WP-Safety

Hide for group (roles) Security & Risk Analysis

wordpress.org/plugins/hide-for-group-roles

Wordpress Hide for group (roles): website, blog, page, post (or text), category, tags,tax v.s..

10 active installs v1.0 PHP + WP 3.1+ Updated Sep 6, 2014
blog-hidehidepage-hidepost-hidewebsite-hide
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hide for group (roles) Safe to Use in 2026?

Generally Safe

Score 85/100

Hide for group (roles) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "hide-for-group-roles" plugin v1.0 presents a mixed security posture. While it boasts a small attack surface with only one identified entry point (a shortcode) and a notable presence of capability checks, significant concerns arise from its code analysis. The extensive use of dangerous functions, particularly `unserialize`, coupled with the complete absence of output escaping and the reliance on raw SQL queries without prepared statements, exposes the plugin to substantial risks. These practices, if exploited, could lead to remote code execution, SQL injection, and cross-site scripting vulnerabilities.

The taint analysis, although limited, revealed a flow with an unsanitized path, which is a direct indicator of potential security flaws. The lack of vulnerability history in the past is a positive indicator, suggesting the plugin might have been developed with some security awareness or has not been extensively targeted. However, this does not negate the severe weaknesses identified in the code itself. The current version exhibits concerning coding practices that, if unaddressed, could easily lead to exploitable vulnerabilities, despite the low number of entry points and the presence of some basic security checks.

Key Concerns

  • Multiple dangerous functions used
  • SQL queries not prepared
  • No output escaping
  • Taint flow with unsanitized path
Vulnerabilities
None known

Hide for group (roles) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Hide for group (roles) Code Analysis

Dangerous Functions
38
Raw SQL Queries
3
0 prepared
Unescaped Output
76
0 escaped
Nonce Checks
1
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$izinli_gruplar_eklenti = unserialize(get_option("yetkili_kullanici_rolleri"));index.php:40
unserialize$siteyetki_gruplar_eklenti = unserialize(get_option("sitekimlergorsun_kullanici_rolleri"));index.php:48
unserialize$izinli_gruplar = unserialize(get_option("eskiler_kullanici_rolleri"));index.php:112
unserialize$izinli_gruplar = (!empty($izinli_gruplar) ? unserialize($izinli_gruplar) : unserialize(get_option("index.php:162
unserialize$izinli_gruplar = (!empty($izinli_gruplar) ? unserialize($izinli_gruplar) : unserialize(get_option("index.php:162
unserialize$kategori_user_rolleri = unserialize(get_term_meta($kategori_id, 'meta_kullanici_rolleri', true));index.php:196
unserialize$kategori_user_rolleri = (isset($kategori_user_rolleri) || is_array($kategori_user_rolleri) ? $kategindex.php:197
unserialize$etiket_user_rolleri = unserialize(get_term_meta($etiket_id, 'meta_kullanici_rolleri', true));index.php:233
unserialize$etiket_user_rolleri = (isset($etiket_user_rolleri) || is_array($etiket_user_rolleri) ? $etiket_userindex.php:234
unserialize$izinli_gruplar = (!empty($izinli_gruplar) ? unserialize($izinli_gruplar) : unserialize(get_option("index.php:278
unserialize$izinli_gruplar = (!empty($izinli_gruplar) ? unserialize($izinli_gruplar) : unserialize(get_option("index.php:278
unserialize<input type="checkbox" id="<?php echo $key; ?>" name="<?php echo $key; ?>" value="<?php echo $key; ?index.php:549
unserialize<input type="checkbox" id="<?php echo $key; ?>" name="<?php echo $key; ?>" value="<?php echo $key; ?index.php:549
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:552
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:552
unserialize<input type="checkbox" id="yetkili_<?php echo $key; ?>" name="yetkili_<?php echo $key; ?>" value="yeindex.php:564
unserialize<input type="checkbox" id="yetkili_<?php echo $key; ?>" name="yetkili_<?php echo $key; ?>" value="yeindex.php:564
unserialize<input type="checkbox" id="eskiler_<?php echo $key; ?>" name="eskiler_<?php echo $key; ?>" value="esindex.php:576
unserialize<input type="checkbox" id="eskiler_<?php echo $key; ?>" name="eskiler_<?php echo $key; ?>" value="esindex.php:576
unserialize<input type="checkbox" id="eskiler_ziyaretci" name="eskiler_ziyaretci" value="ziyaretci" <?php if(isindex.php:578
unserialize<input type="checkbox" id="eskiler_ziyaretci" name="eskiler_ziyaretci" value="ziyaretci" <?php if(isindex.php:578
unserialize<input type="checkbox" id="sitekimlergorsun_<?php echo $key; ?>" name="sitekimlergorsun_<?php echo $index.php:630
unserialize<input type="checkbox" id="sitekimlergorsun_<?php echo $key; ?>" name="sitekimlergorsun_<?php echo $index.php:630
unserialize<input type="checkbox" id="sitekimlergorsun_ziyaretci" name="sitekimlergorsun_ziyaretci" value="siteindex.php:633
unserialize<input type="checkbox" id="sitekimlergorsun_ziyaretci" name="sitekimlergorsun_ziyaretci" value="siteindex.php:633
unserialize$alan_icerigi_coz = unserialize($alan_icerigi);index.php:767
unserialize$roller = unserialize(get_option("default_kullanici_rolleri"));index.php:774
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1011
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1011
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:1014
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:1014
unserialize$tax_user_rolleri = (!empty($tax_user_rolleri) ? unserialize($tax_user_rolleri) : "");index.php:1040
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1046
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1046
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1054
unserialize<input type="checkbox" id="meta_kullanici_rolleri_<?php echo $key; ?>" name="meta_kullanici_rolleri_index.php:1054
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:1057
unserialize<input type="checkbox" id="ziyaretci" name="ziyaretci" value="ziyaretci" <?php if(is_array(unserialiindex.php:1057

