Does Attributes User Access have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Attributes User Access compatible with WordPress 6.7.5?

According to WordPress.org data, Attributes User Access 1.2.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Attributes User Access compatible with PHP 7.4+?

Attributes User Access requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Attributes User Access updated?

Attributes User Access was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is Attributes User Access's security score?

Attributes User Access has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Attributes User Access Security & Risk Analysis

wordpress.org/plugins/attributes-user-access

Lightweight WordPress authentication with custom login pages, role-based redirections, and secure user access control.

20 active installs v1.2.2 PHP 7.4+ WP 5.8+ Updated Feb 10, 2026

access-controlauthenticationcustom-loginloginsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Attributes User Access Safe to Use in 2026?

Generally Safe

Score 100/100

Attributes User Access has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "attributes-user-access" v1.2.2 plugin demonstrates a generally good security posture, with several key strengths. The complete absence of dangerous functions, file operations, and external HTTP requests is a significant positive. Furthermore, all SQL queries utilize prepared statements, and the vast majority of output is properly escaped, indicating diligent coding practices against common web vulnerabilities. The plugin also shows a healthy number of nonce and capability checks, suggesting an awareness of WordPress security best practices for handling user actions. The plugin's vulnerability history is entirely clean, with no recorded CVEs, which is a strong indicator of its current security soundness.

Despite these strengths, there are specific areas of concern that warrant attention. The presence of two AJAX handlers that lack authentication checks represent a direct attack vector. While the taint analysis shows no identified flows, the static analysis reveals a moderate attack surface, with these unprotected AJAX endpoints being the primary weakness. The lack of explicit permission callbacks for the identified AJAX handlers, while not directly a taint flow, implies that these actions could potentially be triggered by unauthenticated users, leading to unintended behavior or information disclosure depending on their functionality. Therefore, while the plugin is largely secure, these two unprotected entry points introduce a tangible risk.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Attributes User Access Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Attributes User Access Release Timeline

v1.2.2Current

v1.2.1

v1.2.0

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Attributes User Access Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

120 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

95% escaped126 total outputs

Attack Surface

2 unprotected

Attributes User Access Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 6

authwp_ajax_attrua_create_pagesrc\Admin\Admin.php:82

authwp_ajax_attrua_delete_pagesrc\Admin\Admin.php:83

authwp_ajax_attrua_toggle_redirectsrc\Admin\Admin.php:84

authwp_ajax_attrua_check_page_existssrc\Admin\Admin.php:85

authwp_ajax_attrua_refresh_login_noncesrc\Core\Assets.php:54

noprivwp_ajax_attrua_refresh_login_noncesrc\Core\Assets.php:55

Shortcodes 1

[attributes_login_form] src\Front\Login.php:57

WordPress Hooks 23

actionplugins_loadedattributes-user-access.php:94

actionadmin_menusrc\Admin\Admin.php:73

actionadmin_initsrc\Admin\Admin.php:74

actionadmin_menusrc\Admin\Admin.php:78

actionattrua_enqueue_admin_assetssrc\Admin\Admin.php:88

filterdisplay_post_statessrc\Admin\Admin.php:91

actionattrua_render_page_rowssrc\Admin\Admin.php:94

actionattrua_render_page_rowsrc\Admin\Admin.php:97

actionadmin_menusrc\Admin\Admin.php:125

actionwp_enqueue_scriptssrc\Core\Assets.php:51

actionwp_enqueue_scriptssrc\Core\Assets.php:56

actionadmin_enqueue_scriptssrc\Core\Assets.php:57

actionadmin_enqueue_scriptssrc\Core\Assets.php:58

actionplugins_loadedsrc\Core\Extension_Manager.php:47

actionplugins_loadedsrc\Core\Plugin.php:108

actioninitsrc\Core\Plugin.php:109

filterplugin_row_metasrc\Core\Plugin.php:113

actioninitsrc\Core\Settings.php:61

actioninitsrc\Front\Login.php:49

actionwp_login_failedsrc\Front\Login.php:50

actioninitsrc\Front\Login.php:53

filterlogin_redirectsrc\Front\Login.php:54

filterlogin_errorssrc\Front\Login.php:60

Maintenance & Trust

Attributes User Access Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 10, 2026

PHP min version7.4

Downloads584

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Attributes User Access Alternatives

Easy Basic Authentication – Add basic auth to site or admin area

easy-basic-authentication

100

Secure your WordPress site with easy and effective basic authentication. Restrict access, monitor attempts, and enhance security.

700 No CVEs

DB Solution – 2FA

db-solution-2fa

100

Advanced security module for the DB Solution suite. Adds email-based 2FA, Strict Mode protection, and hides the standard login URL.

0 No CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Limit Login Attempts

limit-login-attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs

WPS Limit Login

wps-limit-login

WPS Limit login limit connection attempts by IP address

100K 3 CVEs

Developer Profile

Attributes User Access Developer Profile

Attributes WP

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Attributes User Access

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/attributes-user-access/css/front.css/wp-content/plugins/attributes-user-access/css/tabler-icons-outline.css/wp-content/plugins/attributes-user-access/js/validation.js/wp-content/plugins/attributes-user-access/css/admin.css

Script Paths

/wp-content/plugins/attributes-user-access/js/validation.js

Version Parameters

attributes-user-access/css/front.css?ver=attributes-user-access/css/tabler-icons-outline.css?ver=attributes-user-access/js/validation.js?ver=attributes-user-access/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

attrua-fronttabler-iconsattrua-admin

JS Globals

attruaFront

FAQ