WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Wp User Manager safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Wp User Manager WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: wp-user-manager

Known vulnerabilities

  • CVE-2021-24655 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.6.3 (CWE-639) · High
  • CVE-2024-43336 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.11 (CSRF) · Medium
  • CVE-2024-10216 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.12 (Missing Authorization) · Medium
  • CVE-2024-10537 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.12 (Missing Authorization) · Medium
  • CVE-2025-60245 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.13 (Insecure Deserialization) · Critical
+ 3 more known vulnerabilities
  • CVE-2025-13320 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.13 (CWE-73) · Medium
  • CVE-2026-9290 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.18 (Path Traversal) · High
  • CVE-2026-49766 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.17 (Path Traversal) · Critical

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.