Does WP Remote Users Sync have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Remote Users Sync have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Remote Users Sync compatible with WordPress 6.8.5?

According to WordPress.org data, WP Remote Users Sync 2.1.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Remote Users Sync compatible with PHP 8.0+?

WP Remote Users Sync requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Remote Users Sync updated?

WP Remote Users Sync was last updated on Oct 29, 2025. Frequent updates are generally a positive security signal.

What is WP Remote Users Sync's security score?

WP Remote Users Sync has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Remote Users Sync Security & Risk Analysis

wordpress.org/plugins/wp-remote-users-sync

Synchronise WordPress Users across Multiple Sites.

7K active installs v2.1.5 PHP 8.0+ WP 4.9.5+ Updated Oct 29, 2025

multiple-sitesshare-loginsync

A · Safe

CVEs total2

Unpatched0

Last CVEAug 15, 2023

Plugin page Download

Safety Verdict

Is WP Remote Users Sync Safe to Use in 2026?

Generally Safe

Score 99/100

WP Remote Users Sync has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 15, 2023Updated 5mo ago

Risk Assessment

The wp-remote-users-sync plugin v2.1.5 presents a mixed security posture. While it demonstrates good practices in areas like SQL prepared statements (84%) and output escaping (95%), and notably has no currently unpatched CVEs, there are significant concerns. The presence of two AJAX handlers without authentication checks creates a direct attack surface, and the taint analysis revealing two flows with unsanitized paths, even if not rated as critical or high severity in this analysis, warrants caution. These unsanitized paths are a red flag, suggesting potential for vulnerabilities if exploited under specific conditions. The plugin's history of two CVEs, one high and one medium, specifically mentioning SSRF and Missing Authorization, further reinforces the importance of scrutinizing its access control and external interaction mechanisms.

Despite the absence of currently exploitable known vulnerabilities and a generally good application of security measures like prepared statements and output escaping, the direct exposure of two AJAX endpoints and the identified unsanitized paths are concerning. The historical vulnerabilities also indicate a pattern that requires ongoing vigilance. While the plugin is not in an immediately critical state, its attack surface and past issues suggest that users should be aware of potential risks, especially regarding authorization bypass and SSRF. Continued monitoring and prompt updates for future versions are recommended to mitigate these risks.

Key Concerns

AJAX handlers without auth checks
Flows with unsanitized paths
Known high severity vulnerability history
Known medium severity vulnerability history

Vulnerabilities

WP Remote Users Sync Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-3958high · 8.5Server-Side Request Forgery (SSRF)

WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

Aug 15, 2023 Patched in 1.2.13 (161d)

CVE-2023-4374medium · 4.3Missing Authorization

WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

Aug 15, 2023 Patched in 1.2.12 (161d)

Code Analysis

Analyzed Mar 16, 2026

WP Remote Users Sync Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

129 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

84% prepared25 total queries

Output Escaping

95% escaped136 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

import (inc\class-wprus-import-export.php:210)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Remote Users Sync Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 6

