Does User Activity have any unpatched vulnerabilities?

Yes — User Activity currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is User Activity compatible with WordPress 5.5.18?

According to WordPress.org data, User Activity 1.0.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is User Activity compatible with PHP 7.0+?

User Activity requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User Activity updated?

User Activity was last updated on Oct 14, 2020. Frequent updates are generally a positive security signal.

What is User Activity's security score?

User Activity has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Activity Security & Risk Analysis

wordpress.org/plugins/user-activity

List number of posts per user. You can limit the search by date, post type and user name.

100 active installs v1.0.1 PHP 7.0+ WP 5.4.2+ Updated Oct 14, 2020

adminlistusers

C · Use Caution

CVEs total1

Unpatched1

Last CVEFeb 3, 2023

Plugin page Download

Safety Verdict

Is User Activity Safe to Use in 2026?

Use With Caution

Score 64/100

User Activity has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 3, 2023Updated 5yr ago

Risk Assessment

The "user-activity" plugin v1.0.1 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and having a capability check implemented. The absence of dangerous functions, file operations, and external HTTP requests is also a strong indicator of a security-conscious design. However, concerns arise from the taint analysis, which identified two high-severity flows with unsanitized paths. This suggests potential vulnerabilities where user-supplied data could be manipulated in unintended ways. The plugin also has a history of vulnerabilities, with one unpatched medium severity CVE from February 2023, indicating a pattern of issues related to the use of less trusted sources. While the attack surface appears minimal with no directly exposed entry points in the static analysis, the identified taint flows and past vulnerability history necessitate caution.

Key Concerns

Unsanitized taint flow (High Severity)
Unpatched CVE (Medium Severity)
Unescaped output (partial)

Vulnerabilities

User Activity Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-4550medium · 5.3Use of Less Trusted Source

User Activity <= 1.0.1 - IP Address Spoofing

Feb 3, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

User Activity Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

78% escaped18 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

extra_tablenav (classes\class-bu-user-activity-table.php:257)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User Activity Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedclasses\class-bu-plugin-base.php:30

actionadmin_menuclasses\class-bu-user-activity.php:46

filterset-screen-optionclasses\class-bu-user-activity.php:66

actionadmin_enqueue_scriptsclasses\class-bu-user-activity.php:67

Maintenance & Trust

User Activity Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedOct 14, 2020

PHP min version7.0

Downloads6K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

User Activity Alternatives

Emu2 – Email Users 2

emu2-email-users-2

Send email to users, manually or on schedule (digest of newest posts). Users can send emails to each other. Export function included. STILL BETA!!!

80 1 unpatched

List-all-authors

list-all-authors

Das Plugin ermoeglicht die Auflistung aller Authoren, auch solcher, die noch keine Artikel geschrieben haben. The plugin lets you lists all authors, even those without posts.

10 No CVEs

WP Mechanic

wp-mechanic

WP Mechanic is a combination of WordPress and Android Playstore Applications. Experience a set of hybrid software applications.

10 No CVEs

View Admin As

view-admin-as

View the WordPress admin as a different role or visitor, switch between users, temporarily change your capabilities, set screen settings for roles.

9K No CVEs

Product Customer List for WooCommerce

wc-product-customer-list

Display a list of customers who bought a specific product at the bottom of the product edit page in WooCommerce and send them e-mails.

9K No CVEs

Developer Profile

User Activity Developer Profile

windyjonas

3 plugins · 130 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Activity

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-activity/js/user-activity.js

Script Paths