Does User Blocker have any unpatched vulnerabilities?

No. All known vulnerabilities in User Blocker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User Blocker compatible with WordPress 6.6.5?

According to WordPress.org data, User Blocker 2.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is User Blocker updated?

User Blocker was last updated on Aug 9, 2024. Frequent updates are generally a positive security signal.

What is User Blocker's security score?

User Blocker has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Blocker Security & Risk Analysis

wordpress.org/plugins/user-blocker

To block users from admin side except admin users for specific day,time, and date or permanently.

3K active installs v2.2 PHP + WP 5.4+ Updated Aug 9, 2024

block-userdeactivate-usersdeny-userdisable-usersrestrict-user

A · Safe

CVEs total1

Unpatched0

Last CVENov 9, 2022

Plugin page Download

Safety Verdict

Is User Blocker Safe to Use in 2026?

Generally Safe

Score 92/100

User Blocker has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 9, 2022Updated 1yr ago

Risk Assessment

The "user-blocker" v2.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of critical or high-severity taint flows is also encouraging. However, significant concerns arise from the presence of an unprotected AJAX handler, which represents a direct entry point into the application without proper authentication or authorization checks. The plugin's history includes a medium-severity 'Injection' vulnerability, indicating past weaknesses in handling user-supplied data, even though it is currently patched. This, combined with the unprotected AJAX handler, suggests a potential for attackers to exploit these weaknesses if not addressed.

Key Concerns

Unprotected AJAX handler
Past medium severity injection vulnerability
Lack of capability checks on entry points

Vulnerabilities

User Blocker Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-45078medium · 5.9Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection

Nov 9, 2022 Patched in 1.5.6 (440d)

Code Analysis

Analyzed Mar 16, 2026

User Blocker Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

1464 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

97% escaped1516 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

ublk_block_user_page (includes\user-blocker-block-users.php:21)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

User Blocker Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_close_tabuser_blocker.php:55

authwp_ajax_ublk_submit_optinuser_blocker.php:969

WordPress Hooks 27

filterpre_user_queryincludes\user-blocker-blocked-users-list.php:155

actionadmin_initincludes\user-blocker-blocked-users-list.php:494

filterpre_user_queryincludes\user-blocker-blocked-users-list.php:618

filterpre_user_queryincludes\user-blocker-blocked-users-list.php:1360

filterpre_user_queryincludes\user-blocker-blocked-users-list.php:2284

actionwp_dashboard_setupincludes\user-blocker-common-functions.php:16

filteradmin_footer_textincludes\user-blocker-common-functions.php:103

actiondelete_userincludes\user-blocker-common-functions.php:992

actionuser_registerincludes\user-blocker-common-functions.php:993

actionedit_user_profile_updateincludes\user-blocker-common-functions.php:994

actionplugins_loadedincludes\user-blocker-promo-notice.php:10

actionadmin_noticesincludes\user-blocker-promo-notice.php:25

actionadmin_menuuser_blocker.php:43

actionplugins_loadeduser_blocker.php:44

actioncurrent_screenuser_blocker.php:45

actionadmin_enqueue_scriptsuser_blocker.php:46

actionplugins_loadeduser_blocker.php:47

filterset-screen-optionuser_blocker.php:49

actioninituser_blocker.php:53

actionadmin_headuser_blocker.php:54

filterlogin_errorsuser_blocker.php:235

filterlogin_errorsuser_blocker.php:285

filterauthenticateuser_blocker.php:293

actionuser_registeruser_blocker.php:418

filterwpmem_login_failed_sbuser_blocker.php:903

filterwpmem_login_faileduser_blocker.php:938

actionactivated_pluginuser_blocker.php:1132

Maintenance & Trust

User Blocker Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 9, 2024

PHP min version

Downloads81K

Community Trust

Rating82/100

Number of ratings82

Active installs3K

Alternatives

User Blocker Alternatives

DW Block User Account

block-user-account

100

This plugin blocks user accounts and prevents users from accessing the WP ADMIN

1K No CVEs

Restrict Usernames Emails Characters

restrict-usernames-emails-characters

100

Restrict the usernames, email addresses, characters and symbols or email from specific domain names or language in registration ...

1K 1 CVE

BP Block Users

bp-block-users

Allows BuddyPress administrators to block users indefinitely, or for a specified period of time.

50 No CVEs

Developer Profile

User Blocker Developer Profile

solwininfotech

7 plugins · 14K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

642 days

View full developer profile

Detection Fingerprints

How We Detect User Blocker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-blocker/assets/css/user-blocker.css/wp-content/plugins/user-blocker/assets/js/user-blocker.js

Script Paths

/wp-content/plugins/user-blocker/assets/js/user-blocker.js

Version Parameters

user-blocker/assets/css/user-blocker.css?ver=user-blocker/assets/js/user-blocker.js?ver=

HTML / DOM Fingerprints

CSS Classes

ublk-welcome-page

JS Globals

ublk_ajax_object

FAQ