WP-Safety

PeproDev Ultimate Profile Solutions Security & Risk Analysis

wordpress.org/plugins/peprodev-ups

The Ultimate WordPress Profile Builder & User Management Plugin

70 active installs v8.0.4 PHP 7.2+ WP 5.0+ Updated May 31, 2025
dashboardlogin-registrationprofile
92
A · Safe
CVEs total3
Unpatched0
Last CVEMay 6, 2025
Plugin page Download
Safety Verdict

Is PeproDev Ultimate Profile Solutions Safe to Use in 2026?

Generally Safe

Score 92/100

PeproDev Ultimate Profile Solutions has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: May 6, 2025Updated 10mo ago
Risk Assessment

The "peprodev-ups" plugin v8.0.4 presents a mixed security posture. On the positive side, it exhibits strong adherence to WordPress security best practices by having no unprotected entry points (AJAX handlers, REST API routes) and implementing a good percentage of prepared statements for SQL queries. The presence of numerous capability checks further suggests an effort to enforce authorization. However, significant concerns arise from the taint analysis, which reveals six high-severity flows with unsanitized paths. This indicates potential for vulnerabilities related to data handling and processing where user-supplied input is not adequately cleaned before being used in sensitive operations, even though the static analysis reported no "dangerous functions." The plugin's vulnerability history is also a notable red flag, with three past CVEs, including one critical and one high severity, even though none are currently unpatched. The common vulnerability types, Authentication Bypass and Improper Authorization, are particularly worrying and align with the concerns raised by the taint analysis, suggesting recurring weaknesses in how the plugin handles access control and user input.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Vulnerability history: 1 critical CVE
  • Vulnerability history: 1 high CVE
  • Bundled outdated library: TinyMCE v1.0.0
  • Output escaping: 64% properly escaped
Vulnerabilities
3

PeproDev Ultimate Profile Solutions Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
1

3 total CVEs

CVE-2025-3844critical · 9.8Authentication Bypass Using an Alternate Path or Channel

PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover

May 6, 2025 Patched in 8.0.0 (183d)
CVE-2025-3924medium · 5.3Improper Authorization

PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration

May 6, 2025 Patched in 8.0.0 (183d)
CVE-2025-3921high · 8.2Improper Authorization

PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

May 6, 2025 Patched in 8.0.0 (183d)
Code Analysis
Analyzed Mar 16, 2026

PeproDev Ultimate Profile Solutions Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
46 prepared
Unescaped Output
307
537 escaped
Nonce Checks
3
Capability Checks
32
File Operations
3
External Requests
10
Bundled Libraries
2

Bundled Libraries

Select2TinyMCE1.0.0

SQL Query Safety

77% prepared60 total queries

Output Escaping

64% escaped844 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
user_register (login\login.php:4334)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PeproDev Ultimate Profile Solutions Attack Surface

Entry Points25
Unprotected0

AJAX Handlers 2

authwp_ajax_pepro_regloginlogin\login.php:248
noprivwp_ajax_pepro_regloginlogin\login.php:249

