Users manager – PN Security & Risk Analysis
wordpress.org/plugins/userspnStreamline user management on your WordPress site with this powerful plugin. Enable custom forms, secure login, and seamless profile management.
Is Users manager – PN Safe to Use in 2026?
Generally Safe
Score 100/100Users manager – PN has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'userspn' plugin version 1.1.15 demonstrates a generally strong security posture based on the static analysis. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes significantly limits the immediate attack surface. Furthermore, the code exhibits good practices with a high percentage of SQL queries using prepared statements and a large majority of output operations being properly escaped. The presence of nonce and capability checks further bolsters its defensive mechanisms.
Despite these strengths, there are a few areas of concern. The taint analysis revealed three flows with unsanitized paths, although they were not categorized as critical or high severity. This indicates a potential for subtle vulnerabilities that might not be immediately obvious. The plugin also makes one external HTTP request, which, depending on its implementation, could be a vector for supply chain attacks or cross-site scripting if not handled securely. The bundled DataTables library, while common, could be a concern if it's an outdated version, as this is a frequent source of vulnerabilities.
The plugin's vulnerability history is remarkably clean, with zero known CVEs. This suggests a history of responsible development and maintenance, or that the plugin hasn't been a significant target for vulnerability research. In conclusion, 'userspn' v1.1.15 is reasonably secure, with a robust approach to common WordPress security pitfalls. However, the unsanitized paths in taint analysis and the potential risk associated with the bundled library warrant careful consideration and potential further investigation.
Key Concerns
- Flows with unsanitized paths found
- External HTTP requests present
- Bundled library DataTables present
Users manager – PN Security Vulnerabilities
Users manager – PN Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Users manager – PN Attack Surface
WordPress Hooks 4
Scheduled Events 2
Maintenance & Trust
Users manager – PN Maintenance & Trust
Maintenance Signals
Community Trust
Users manager – PN Alternatives
WP Frontend Profile
wp-front-end-profile
WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.
Multibyte CAPTCHA login and Mail only register
user-mail-only-register
Multibyte CAPTCHA login form and register users with mail only.
Restrict Role Login
restrict-role-login
Allows administrators to restrict user login based on user roles.
Last Login Info
last-login-info
Displays the last login timestamp of each user in the WordPress admin Users table, with tools to export and manage login data.
Last Login Info Display
last-login-info-display
Track user activity with a detailed "Last Login" and "Login Count" column in the WordPress Users dashboard.
Users manager – PN Developer Profile
8 plugins · 20 total installs
How We Detect Users manager – PN
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/userspn/assets/css/admin/userspn-admin.css/wp-content/plugins/userspn/assets/js/admin/userspn-admin.js/wp-content/plugins/userspn/assets/js/admin/userspn-admin.jsuserspn-admin?ver=userspn-admin.js?ver=HTML / DOM Fingerprints
userspn-admin-wrapdata-userspn-metadata-userspn-popup-iddata-userspn-post-iddata-userspn-parentdata-userspn-parent-optiondata-userspn-type+6 moreUSERSPN_VERSIONUSERSPN_DIRUSERSPN_URL