Does Uix UserCenter have any unpatched vulnerabilities?

No. All known vulnerabilities in Uix UserCenter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Uix UserCenter compatible with WordPress 6.8.5?

According to WordPress.org data, Uix UserCenter 1.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Uix UserCenter compatible with PHP 5.6+?

Uix UserCenter requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Uix UserCenter updated?

Uix UserCenter was last updated on Apr 24, 2025. Frequent updates are generally a positive security signal.

What is Uix UserCenter's security score?

Uix UserCenter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Uix UserCenter Security & Risk Analysis

wordpress.org/plugins/uix-usercenter

Sign-in, registration and publishing system with AJAX, support remote API.

0 active installs v1.0.3 PHP 5.6+ WP 4.2+ Updated Apr 24, 2025

custom-apiloginmemberregisterusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Uix UserCenter Safe to Use in 2026?

Generally Safe

Score 100/100

Uix UserCenter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "uix-usercenter" v1.0.3 plugin exhibits a mixed security posture. On the positive side, the absence of known CVEs and a clean taint analysis suggest that common, severe vulnerabilities like code injection and SQL injection are likely absent. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and a high percentage of properly escaped output.

However, significant concerns arise from the plugin's attack surface. A notable portion of its entry points, specifically 8 out of 19, lack authentication or capability checks. This includes 6 AJAX handlers and 2 REST API routes that are exposed without proper authorization. This could allow unauthenticated users to interact with potentially sensitive functionalities or trigger unexpected behavior. While no dangerous functions were identified, and file operations are limited, the unprotected entry points present a clear avenue for attackers to probe and potentially exploit.

The plugin's vulnerability history is empty, which is a positive indicator. This suggests a good track record, or at least no publicly disclosed issues to date. Coupled with the internal code analysis showing no critical or high severity taint flows, this reinforces the notion that the plugin has likely been developed with some attention to security. Nevertheless, the unprotected entry points remain a critical weakness that requires immediate attention to harden the plugin's security.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Significant unescaped output (13%)

Vulnerabilities

None known

Uix UserCenter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Uix UserCenter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

449 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

87% escaped519 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<general-settings> (helper\tabs\general-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Uix UserCenter Attack Surface

Entry Points19

Unprotected8

AJAX Handlers 17

authwp_ajax_updateuser_actionincludes\modules\ajax-curd.php:15

noprivwp_ajax_updateuser_actionincludes\modules\ajax-curd.php:16

authwp_ajax_usersubmission_actionincludes\modules\ajax-curd.php:131

noprivwp_ajax_usersubmission_actionincludes\modules\ajax-curd.php:132

authwp_ajax_login_actionincludes\modules\ajax-login.php:15

noprivwp_ajax_login_actionincludes\modules\ajax-login.php:16

authwp_ajax_logout_actionincludes\modules\ajax-logout.php:15

noprivwp_ajax_logout_actionincludes\modules\ajax-logout.php:16

authwp_ajax_passwordreset_actionincludes\modules\ajax-password_reset.php:16

noprivwp_ajax_passwordreset_actionincludes\modules\ajax-password_reset.php:17

noprivwp_ajax_passwordreset_verify_actionincludes\modules\ajax-password_reset.php:81

authwp_ajax_register_actionincludes\modules\ajax-register.php:16

noprivwp_ajax_register_actionincludes\modules\ajax-register.php:17

authwp_ajax_createcaptcha_actionincludes\modules\create-captcha.php:15

noprivwp_ajax_createcaptcha_actionincludes\modules\create-captcha.php:16

authwp_ajax_createnonce_actionincludes\modules\create-nonce.php:15

noprivwp_ajax_createnonce_actionincludes\modules\create-nonce.php:16

REST API Routes 2

POST/wp-json/usercenter/v1/authincludes\API\auth.php:46

POST/wp-json/usercenter/v1/(?P<cat_slug>.+)/display/(?P<display_number>\d+)/page/(?P<page_number>\d+)/rand/(?P<orderby_rand>\d+)/statistics/(?P<enable_stat>\d+)includes\API\get-list.php:26