Shortcodes 23

[pepro-login] login\login.php:235
[pepro-login-form] login\login.php:236
[pepro-login-popup] login\login.php:237
[logout-url] login\login.php:238
[verified-mobile] login\login.php:239
[verified-email] login\login.php:240
[current_url] login\login.php:241
[loggedin] login\login.php:242
[guest] login\login.php:243
[loggedout] login\login.php:244
[pepro-smart-btn] login\login.php:245
[pepro-sms-subscription] login\login.php:246
[pepro-profile] profile\profile.php:376
[user] profile\profile.php:377
[pepro-profile-url] profile\profile.php:378
[profile-card-1] profile\profile.php:379
[profile-card-2] profile\profile.php:380
[profile-card-3] profile\profile.php:381
[profile-card-4] profile\profile.php:382
[profile-wc-stats] profile\profile.php:383
[profile-wc-orders] profile\profile.php:384
[profile-wc-downloads] profile\profile.php:385
[profile-ld-enrolled] profile\profile.php:389
WordPress Hooks 132
actionwp_headcore\main.php:46
filterwp_robotscore\main.php:51
filterwpseo_robotscore\main.php:59
actioninitcore\main.php:67
actionadmin_noticescore\main.php:68
actionpeprocore_before_dashboard_callcore\main.php:102
actionpeprocore_after_dashboard_callcore\main.php:103
actionadmin_menucore\main.php:104
actionadmin_initcore\main.php:105
actionadmin_enqueue_scriptscore\main.php:106
actionadmin_print_footer_scriptscore\main.php:107
filterpeprocore_dashboard_nav_menuitemscore\main.php:124
filteradmin_footer_textcore\main.php:182
filterupdate_footercore\main.php:185
filteradmin_body_classcore\main.php:272
actionwp_before_admin_bar_renderlogin\include\class-login-permalink.php:27
actionadmin_initlogin\include\class-login-permalink.php:30
actionplugins_loadedlogin\include\class-login-permalink.php:31
actionadmin_noticeslogin\include\class-login-permalink.php:32
actionnetwork_admin_noticeslogin\include\class-login-permalink.php:33
actionwp_loadedlogin\include\class-login-permalink.php:34
actionsetup_themelogin\include\class-login-permalink.php:35
filtersite_urllogin\include\class-login-permalink.php:37
filternetwork_site_urllogin\include\class-login-permalink.php:38
filterwp_redirectlogin\include\class-login-permalink.php:39
filtersite_option_welcome_emaillogin\include\class-login-permalink.php:40
actiontemplate_redirectlogin\include\class-login-permalink.php:44
filterlogin_urllogin\include\class-login-permalink.php:45
filteruser_request_action_email_contentlogin\include\class-login-permalink.php:46
filtersite_status_testslogin\include\class-login-permalink.php:47
filtermanage_sites_action_linkslogin\include\class-login-permalink.php:48
actionplugins_loadedlogin\include\class-login-permalink.php:603
filterpepro_reglogin_sms_verification_gatewayslogin\include\class-sms-faraz.php:39
filterpepro_reglogin_save_text_fieldslogin\include\class-sms-faraz.php:40
filterpepro_reglogin_save_raw_fieldslogin\include\class-sms-faraz.php:41
filterpepro_reglogin_sms_verification_gatewayslogin\include\class-sms-green.php:30
filterpepro_reglogin_save_text_fieldslogin\include\class-sms-green.php:31
filterpepro_reglogin_save_raw_fieldslogin\include\class-sms-green.php:32
filterpepro_reglogin_sms_verification_gatewayslogin\include\class-sms-ir.php:35
filterpepro_reglogin_sms_verification_gatewayslogin\include\class-sms-kavenegar.php:29
filterpepro_reglogin_save_text_fieldslogin\include\class-sms-kavenegar.php:30
filterpepro_reglogin_save_raw_fieldslogin\include\class-sms-kavenegar.php:31
filterpepro_reglogin_get_register_fieldslogin\login.php:209
actionpepro_reglogin_show_hide_defaul_registeration_fieldslogin\login.php:210
actionauth_cookie_expirationlogin\login.php:211
actioninitlogin\login.php:214
actionregister_formlogin\login.php:215
actionuser_new_formlogin\login.php:216
actionmanage_users_extra_tablenavlogin\login.php:217
actionuser_registerlogin\login.php:218
actionedit_user_created_userlogin\login.php:219
actionshow_user_profilelogin\login.php:220
actionedit_user_profilelogin\login.php:221
