Does User Permissions have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is User Permissions compatible with WordPress 2.6.2?

According to WordPress.org data, User Permissions 0.8.4 has been tested up to WordPress 2.6.2. Check the plugin's changelog for the latest compatibility information.

How often is User Permissions updated?

User Permissions was last updated on May 5, 2012. Frequent updates are generally a positive security signal.

What is User Permissions's security score?

User Permissions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Permissions Security & Risk Analysis

wordpress.org/plugins/user-permissions

This plugin provides the ability to configure post-specific permissions.

30 active installs v0.8.4 PHP + WP 2.0+ Updated May 5, 2012

permissions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User Permissions Safe to Use in 2026?

Generally Safe

Score 85/100

User Permissions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "user-permissions" plugin version 0.8.4 exhibits a generally good security posture with no known historical vulnerabilities or critical code signals. The static analysis reveals a very small attack surface with no unprotected entry points, which is a strong positive indicator. The plugin also demonstrates an effort towards secure coding practices, with a majority of SQL queries using prepared statements and a good percentage of outputs being properly escaped. However, the presence of four instances of the `unserialize` function is a significant concern. While no taint flows were identified as unsanitized, `unserialize` is inherently risky as it can lead to Remote Code Execution (RCE) vulnerabilities if used with untrusted input. Furthermore, the complete absence of nonce checks on potential entry points, despite the low attack surface, leaves room for potential CSRF attacks if any functionality were to be exposed indirectly or in future updates. The lack of recorded vulnerabilities is reassuring, but it doesn't negate the inherent risks introduced by insecure functions like `unserialize`.

Key Concerns

Use of unserialize function
Missing nonce checks
SQL queries not always prepared
Output not always escaped

Vulnerabilities

None known

User Permissions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

User Permissions Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

User Permissions Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize ($row->meta_value);models\permissions.php:88

unserialize$data = unserialize ($data);models\permissions.php:90

unserialize$perms = unserialize (unserialize ($row->meta_value));user-permissions.php:136

SQL Query Safety

67% prepared3 total queries

Output Escaping

65% escaped20 total outputs

Attack Surface

User Permissions Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actioninitplugin.php:124

filteruser_has_capuser-permissions.php:35

actionthe_postsuser-permissions.php:36

actiondbx_post_sidebaruser-permissions.php:40

actiondbx_page_sidebaruser-permissions.php:41

actionedit_page_formuser-permissions.php:42

actionsave_postuser-permissions.php:43

Maintenance & Trust

User Permissions Maintenance & Trust

Maintenance Signals

WordPress version tested2.6.2

Last updatedMay 5, 2012

PHP min version

Downloads23K

Community Trust

Rating50/100

Number of ratings2

Active installs30

Alternatives

User Permissions Alternatives

Members – Membership & User Role Editor Plugin

members

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 5 CVEs

WPFront User Role Editor

wpfront-user-role-editor

Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.

30K 5 CVEs

PublishPress Blocks – Block Controls, Block Visibility, Block Permissions

advanced-gutenberg

PublishPress Blocks is your complete solution for the WordPress block editor. You can control block permissions, styles, visibility, usage and more.

20K 3 CVEs

PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags

press-permit-core

100

The permissions plugin for posts, pages, categories, tags and more. You can control permissions for roles, individual users, and even custom groups.

10K No CVEs

Developer Profile

User Permissions Developer Profile

John Godley

14 plugins · 2.2M total installs

trust score

Avg Security Score

87/100

Avg Patch Time

4069 days

View full developer profile

Detection Fingerprints

How We Detect User Permissions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