WP-Safety

Ultimate Member – Online Users Security & Risk Analysis

wordpress.org/plugins/um-online

This Ultimate Member extension will allow you to display online users anywhere with a shortcode.

3K active installs v2.2.2 PHP 5.6+ WP 5.5+ Updated Nov 15, 2024
communitymembermembershipuser-profile
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Member – Online Users Safe to Use in 2026?

Generally Safe

Score 92/100

Ultimate Member – Online Users has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'um-online' v2.2.2 plugin presents a generally positive security posture, with no recorded vulnerabilities or critical code signals indicating immediate threats. The static analysis shows a small attack surface, with only one shortcode identified as an entry point, and importantly, no unprotected entry points were found. The plugin also demonstrates good practices regarding SQL queries, using prepared statements for all of them, and a high percentage of output escaping. However, the complete absence of nonce checks and capability checks across all entry points is a significant concern. While no direct taint flows or dangerous functions were identified in this specific analysis, the lack of these fundamental WordPress security mechanisms leaves the plugin vulnerable to CSRF attacks and potential privilege escalation if any sensitive operations are performed through its entry points. The lack of vulnerability history suggests a stable past, but this cannot compensate for the identified weaknesses in its current implementation.

Key Concerns

  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Moderate output escaping (77%)
Vulnerabilities
None known

Ultimate Member – Online Users Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ultimate Member – Online Users Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
11
37 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

77% escaped48 total outputs
Attack Surface

Ultimate Member – Online Users Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ultimatemember_online] includes\core\class-online-shortcode.php:18
WordPress Hooks 34
actioninitincludes\core\class-online-common.php:18
actionwp_enqueue_scriptsincludes\core\class-online-common.php:20
actionum_after_profile_name_inlineincludes\core\class-online-common.php:22
filterum_predefined_fields_hookincludes\core\class-online-common.php:24
filterum_account_tab_privacy_fieldsincludes\core\class-online-common.php:25
filterum_profile_field_filter_hook__online_statusincludes\core\class-online-common.php:26
actionum_messaging_conversation_list_nameincludes\core\class-online-common.php:28
actionum_messaging_conversation_list_name_jsincludes\core\class-online-common.php:29
filterum_messaging_conversation_json_dataincludes\core\class-online-common.php:30
actionum_delete_userincludes\core\class-online-common.php:32
actionclear_auth_cookieincludes\core\class-online-common.php:34
filterum_rest_api_get_statsincludes\core\class-online-common.php:36
filterum_friends_online_usersincludes\core\class-online-common.php:39
filterum_settings_structureincludes\core\class-online-common.php:41
filterum_override_templates_get_template_path__um-onlineincludes\core\class-online-common.php:43
filterum_override_templates_scan_filesincludes\core\class-online-common.php:44
actionum_pre_directory_shortcodeincludes\core\class-online-member-directory.php:21
filterum_admin_extend_directory_options_profileincludes\core\class-online-member-directory.php:22
filterum_members_directory_filter_fieldsincludes\core\class-online-member-directory.php:24
filterum_members_directory_filter_typesincludes\core\class-online-member-directory.php:25
filterum_search_fieldsincludes\core\class-online-member-directory.php:26
filterum_query_args_online_status__filterincludes\core\class-online-member-directory.php:28
filterum_query_args_online_status__filter_metaincludes\core\class-online-member-directory.php:31
filterum_ajax_get_members_dataincludes\core\class-online-member-directory.php:33
actionum_members_in_profile_photo_tmplincludes\core\class-online-member-directory.php:35
actionum_members_list_in_profile_photo_tmplincludes\core\class-online-member-directory.php:36
filterum_call_object_Onlineincludes\core\um-online-init.php:43
actionwidgets_initincludes\core\um-online-init.php:55
actionplugins_loadedincludes\core\um-online-init.php:173
actionplugins_loadedum-online.php:45
actionadmin_noticesum-online.php:61
actionadmin_noticesum-online.php:78
actionadmin_noticesum-online.php:86
actionplugins_loadedum-online.php:93
Maintenance & Trust

Ultimate Member – Online Users Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 15, 2024
PHP min version5.6
Downloads99K

Community Trust

Rating80/100
Number of ratings1
Active installs3K
Alternatives

Ultimate Member – Online Users Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B
76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 68 CVEs
Ultimate Member – reCAPTCHA

Ultimate Member – reCAPTCHA

um-recaptcha

A
92

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs
WP User Manager – User Profile Builder & Membership

WP User Manager – User Profile Builder & Membership

wp-user-manager

A
89

The most customizable profiles & community builder WordPress plugin with front-end login, registration, profile customization and content restriction.

10K 7 CVEs
ProfileGrid – User Profiles, Groups and Communities

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

B
76

Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, …

6K 48 CVEs
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

D
47

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
Developer Profile

Ultimate Member – Online Users Developer Profile

Mykyta Synelnikov

5 plugins · 29K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Member – Online Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/um-online/assets/css/um-online.css/wp-content/plugins/um-online/assets/js/um-online.js
Script Paths
/wp-content/plugins/um-online/assets/js/um-online.js
Version Parameters
um-online/assets/css/um-online.css?ver=um-online/assets/js/um-online.js?ver=

HTML / DOM Fingerprints

CSS Classes
um-online-status
Data Attributes
data-um-online-status
JS Globals
UM.Online
REST Endpoints
/wp-json/um-online/v1/user_status
FAQ

Frequently Asked Questions about Ultimate Member – Online Users