actionpersonal_options_updatelogin\login.php:222
actionedit_user_profile_updatelogin\login.php:223
actionregistration_errorslogin\login.php:224
actionuser_profile_update_errorslogin\login.php:225
actionmanage_users_columnslogin\login.php:226
actionmanage_users_custom_columnlogin\login.php:227
actionadmin_enqueue_scriptslogin\login.php:228
actionlogin_form_registerlogin\login.php:229
actionlogin_form_logoutlogin\login.php:230
actionwoocommerce_checkout_update_user_metalogin\login.php:231
actionwoocommerce_after_checkout_validationlogin\login.php:232
filterpeprofile_shortcodeslogin\login.php:233
filterteeny_mce_pluginslogin\login.php:234
actionadmin_initlogin\login.php:461
filterpeprocore_dashboard_nav_menuitemslogin\login.php:4714
actionpeprocore_handle_ajaxrequestslogin\login.php:4725
actionlogin_enqueue_scriptslogin\login.php:4726
filterlogin_headertextlogin\login.php:4727
filterlogin_headerurllogin\login.php:4728
filterlogin_link_separatorlogin\login.php:4729
actionlogin_headlogin\login.php:4730
actionlogin_footerlogin\login.php:4731
filterall_pluginslogin\login.php:4946
actionpre_current_active_pluginslogin\login.php:4950
actionlogin_footerlogin\login.php:4983
actioninitpeprodev-ups.php:57
filterload_textdomain_mofilepeprodev-ups.php:62
actioninitpeprodev-ups.php:69
actionadmin_initpeprodev-ups.php:70
actionplugin_row_metapeprodev-ups.php:87
filterplugin_action_linkspeprodev-ups.php:88
actionbefore_woocommerce_initpeprodev-ups.php:90
filterrocket_cache_reject_uripeprodev-ups.php:91
filterrocket_cache_reject_uripeprodev-ups.php:95
actionplugins_loadedpeprodev-ups.php:526
actioninitprofile\profile.php:71
actionadmin_initprofile\profile.php:103
filtershow_admin_barprofile\profile.php:138
actionpeprodev/profile/helper/add_private_notificationprofile\profile.php:141
actioninitprofile\profile.php:145
actiontemplate_redirectprofile\profile.php:146
actiontemplate_redirectprofile\profile.php:147
actionadmin_bar_menuprofile\profile.php:148
filterget_avatar_urlprofile\profile.php:149
actionlearndash_update_course_accessprofile\profile.php:152
actionlearndash_focus_header_logo_urlprofile\profile.php:154
actionlearndash_focus_header_elementprofile\profile.php:157
filterwoodmart_get_header_linksprofile\profile.php:281
filterwoocommerce_get_myaccount_page_permalinkprofile\profile.php:287
filterwoocommerce_get_endpoint_urlprofile\profile.php:290
filterpeprocore_peprocoreprofile_dashboard_nav_menuitemsprofile\profile.php:300
filterbody_classprofile\profile.php:350
actionwoocommerce_order_status_completedprofile\profile.php:362
actionlearndash-lesson-row-title-beforeprofile\profile.php:363
filterlearndash_status_iconprofile\profile.php:364
filterlearndash-course-row-classprofile\profile.php:365
filterpeprocore_dashboard_nav_menuitemsprofile\profile.php:368
actionpeprocore_handle_ajaxrequestsprofile\profile.php:372
actiondelete_userprofile\profile.php:373
filterpeprofile_shortcodesprofile\profile.php:386
filtermedia_buttonsprofile\profile.php:387
filterpeprofile_dashboard_slugsprofile\profile.php:391
filterdisplay_post_statesprofile\profile.php:392
filterpeprofile_get_nav_itemsprofile\profile.php:393
filterpeprofile_get_nav_itemsprofile\profile.php:394
actionpeprofile_get_template_part_nav-barprofile\profile.php:395
actionwoocommerce_available_downloadsprofile\profile.php:550
actionvc_before_initprofile\profile.php:553
actionadmin_initprofile\profile.php:559
actionafter_setup_themeprofile\profile.php:566
filtershow_admin_barprofile\profile.php:569
filterwoocommerce_my_account_my_orders_queryprofile\profile.php:1295
filterupload_dirprofile\profile.php:1639
filtersanitize_file_nameprofile\profile.php:1640
filterpeprocore_dashboard_localizeprofile\profile.php:2569
filteradmin_footer_textprofile\profile.php:3406
filterupdate_footerprofile\profile.php:3413
filterall_pluginsprofile\profile.php:3422
actionpre_current_active_pluginsprofile\profile.php:3431
Maintenance & Trust

