Does User Management have any unpatched vulnerabilities?

Yes — User Management currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is User Management compatible with WordPress 6.7.5?

According to WordPress.org data, User Management 1.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is User Management compatible with PHP 7.0+?

User Management requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User Management updated?

User Management was last updated on Dec 9, 2024. Frequent updates are generally a positive security signal.

What is User Management's security score?

User Management has a WP-Safety security score of 66/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Management Security & Risk Analysis

wordpress.org/plugins/user-management

User Import Export plugin allows you to export and import WordPress Users and Roles.

60 active installs v1.2 PHP 7.0+ WP 6.7+ Updated Dec 9, 2024

useruser-approvaluser-managementuser-profilesuser-roles

C · Use Caution

CVEs total2

Unpatched1

Last CVEJan 14, 2025

Plugin page Download

Safety Verdict

Is User Management Safe to Use in 2026?

Use With Caution

Score 66/100

User Management has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Jan 14, 2025Updated 1yr ago

Risk Assessment

The 'user-management' plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce and capability checks on all its AJAX handlers, and all SQL queries utilize prepared statements. There are no identified critical or high severity taint flows, and no dangerous functions were detected. However, a significant concern is the plugin's vulnerability history, with two known High severity CVEs, one of which remains unpatched. This pattern suggests a history of critical security flaws, specifically related to Incorrect Privilege Assignment and Unrestricted Uploads, which are serious issues. Additionally, the static analysis reveals that less than half of the output operations are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. While the attack surface is protected by authentication checks, the unpatched vulnerabilities are a critical threat, overshadowing some of the otherwise decent security implementations.

Key Concerns

Unpatched High severity CVE
Known High severity CVEs (2)
Low output escaping (49%)

Vulnerabilities

User Management Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2025-22736high · 8.8Incorrect Privilege Assignment

User Management <= 1.2 - Authenticated (Subscriber+) Privilege Escalation

Jan 14, 2025Unpatched

CVE-2024-52403high · 8.8Unrestricted Upload of File with Dangerous Type

User Management <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload

Nov 13, 2024 Patched in 1.2 (24d)

Code Analysis

Analyzed Mar 16, 2026

User Management Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

49% escaped96 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

uiewp_import_users_callback (includes\model.php:356)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User Management Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_export_all_users_ajaxincludes\model.php:10

authwp_ajax_export_users_by_rolesincludes\model.php:11

authwp_ajax_export_specific_usersincludes\model.php:12

authwp_ajax_export_roles_capsincludes\model.php:13

authwp_ajax_import_usersincludes\model.php:16

authwp_ajax_import_roles_capsincludes\model.php:17

WordPress Hooks 5

actioninitincludes\model.php:18

actionadmin_menuusers-imp-exp-wpexperts.php:23

actionadmin_initusers-imp-exp-wpexperts.php:24

actionadmin_initusers-imp-exp-wpexperts.php:25

actionadmin_enqueue_scriptsusers-imp-exp-wpexperts.php:26

Maintenance & Trust

User Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 9, 2024

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

User Management Alternatives

New User Approve

new-user-approve

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 8 CVEs

Domain Based Role Assignment

domain-based-role-assignment

100

Automatically assign WordPress user roles based on email domains during registration with an easy-to-use domain management interface.

10 No CVEs

Role Based User Deleter

role-based-user-deleter

100

Easily delete users based on their roles with Role Based User Deleter. Manage your WordPress users efficiently and securely.

10 No CVEs

User Profile Fields Control

user-profile-dashboard-fields-control

100

The User Profile Fields Control plugin allows you to manage WordPress user profile fields with role-based customization.

10 No CVEs

Essential User Rights

essential-user-rights

100

Easily manage user permissions in WordPress. Restrict editors to specific pages and media. Simple setup - install, configure, and go!

0 No CVEs

Developer Profile

User Management Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

287 days

View full developer profile

Detection Fingerprints

How We Detect User Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-management/includes/assets/css/main.css/wp-content/plugins/user-management/includes/assets/css/select2.min.css/wp-content/plugins/user-management/includes/assets/js/scripts.js/wp-content/plugins/user-management/includes/assets/js/select2.min.js

Script Paths

includes/assets/js/select2.min.jsincludes/assets/js/scripts.js

HTML / DOM Fingerprints

CSS Classes

uiewp_export_fielduiewp_import_fielduiewp_import_users_roleswp_export_userswp_roles

Data Attributes

data-target='#wp_export_users'data-target='#wp_import_users_roles'

JS Globals

wc_uiewp_vars

FAQ

User Management Security & Risk Analysis

Is User Management Safe to Use in 2026?

Use With Caution

Key Concerns

User Management Security Vulnerabilities

CVEs by Year

Severity Breakdown

User Management Code Analysis

Bundled Libraries

Output Escaping

Data Flow Analysis

User Management Attack Surface

AJAX Handlers 6

User Management Maintenance & Trust

Maintenance Signals

Community Trust

User Management Alternatives

New User Approve

Domain Based Role Assignment

Role Based User Deleter

User Profile Fields Control

Essential User Rights

User Management Developer Profile

How We Detect User Management

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about User Management