WP Clinic
Log in Sign up

PLUGIN SECURITY

Is User Role Editor safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the User Role Editor WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: user-role-editor
  • Requires PHP: 7.3+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • User Role Editor [user-role-editor] < 4.25 [WordPress User Role Editor Plugin <= 4.24 - Privilege Escalation]
  • User Role Editor [user-role-editor] < 3.13 [WordPress User Role Editor Plugin 3.12 - CSRF]
  • User Role Editor [user-role-editor] < 4.25 [wpscan.com]
  • User Role Editor [user-role-editor] < 3.14 [User Role Editor - Cross-Site Request Forgery]
  • User Role Editor [user-role-editor] < 4.25 [User Role Editor <= 4.24 - Authenticated Privilege Escalation]
+ 1 more known vulnerability
  • User Role Editor [user-role-editor] < 4.64.4 [CVE-2024-12293, User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation, WordPress User Role Editor Plugin <= 4.64.3 is vulnerable to Cross Site Request Forgery (CSRF)]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.