PLUGIN SECURITY
Is User Role Editor safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the User Role Editor WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
user-role-editor - Requires PHP: 7.3+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- User Role Editor [user-role-editor] < 4.25 [WordPress User Role Editor Plugin <= 4.24 - Privilege Escalation]
- User Role Editor [user-role-editor] < 3.13 [WordPress User Role Editor Plugin 3.12 - CSRF]
- User Role Editor [user-role-editor] < 4.25 [wpscan.com]
- User Role Editor [user-role-editor] < 3.14 [User Role Editor - Cross-Site Request Forgery]
- User Role Editor [user-role-editor] < 4.25 [User Role Editor <= 4.24 - Authenticated Privilege Escalation]
+ 1 more known vulnerability
- User Role Editor [user-role-editor] < 4.64.4 [CVE-2024-12293, User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation, WordPress User Role Editor Plugin <= 4.64.3 is vulnerable to Cross Site Request Forgery (CSRF)]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Classic Editor — 9000000+ active installs — max PHP 8.4
- Classic Widgets — 2000000+ active installs — max PHP 8.4
- Loginizer — 1000000+ active installs — max PHP <8.0
- Advanced Editor Tools — 1000000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.