online-visitor

100

Lord Linus Online Visitor Plugin show the total number of Online users showing at the moment Besides that you can show the IP address of the users too …

10 No CVEs

Developer Profile

Active Users List Developer Profile

Ambarish

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Active Users List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

aul_activeUsersopen-buttonform-popupform-containerbtncancel

Data Attributes

onclick="closeForm()"

JS Globals

openFormcloseForm

Shortcode Output

<h3>Active Users</h3><ul class="aul_activeUsers"><li></ul>

FAQ