Roles & Capabilities Security & Risk Analysis
wordpress.org/plugins/leira-rolesTake full control of user roles and capabilities in WordPress with an intuitive, powerful interface.
Is Roles & Capabilities Safe to Use in 2026?
Generally Safe
Score 99/100Roles & Capabilities has a strong security track record. Known vulnerabilities have been patched promptly.
The 'leira-roles' v1.1.14 plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. The plugin exposes six AJAX handlers, all of which lack authentication checks, creating a substantial vulnerability for unauthorized actions. Despite a history of one known CVE, which was a medium-severity Cross-site Scripting (XSS) vulnerability, the fact that it is now patched is a positive sign. However, the presence of unsanitized paths in taint analysis warrants attention, even if no critical or high-severity vulnerabilities were identified in this specific analysis. The lack of authentication on all AJAX endpoints is a critical weakness that overshadows some of the positive coding practices.
Key Concerns
- Unprotected AJAX handlers
- Flows with unsanitized paths
- Medium severity vulnerability history
Roles & Capabilities Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Roles & Capabilities <= 1.1.9 - Reflected Cross-Site Scripting
Roles & Capabilities Code Analysis
Output Escaping
Data Flow Analysis
Roles & Capabilities Attack Surface
AJAX Handlers 6
WordPress Hooks 9
Maintenance & Trust
Roles & Capabilities Maintenance & Trust
Maintenance Signals
Community Trust
Roles & Capabilities Alternatives
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus
capability-manager-enhanced
PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.
Custom Access Roles
custom-access-roles
Create custom roles with editing capability for only specific pages, categories and post types.
Editorial Access Manager
editorial-access-manager
Allow for granular editorial access control for all post types in WordPress
Members – Membership & User Role Editor Plugin
members
The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.
WPFront User Role Editor
wpfront-user-role-editor
Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.
Roles & Capabilities Developer Profile
3 plugins · 9K total installs
How We Detect Roles & Capabilities
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/leira-roles/build/admin.css/wp-content/plugins/leira-roles/build/admin.js/wp-content/plugins/leira-roles/build/roles-admin.js/wp-content/plugins/leira-roles/build/inline-edit-user-capabilities.js/wp-content/plugins/leira-roles/build/inline-edit-roles.js/wp-content/plugins/leira-roles/build/admin.js/wp-content/plugins/leira-roles/build/roles-admin.js/wp-content/plugins/leira-roles/build/inline-edit-user-capabilities.js/wp-content/plugins/leira-roles/build/inline-edit-roles.jsleira-roles/build/admin.css?ver=leira-roles/build/admin.js?ver=leira-roles/build/roles-admin.js?ver=leira-roles/build/inline-edit-user-capabilities.js?ver=leira-roles/build/inline-edit-roles.js?ver=HTML / DOM Fingerprints
leiraRolesL10n