Does CMC ROLE have any unpatched vulnerabilities?

No. All known vulnerabilities in CMC ROLE have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CMC ROLE compatible with WordPress 4.8.28?

According to WordPress.org data, CMC ROLE 0.0.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is CMC ROLE updated?

CMC ROLE was last updated on May 25, 2017. Frequent updates are generally a positive security signal.

What is CMC ROLE's security score?

CMC ROLE has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CMC ROLE Security & Risk Analysis

wordpress.org/plugins/cmc-role

Manages User Roles

0 active installs v0.0.1 PHP + WP 4.6.0+ Updated May 25, 2017

capabilitiesrole-usersrolesuser-rolesusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CMC ROLE Safe to Use in 2026?

Generally Safe

Score 85/100

CMC ROLE has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The cmc-role v0.0.1 plugin presents a mixed security picture. On the positive side, there are no reported vulnerabilities in its history and the code exhibits good practices such as using prepared statements for all SQL queries and implementing nonce and capability checks. The absence of a large attack surface, external HTTP requests, and file operations is also reassuring.

However, significant concerns arise from the static analysis. A notable 41% of output escaping is not properly handled, which could lead to cross-site scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals two flows with unsanitized paths, one of which is rated as high severity. This indicates potential for malicious data to be processed or executed without adequate sanitization, which is a critical risk.

While the plugin's vulnerability history is clean, this does not negate the risks identified in the current code analysis. The high number of improperly escaped outputs and the high-severity tainted flow suggest a need for immediate attention. The plugin demonstrates a commitment to some security best practices but has critical gaps in output sanitization and input validation, posing a notable risk.

Key Concerns

High severity taint flow found
Unsanitized paths in taint flows
Significant percentage of unescaped output

Vulnerabilities

None known

CMC ROLE Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

CMC ROLE Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped74 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

process_bulk_action (include\class-cmc-role-table.php:166)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CMC ROLE Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedcmc-role.php:90

actionadmin_menucmc-role.php:116

filterset-screen-optioncmc-role.php:117

actionadmin_noticescmc-role.php:196

actionadmin_noticescmc-role.php:219

actionadmin_noticescmc-role.php:274

actionadmin_noticescmc-role.php:313

actionadmin_noticescmc-role.php:350

Maintenance & Trust

CMC ROLE Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedMay 25, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

CMC ROLE Alternatives

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

User Roles and Capabilities

user-roles-and-capabilities

Manage user roles and Capabilities, create new roles and change default role.

8K 1 unpatched

HM Multiple Roles

hm-multiple-roles

It hides the default role dropdown list and displays a list of role checkboxes to select multiple roles for a user.

2K 1 CVE

Premmerce User Roles

premmerce-user-roles

This plugin has been developed for creating user roles from the WordPress admin area and assigning the arbitrary access rights to them.

700 4 CVEs

Enable Contributor Uploads

enable-contributor-uploads

100

Easy plugin which adds the capability for contributors to upload images to their blog posts.

400 No CVEs

Developer Profile

CMC ROLE Developer Profile

Edem

2 plugins · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CMC ROLE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cmc-role/include/class-cmc-role-table.php/wp-content/plugins/cmc-role/page/admin.php/wp-content/plugins/cmc-role/TipTip/jquery.tipTip.js/wp-content/plugins/cmc-role/TipTip/tipTip.css/wp-content/plugins/cmc-role/font-awesome/css/font-awesome.min.css/wp-content/plugins/cmc-role/jquery-ui/jquery-ui.css

Script Paths

/wp-content/plugins/cmc-role/TipTip/jquery.tipTip.js

HTML / DOM Fingerprints

Data Attributes

data-cmcrm-action

JS Globals

CMCRM_JS_URLCMCRM_CSS_URL

FAQ