Does Simple User Listing have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple User Listing have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple User Listing compatible with WordPress 6.7.0?

According to WordPress.org data, Simple User Listing 2.0.4 has been tested up to WordPress 6.7.0. Check the plugin's changelog for the latest compatibility information.

How often is Simple User Listing updated?

Simple User Listing was last updated on Feb 21, 2025. Frequent updates are generally a positive security signal.

What is Simple User Listing's security score?

Simple User Listing has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple User Listing Security & Risk Analysis

wordpress.org/plugins/simple-user-listing

A shortcode for displaying paginated lists of users.

900 active installs v2.0.4 PHP + WP 6.1.0+ Updated Feb 21, 2025

authorsdirectoryusers

A · Safe

CVEs total1

Unpatched0

Last CVEOct 25, 2023

Plugin page Download

Safety Verdict

Is Simple User Listing Safe to Use in 2026?

Generally Safe

Score 92/100

Simple User Listing has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 25, 2023Updated 1yr ago

Risk Assessment

The security posture of the 'simple-user-listing' plugin v2.0.4 appears to be generally good, with a limited attack surface and strong practices in output escaping and the use of prepared statements for SQL queries. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its positive security profile. Taint analysis also revealed no critical or high severity issues.

However, there are areas for improvement. The plugin lacks nonce checks on any of its entry points, which is a significant oversight for a WordPress plugin. While there are no currently unpatched vulnerabilities, the history includes one medium severity Cross-Site Scripting (XSS) vulnerability discovered relatively recently. This suggests that while past issues have been addressed, the potential for input validation and sanitization weaknesses exists.

In conclusion, 'simple-user-listing' v2.0.4 demonstrates several good security practices, particularly in code execution and data handling. The primary concerns are the complete absence of nonce checks and the historical presence of an XSS vulnerability. These factors necessitate careful consideration, although the overall risk is likely moderate due to the limited attack surface and good handling of SQL and output.

Key Concerns

Missing nonce checks on entry points
Past medium XSS vulnerability

Vulnerabilities

Simple User Listing Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-32298medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple User Listing <= 1.9.2 - Reflected Cross-Site Scripting via as

Oct 25, 2023 Patched in 1.9.3 (90d)

Code Analysis

Analyzed Mar 16, 2026

Simple User Listing Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

86% escaped21 total outputs

Attack Surface

Simple User Listing Attack Surface

Entry Points2

Unprotected0

REST API Routes 1

GET/wp-json/simple-user-listing/v1/user-rolessimple-user-listing.php:200

Shortcodes 1

[userlist] simple-user-listing.php:112

WordPress Hooks 29

filterbody_classincludes\simple-user-listing-template-hooks.php:12

actionsimple_user_listing_before_loopincludes\simple-user-listing-template-hooks.php:14

actionsimple_user_listing_before_loopincludes\simple-user-listing-template-hooks.php:15

actionsimple_user_listing_loopincludes\simple-user-listing-template-hooks.php:16

actionsimple_user_listing_after_loopincludes\simple-user-listing-template-hooks.php:17

actionsimple_user_listing_after_loopincludes\simple-user-listing-template-hooks.php:18

actionsul_before_user_loop_authorincludes\simple-user-listing-template-hooks.php:20

actionsul_before_user_loop_author_titleincludes\simple-user-listing-template-hooks.php:21

actionsul_user_loop_author_titleincludes\simple-user-listing-template-hooks.php:22

actionsul_user_loop_author_titleincludes\simple-user-listing-template-hooks.php:23

actionsul_after_user_loop_authorincludes\simple-user-listing-template-hooks.php:24

actionsul_after_user_loop_authorincludes\simple-user-listing-template-hooks.php:25

actionafter_setup_themesimple-user-listing.php:103

actioninitsimple-user-listing.php:105

actioninitsimple-user-listing.php:106

filterrest_user_collection_paramssimple-user-listing.php:108

filterrest_user_querysimple-user-listing.php:109

actionrest_api_initsimple-user-listing.php:110

filterquery_varssimple-user-listing.php:114

actionprofile_updatesimple-user-listing.php:116

actionuser_registersimple-user-listing.php:117

actiondelete_usersimple-user-listing.php:118

actionsave_postsimple-user-listing.php:119

filterplugin_row_metasimple-user-listing.php:122

actionsul_before_user_loop_authorsimple-user-listing.php:641

actionsul_before_user_loop_author_titlesimple-user-listing.php:642

actionsul_user_loop_author_titlesimple-user-listing.php:643

actionsul_after_user_loop_authorsimple-user-listing.php:644

actionsul_after_user_loop_authorsimple-user-listing.php:645

Maintenance & Trust

Simple User Listing Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0

Last updatedFeb 21, 2025

PHP min version

Downloads48K

Community Trust

Rating100/100

Number of ratings17

Active installs900

Alternatives

Simple User Listing Alternatives

Co-Authors Plus

co-authors-plus

Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.

20K 1 CVE

AyeCode Connect

ayecode-connect

Use this service plugin to easily activate any of our products, open a support ticket and view documentation all from your wp-admin!

10K 1 CVE

Starbox – the Author Box for Humans

starbox

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K 6 CVEs

BP Profile Search

bp-profile-search

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs

Smart User Slug Hider

smart-user-slug-hider

Hide usernames in Author Pages URLs to enhance Security

3K No CVEs

Developer Profile

Simple User Listing Developer Profile

HelgaTheViking

6 plugins · 99K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

657 days

View full developer profile

Detection Fingerprints

How We Detect Simple User Listing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-user-listing/assets/css/simple-user-listing.css/wp-content/plugins/simple-user-listing/assets/js/simple-user-listing.js/wp-content/plugins/simple-user-listing/dist/directory/style-index.css/wp-content/plugins/simple-user-listing/dist/directory/index.js

Script Paths

/wp-content/plugins/simple-user-listing/assets/js/simple-user-listing.js/wp-content/plugins/simple-user-listing/dist/directory/index.js

Version Parameters

simple-user-listing/assets/css/simple-user-listing.css?ver=simple-user-listing/assets/js/simple-user-listing.js?ver=simple-user-listing/dist/directory/style-index.css?ver=simple-user-listing/dist/directory/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

simple-user-listingsul-users-listsul-user-profile

HTML Comments

Data Attributes

data-simple-user-listingdata-sul-query-iddata-sul-roledata-sul-number

JS Globals

simpleUserListing

REST Endpoints

/wp-json/simple-user-listing/v1/user-roles

Shortcode Output

<div class="simple-user-listing"><ul class="sul-users-list"><li class="sul-user-profile">

FAQ