Does Users List Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Users List Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Users List Widget compatible with WordPress 4.3.34?

According to WordPress.org data, Users List Widget 1.0 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Users List Widget updated?

Users List Widget was last updated on Sep 21, 2015. Frequent updates are generally a positive security signal.

What is Users List Widget's security score?

Users List Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Users List Widget Security & Risk Analysis

wordpress.org/plugins/users-list

Easily display your WordPress users name on wordpress website.

10 active installs v1.0 PHP + WP 4.0.1+ Updated Sep 21, 2015

avatardirectoryfilefilesgravatar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Users List Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Users List Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "users-list" plugin v1.0 exhibits a mixed security posture. On the positive side, there are no known CVEs associated with this plugin, and its static analysis shows no SQL injection vulnerabilities due to the consistent use of prepared statements. Furthermore, it has a minimal attack surface with zero identified entry points, and no external HTTP requests or file operations are present. However, there are significant concerns. The presence of the `create_function` function is a critical security risk as it can be exploited for remote code execution if user input is not strictly sanitized. Additionally, only 30% of output is properly escaped, leaving room for potential cross-site scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks on any potential entry points (even though there are currently none exposed) indicates a lack of fundamental security mechanisms that could become a problem if the plugin's attack surface expands in future versions.

Key Concerns

Dangerous function create_function() used
Low percentage of properly escaped output
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Users List Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Users List Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("users_list_widget");'));users-list.php:90

Output Escaping

30% escaped10 total outputs

Attack Surface

Users List Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initusers-list.php:90

Maintenance & Trust

Users List Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 21, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Users List Widget Alternatives

One User Avatar | User Profile Picture

one-user-avatar

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs

Simple Local Avatars

simple-local-avatars

Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!

100K 6 CVEs

User Profile Picture

metronet-profile-picture

Set a custom profile image (avatar) for a user using the standard WordPress media upload tool.

40K 1 CVE

Basic User Avatars

basic-user-avatars

Add an avatar upload field on frontend pages and Edit Profile screen so users can add a custom profile picture.

20K No CVEs

Avatar Manager

avatar-manager

Avatar Manager for WordPress is a sweet and simple plugin for storing avatars locally and more. Easily.

6K No CVEs

Developer Profile

Users List Widget Developer Profile

ashirbad.cs

2 plugins · 410 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Users List Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/users-list/assets/css/style.css

Version Parameters

users-list/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

users_listwp_widget_plugin_box

FAQ