SQL Query Safety

0% prepared3 total queries

Output Escaping

0% escaped76 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
k_group_index_sayfasi (index.php:326)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Hide for group (roles) Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[k_hide] index.php:138
WordPress Hooks 12
actionplugins_loadedindex.php:22
actionadd_meta_boxesindex.php:43
actionsave_postindex.php:44
actioninitindex.php:52
actionwpindex.php:259
filterthe_contentindex.php:292
filterget_the_excerptindex.php:293
actionadmin_menuindex.php:304
actioninitindex.php:823
actionswitch_blogindex.php:824
actionwpmu_new_blogindex.php:825
actionadmin_initindex.php:1138
Maintenance & Trust

Hide for group (roles) Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedSep 6, 2014
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Hide for group (roles) Alternatives

FlexiMenu for WooCommerce

FlexiMenu for WooCommerce

fleximenu-for-woocommerce

A
100

The official FlexiMenu for WooCommerce plugin allows you to modify labels and remove tab menus on the account page.

0 No CVEs
ICP Registration Home 404

ICP Registration Home 404

icp-registration-home-404

A
100

Hide homepage during ICP registration in China; unauthenticated visitors get 404. One-click enable/disable in admin panel.

0 No CVEs
Disable Admin Notices – Hide Dashboard Notifications

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

A
98

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs
WP Ghost (Hide My WP Ghost) – Security & Firewall

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

A
92

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs
Email Encoder – Protect Email Addresses and Phone Numbers

Email Encoder – Protect Email Addresses and Phone Numbers

email-encoder-bundle

A
97

Protect email addresses and phone numbers on your site and hide them from spambots. Easy to use & flexible.

90K 7 CVEs
Developer Profile

Hide for group (roles) Developer Profile

maffay

5 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hide for group (roles)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
k_hide_show
Data Attributes
meta_kullanici_rolleri_k_group_iptalet_k_group_izinli_gruplarmeta_kullanici_rolleri_iptalmi
Shortcode Output
<span class="k_hide_show">
FAQ

Frequently Asked Questions about Hide for group (roles)