Does Plugin Name: Modify Author URL have any unpatched vulnerabilities?

No. All known vulnerabilities in Plugin Name: Modify Author URL have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Name: Modify Author URL compatible with WordPress 3.1.4?

According to WordPress.org data, Plugin Name: Modify Author URL 1.0 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Name: Modify Author URL updated?

Plugin Name: Modify Author URL was last updated on Feb 23, 2011. Frequent updates are generally a positive security signal.

What is Plugin Name: Modify Author URL's security score?

Plugin Name: Modify Author URL has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Name: Modify Author URL Security & Risk Analysis

wordpress.org/plugins/modify-author-url

Allows administrators to modify a users author url from their profile page.

10 active installs v1.0 PHP + WP 3.0.1+ Updated Feb 23, 2011

authorslugurl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Plugin Name: Modify Author URL Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Name: Modify Author URL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "modify-author-url" plugin v1.0 exhibits a mixed security posture. While it has a very small attack surface and no known historical vulnerabilities, the static analysis reveals critical weaknesses. A significant concern is the presence of the `unserialize` function, which is notoriously dangerous when used with untrusted input, and the taint analysis indicates two flows with unsanitized paths that are rated as high severity. Furthermore, 100% of the plugin's output is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on its zero AJAX handlers is also a point of concern, though currently, there are no AJAX handlers to exploit.

The plugin's lack of historical vulnerabilities is a positive indicator, suggesting good coding practices in the past. However, the current code analysis highlights a concerning reliance on potentially unsafe functions and a failure to properly escape output. The presence of `unserialize` coupled with unsanitized taint flows are the most pressing issues. While the attack surface is currently minimal and there are no known CVEs, the identified code signals warrant attention to prevent future exploitation.

Key Concerns

Dangerous function unserialize used
High severity unsanitized taint flows
0% output properly escaped
No nonce checks on AJAX handlers

Vulnerabilities

None known

Plugin Name: Modify Author URL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Plugin Name: Modify Author URL Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$author_urls = unserialize($author_urls[0]);classes\authorurl.class.php:52

SQL Query Safety

100% prepared4 total queries

Output Escaping

0% escaped4 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

profile_author_url_save (classes\authorurl.class.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Plugin Name: Modify Author URL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_initauthorurl.php:15

actionshow_user_profileclasses\authorurl.class.php:14

actionedit_user_profileclasses\authorurl.class.php:15

actionedit_user_profile_updateclasses\authorurl.class.php:17

actionpersonal_options_updateclasses\authorurl.class.php:18

actionadmin_headclasses\authorurl.class.php:20

actionadmin_noticesclasses\authorurl.class.php:27

Maintenance & Trust

Plugin Name: Modify Author URL Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedFeb 23, 2011

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Plugin Name: Modify Author URL Alternatives

WP Author Slug

wp-author-slug

100

Add a layer of security and prevent your login name from being shown in the author archive's URL.

2K No CVEs

Edit Author Slug

edit-author-slug

100

Allows an admin (or capable user) to edit the author slug of a user, and change the author base.

100K No CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Admin Slug Column

admin-slug-column

100

Adds a URL path column to all admin post type edit screens. Works with posts, pages, and any custom post type including WooCommerce products.

5K No CVEs

WP Custom Author URL

wp-custom-author-url

Set a custom URL for your author name link, on a global or author-specific basis. Also redirects all author pages.

5K 1 CVE

Developer Profile

Plugin Name: Modify Author URL Developer Profile

Jared Harbour

3 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Name: Modify Author URL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wh-pl-warning

FAQ