PeproDev Ultimate Profile Solutions Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 31, 2025
PHP min version7.2
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs70
Alternatives

PeproDev Ultimate Profile Solutions Alternatives

Frontend Dashboard

Frontend Dashboard

frontend-dashboard

A
87

Frontend Dashboard is bundled with huge list of custom features which can easily customise the User profile, Posts, Login, Register, Custom roles.

600 8 CVEs
Profile & Dashboard fields [Modify/Disable/Remove]

Profile & Dashboard fields [Modify/Disable/Remove]

modify-profile-fields-dashboard-menu-buttons

A
92

[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ] Prevent users from modifying specific Profile & Dashboard fields.

300 1 CVE
IWG Hide Dashboard

IWG Hide Dashboard

iwg-hide-dashboard

A
85

"Hide Dashboard" hides the dashboard for all users with the capability "hide_dashboard".

90 No CVEs
Material Dashboard

Material Dashboard

material-dashboard

A
88

Professional material dashboard for WordPress!

70 4 CVEs
f(x) Profile Dashboard Widget

f(x) Profile Dashboard Widget

fx-profile-dashboard-widget

A
85

Admin dashboard widget to edit profile.

20 No CVEs
Developer Profile

PeproDev Ultimate Profile Solutions Developer Profile

Pepro Dev. Group

6 plugins · 8K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect PeproDev Ultimate Profile Solutions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/peprodev-ups/core/assets/css/select2.min.css/wp-content/plugins/peprodev-ups/core/assets/css/style.css/wp-content/plugins/peprodev-ups/core/assets/js/select2.min.js/wp-content/plugins/peprodev-ups/core/assets/js/upload.js/wp-content/plugins/peprodev-ups/core/assets/js/vendors.js/wp-content/plugins/peprodev-ups/core/assets/js/vendor-datatable.js/wp-content/plugins/peprodev-ups/core/assets/js/ckeditor/ckeditor.js/wp-content/plugins/peprodev-ups/core/assets/js/admin.js+4 more
Script Paths
/wp-content/plugins/peprodev-ups/core/assets/js/select2.min.js/wp-content/plugins/peprodev-ups/core/assets/js/upload.js/wp-content/plugins/peprodev-ups/core/assets/js/vendors.js/wp-content/plugins/peprodev-ups/core/assets/js/vendor-datatable.js/wp-content/plugins/peprodev-ups/core/assets/js/ckeditor/ckeditor.js/wp-content/plugins/peprodev-ups/core/assets/js/admin.js+2 more
Version Parameters
/wp-content/plugins/peprodev-ups/core/assets/css/select2.min.css?ver=/wp-content/plugins/peprodev-ups/core/assets/css/style.css?ver=/wp-content/plugins/peprodev-ups/core/assets/js/select2.min.js?ver=/wp-content/plugins/peprodev-ups/core/assets/js/upload.js?ver=/wp-content/plugins/peprodev-ups/core/assets/js/vendors.js?ver=/wp-content/plugins/peprodev-ups/core/assets/js/vendor-datatable.js?ver=/wp-content/plugins/peprodev-ups/core/assets/js/ckeditor/ckeditor.js?ver=/wp-content/plugins/peprodev-ups/core/assets/js/admin.js?ver=/wp-content/plugins/peprodev-ups/profile/assets/css/profile.css?ver=/wp-content/plugins/peprodev-ups/profile/assets/js/profile.js?ver=/wp-content/plugins/peprodev-ups/login/assets/css/login.css?ver=/wp-content/plugins/peprodev-ups/login/assets/js/login.js?ver=

HTML / DOM Fingerprints

CSS Classes
peprodev-ups-profile-wrapperpeprodev-ups-login-formpeprodev-ups-register-formpeprodev-ups-dashboard-widget
HTML Comments
<!-- PeproDev Ultimate Profile Solutions :: Unauthorized Access! -->
Data Attributes
data-peprodevups-profile-pagedata-peprodevups-login-pagedata-peprodevups-register-page
JS Globals
peprodev_ups_ajax_objectpeprodev_ups_paramsPEPRODEVUPSPEPRODEVUPS_ASSETS_URL
REST Endpoints
/wp-json/peprodev-ups/v1/profile/wp-json/peprodev-ups/v1/login/wp-json/peprodev-ups/v1/register
Shortcode Output
[peprodev_profile][peprodev_login][peprodev_register][peprodev_dashboard]
FAQ

Frequently Asked Questions about PeproDev Ultimate Profile Solutions