User Admin Simplifier Security & Risk Analysis

wordpress.org/plugins/user-admin-simplifier

Lets any Administrator simplify the WordPress Admin interface, on a per-user basis, by turning specific menu/submenu sections off.

10K active installs v1.0.0 PHP + WP 3.0.1+ Updated Mar 15, 2020
admin-simplify-menus-submenus
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEJun 18, 2026
Safety Verdict

Is User Admin Simplifier Safe to Use in 2026?

Mostly Safe

Score 84/100

User Admin Simplifier is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVELast CVE: Jun 18, 2026Updated 6yr ago
Risk Assessment

The "user-admin-simplifier" v1.0.0 plugin exhibits a generally positive security posture with a clean vulnerability history. The static analysis reveals no known critical vulnerabilities such as dangerous functions, direct SQL queries, or external HTTP requests. Furthermore, the absence of known CVEs and a lack of recorded past vulnerabilities suggest a well-maintained and secure codebase. However, there are areas of concern that warrant attention. The taint analysis shows two flows with unsanitized paths, which, while not currently classified as critical or high severity, represent potential avenues for future exploitation if they interact with user-controlled input and sensitive operations. The low percentage of properly escaped output (58%) is also a significant weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. The lack of nonce checks, capability checks, and authentication checks on all identified entry points, though currently zero, means any future introduction of such points could be immediately vulnerable.

Key Concerns

  • Taint flows with unsanitized paths
  • Low percentage of properly escaped output
  • No nonce checks
  • No capability checks
Vulnerabilities
1 published

User Admin Simplifier Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-11775medium · 4.3Cross-Site Request Forgery (CSRF)

User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery

Jun 18, 2026 Patched in 3.0.1 (1d)
Version History

User Admin Simplifier Release Timeline

v1.0.11 CVE
v1.0.0Current1 CVE
v0.7.11 CVE
v0.7.01 CVE
v0.6.51 CVE
v0.6.41 CVE
v0.6.31 CVE
v0.6.21 CVE
v0.6.11 CVE
v0.61 CVE
v0.5.41 CVE
v0.5.31 CVE
v0.5.21 CVE
v0.5.11 CVE
v0.51 CVE
v0.4.21 CVE
v0.3.11 CVE
v0.31 CVE
Code Analysis
Analyzed Mar 16, 2026

User Admin Simplifier Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
14 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

58% escaped24 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
useradminsimplifier_options_page (useradminsimplifier.php:179)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

User Admin Simplifier Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actioninituseradminsimplifier.php:12
actionadmin_menuuseradminsimplifier.php:20
actionadmin_headuseradminsimplifier.php:21
actionadmin_headuseradminsimplifier.php:22
actionadmin_headuseradminsimplifier.php:23
filterplugin_action_linksuseradminsimplifier.php:24
actionadmin_bar_menuuseradminsimplifier.php:25
actionadmin_headuseradminsimplifier.php:35
filtershow_admin_baruseradminsimplifier.php:38
Maintenance & Trust

User Admin Simplifier Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMar 15, 2020
PHP min version
Downloads72K

Community Trust

Rating100/100
Number of ratings31
Active installs10K
Alternatives

User Admin Simplifier Alternatives

No alternatives data available yet.

Developer Profile

User Admin Simplifier Developer Profile

Adam Silverstein

8 plugins · 12K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect User Admin Simplifier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-admin-simplifier/uas-admin.css/wp-content/plugins/user-admin-simplifier/uas-admin.js

HTML / DOM Fingerprints

CSS Classes
uas_containeruas_options_form
Data Attributes
id="uas_options_form"id="chooseauser"id="uas_user_select"name="uas_user_select"id="choosemenus"
JS Globals
uas_get_admin_optionsuas_save_admin_optionsuas_clean_menu_name
FAQ

Frequently Asked Questions about User Admin Simplifier