Does Add User Autocomplete have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Add User Autocomplete compatible with WordPress 3.2.1?

According to WordPress.org data, Add User Autocomplete 1.1 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Add User Autocomplete updated?

Add User Autocomplete was last updated on Apr 16, 2012. Frequent updates are generally a positive security signal.

What is Add User Autocomplete's security score?

Add User Autocomplete has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add User Autocomplete Security & Risk Analysis

wordpress.org/plugins/add-user-autocomplete

Enables autocomplete for the Add Existing User field at Dashboard > Users > Add New. Requires Multisite.

10 active installs v1.1 PHP + WP 3.1+ Updated Apr 16, 2012

addadd-userautocompleteautosuggest

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Add User Autocomplete Safe to Use in 2026?

Generally Safe

Score 85/100

Add User Autocomplete has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'add-user-autocomplete' plugin, version 1.1, presents a notable security concern due to its unprotected AJAX handler. While the plugin exhibits strengths such as the absence of known CVEs and a clean history of vulnerabilities, the static analysis reveals significant weaknesses. The single entry point, an AJAX handler, lacks any authentication or authorization checks, making it directly accessible to any user, including unauthenticated ones. This creates a substantial attack surface for this specific function. Furthermore, the analysis indicates that all output is unescaped, raising concerns about potential cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected back to the browser. Although taint analysis did not flag critical or high-severity unsanitized paths, the combination of an unprotected endpoint and unescaped output creates a risky scenario.

Key Concerns

Unprotected AJAX handler
Output not properly escaped
Bundled outdated jQuery library

Vulnerabilities

None known

Add User Autocomplete Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Add User Autocomplete Release Timeline

v1.1Current

v1.0

Code Analysis

Analyzed Apr 6, 2026

Add User Autocomplete Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery1.3.2

Output Escaping

0% escaped2 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

autocomplete_results (add-user-autocomplete.php:39)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Add User Autocomplete Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_add_to_blog_find_useradd-user-autocomplete.php:21

WordPress Hooks 5

actionadmin_print_styles-user-new.phpadd-user-autocomplete.php:19

actionadmin_print_scripts-user-new.phpadd-user-autocomplete.php:20

actionadmin_initadd-user-autocomplete.php:22

actionadmin_noticesadd-user-autocomplete.php:23

actioninitadd-user-autocomplete.php:150

Maintenance & Trust

Add User Autocomplete Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedApr 16, 2012

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Add User Autocomplete Alternatives

Checkout Address Suggestion And Autocomplete For Woocommerce

checkout-address-suggestion-and-autocomplete-for-woocommerce

Allows your customers to Autocomplete billing and shipping address in checkout page with google places API.

30 No CVEs

Autocomplete Address and Location Picker for WooCommerce

autocomplete-address-and-location-picker-for-woocommerce

100

Improve your WooCommerce checkout flow with Google Places address autocomplete, geocoding, and location picker tools. Supports Classic Checkout and Ch …

2K No CVEs

Autocomplete Google Address

autocomplete-google-address

100

The #1 Google Address Autocomplete for WordPress. Visual point-and-click setup -- no coding needed. Works with WooCommerce, CF7, WPForms, Gravity Form …

2K No CVEs

Address Autocomplete via Google for Gravity Forms

gf-google-address-autocomplete

A simple and nice plugin to get auto suggestion from google place api in gravity form address field.

2K 1 CVE

Address correction autocomplete for Woo

adresskorrektur-autocomplete-fuer-woo

This plug-in for Woocommerce enables an auto address correction to be implemented in the checkout process using the Google API.

1K No CVEs

Developer Profile

Add User Autocomplete Developer Profile

Boone Gorges

28 plugins · 11K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

1694 days

View full developer profile

Detection Fingerprints

How We Detect Add User Autocomplete

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-user-autocomplete/css/add-user-autocomplete.css/wp-content/plugins/add-user-autocomplete/js/jquery.autocomplete/jquery.autocomplete.js/wp-content/plugins/add-user-autocomplete/js/add-user-autocomplete.js

Script Paths

/wp-content/plugins/add-user-autocomplete/js/jquery.autocomplete/jquery.autocomplete.js/wp-content/plugins/add-user-autocomplete/js/add-user-autocomplete.js

HTML / DOM Fingerprints

JS Globals

Add_User_AutocompleteA2B_User_Query

REST Endpoints

/wp-json/add-user-autocomplete/v1/users

FAQ