WP-Safety

Advanced User Role Manager Security & Risk Analysis

wordpress.org/plugins/advanced-user-role-manager

Advanced WordPress user role management with custom roles, temporary assignments, and OAuth2 integration.

0 active installs v1.0 PHP 7.0+ WP 6.8+ Updated Oct 13, 2025
advanced-user-rolecapabilitiesrole-managementuser-managementuser-role-manager
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced User Role Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced User Role Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The advanced-user-role-manager plugin v1.0 exhibits a generally strong security posture, with excellent adherence to best practices in its codebase. The plugin demonstrates a high percentage of prepared SQL statements and properly escaped output, minimizing common injection and cross-site scripting vulnerabilities. The absence of critical or high-severity taint analysis findings and a clean vulnerability history further reinforce this positive outlook. The plugin also shows a good number of nonce and capability checks, indicating an awareness of authorization and integrity concerns.

However, a significant concern is the presence of one AJAX handler that lacks authentication checks. This represents a direct entry point for potential attackers to interact with the plugin's functionality without proper authorization, which could lead to unintended actions or information disclosure depending on the handler's purpose. While the overall code quality is high and there are no recorded vulnerabilities, this single unprotected AJAX endpoint is a notable weakness that requires immediate attention. The limited attack surface beyond this point is a positive factor, but the unprotected handler should not be underestimated.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

Advanced User Role Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Advanced User Role Manager Release Timeline

v1.0Current
Code Analysis
Analyzed Mar 17, 2026

Advanced User Role Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
82 prepared
Unescaped Output
4
178 escaped
Nonce Checks
20
Capability Checks
24
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

96% prepared85 total queries

Output Escaping

98% escaped182 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

14 flows
<class-advausro-manager> (admin\views\class-advausro-manager.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Advanced User Role Manager Attack Surface

Entry Points14
Unprotected1

AJAX Handlers 14

authwp_ajax_advausro_search_logsincludes\modules\class-advausro-audit-log.php:773
authwp_ajax_advausro_add_new_custom_roleincludes\modules\class-advausro-role.php:15
authwp_ajax_advausro_get_custom_rolesincludes\modules\class-advausro-role.php:16
authwp_ajax_advausro_delete_custom_rolesincludes\modules\class-advausro-role.php:17
authwp_ajax_advausro_add_new_capabilityincludes\modules\class-advausro-role.php:18
authwp_ajax_advausro_update_role_capabilitiesincludes\modules\class-advausro-role.php:19
authwp_ajax_advausro_delete_custom_capabilitiesincludes\modules\class-advausro-role.php:20
authwp_ajax_advausro_clone_roleincludes\modules\class-advausro-role.php:21
authwp_ajax_advausro_fetch_role_capabilitiesincludes\modules\class-advausro-role.php:22
authwp_ajax_advausro_fetch_custom_capabilitiesincludes\modules\class-advausro-role.php:23
authwp_ajax_advausro_assign_temp_roleincludes\modules\class-advausro-temp-role.php:30
authwp_ajax_advausro_remove_temp_roleincludes\modules\class-advausro-temp-role.php:31
authwp_ajax_advausro_check_and_remove_expired_rolesincludes\modules\class-advausro-temp-role.php:32
authwp_ajax_advausro_update_timezoneincludes\modules\class-advausro-timezone.php:15
WordPress Hooks 16
actionadmin_noticesadmin\views\class-advausro-manager.php:45
actionadmin_footeradmin\views\class-advausro-oauth.php:86
actionadmin_menuincludes\modules\class-advausro-audit-log.php:774
actioninitincludes\modules\class-advausro-audit-log.php:815
actionadmin_initincludes\modules\class-advausro-oauth.php:21
actionlogin_formincludes\modules\class-advausro-oauth.php:22
actioninitincludes\modules\class-advausro-oauth.php:23
actionmanage_users_extra_tablenavincludes\modules\class-advausro-oauth.php:24
actionedit_user_profile_updateincludes\modules\class-advausro-role.php:24
actionpersonal_options_updateincludes\modules\class-advausro-role.php:25
actionuser_registerincludes\modules\class-advausro-role.php:26
actioninitincludes\modules\class-advausro-role.php:27
filtercron_schedulesincludes\modules\class-advausro-temp-role.php:21
actionadvausro_check_expired_rolesincludes\modules\class-advausro-temp-role.php:33
actioninitincludes\modules\class-advausro-temp-role.php:36
actioninitincludes\modules\class-advausro-temp-role.php:203

Scheduled Events 1

advausro_check_expired_roles
Maintenance & Trust

Advanced User Role Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 13, 2025
PHP min version7.0
Downloads259

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Advanced User Role Manager Alternatives

Editorial Access Manager

Editorial Access Manager

editorial-access-manager

A
85

Allow for granular editorial access control for all post types in WordPress

80 No CVEs
RoleGuard — Temporary Role Manager

RoleGuard — Temporary Role Manager

roleguard

A
100

Assign time-limited roles to freelancers, contractors, and guest authors. Roles expire automatically and revert — zero cleanup needed.

0 No CVEs
Members – Membership & User Role Editor Plugin

Members – Membership & User Role Editor Plugin

members

A
99

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

A
86

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 5 CVEs
New User Approve

New User Approve

new-user-approve

A
86

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 9 CVEs
Developer Profile

Advanced User Role Manager Developer Profile

Smackcoders Inc.,

23 plugins · 40K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
946 days
View full developer profile
Detection Fingerprints

How We Detect Advanced User Role Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-user-role-manager/assets/css/styles.css/wp-content/plugins/advanced-user-role-manager/assets/js/scripts.js
Script Paths
/wp-content/plugins/advanced-user-role-manager/assets/js/scripts.js
Version Parameters
advanced-user-role-manager/assets/css/styles.css?ver=advanced-user-role-manager/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
advausro-role-manageradvausro-add-roleadvausro-oauth2-settingsadvausro-audit-log
JS Globals
advausro_admin_script_params
FAQ

Frequently Asked Questions about Advanced User Role Manager