authwp_ajax_destroy-sessionsinc\api\class-wprus-api-logout.php:15

authwp_ajax_wprus_import_usersinc\class-wprus-import-export.php:16

authwp_ajax_wprus_export_usersinc\class-wprus-import-export.php:17

authwp_ajax_wprus_get_usernamesinc\class-wprus-import-export.php:18

authwp_ajax_wprus_refresh_logsinc\class-wprus-logger.php:29

authwp_ajax_wprus_clear_logsinc\class-wprus-logger.php:30

WordPress Hooks 61

actioninitinc\api\class-wprus-api-abstract.php:122

actioninitinc\api\class-wprus-api-abstract.php:123

actioninitinc\api\class-wprus-api-abstract.php:125

actioninitinc\api\class-wprus-api-abstract.php:136

actioninitinc\api\class-wprus-api-abstract.php:139

filterwprus_wp_endpointsinc\api\class-wprus-api-abstract.php:143

actionwprus_api_tokeninc\api\class-wprus-api-abstract.php:300

filterwprus_api_needs_redirectinc\api\class-wprus-api-abstract.php:350

actionwp_headinc\api\class-wprus-api-abstract.php:473

actionadmin_headinc\api\class-wprus-api-abstract.php:477

actionlogin_headinc\api\class-wprus-api-abstract.php:481

actionwp_footerinc\api\class-wprus-api-abstract.php:503

actionadmin_footerinc\api\class-wprus-api-abstract.php:507

actionlogin_footerinc\api\class-wprus-api-abstract.php:511

actionshutdowninc\api\class-wprus-api-abstract.php:518

actionuser_registerinc\api\class-wprus-api-create.php:14

actiondelete_userinc\api\class-wprus-api-delete.php:14

actionset_logged_in_cookieinc\api\class-wprus-api-login.php:14

actionset_logged_in_cookieinc\api\class-wprus-api-login.php:25

actionclear_auth_cookieinc\api\class-wprus-api-logout.php:14

actionshutdowninc\api\class-wprus-api-meta.php:15

filterupdate_user_metadatainc\api\class-wprus-api-meta.php:17

filteradd_user_metadatainc\api\class-wprus-api-meta.php:18

filterdelete_user_metadatainc\api\class-wprus-api-meta.php:19

actionpassword_resetinc\api\class-wprus-api-password.php:14

actionwprus_passwordinc\api\class-wprus-api-password.php:15

actionwp_set_passwordinc\api\class-wprus-api-password.php:16

actionwp_update_userinc\api\class-wprus-api-password.php:17

actionshutdowninc\api\class-wprus-api-password.php:145

actionshutdowninc\api\class-wprus-api-update.php:15

actionprofile_updateinc\api\class-wprus-api-update.php:16

actionadd_user_roleinc\api\class-wprus-api-update.php:17

actionremove_user_roleinc\api\class-wprus-api-update.php:18

actionset_user_roleinc\api\class-wprus-api-update.php:19

actionwp_update_userinc\api\class-wprus-api-update.php:20

filterpre_user_logininc\api\class-wprus-api-update.php:23

actionparse_requestinc\class-wprus-import-export.php:13

actionwpinc\class-wprus-import-export.php:14

actionwprus_files_cleanupinc\class-wprus-import-export.php:15

filterwprus_init_notification_hooksinc\class-wprus-import-export.php:20

actioninitinc\class-wprus-logger.php:26

actionwpinc\class-wprus-logger.php:27

actionwprus_logs_cleanupinc\class-wprus-logger.php:28

actionwpinc\class-wprus-nonce.php:18

actionwprus_nonce_cleanupinc\class-wprus-nonce.php:19

actioninitinc\class-wprus-settings.php:24

actioninitinc\class-wprus-settings.php:25

actioninitinc\class-wprus-settings.php:26

actionadmin_menuinc\class-wprus-settings.php:27

actionadd_meta_boxesinc\class-wprus-settings.php:28

filterpre_update_option_wprusinc\class-wprus-settings.php:30

filterwprus_settingsinc\class-wprus-settings.php:31

filterplugin_action_links_wp-remote-users-sync/wprus.phpinc\class-wprus-settings.php:32

actionadmin_noticesinc\class-wprus-settings.php:110

actionadmin_enqueue_scriptsinc\class-wprus-settings.php:144

filterscreen_layout_columnsinc\class-wprus-settings.php:146

actioninitinc\class-wprus.php:18

actionparse_requestinc\class-wprus.php:20

filterquery_varsinc\class-wprus.php:23

actionwprus_readyinc\integration\class-wprus-integration.php:19

actionplugins_loadedwprus.php:124

Scheduled Events 3

wprus_files_cleanup

wprus_logs_cleanup

wprus_nonce_cleanup

Maintenance & Trust

WP Remote Users Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 29, 2025

PHP min version8.0

Downloads139K

Community Trust

Rating98/100

Number of ratings73

Active installs7K

Alternatives

WP Remote Users Sync Alternatives

Sync Post With Other Site

sync-post-with-other-site

Allows user to sync Posts, Pages and Custom Post Type with multiple websites.

3K 2 CVEs

SUC – same user credentials

same-user-credentials

It allows you to log in to two or more of your websites using the same credentials.

10 No CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

Meta for WooCommerce

facebook-for-woocommerce

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs

Async JavaScript

async-javascript

Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres …

80K 2 CVEs

Developer Profile

WP Remote Users Sync Developer Profile

Alexandre Froger

11 plugins · 8K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

110 days

View full developer profile

Detection Fingerprints

How We Detect WP Remote Users Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-remote-users-sync/css/wprus.css/wp-content/plugins/wp-remote-users-sync/js/wprus.js

Script Paths

/wp-content/plugins/wp-remote-users-sync/js/wprus.js

Version Parameters

wp-remote-users-sync/css/wprus.css?ver=wp-remote-users-sync/js/wprus.js?ver=

HTML / DOM Fingerprints

CSS Classes

wprus-settings-wrap

FAQ