Does User IP Info have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is User IP Info compatible with WordPress 5.2.24?

According to WordPress.org data, User IP Info 10.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is User IP Info compatible with PHP 5.2.4+?

User IP Info requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User IP Info updated?

User IP Info was last updated on Oct 9, 2019. Frequent updates are generally a positive security signal.

What is User IP Info's security score?

User IP Info has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User IP Info Security & Risk Analysis

wordpress.org/plugins/user-ip-information

User IP Information - It display the User current IP address with country information like country name, region, city, country code, continent, sub co …

20 active installs v10.0 PHP 5.2.4+ WP 4.0+ Updated Oct 9, 2019

country-ipipip-addressuser-ipvisitor-ip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User IP Info Safe to Use in 2026?

Generally Safe

Score 85/100

User IP Info has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "user-ip-information" plugin v10.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known historical vulnerabilities. The static analysis also indicates a relatively small attack surface, with no AJAX handlers or REST API routes directly exposed without authentication. Furthermore, there are no reported critical or high severity taint flows, which is encouraging.

However, significant concerns arise from the output escaping and file operation aspects. The fact that 100% of the 13 identified output points are not properly escaped presents a substantial Cross-Site Scripting (XSS) risk. Any user-supplied data that is displayed without proper sanitization could be leveraged by an attacker. Additionally, the presence of file operations, even if only one, coupled with the lack of explicit capability checks and nonces on potentially sensitive entry points (like shortcodes which can be user-controlled), raises potential concerns for insecure file access or manipulation if not handled with extreme care within the function itself.

Given the absence of historical vulnerabilities, it suggests that past versions may have been less of a target or had fewer issues. However, the current static analysis highlights a clear and present danger regarding XSS due to unescaped output. The plugin's strengths lie in its database interaction and lack of known exploits, but its weakness in output sanitization is a critical oversight that needs immediate attention.

Key Concerns

100% of outputs are not properly escaped
Presence of file operations without nonce check
Presence of file operations without capability check on entry point

Vulnerabilities

None known

User IP Info Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

User IP Info Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

User IP Info Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped13 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

uiin_getlocationByUserIp (user-ip-info.php:112)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User IP Info Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[custom_message] user-ip-info.php:69

[user_ip] user-ip-info.php:108

[user_ip_info] user-ip-info.php:149

WordPress Hooks 2

actionadmin_menuuser-ip-info.php:14

actionadmin_inituser-ip-info.php:26

Maintenance & Trust

User IP Info Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedOct 9, 2019

PHP min version5.2.4

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

User IP Info Alternatives

Gryphon Verified Client IP

gryphon-verified-client-ip

100

Determines the true client IP by verifying Forwarded and similar headers, traversing only trusted proxy hops.

0 No CVEs

User IP and Location

user-ip-and-location

100

Want to show your website visitors their IP address, location, and other cool details? This plugin makes it super easy! Now works perfectly with cachi …

3K 1 CVE

Show IP address

show-ip-address

100

A simple plugin to show your visitor’s IP address on pages, posts, widgets, and the admin dashboard. Lightweight and easy to use.

1K No CVEs

User Allowed IP Addresses

user-allowed-ip-addresses

Simple plugin that gives the ability to restrict login access to specific IP addresses for specific users. Option to Auto Login user based on IP.

30 No CVEs

Full Detail From Email

full-detail-from-email

Using the Full Detail From Email with just an emai address you get all required and available information about subscriber.

0 No CVEs

Developer Profile

User IP Info Developer Profile

adeelsikander

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User IP Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<b>Country Name: City Name: Region Name:

FAQ