WordPress Hooks 43

actionadmin_enqueue_scriptshelper\settings.php:22

actionadd_meta_boxesincludes\admin\uix-custom-metaboxes\init.php:85

actionsave_postincludes\admin\uix-custom-metaboxes\init.php:89

actionadmin_enqueue_scriptsincludes\admin\uix-custom-metaboxes\init.php:93

actionadmin_initincludes\admin\uix-custom-metaboxes\init.php:134

filteradmin_body_classincludes\admin\uix-custom-metaboxes\init.php:137

actionrest_api_initincludes\API\auth.php:16

actionrest_api_initincludes\API\get-list.php:15

actionafter_setup_themeincludes\modules\auto-create-pages.php:13

actionwp_loginincludes\modules\combine-js.php:13

actionwp_print_scriptsincludes\modules\combine-js.php:30

actioninitincludes\modules\global-variables.php:15

actionadmin_initincludes\post-type\instance.php:27

filterbody_classincludes\post-type\instance.php:35

filterpost_thumbnail_htmlincludes\post-type\instance.php:36

actionafter_setup_themeincludes\post-type\instance.php:37

filterfeatured_image_column_post_typesincludes\post-type\instance.php:86

actioninitincludes\post-type\post-type-init.php:11

filtermanage_edit-uix_usercenter_columnsincludes\post-type\post-type-init.php:75

actionmanage_uix_usercenter_posts_custom_columnincludes\post-type\post-type-init.php:104

filterparse_queryincludes\post-type\post-type-init.php:250

filtermanage_edit-uix_usercenter_sortable_columnsincludes\post-type\post-type-init.php:294

filterpre_post_titleincludes\post-type\post-type-init.php:309

actioninituix-usercenter.php:39

actioninituix-usercenter.php:40

actionadmin_enqueue_scriptsuix-usercenter.php:42

actionwp_enqueue_scriptsuix-usercenter.php:43

actioncurrent_screenuix-usercenter.php:44

actionadmin_inituix-usercenter.php:45

actionadmin_inituix-usercenter.php:46

actionadmin_inituix-usercenter.php:47

actionadmin_menuuix-usercenter.php:48

actioninituix-usercenter.php:51

actioninituix-usercenter.php:54

actionwp_headuix-usercenter.php:55

actionadmin_inituix-usercenter.php:56

actiongenerate_rewrite_rulesuix-usercenter.php:59

actiontemplate_redirectuix-usercenter.php:60

actionquery_varsuix-usercenter.php:61

filtershow_admin_baruix-usercenter.php:276

actionadmin_noticesuix-usercenter.php:577

actionadmin_noticesuix-usercenter.php:578

actionplugins_loadeduix-usercenter.php:1042

Maintenance & Trust

Uix UserCenter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 24, 2025

PHP min version5.6

Downloads4K

Community Trust

Rating50/100

Number of ratings2

Active installs0

Alternatives

Uix UserCenter Alternatives

Expire User Passwords

expire-user-passwords

100

Require certain users to change their passwords on a regular basis.

3K No CVEs

Prevent Concurrent Logins

prevent-concurrent-logins

Prevents users from staying logged into the same account from multiple places.

900 No CVEs

WP Frontend Profile

wp-front-end-profile

WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.

100 5 CVEs

Login to read more

Display content enclosed by the shortcode for registered users only.

30 No CVEs

Multibyte CAPTCHA login and Mail only register

user-mail-only-register

100

Multibyte CAPTCHA login form and register users with mail only.

30 No CVEs

Developer Profile

Uix UserCenter Developer Profile

UIUX Lab

6 plugins · 540 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

32 days

View full developer profile

Detection Fingerprints

How We Detect Uix UserCenter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uix-usercenter/assets/css/uix-usercenter.css/wp-content/plugins/uix-usercenter/assets/js/uix-usercenter.js

Script Paths

/wp-content/plugins/uix-usercenter/assets/js/uix-usercenter.js

Version Parameters

uix-usercenter/assets/css/uix-usercenter.css?ver=uix-usercenter/assets/js/uix-usercenter.js?ver=

HTML / DOM Fingerprints

CSS Classes

uix-usercenter-login-formuix-usercenter-register-formuix-usercenter-password-reset-form

HTML Comments

Data Attributes

data-uix-usercenter-actiondata-uix-usercenter-nonce

JS Globals

uix_usercenter_ajax_urluix_usercenter_nonces

REST Endpoints

/wp-json/uix-usercenter/v1/login/wp-json/uix-usercenter/v1/register/wp-json/uix-usercenter/v1/logout

Shortcode Output

[uix_usercenter_login][uix_usercenter_register][uix_usercenter_password_reset]

FAQ