Does Delete Usermetas have any unpatched vulnerabilities?

No. All known vulnerabilities in Delete Usermetas have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Delete Usermetas compatible with WordPress 6.1.10?

According to WordPress.org data, Delete Usermetas 1.2.1 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Delete Usermetas compatible with PHP 5.2.4+?

Delete Usermetas requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Delete Usermetas updated?

Delete Usermetas was last updated on Oct 22, 2023. Frequent updates are generally a positive security signal.

What is Delete Usermetas's security score?

Delete Usermetas has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Delete Usermetas Security & Risk Analysis

wordpress.org/plugins/delete-usermetas

Delete Usermetas is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free …

30 active installs v1.2.1 PHP 5.2.4+ WP 4.2+ Updated Oct 22, 2023

usermetasusers

A · Safe

CVEs total1

Unpatched0

Last CVEOct 19, 2023

Plugin page Download

Safety Verdict

Is Delete Usermetas Safe to Use in 2026?

Generally Safe

Score 85/100

Delete Usermetas has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 19, 2023Updated 2yr ago

Risk Assessment

The 'delete-usermetas' plugin version 1.2.1 exhibits a generally strong security posture based on the static analysis. It demonstrates good practices by avoiding dangerous functions, using prepared statements for its single SQL query, and properly escaping a high percentage of its outputs. The absence of file operations, external HTTP requests, and a significant attack surface (AJAX, REST API, shortcodes, cron events) are positive indicators. The presence of a nonce check is also a good security measure.

However, the plugin has a known medium-severity vulnerability in its history, specifically a Cross-Site Request Forgery (CSRF). While this vulnerability is currently unpatched according to the data, its recurrence or the fact that it was addressed in the past is something to monitor. The vulnerability history, with a single medium CVE, suggests that while not inherently prone to critical issues, past weaknesses have existed.

In conclusion, the plugin has commendable defensive coding practices, particularly in its SQL handling and output escaping. The main area of concern stems from its past vulnerability history, specifically the CSRF issue. While the static analysis doesn't reveal any immediate critical flaws in the current version, the historical vulnerability warrants attention and suggests that diligent monitoring and timely updates are crucial for maintaining a secure environment when using this plugin.

Key Concerns

Medium severity CVE recorded
No capability checks observed

Vulnerabilities

Delete Usermetas Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-5537medium · 4.3Cross-Site Request Forgery (CSRF)

Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery

Oct 19, 2023 Patched in 1.2.0 (96d)

Code Analysis

Analyzed Mar 16, 2026

Delete Usermetas Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

86% escaped21 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

delumet_options_page (delete-usermetas.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Delete Usermetas Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actioninitdelete-usermetas.php:25

actionadmin_enqueue_scriptsdelete-usermetas.php:39

Maintenance & Trust

Delete Usermetas Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedOct 22, 2023

PHP min version5.2.4

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Delete Usermetas Alternatives

User Switching

user-switching

100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs

One User Avatar | User Profile Picture

one-user-avatar

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs

Simple Local Avatars

simple-local-avatars

Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!

100K 6 CVEs

Export and Import Users and Customers

users-customers-import-export-for-wp-woocommerce

Import and export WordPress users and WooCommerce customers using CSV. Migrate to your new site without any data loss.

60K 9 CVEs

User Profile Picture

metronet-profile-picture

Set a custom profile image (avatar) for a user using the standard WordPress media upload tool.

40K 1 CVE

Developer Profile

Delete Usermetas Developer Profile

Jose Lazo

2 plugins · 630 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

96 days

View full developer profile

Detection Fingerprints

How We Detect Delete Usermetas

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/delete-usermetas/js/alert.js

Script Paths