cleantalk
Vulnerabilities and Security Researches

User Role Editor, PSC-2026-64609

PSC, Research URL

PSC-2026-64609

Home page URL

Security reports for User Role Editor

Application

User Role Editor

Published on
Feb 16, 2026
Research Description
User Role Editor v4.64.6 is a widely used WordPress administration plugin that lets site owners manage roles and capabilities through a clear checkbox based interface, making it easy to add, remove, clone, and delete roles while also supporting per user capability assignments and multisite networks. Because role and capability management directly governs access control across WordPress, any weakness in implementation could have severe impact, including unauthorized privilege changes or admin takeover paths. User Role Editor has passed CleanTalk Plugin Security Certification under PSC-2026-64609, confirming that the plugin was assessed for secure coding practices and validated against major vulnerability classes.
Affected versions
Min 4.64.6, max 4.64.6.
Status
SAFE & CERTIFIED
Previous vulnerability researches
WPFront User Role Editor (CVE-2025-60102) , Oct 12, 2025
WPFront User Role Editor (CVE-2024-2931) , Jun 07, 2024
WPFront User Role Editor (CVE-2021-24984) , Jun 07, 2024
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
User Role Editor (f814ebd7f3c5283e94417912def596f19b5b9156) , Jun 06, 2024
New vulnerability
Contact Form 7 Database Addon – CFDB7 , Feb 17, 2026
GoSMTP – SMTP for WordPress , Feb 17, 2026
User Role Editor , Feb 16, 2026
Post Types Order , Feb 11, 2026
Code Snippets , Feb 09, 2026