Does User Sync For Klaviyo have any unpatched vulnerabilities?

No. All known vulnerabilities in User Sync For Klaviyo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User Sync For Klaviyo compatible with WordPress 6.5.8?

According to WordPress.org data, User Sync For Klaviyo 1.2.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is User Sync For Klaviyo compatible with PHP 5.6+?

User Sync For Klaviyo requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User Sync For Klaviyo updated?

User Sync For Klaviyo was last updated on Jan 20, 2025. Frequent updates are generally a positive security signal.

What is User Sync For Klaviyo's security score?

User Sync For Klaviyo has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Sync For Klaviyo Security & Risk Analysis

wordpress.org/plugins/user-sync-for-klaviyo

This plugin will automatically sync your users from WordPress to Klaviyo. It will also optionally add the Klaviyo Javascript snippet to your WordPres …

60 active installs v1.2.0 PHP 5.6+ WP 5.0+ Updated Jan 20, 2025

klaviyoprofilessyncuser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User Sync For Klaviyo Safe to Use in 2026?

Generally Safe

Score 92/100

User Sync For Klaviyo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The user-sync-for-klaviyo plugin version 1.2.0 exhibits a mixed security posture. On the positive side, it shows good practices regarding SQL queries, all of which are properly prepared, and a high percentage of output escaping. The absence of known CVEs and historical vulnerabilities is also a strong indicator of a relatively secure development history. However, a significant concern arises from the identified attack surface. The plugin exposes one AJAX handler without any authentication checks, which presents a direct entry point for potential attackers. While the static analysis did not reveal any critical taint flows or dangerous functions, this unprotected AJAX endpoint could be exploited if it processes user-supplied data without proper sanitization or validation.

Key Concerns

Unprotected AJAX handler
Low capability checks found
89% output escaping, not 100%

Vulnerabilities

None known

User Sync For Klaviyo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

User Sync For Klaviyo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped18 total outputs

Attack Surface

1 unprotected

User Sync For Klaviyo Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_sync_all_usersincludes\class-user-sync-for-klaviyo.php:166

WordPress Hooks 11

actionplugins_loadedincludes\class-user-sync-for-klaviyo.php:141

actionadmin_enqueue_scriptsincludes\class-user-sync-for-klaviyo.php:156

actionadmin_enqueue_scriptsincludes\class-user-sync-for-klaviyo.php:157

actionadmin_menuincludes\class-user-sync-for-klaviyo.php:159

actionadmin_initincludes\class-user-sync-for-klaviyo.php:160

actionprofile_updateincludes\class-user-sync-for-klaviyo.php:164

actionuser_registerincludes\class-user-sync-for-klaviyo.php:165

actionusfk_manually_call_create_profileincludes\class-user-sync-for-klaviyo.php:168

actionusfk_manually_call_update_profileincludes\class-user-sync-for-klaviyo.php:169

actionwp_enqueue_scriptsincludes\class-user-sync-for-klaviyo.php:222

filterscript_loader_tagpublic\class-user-sync-for-klaviyo-public.php:105

Maintenance & Trust

User Sync For Klaviyo Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJan 20, 2025

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

User Sync For Klaviyo Alternatives

WP Multisite User Sync/Unsync

wp-multisite-user-sync

100

Sync/unsync users from one site (blog) to the other sites (blogs) in your WordPress Multisite Network.

800 No CVEs

SCIM User Sync/Provisioning

scim-user-provisioning

100

SCIM User Sync & User Provisioning. Create, delete, update users & automated user sync from Azure AD, Okta, Google Apps & many IDPs into WordPress.

200 No CVEs

User Social Profiles

user-social-profiles

Plugin adds social fields to user profile in admin panel (Dashboard > Users).

200 No CVEs

User Sync

user-sync

User sync for WordPress plugin enables automated user sync from WP to Salesforce, Zoom, Tableau, and remote user sync from multiple WordPress sites

200 1 CVE

User Session Synchronizer

user-session-synchronizer

Keep the user logged in from one wordpress to another by synchronizing user data and cookie session

100 1 unpatched

Developer Profile

User Sync For Klaviyo Developer Profile

oakandbeechdev

1 plugin · 60 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Sync For Klaviyo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-sync-for-klaviyo/admin/css/user-sync-for-klaviyo-admin.css/wp-content/plugins/user-sync-for-klaviyo/admin/js/user-sync-for-klaviyo-admin.js

Version Parameters

user-sync-for-klaviyo/admin/css/user-sync-for-klaviyo-admin.css?ver=user-sync-for-klaviyo/admin/js/user-sync-for-klaviyo-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

user_sync_for_klaviyo_settings[activate_user_sync]

JS Globals

swk

FAQ