Does Forget User Info have any unpatched vulnerabilities?

No. All known vulnerabilities in Forget User Info have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Forget User Info compatible with WordPress 2.8.4?

According to WordPress.org data, Forget User Info 0.2 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is Forget User Info updated?

Forget User Info was last updated on Sep 8, 2009. Frequent updates are generally a positive security signal.

What is Forget User Info's security score?

Forget User Info has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Forget User Info Security & Risk Analysis

wordpress.org/plugins/forget-user-info

Inserts a link into the comments form that will clear a user's comment info cookie

10 active installs v0.2 PHP + WP 2.8+ Updated Sep 8, 2009

commentscookiesprivacy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Forget User Info Safe to Use in 2026?

Generally Safe

Score 85/100

Forget User Info has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "forget-user-info" v0.2 plugin presents a mixed security profile. On the positive side, it demonstrates excellent practices regarding data handling, with all SQL queries utilizing prepared statements and all output being properly escaped. The absence of file operations and external HTTP requests further reduces the attack surface. Its vulnerability history is also clean, with no recorded CVEs, suggesting a historically stable codebase.

However, the static analysis reveals significant concerns. The presence of the `create_function` function, a deprecated and potentially dangerous construct, is a red flag. Furthermore, the taint analysis indicates that while no critical or high severity vulnerabilities were found, there are two flows with unsanitized paths. This, combined with a complete lack of nonce and capability checks, means that even if no direct vulnerabilities are immediately apparent, the plugin is highly susceptible to various injection attacks or unauthorized access if an attack vector is found that leverages these unsanitized paths. The zero attack surface from direct WordPress entry points (AJAX, REST API, shortcodes, cron) is a strength, but the underlying code signals and taint analysis are cause for caution.

Key Concerns

Dangerous function create_function used
Flows with unsanitized paths detected
No nonce checks present
No capability checks present

Vulnerabilities

None known

Forget User Info Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Forget User Info Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', 'wp_redirect( remove_query_arg( "forget_user_infoforget-user-info.php:16

create_functionadd_action( 'init', create_function( '', "if ( !is_user_logged_in() ) add_action( 'comment_form', 'cforget-user-info.php:39

Output Escaping

100% escaped2 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

cws_fui_print_fui_link (forget-user-info.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Forget User Info Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionplugins_loadedforget-user-info.php:16

actioninitforget-user-info.php:39

Maintenance & Trust

Forget User Info Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedSep 8, 2009

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Forget User Info Alternatives

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs

WP Consent API

wp-consent-api

100

Simple Consent API to read and register the current consent category.

200K No CVEs

Gravatar Enhanced – Avatars, Profiles, and Privacy

gravatar-enhanced

100

The official Gravatar plugin, featuring privacy-focused settings, easy profile updates, and customizable Gravatar Profile blocks.

90K No CVEs

Cookies for Comments

cookies-for-comments

Sets a cookie on a random URL that is then checked when a comment is posted. If the cookie is missing the comment is marked as spam.

20K No CVEs

WP Comment Policy Checkbox

wp-comment-policy-checkbox

Add a checkbox and custom text to the comment forms so that the user can be informed and give consent to the web's privacy policy.

6K No CVEs

Developer Profile

Forget User Info Developer Profile

Mark Jaquith

29 plugins · 176K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

3337 days

View full developer profile

Detection Fingerprints

How We Detect Forget User Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<p>Not <strong></strong>? Click <a href="">here</a> to clear this info.</p>

FAQ