Does Melapress Role Editor have any unpatched vulnerabilities?

No. All known vulnerabilities in Melapress Role Editor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Melapress Role Editor compatible with WordPress 6.9.4?

According to WordPress.org data, Melapress Role Editor 1.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Melapress Role Editor compatible with PHP 8.0+?

Melapress Role Editor requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Melapress Role Editor updated?

Melapress Role Editor was last updated on Jan 14, 2026. Frequent updates are generally a positive security signal.

What is Melapress Role Editor's security score?

Melapress Role Editor has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Melapress Role Editor Security & Risk Analysis

wordpress.org/plugins/melapress-role-editor

The complete WordPress user roles plugin for everyone

60 active installs v1.2.0 PHP 8.0+ WP 5.0+ Updated Jan 14, 2026

accesspermissionsrole-editorrolessecurity

A · Safe

CVEs total1

Unpatched0

Last CVEJan 22, 2026

Plugin page Download

Safety Verdict

Is Melapress Role Editor Safe to Use in 2026?

Generally Safe

Score 97/100

Melapress Role Editor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 22, 2026Updated 2mo ago

Risk Assessment

The melapress-role-editor plugin version 1.2.0 exhibits a generally good security posture with many robust security practices in place. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events, coupled with the fact that all identified SQL queries utilize prepared statements, indicates a strong focus on secure entry point management and data handling. Furthermore, a high percentage of output escaping and a significant number of nonce and capability checks suggest deliberate efforts to prevent common web vulnerabilities. However, the presence of the `unserialize` function, even without immediate taint flow findings, represents a potential risk. Historically, this plugin has had a high-severity vulnerability related to incorrect authorization, which is a critical area to monitor. While this specific vulnerability is patched, the past occurrence highlights a potential recurring weakness that demands vigilance. The plugin's strengths lie in its secure coding practices for core functionalities, but the potential for issues with unserialized data and past authorization flaws warrant careful consideration.

Key Concerns

Dangerous function unserialize detected
Past high severity vulnerability (Incorrect Authorization)

Vulnerabilities

Melapress Role Editor Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-14866high · 8.8Incorrect Authorization

Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

Jan 22, 2026 Patched in 1.2.0 (2d)

Code Analysis

Analyzed Mar 16, 2026

Melapress Role Editor Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

295 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$signup_meta = unserialize( $raw_meta[0]['meta'], array( 'allowed_classes' => false ) ); // phpcs:igclasses\admin\additional-form-fields\class-new-user-fields.php:178

SQL Query Safety

100% prepared7 total queries

Output Escaping

91% escaped324 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

role_edit_view (classes\admin\templates\class-role-add-edit.php:171)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Melapress Role Editor Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionwpmu_activate_userclasses\admin\class-admin.php:79

actionwp_loginclasses\admin\class-admin.php:81

filtersignup_user_metaclasses\admin\class-admin.php:84

filterscreen_options_show_screenclasses\admin\class-admin.php:86

filterscreen_settingsclasses\admin\class-admin.php:87

filterplugin_action_linksclasses\admin\class-admin.php:89

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:65

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:84

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:109

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:112

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:120

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:126

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:130

actionadmin_noticesclasses\admin\helpers\class-data-helpers.php:188

actionadmin_initclasses\class-melapress-role-editor.php:42

actionadmin_initclasses\class-melapress-role-editor.php:43

filteruser_has_capclasses\class-melapress-role-editor.php:46

actionupdate_optionclasses\class-melapress-role-editor.php:49

actionupdate_site_optionclasses\class-melapress-role-editor.php:50

actionswitch_blogclasses\class-melapress-role-editor.php:51

actionswitch_blogclasses\class-melapress-role-editor.php:52

actionadmin_initclasses\class-melapress-role-editor.php:55

actionplugins_loadedclasses\class-melapress-role-editor.php:60

Maintenance & Trust

Melapress Role Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 14, 2026

PHP min version8.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Melapress Role Editor Alternatives

WPFront User Role Editor

wpfront-user-role-editor

Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.

30K 5 CVEs

Members – Membership & User Role Editor Plugin

members

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

Custom Access Roles

custom-access-roles

Create custom roles with editing capability for only specific pages, categories and post types.

200 No CVEs

Developer Profile

Melapress Role Editor Developer Profile

Melapress

6 plugins · 417K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

540 days

View full developer profile

Detection Fingerprints

How We Detect Melapress Role Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/melapress-role-editor/assets/css/admin.css/wp-content/plugins/melapress-role-editor/assets/css/public.css/wp-content/plugins/melapress-role-editor/assets/js/admin.js/wp-content/plugins/melapress-role-editor/assets/js/public.js

Script Paths

/wp-content/plugins/melapress-role-editor/assets/js/admin.js/wp-content/plugins/melapress-role-editor/assets/js/public.js

Version Parameters

melapress-role-editor/assets/css/admin.css?ver=melapress-role-editor/assets/css/public.css?ver=melapress-role-editor/assets/js/admin.js?ver=melapress-role-editor/assets/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes

melapress-role-editormre-role-editor-wrappermre-role-editor-capabilitiesmelapress-permissions-manager-wrap

HTML Comments

This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License, version 3, as
	published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

+4 more

Data Attributes

data-mre-role-editor-iddata-plugin-name="melapress-role-editor"

JS Globals

melapressRoleEditorAdmin

REST Endpoints

/wp-json/melapress-role-editor/v1/capabilities

FAQ