Does User List Exporter have any unpatched vulnerabilities?

No. All known vulnerabilities in User List Exporter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User List Exporter compatible with WordPress 6.8.5?

According to WordPress.org data, User List Exporter 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is User List Exporter updated?

User List Exporter was last updated on Jun 26, 2025. Frequent updates are generally a positive security signal.

What is User List Exporter's security score?

User List Exporter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User List Exporter Security & Risk Analysis

wordpress.org/plugins/user-list-exporter

Easily export WordPress user data and metadata to CSV or TXT format.

10 active installs v1.0 PHP + WP 5.0+ Updated Jun 26, 2025

csvexportuser-exportusermetausers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is User List Exporter Safe to Use in 2026?

Generally Safe

Score 100/100

User List Exporter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The user-list-exporter plugin v1.0 exhibits a generally positive security posture based on the provided static analysis. The absence of any exposed entry points like AJAX handlers, REST API routes, or shortcodes significantly reduces the potential attack surface. Furthermore, the code signals indicate good practices in output escaping, with a high percentage of outputs being properly sanitized, and the presence of nonce and capability checks mitigates common vulnerabilities. The taint analysis also reveals no critical or high-severity unsanitized flows, which is a strong indicator of secure coding.

However, a notable concern lies in the handling of SQL queries. The single SQL query identified is not using prepared statements, leaving it vulnerable to SQL injection attacks. While the attack surface is small, this single point of potential weakness is significant. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign for this specific version. This suggests a history of either secure development or timely patching by the developers. In conclusion, the plugin has strong defensive measures in place to limit its attack surface and protect its output, but the lack of prepared statements for its SQL query is a critical oversight that needs immediate attention to ensure comprehensive security.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

User List Exporter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

User List Exporter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

93% escaped14 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

user_list_exporter_admin_page (user-list-exporter.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User List Exporter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuuser-list-exporter.php:15

actionplugins_loadeduser-list-exporter.php:16

actionadmin_inituser-list-exporter.php:17

actionadmin_enqueue_scriptsuser-list-exporter.php:18

Maintenance & Trust

User List Exporter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 26, 2025

PHP min version

Downloads301

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

User List Exporter Alternatives

WP All Export – User Export Add-On

export-wp-users-xml-csv

100

Drag & drop to export users and all user data to a completely custom CSV, Excel, or XML of any format. Supports roles, metadata, custom fields, wi …

2K No CVEs

PiWeb Export Customers Users & Guest customer to CSV for WooCommerce

export-woocommerce-customer-list

100

Export WooCommerce customer list CSV, export WooCommerce guest customer list CSV, export WordPress users CSV, Product Customer List for WooCommerce

1K 1 CVE

Export Users Data CSV

export-users-data-csv

100

Export Users Data Plugin allows you to export users information with important meta data in CSV file format.

800 1 CVE

LH Export Users to CSV

lh-export-users-to-csv

Export Users to CSV Plugin allows you to export users listings and their metadata into a CSV file.

30 No CVEs

All Users Filter

all-users-filter

100

Filter, sort, and export WordPress users to CSV using powerful UI-driven meta queries (roles, dates, numeric ranges, regex, and more).

0 No CVEs

Developer Profile

User List Exporter Developer Profile

amir tohidlo

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User List Exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-list-exporter/css/admin-style.css/wp-content/plugins/user-list-exporter/js/admin-script.js

Version Parameters

user-list-exporter/css/admin-style.css?ver=user-list-exporter/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

user-list-exporter-wrap

Data Attributes

name="user_list_exporter_export"name="user_list_exporter_export_nonce"id="user-list-exporter"

FAQ