Does Change Username have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Change Username compatible with WordPress 6.6.5?

According to WordPress.org data, Change Username 1.0.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Change Username compatible with PHP 7.2+?

Change Username requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Change Username updated?

Change Username was last updated on Oct 4, 2024. Frequent updates are generally a positive security signal.

What is Change Username's security score?

Change Username has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Change Username Security & Risk Analysis

wordpress.org/plugins/change-username

Change usernames of your WordPress users effectively.

4K active installs v1.0.2 PHP 7.2+ WP 4.1+ Updated Oct 4, 2024

change-loginchange-usernameloginusername

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Change Username Safe to Use in 2026?

Generally Safe

Score 92/100

Change Username has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'change-username' plugin v1.0.2 exhibits a generally good security posture in several key areas. The absence of dangerous functions, the exclusive use of prepared statements for all SQL queries, and the fact that all output is properly escaped are strong indicators of secure coding practices. Furthermore, the plugin demonstrates the use of nonces and capability checks, which are essential for WordPress security. The vulnerability history being completely clear also suggests a well-maintained and previously secure codebase.

However, a significant concern arises from the static analysis revealing one unprotected AJAX handler. With a total of one entry point and one unprotected entry point, this constitutes 100% of the attack surface being exposed without proper authentication or authorization checks. While taint analysis did not reveal any issues with unsanitized paths, the presence of an unprotected AJAX endpoint is a direct gateway for potential abuse if the functionality it exposes can be manipulated by an unauthenticated user.

In conclusion, while the plugin has commendable strengths in its data handling and output sanitization, the single unprotected AJAX handler presents a clear and direct security risk. Addressing this vulnerability should be the highest priority to improve the plugin's overall security.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Change Username Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Change Username Release Timeline

v1.0.2Current

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Change Username Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ajax_handler (src\functions.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Change Username Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_change_usernamechange-username.php:40

WordPress Hooks 2

actionadmin_enqueue_scriptschange-username.php:39

actionplugins_loadedchange-username.php:43

Maintenance & Trust

Change Username Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 4, 2024

PHP min version7.2

Downloads27K

Community Trust

Rating88/100

Number of ratings5

Active installs4K

Alternatives

Change Username Alternatives

Username Changer

username-changer

100

Unlock the power to change WordPress usernames with complete security and data integrity.

40K No CVEs

My WordPress Login Logo

my-wp-login-logo

100

My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.

10K No CVEs

Easy Username Updater

username-updater

A plugin to change registered username and display name.

10K 1 CVE

Duo Two-Factor Authentication

duo-wordpress

100

Easily add Duo Security two-factor authentication to your WordPress website. Enable two-factor authentication for your admins and/or users.

3K No CVEs

WP Edit Username

wp-edit-username

Easily Edit User Profile Username clicking a button.

2K 2 CVEs

Developer Profile

Change Username Developer Profile

Danny van Kooten

9 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

708 days

View full developer profile

Detection Fingerprints

How We Detect Change Username

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/change-username/assets/js/script.min.js

Script Paths