Does Premmerce User Roles have any unpatched vulnerabilities?

No. All known vulnerabilities in Premmerce User Roles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Premmerce User Roles compatible with WordPress 6.9.4?

According to WordPress.org data, Premmerce User Roles 1.0.14 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Premmerce User Roles compatible with PHP 5.6+?

Premmerce User Roles requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Premmerce User Roles updated?

Premmerce User Roles was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is Premmerce User Roles's security score?

Premmerce User Roles has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Premmerce User Roles Security & Risk Analysis

wordpress.org/plugins/premmerce-user-roles

This plugin has been developed for creating user roles from the WordPress admin area and assigning the arbitrary access rights to them.

700 active installs v1.0.14 PHP 5.6+ WP 4.8+ Updated Feb 19, 2026

create-custom-user-rolecustom-user-rolesuser-rolesuser-roles-managementusers-roles

A · Safe

CVEs total4

Unpatched0

Last CVEJul 28, 2025

Plugin page Download

Safety Verdict

Is Premmerce User Roles Safe to Use in 2026?

Generally Safe

Score 93/100

Premmerce User Roles has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 28, 2025Updated 1mo ago

Risk Assessment

The "premmerce-user-roles" v1.0.14 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with a single AJAX handler, and critically, this handler appears to be protected by an authentication check. The plugin also demonstrates good output escaping practices, with 86% of outputs properly escaped, and includes nonce and capability checks, which are fundamental security measures. However, the presence of two instances of the `unserialize` function is a significant concern, as it can lead to Remote Code Execution if not handled with extreme caution and sanitization, especially if data originating from user input is involved. While no critical or high severity taint flows were identified in this specific analysis, the historical vulnerability data paints a concerning picture.

Key Concerns

Uses unserialize() function
SQL queries not using prepared statements
Bundled Freemius library v1.0
4 known vulnerabilities (2 high, 2 medium)

Vulnerabilities

Premmerce User Roles Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-60193high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Premmerce User Roles <= 1.0.13 - Unauthenticated Local File Inclusion

Jul 28, 2025 Patched in 1.0.14 (213d)

CVE-2025-62883medium · 4.3Missing Authorization

Premmerce User Roles <= 1.0.13 - Missing Authorization

Jun 13, 2025 Patched in 1.0.14 (257d)

CVE-2025-64291medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premmerce User Roles <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 10, 2025 Patched in 1.0.14 (292d)

CVE-2023-41130high · 8.3Missing Authorization

Premmerce User Roles <= 1.0.12 - Missing Authorization via role management functions

Aug 24, 2023 Patched in 1.0.13 (152d)

Code Analysis

Analyzed Mar 16, 2026

Premmerce User Roles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$queryRoles = unserialize($data);src\Models\AdminModel.php:26

unserialize$roles = unserialize($data);src\Models\AdminModel.php:30

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared1 total queries

Output Escaping

86% escaped44 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

createRole (src\Admin\Admin.php:206)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Premmerce User Roles Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_getRoleCapabilitiessrc\Admin\Admin.php:75

WordPress Hooks 6

actionadmin_menusrc\Admin\Admin.php:72

actionadmin_post_premmerce_create_rolesrc\Admin\Admin.php:77

actionadmin_post_premmerce_update_rolesrc\Admin\Admin.php:78

actionadmin_post_premmerce_delete_rolesrc\Admin\Admin.php:79

actioninitsrc\UsersRolesPlugin.php:30

filterhide_account_tabsviews\admin\tabs\account.php:7

Maintenance & Trust

Premmerce User Roles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version5.6

Downloads20K

Community Trust

Rating100/100

Number of ratings2

Active installs700

Alternatives

Premmerce User Roles Alternatives

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE

User Roles and Capabilities

user-roles-and-capabilities

Manage user roles and Capabilities, create new roles and change default role.

8K 1 unpatched

Multiple Roles

multiple-roles

Allow users to have multiple roles on one site.

5K 2 CVEs

Developer Profile

Premmerce User Roles Developer Profile

Premmerce

14 plugins · 60K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

401 days

View full developer profile

Detection Fingerprints

How We Detect Premmerce User Roles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/premmerce-user-roles/admin/css/admin.css/wp-content/plugins/premmerce-user-roles/admin/js/admin.js

Script Paths

/wp-content/plugins/premmerce-user-roles/admin/js/admin.js

Version Parameters

premmerce-user-roles/admin/css/admin.css?ver=premmerce-user-roles/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

premmerce-user-rolespremmerce-user-role-listpremmerce-user-role-editpremmerce-user-roles-tabs-wrapper

Data Attributes

data-role-slugdata-role-name

JS Globals

premmerce_user_roles_admin_data

FAQ

Premmerce User Roles Security & Risk Analysis

Is Premmerce User Roles Safe to Use in 2026?

Generally Safe

Key Concerns

Premmerce User Roles Security Vulnerabilities

CVEs by Year

Severity Breakdown

Premmerce User Roles Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Premmerce User Roles Attack Surface

AJAX Handlers 1

Premmerce User Roles Maintenance & Trust

Maintenance Signals

Community Trust

Premmerce User Roles Alternatives

Advanced Access Manager – Access Governance for WordPress

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

Hide Admin Bar Based on User Roles

User Roles and Capabilities

Multiple Roles

Premmerce User Roles Developer Profile

How We Detect Premmerce User Roles

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Premmerce User Roles