Does Username have any unpatched vulnerabilities?

No. All known vulnerabilities in Username have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Username compatible with WordPress 6.7.5?

According to WordPress.org data, Username 1.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Username updated?

Username was last updated on Dec 10, 2024. Frequent updates are generally a positive security signal.

What is Username's security score?

Username has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Username Security & Risk Analysis

wordpress.org/plugins/username

The Username plugin helps to change username, only if username is not exist and without effecting others user's username.

900 active installs v1.3 PHP + WP 3.5.2+ Updated Dec 10, 2024

adminchange-usernameusername-changer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Username Safe to Use in 2026?

Generally Safe

Score 92/100

Username has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "username" v1.3 plugin exhibits a mixed security posture, with some strengths but significant concerning weaknesses. While the absence of dangerous functions, SQL injection risks due to prepared statements, file operations, external requests, and known CVEs is positive, the plugin has a critical vulnerability stemming from its attack surface. There is one AJAX handler, and crucially, it lacks any authentication checks. This represents a direct entry point for malicious actors to interact with the plugin's functionality without proper authorization, potentially leading to unintended actions or data exposure. The vulnerability history is clean, which is good, but this does not mitigate the immediate risk posed by the unprotected AJAX endpoint. The lack of output escaping is also a notable concern, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities when data is displayed to users. Overall, while the plugin avoids common pitfalls, the unprotected AJAX handler is a severe flaw that requires immediate attention.

Key Concerns

Unprotected AJAX handler
Unescaped output

Vulnerabilities

None known

Username Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Username Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

1 unprotected

Username Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_check_username_already_existusername.php:39

WordPress Hooks 3

actionadmin_menufunctions\username-class.php:17

actionadmin_initfunctions\username-class.php:18

actionadmin_enqueue_scriptsusername.php:35

Maintenance & Trust

Username Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 10, 2024

PHP min version

Downloads15K

Community Trust

Rating80/100

Number of ratings4

Active installs900

Alternatives

Username Alternatives

Easy Username Updater

username-updater

A plugin to change registered username and display name.

10K 1 CVE

Admin Credentials Editor

admin-credentials-editor

100

Easily change your admin credentials (username, email, password) from the dashboard.

10 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Redux Framework

redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Developer Profile

Username Developer Profile

Pranav Pathak

3 plugins · 1K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Username

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/username/js/username.js

Script Paths

username/js/username.js

HTML / DOM Fingerprints

CSS Classes

clickme

Data Attributes

id="clickme"id="username-use"

FAQ