WP-Safety

WPSS Ultimate User Management Security & Risk Analysis

wordpress.org/plugins/wpss-ultimate-user-management

This plugin allows efficient management of users, roles and capabilities. Create, edit and delete user permissions faster and easier.

0 active installs v1.1.2 PHP 8.1+ WP 6.1+ Updated Feb 4, 2025
capabilitiespermissionsroleuserwidgets
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPSS Ultimate User Management Safe to Use in 2026?

Generally Safe

Score 92/100

WPSS Ultimate User Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wpss-ultimate-user-management" plugin v1.1.2 presents a significant security risk due to its exposed attack surface. While the plugin demonstrates good practices in preventing common vulnerabilities like raw SQL queries and largely adheres to output escaping, the presence of 20 unprotected AJAX handlers is a critical concern. This means any unauthenticated user can potentially trigger these actions, leading to unintended consequences or exploitation. The plugin's vulnerability history is clean, which is a positive indicator, suggesting the developers have historically been diligent. However, this clean history, combined with the current unprotected AJAX endpoints, could indicate a lack of comprehensive security testing or a focus on newer code paths that may have been overlooked. The limited number of nonce and capability checks, despite the large number of AJAX handlers, further exacerbates the risk.

Key Concerns

  • 20 unprotected AJAX handlers
  • 3 nonce checks for 20 AJAX handlers
  • 6 capability checks for 20 AJAX handlers
Vulnerabilities
None known

WPSS Ultimate User Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WPSS Ultimate User Management Release Timeline

v1.1.2Current
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

WPSS Ultimate User Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
5
319 escaped
Nonce Checks
3
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped324 total outputs
Attack Surface
20 unprotected

WPSS Ultimate User Management Attack Surface

Entry Points20
Unprotected20

AJAX Handlers 20

authwp_ajax_menage_admin_menu_options_actionadmin/classes/WPSSAdminPages.php:45
noprivwp_ajax_menage_admin_menu_options_actionadmin/classes/WPSSAdminPages.php:46
authwp_ajax_wpss_get_role_capabilities_actionadmin/classes/WPSSCaps.php:52
noprivwp_ajax_wpss_get_role_capabilities_actionadmin/classes/WPSSCaps.php:53
authwp_ajax_wpss_set_capabilities_to_role_actionadmin/classes/WPSSCaps.php:56
noprivwp_ajax_wpss_set_capabilities_to_role_actionadmin/classes/WPSSCaps.php:57
authwp_ajax_saveSettingsadmin/classes/WPSSPluginSettings.php:29
noprivwp_ajax_saveSettingsadmin/classes/WPSSPluginSettings.php:30
authwp_ajax_wpss_add_roles_actionadmin/classes/WPSSRoles.php:58
noprivwp_ajax_wpss_add_roles_actionadmin/classes/WPSSRoles.php:59
authwp_ajax_wpss_remove_role_actionadmin/classes/WPSSRoles.php:62
noprivwp_ajax_wpss_remove_role_actionadmin/classes/WPSSRoles.php:63
authwp_ajax_wpss_get_user_details_actionadmin/classes/WPSSUsers.php:32
noprivwp_ajax_wpss_get_user_details_actionadmin/classes/WPSSUsers.php:33
authwp_ajax_wpss_set_user_roles_actionadmin/classes/WPSSUsers.php:36
noprivwp_ajax_wpss_set_user_roles_actionadmin/classes/WPSSUsers.php:37
authwp_ajax_save_widget_optionsadmin/classes/WPSSWidgets.php:23
noprivwp_ajax_save_widget_optionsadmin/classes/WPSSWidgets.php:24
authwp_ajax_save_individual_widgets_permissionsadmin/classes/WPSSWidgets.php:25
noprivwp_ajax_save_individual_widgets_permissionsadmin/classes/WPSSWidgets.php:26
WordPress Hooks 20
actionadmin_menuadmin/classes/WPSSAdminPages.php:42
actionadmin_initadmin/classes/WPSSAdminPages.php:43
actionadd_meta_boxesadmin/classes/WPSSContentAccess.php:29
actionsave_postadmin/classes/WPSSContentAccess.php:30
filterthe_contentadmin/classes/WPSSContentAccess.php:31
actionadmin_menuadmin/classes/WPSSUserRolesCapsManager.php:67
actionplugins_loadedadmin/classes/WPSSUserRolesCapsManager.php:69
actionadmin_enqueue_scriptsadmin/classes/WPSSUserRolesCapsManager.php:71
actionafter_setup_themeadmin/classes/WPSSUserRolesCapsManager.php:73
actioninitadmin/classes/WPSSUserRolesCapsManager.php:75
actioninitadmin/classes/WPSSUserRolesCapsManager.php:76
actioninitadmin/classes/WPSSUserRolesCapsManager.php:77
actioninitadmin/classes/WPSSUserRolesCapsManager.php:78
actioninitadmin/classes/WPSSUserRolesCapsManager.php:79
actioninitadmin/classes/WPSSUserRolesCapsManager.php:80
actioninitadmin/classes/WPSSUserRolesCapsManager.php:81
actionuser_registeradmin/classes/WPSSUsers.php:40
filterwidget_display_callbackadmin/classes/WPSSWidgets.php:29
actionplugins_loadedwpss-ultimate-user-management.php:54
actionwidgets_initwpss-ultimate-user-management.php:60
Maintenance & Trust

WPSS Ultimate User Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 4, 2025
PHP min version8.1
Downloads618

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WPSS Ultimate User Management Alternatives

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

A
86

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 5 CVEs
Editorial Access Manager

Editorial Access Manager

editorial-access-manager

A
85

Allow for granular editorial access control for all post types in WordPress

80 No CVEs
Members – Membership & User Role Editor Plugin

Members – Membership & User Role Editor Plugin

members

A
99

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE
WPFront User Role Editor

WPFront User Role Editor

wpfront-user-role-editor

A
94

Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.

30K 5 CVEs
User Roles and Capabilities

User Roles and Capabilities

user-roles-and-capabilities

C
63

Manage user roles and Capabilities, create new roles and change default role.

8K 1 unpatched
Developer Profile

WPSS Ultimate User Management Developer Profile

Angelo Rocha

2 plugins · 0 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPSS Ultimate User Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpss-ultimate-user-management/assets/css/main.min.css/wp-content/plugins/wpss-ultimate-user-management/assets/js/js.min.js
Script Paths
/wp-content/plugins/wpss-ultimate-user-management/assets/js/js.min.js
Version Parameters
wpss-ultimate-user-management/assets/css/main.min.css?ver=wpss-ultimate-user-management/assets/js/js.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpss-ultimate-user-management-admin-menu
Data Attributes
data-security_nonce
JS Globals
wpss_user_management_object
FAQ

Frequently Asked Questions about WPSS Ultimate User Management