WP-Safety

Front-End Users Security & Risk Analysis

wordpress.org/plugins/front-end-users

Hides the WordPress admin section from specified user roles, allows users to edit their settings from the front-end, and more.

10 active installs v1.2.2 PHP + WP 3.0+ Updated Jan 4, 2012
adminfront-endpublicrolesusers
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Front-End Users Safe to Use in 2026?

Generally Safe

Score 85/100

Front-End Users has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The static analysis of the 'front-end-users' plugin v1.2.2 indicates a generally good security posture with no identified critical or high-severity vulnerabilities. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code demonstrates robust SQL query handling with 100% usage of prepared statements and no detected dangerous functions or file operations. The lack of external HTTP requests and bundled libraries also contributes positively to its security. However, a notable concern is the 56% rate of properly escaped output, suggesting that a portion of the plugin's output is not adequately sanitized, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in unescaped outputs. The taint analysis revealing flows with unsanitized paths, although not classified as critical or high, warrants attention. The plugin's vulnerability history is clean, with no recorded CVEs, which is a strong indicator of past security diligence. Despite the positive history and limited attack surface, the observed output escaping and taint flow issues represent potential weaknesses that should be addressed to maintain a strong security profile.

Key Concerns

  • Output escaping issues
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Front-End Users Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Front-End Users Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

56% escaped18 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<settings> (views\settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Front-End Users Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 21
filterfeu_settingsexample_hooks.php:8
filterfeu_settingsexample_hooks.php:29
filterfeu_settingsexample_hooks.php:46
filterfeu_menuexample_hooks.php:81
actionfeu_after_update_userexample_hooks.php:89
filterfeu_settings_update_url_paramsexample_hooks.php:97
actioninitfront_end_users.php:20
actionadmin_initfront_end_users.php:21
actionadmin_menufront_end_users.php:24
filterplugin_action_linksfront_end_users.php:25
filterrewrite_rules_arrayfront_end_users.php:28
filterquery_varsfront_end_users.php:29
filtertemplate_redirectfront_end_users.php:30
actionwp_loadedfront_end_users.php:31
actionadmin_initfront_end_users.php:34
filteradmin_urlfront_end_users.php:35
filterlogin_urlfront_end_users.php:36
filterwp_redirectfront_end_users.php:37
actionlogin_headfront_end_users.php:40
filterlogin_messagefront_end_users.php:41
actionlogin_footerfront_end_users.php:42
Maintenance & Trust

Front-End Users Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedJan 4, 2012
PHP min version
Downloads22K

Community Trust

Rating26/100
Number of ratings3
Active installs10
Alternatives

Front-End Users Alternatives

View Admin As

View Admin As

view-admin-as

A
92

View the WordPress admin as a different role or visitor, switch between users, temporarily change your capabilities, set screen settings for roles.

9K No CVEs
Multiple User Post

Multiple User Post

multiple-user-post

A
85

assign users, delegate post, edit me, post relationship, one to many, many to many, user post, multiple posts, suggest edit, multiple edit.

10 No CVEs
Remove Administrators

Remove Administrators

remove-administrators

A
100

Allows admins to hide the admin role from all other roles.

10 No CVEs
Role Based User Deleter

Role Based User Deleter

role-based-user-deleter

A
100

Easily delete users based on their roles with Role Based User Deleter. Manage your WordPress users efficiently and securely.

10 No CVEs
WP Mechanic

WP Mechanic

wp-mechanic

A
92

WP Mechanic is a combination of WordPress and Android Playstore Applications. Experience a set of hybrid software applications.

10 No CVEs
Developer Profile

Front-End Users Developer Profile

tombenner

5 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Front-End Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/front-end-users/js/admin.js/wp-content/plugins/front-end-users/js/frontend.js/wp-content/plugins/front-end-users/css/admin.css/wp-content/plugins/front-end-users/css/frontend.css
Script Paths
/wp-content/plugins/front-end-users/js/admin.js/wp-content/plugins/front-end-users/js/frontend.js
Version Parameters
front-end-users/css/admin.css?ver=front-end-users/js/admin.js?ver=front-end-users/css/frontend.css?ver=front-end-users/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
feu-menufeu-settings-pagefeu-user-profile-page
HTML Comments
<!-- FEU Settings --><!-- FEU Menu -->
Data Attributes
data-feu-viewdata-feu-action
JS Globals
feu_ajax_urlfeu_current_user
REST Endpoints
/wp-json/feu/v1/settings/wp-json/feu/v1/profile
Shortcode Output
[feu_profile_form][feu_user_menu]
FAQ

Frequently Asked Questions about Front-End Users