WP Search Username Security & Risk Analysis
wordpress.org/plugins/wp-search-usernameSearch every username from the author in your Wordpress site.
Is WP Search Username Safe to Use in 2026?
Generally Safe
Score 100/100WP Search Username has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-search-username" v1.0 plugin exhibits a generally positive security posture with several good practices observed. The absence of known CVEs and the use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin has no file operations or external HTTP requests, which reduces potential attack vectors. However, there are critical areas for concern. The low percentage of properly escaped output (36%) is a major weakness, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of a taint flow with unsanitized paths, although not classified as critical or high in severity by the analysis, warrants attention as it suggests potential for unexpected or malicious data handling.
The plugin's vulnerability history is clean, which is a positive indicator. This, combined with the lack of dangerous functions and no bundled libraries, suggests the developers are generally mindful of common security pitfalls. However, the complete lack of nonce and capability checks, coupled with only one entry point that is not protected by authentication, raises serious questions about its ability to prevent unauthorized actions or data exposure, especially if the shortcode is used in a context where user input can influence its behavior. While the static analysis indicates no direct vulnerabilities related to authentication, the absence of these checks is a significant oversight in secure WordPress development.
In conclusion, while "wp-search-username" v1.0 benefits from a clean vulnerability history and the absence of known dangerous code patterns, its security is significantly undermined by poor output escaping practices and the lack of critical security checks like nonces and capability checks. The taint flow, even if not immediately severe, highlights a potential for unforeseen issues. The plugin is not inherently dangerous, but these weaknesses expose it to common and potentially impactful vulnerabilities, requiring immediate attention for improvement.
Key Concerns
- Low percentage of properly escaped output
- Taint flow with unsanitized paths
- No nonce checks
- No capability checks
- One unprotected entry point
WP Search Username Security Vulnerabilities
WP Search Username Code Analysis
Output Escaping
Data Flow Analysis
WP Search Username Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
WP Search Username Maintenance & Trust
Maintenance Signals
Community Trust
WP Search Username Alternatives
Mundoon Taxonomy Filter Checkbox
mundoon-simple-taxonomy-filter-checkbox
Quickly create taxonomies filters for custom post types templates!
WP Meta and Date Remover
wp-meta-and-date-remover
Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.
Username Changer
username-changer
Unlock the power to change WordPress usernames with complete security and data integrity.
ElasticPress
elasticpress
A fast and flexible search and query engine for WordPress.
Author Category
author-category
simple lightweight plugin limit authors to post just in one category.
WP Search Username Developer Profile
1 plugin · 0 total installs
How We Detect WP Search Username
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-search-username/wp-search-username.phpHTML / DOM Fingerprints
wpsu_searchusernamewidget_widget_classname="q=author&author_name"<form role="search" method="get" id="searchform" class="searchform" action="