Does Author List have any unpatched vulnerabilities?

No. All known vulnerabilities in Author List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Author List compatible with WordPress 5.2.24?

According to WordPress.org data, Author List 1.0.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Author List updated?

Author List was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Author List's security score?

Author List has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Author List Security & Risk Analysis

wordpress.org/plugins/author-role-list

Create a Page for users with their roles. With this plugin, you can create different pages as per its user role. This plugin is applicable to any of t …

20 active installs v1.0.0 PHP + WP 3.5+ Updated Unknown

author-listlistingposttemplatewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Author List Safe to Use in 2026?

Generally Safe

Score 100/100

Author List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "author-role-list" v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates a strong commitment to secure coding practices by not using dangerous functions, performing all SQL queries with prepared statements, and avoiding file operations and external HTTP requests. The absence of known CVEs and a clean vulnerability history further reinforces this positive outlook, suggesting a stable and well-maintained codebase. However, there are areas that warrant attention. The plugin lacks any nonce or capability checks, meaning its single shortcode entry point is entirely unprotected. Furthermore, a significant portion of its output (42%) is not properly escaped, creating a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is ever incorporated into the shortcode's output. While the attack surface is currently small and no direct taint flows were identified, these unaddressed concerns represent notable weaknesses.

Key Concerns

Missing capability checks on entry points
Missing nonce checks on entry points
Significant portion of output not escaped

Vulnerabilities

None known

Author List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Author List Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

58% escaped12 total outputs

Attack Surface

Author List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[author-list] author-list.php:63

WordPress Hooks 2

actionadmin_noticesauthor-list.php:32

actioninitauthor-list.php:54

Maintenance & Trust

Author List Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Author List Alternatives

EleSpare – News, Magazine and Blog Addons for Elementor

elespare

EleSpare provides pre-designed templates, header/footer builders, and various post layouts for creating stunning news, magazine, and blog sites with E …

10K 2 CVEs

Custom post type templates for Elementor

custom-post-type-templates-for-elementor

With the help of this plug-in you can link you posts or a custom post type detail pages to a normal Elementor page. You can style that Elementor page …

700 1 CVE

Flexible Recent Posts

flexible-recent-posts

Displays recent posts using flexible template system. Define template for each post entry, set needed taxonomy and much more.

400 No CVEs

Listings Post Type Enable

listings-post-type-enable

A simple plugin that creates a "listings" custom post type. It is also add a recent listings custom widget and a new category listings widge …

100 No CVEs

WP LIST PAGES BY CUSTOM TAXONOMY

wp-list-pages-by-custom-taxonomy

Widget to lists posts of any active post-type, filtering by any term of any active custom taxonomy. display title, or thumb, date and excerpt too.

100 No CVEs

Developer Profile

Author List Developer Profile

Roopesh.Bahree

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Author List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/author-role-list/author-list/author-bio.php/wp-content/plugins/author-role-list/author-list/pagination.php

HTML / DOM Fingerprints

JS Globals

author_list_usertotal_pages

Shortcode Output

[author-list role=administrator post_type=post,page number=1 orderby=email order=ASC]

FAQ