PLUGIN SECURITY
Is Wp User Manager safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Wp User Manager WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wp-user-manager
Known vulnerabilities
- CVE-2021-24655 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.6.3 (CWE-639) · High
- CVE-2024-43336 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.11 (CSRF) · Medium
- CVE-2024-10216 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.12 (Missing Authorization) · Medium
- CVE-2024-10537 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.12 (Missing Authorization) · Medium
- CVE-2025-60245 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.13 (Insecure Deserialization) · Critical
+ 3 more known vulnerabilities
- CVE-2025-13320 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.13 (CWE-73) · Medium
- CVE-2026-9290 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.18 (Path Traversal) · High
- CVE-2026-49766 — WP User Manager – User Profile Builder & Membership [wp-user-manager] < 2.9.17 (Path Traversal) · Critical
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.