Does UserGuiding have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is UserGuiding compatible with WordPress 5.2.24?

According to WordPress.org data, UserGuiding 1.0.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is UserGuiding updated?

UserGuiding was last updated on Jul 9, 2019. Frequent updates are generally a positive security signal.

What is UserGuiding's security score?

UserGuiding has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

UserGuiding Security & Risk Analysis

wordpress.org/plugins/userguiding

UserGuiding is an onboarding software that helps you create quick, hassle-free, and interactive guides for an easier product journey.

10 active installs v1.0.1 PHP + WP 4.0+ Updated Jul 9, 2019

onboardingtooltipuser-onboardinguserguidingux

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is UserGuiding Safe to Use in 2026?

Generally Safe

Score 85/100

UserGuiding has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The static analysis of User Guiding v1.0.1 indicates a strong security posture. The plugin demonstrates excellent adherence to secure coding practices by not utilizing dangerous functions, all SQL queries are prepared, and all output is properly escaped. Furthermore, the absence of file operations and external HTTP requests reduces potential attack vectors. The presence of a capability check, albeit only one, is a positive sign for access control. The lack of any recorded vulnerabilities in its history further bolsters confidence in its security. However, the analysis also highlights zero AJAX handlers, REST API routes, shortcodes, or cron events, suggesting a very limited attack surface. While this is generally good, it's worth noting that the absence of these common entry points might mean the plugin's functionality is primarily internal or relies entirely on other mechanisms not visible in this analysis. The lack of any identified taint flows or unsanitized paths is commendable.

Key Concerns

Missing capability checks on all entry points
Zero identified taint flows to analyze
No known vulnerabilities

Vulnerabilities

None known

UserGuiding Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

UserGuiding Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

UserGuiding Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped6 total outputs

Attack Surface

UserGuiding Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptsuserguiding.php:30

actionwp_enqueue_scriptsuserguiding.php:34

actioncustomize_controls_enqueue_scriptsuserguiding.php:38

actionadmin_menuuserguiding.php:44

actionadmin_inituserguiding.php:45

actioninituserguiding.php:115

Maintenance & Trust

UserGuiding Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 9, 2019

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

UserGuiding Alternatives

Usetiful – Digital Adoption Platform

usetiful-digital-adoption-platform

100

Fight user churn with great user onboarding! Interactive product tours, smart tips and user onboarding checklists for digital products

100 No CVEs

Bytes Route – Digital Adoption Platform

bytes-route-digital-adoption-platform

Create engaging web product tours in minutes without coding or cookies. Increase user satisfaction and retention. Start for free with Bytes Route.

0 No CVEs

Simple Tour Guide

simple-tour-guide

100

Easily add an interactive step-by-step user guide (intro tour) for your visitors. Based on Shepherd.js (https://shepherdjs.dev/).

300 No CVEs

Admin Tour

admin-tour

100

Admin Tour helps you to create a tour for admin. Admin user can go through the tour and they will get the knowledge about how to use the admin panel.

20 No CVEs

User Tour Guide

user-tour-guide

100

A simple lightweight onboarding tour guide plugin. Create an unlimited number of onboarding tours for unlimited pages, work with any page builder.

20 No CVEs

Developer Profile

UserGuiding Developer Profile

UserGuiding

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect UserGuiding

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/userguiding/assets/js/userguiding.js

Script Paths