WP-Safety

Juiz User Custom Meta Security & Risk Analysis

wordpress.org/plugins/juiz-user-custom

Allows administrator to configure some extra fields (user meta) for users. With these new fields, make a rich authors or users page, for example.

10 active installs v0.5 PHP + WP 3.0+ Updated Jan 5, 2012
authorcustomfieldrichuser
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Juiz User Custom Meta Safe to Use in 2026?

Generally Safe

Score 85/100

Juiz User Custom Meta has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "juiz-user-custom" v0.5 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. All SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are excellent practices. However, significant concerns arise from the code signals. The presence of dangerous functions like `unserialize` and `create_function`, coupled with a very low percentage of properly escaped output (only 9%), indicates a high risk of code injection and cross-site scripting (XSS) vulnerabilities. Furthermore, the taint analysis revealing two flows with unsanitized paths, even if not classified as critical or high severity in this specific analysis, is a strong indicator of potential vulnerabilities where user-supplied data is not adequately validated before being used in sensitive operations. The absence of any recorded vulnerability history is a positive sign, suggesting that past versions may not have had exploitable flaws. However, this does not negate the risks identified in the static and taint analysis of the current version.

Key Concerns

  • Dangerous functions detected (unserialize, create_function)
  • Low output escaping (9%)
  • Taint flows with unsanitized paths (2)
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Juiz User Custom Meta Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Juiz User Custom Meta Code Analysis

Dangerous Functions
8
Raw SQL Queries
0
6 prepared
Unescaped Output
21
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$juiz_metadata = unserialize ( $juiz_metadata );juiz-manage-page.php:69
unserialize$juiz_metadata = unserialize ( $juiz_metadata );juiz-manage-page.php:142
unserialize$juiz_metadata = unserialize ( $juiz_metadata );juiz-manage-page.php:187
unserialize$juiz_metadata = unserialize ( $juiz_metadata );juiz-manage-page.php:227
unserialize$juiz_metadata = unserialize ( $juiz_metadata );juiz-manage-page.php:285
unserialize$juiz_user_infos = unserialize ( $juiz_user_infos );juiz-user-custom-meta.php:51
create_functionadd_action('plugins_loaded', create_function('','global $juiz_user_meta_instance; $juiz_user_meta_injuiz-user-custom-meta.php:131
unserialize$juiz_user_infos_a = unserialize ( $juiz_user_infos );uninstall.php:14

SQL Query Safety

100% prepared6 total queries

Output Escaping

9% escaped23 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
juiz_manage_user_custom_page (juiz-manage-page.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Juiz User Custom Meta Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_initjuiz-manage-page.php:15
actionadmin_menujuiz-manage-page.php:433
actionshow_user_profilejuiz-user-custom-meta.php:54
actionedit_user_profilejuiz-user-custom-meta.php:55
actionpersonal_options_updatejuiz-user-custom-meta.php:56
actionedit_user_profile_updatejuiz-user-custom-meta.php:57
actioninitjuiz-user-custom-meta.php:59
actionplugins_loadedjuiz-user-custom-meta.php:131
Maintenance & Trust

Juiz User Custom Meta Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedJan 5, 2012
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Juiz User Custom Meta Alternatives

JSM Show User Metadata

JSM Show User Metadata

jsm-show-user-meta

A
100

Show user metadata in a metabox when editing users - a great tool for debugging issues with user metadata.

3K No CVEs
Change Author

Change Author

change-author

A
85

This plugin lets you assign non-authors as post author.

1K No CVEs
WP Custom Author Image

WP Custom Author Image

author-image

A
85

Lets you easily add WP Custom Author Images on your site.

100 No CVEs
Get User Custom Field Values

Get User Custom Field Values

get-user-custom-field-values

A
85

Use widgets, shortcodes, and/or template tags to easily retrieve and display custom field values for users.

90 No CVEs
Dynamic Field for Elementor Forms – Populate Anything

Dynamic Field for Elementor Forms – Populate Anything

dynamic-field-for-elementor-forms

A
100

Pull data from URL Query Parameter, posts, users, terms, Database, CSV, or custom sources and display them directly inside your forms.

80 No CVEs
Developer Profile

Juiz User Custom Meta Developer Profile

Geoffrey

6 plugins · 5K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Juiz User Custom Meta

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/juiz-user-custom/css/juiz-admin.css

HTML / DOM Fingerprints

CSS Classes
form-table
JS Globals
JUIZ_USER_CUSTOM_SLUGjuiz_user_meta_instance
FAQ

Frequently Asked Questions about Juiz User Custom Meta