Does Expire User Passwords have any unpatched vulnerabilities?

No. All known vulnerabilities in Expire User Passwords have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Expire User Passwords compatible with WordPress 6.9.4?

According to WordPress.org data, Expire User Passwords 1.4.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Expire User Passwords compatible with PHP 8.1+?

Expire User Passwords requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Expire User Passwords updated?

Expire User Passwords was last updated on Feb 17, 2026. Frequent updates are generally a positive security signal.

What is Expire User Passwords's security score?

Expire User Passwords has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Expire User Passwords Security & Risk Analysis

wordpress.org/plugins/expire-user-passwords

Require certain users to change their passwords on a regular basis.

3K active installs v1.4.2 PHP 8.1+ WP 4.0+ Updated Feb 17, 2026

loginmembershippasswordssecurityusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Expire User Passwords Safe to Use in 2026?

Generally Safe

Score 100/100

Expire User Passwords has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "expire-user-passwords" plugin v1.4.2 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the use of prepared statements for all SQL queries and a high percentage of properly escaped output are excellent security practices. The presence of at least one capability check also indicates a basic level of access control is being considered.

However, a notable concern is the complete lack of nonce checks across all potential entry points (though there are none reported, this indicates a gap in defensive programming should any be introduced). The taint analysis showing zero flows analyzed suggests that either the analysis tool was not configured correctly or the code structure prevented meaningful taint tracking, which is a weakness in comprehensive security auditing. The vulnerability history is a strong positive, showing no recorded CVEs, which implies a history of secure development or diligent patching by the developers.

In conclusion, while the plugin benefits from a minimal attack surface and good coding practices regarding SQL and output escaping, the lack of nonce checks and the unilluminated taint analysis present areas for potential improvement and deeper scrutiny. The clean vulnerability history is a significant strength.

Key Concerns

No nonce checks detected
Taint analysis not performed or yielded no results

Vulnerabilities

None known

Expire User Passwords Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Expire User Passwords Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped38 total outputs

Attack Surface

Expire User Passwords Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionplugins_loadedexpire-user-passwords.php:56

actioninitexpire-user-passwords.php:68

actionuser_registerexpire-user-passwords.php:115

actionpassword_resetexpire-user-passwords.php:116

actionadmin_headincludes\class-list-table.php:17

filtermanage_users_columnsincludes\class-list-table.php:18

actionmanage_users_custom_columnincludes\class-list-table.php:19

actionwp_loginincludes\class-login-screen.php:17

actionvalidate_password_resetincludes\class-login-screen.php:18

filterlogin_messageincludes\class-login-screen.php:19

actionadmin_noticesincludes\class-review-notice.php:35

actionadmin_initincludes\class-review-notice.php:36

actionadmin_menuincludes\class-settings.php:17

actionadmin_initincludes\class-settings.php:18

filterplugin_action_linksincludes\class-settings.php:19

Maintenance & Trust

Expire User Passwords Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version8.1

Downloads58K

Community Trust

Rating84/100

Number of ratings5

Active installs3K

Alternatives

Expire User Passwords Alternatives

Prevent Concurrent Logins

prevent-concurrent-logins

Prevents users from staying logged into the same account from multiple places.

900 No CVEs

Password Strength Settings for WooCommerce

wc-password-strength-settings

Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.

10K No CVEs

User Session Control

user-session-control

View and manage all active user sessions in a custom admin screen.

700 No CVEs

Expire Passwords

expire-passwords

Require certain users to change their passwords on a regular basis.

500 No CVEs

SPIRALセキュアセッションマネージャー

spiral-secure-session-manager

100

Easily add secure membership management and authentication features to your WordPress site using SPIRAL®.

40 No CVEs

Developer Profile

Expire User Passwords Developer Profile

Matt Miller

7 plugins · 11K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect Expire User Passwords

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