WP-Safety

SUC – same user credentials Security & Risk Analysis

wordpress.org/plugins/same-user-credentials

It allows you to log in to two or more of your websites using the same credentials.

10 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated May 24, 2024
authenticationmultisite-usershare-loginusers-sync
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is SUC – same user credentials Safe to Use in 2026?

Generally Safe

Score 92/100

SUC – same user credentials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'same-user-credentials' plugin v1.0.0 exhibits a concerning security posture due to a significant portion of its attack surface being unprotected. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all output, the presence of 3 REST API routes without any permission callbacks represents a critical weakness. This means that any authenticated user, regardless of their role or capabilities, could potentially interact with these routes, leading to unintended actions or information disclosure. The plugin's lack of known vulnerabilities in its history is a positive sign, suggesting a generally secure development approach in the past. However, this does not negate the immediate risk posed by the unprotected entry points identified in the static analysis. The plugin also has a file operation and an external HTTP request, which, without further context on their implementation and associated checks, could also represent potential risks if not handled securely.

Key Concerns

  • REST API routes without permission callbacks
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

SUC – same user credentials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SUC – same user credentials Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
46 escaped
Nonce Checks
1
Capability Checks
2
File Operations
2
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped46 total outputs
Attack Surface
3 unprotected

SUC – same user credentials Attack Surface

Entry Points3
Unprotected3

REST API Routes 3

POST/wp-json/sucw/v1/loginincludes\sucw-api.php:18
POST/wp-json/sucw/v1/check-userincludes\sucw-api.php:23
POST/wp-json/sucw/v1/check-configurationincludes\sucw-api.php:28
WordPress Hooks 8
actionadmin_enqueue_scriptsadmin\sucw-admin.php:14
actionrest_api_initincludes\sucw-api.php:12
actionauthenticateincludes\sucw-loader.php:13
actioninitincludes\sucw-loader.php:15
filterlostpassword_urlincludes\sucw-loader.php:17
filterregister_urlincludes\sucw-loader.php:19
actionadmin_head-user-edit.phpincludes\sucw-loader.php:21
actionadmin_menuincludes\sucw-menu.php:8
Maintenance & Trust

SUC – same user credentials Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 24, 2024
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

SUC – same user credentials Alternatives

All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

A
93

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs
Limit Login Attempts

Limit Login Attempts

limit-login-attempts

B
82

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs
Two Factor

Two Factor

two-factor

A
100

Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.

100K No CVEs
WP 2FA – Two-factor authentication for WordPress

WP 2FA – Two-factor authentication for WordPress

wp-2fa

A
95

Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.

100K 9 CVEs
Developer Profile

SUC – same user credentials Developer Profile

giuliopanda

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SUC – same user credentials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/same-user-credentials/admin/style.css/wp-content/plugins/same-user-credentials/admin/script.js
Script Paths
/wp-content/plugins/same-user-credentials/admin/script.js
Version Parameters
same-user-credentials/admin/style.css?ver=same-user-credentials/admin/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sucw-optionsucw-smallsucw-grid-textfieldsucw-info-fieldsucw-alert-errorsucw-alert-success
HTML Comments
<!-- errori php --><!-- Gestisco la pagina amministrativa principale --><!-- Aggiunge gli stili e gli script necessari --><!-- Disegna la pagina è la funzione chiamata dal menu -->
Data Attributes
id="sucw_server"name="sucw_options[mode]"id="sucw_client"id="sucw_server_url"name="sucw_options[server_url]"id="sucw_private_key"+2 more
FAQ

Frequently Asked Questions about SUC – same user credentials