WP-Safety

Support Me Security & Risk Analysis

wordpress.org/plugins/support-me

Allows you to generate expireable user accounts for support purposes.

900 active installs v1.0.6 PHP 5.3+ WP 3.5.0+ Updated Feb 1, 2024
accountsupportusers
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Support Me Safe to Use in 2026?

Generally Safe

Score 85/100

Support Me has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "support-me" plugin v1.0.6 exhibits a generally strong security posture based on the static analysis. The plugin demonstrates good security practices by implementing nonce checks and capability checks on its entry points, specifically its AJAX handler. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests, coupled with the exclusive use of prepared statements for SQL queries, significantly reduces the risk of common vulnerabilities. The high percentage of properly escaped output is also a positive indicator of secure coding.

Despite the positive aspects, there are minor areas for improvement. The static analysis did not reveal any taint flows, which is excellent, but it's important to note that taint analysis can be limited by its scope. The lack of any recorded vulnerability history is a strong positive, suggesting the plugin has a history of being well-maintained and secure. However, it's crucial to remember that past security does not guarantee future security, and ongoing vigilance is always necessary.

In conclusion, "support-me" v1.0.6 appears to be a securely developed plugin with a minimal attack surface and robust security measures in place. The absence of critical vulnerabilities in static analysis and historical data is highly reassuring. The primary recommendation would be to continue this diligent approach to security, ensuring all new code adheres to these secure coding standards.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

Support Me Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Support Me Release Timeline

v1.0.6Current
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Support Me Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
5 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

83% escaped6 total outputs
Attack Surface

Support Me Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_add_support_accountincludes\accounts\wwsm-account-management.php:33
WordPress Hooks 12
actionwwsm_delete_accountincludes\accounts\wwsm-account-management.php:35
actionwwsm_new_accountincludes\accounts\wwsm-account-panel.php:24
filterviews_usersincludes\accounts\wwsm-account-panel.php:25
actionadmin_print_styles-users.phpincludes\accounts\wwsm-account-panel.php:27
actionadmin_print_scripts-users.phpincludes\accounts\wwsm-account-panel.php:28
filteruser_has_capincludes\accounts\wwsm-account-setup.php:62
filtermap_meta_capincludes\accounts\wwsm-account-setup.php:63
filtermanage_users_columnsincludes\accounts\wwsm-account-setup.php:66
filtermanage_users_custom_columnincludes\accounts\wwsm-account-setup.php:67
filtereditable_rolesincludes\accounts\wwsm-account-setup.php:70
actionplugins_loadedincludes\wwsm-loader.php:56
actionadmin_noticessupport-me.php:39

Scheduled Events 1

wwsm_delete_account
Maintenance & Trust

Support Me Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 1, 2024
PHP min version5.3
Downloads13K

Community Trust

Rating100/100
Number of ratings5
Active installs900
Alternatives

Support Me Alternatives

Password Strength Settings for WooCommerce

Password Strength Settings for WooCommerce

wc-password-strength-settings

A
85

Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.

10K No CVEs
Disable User Login

Disable User Login

disable-user-login

A
100

Disable user accounts without deleting them. One-click enable/disable, bulk actions, force logout, and customizable disabled message.

5K 1 CVE
Resend Welcome Email

Resend Welcome Email

resend-welcome-email

A
85

Quickly send a new welcome email and password reset link for a user through the user's profile edit area.

1K 1 CVE
Temporary Access for users

Temporary Access for users

temporary-access-for-users

A
85

Plugin is use full for provide temporary access to user. Also we can disable the user to temporary based.

30 No CVEs
Fake User Detector

Fake User Detector

fake-user-detector

A
100

Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.

20 No CVEs
Developer Profile

Support Me Developer Profile

TrustedLogin

3 plugins · 31K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Support Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/support-me/assets/css/wwsm-users.css/wp-content/plugins/support-me/assets/js/wwsm-users.js
Script Paths
/wp-content/plugins/support-me/assets/js/wwsm-users.js
Version Parameters
wwsm-users-css?ver=wwsm-users-js?ver=

HTML / DOM Fingerprints

CSS Classes
add-account-panelwwsm-noticewwsm-usernameusername-resultwwsm-tokentoken-resultwwsm-expiresexpires-result+1 more
Data Attributes
data-wwsm-dismiss
JS Globals
wwsm_users_params
FAQ

Frequently Asked Questions about Support Me