Title: Previous plugin vulnerability Last modified: May 28, 2023 --- # Previous plugin vulnerability * [dav74](https://wordpress.org/support/users/dav74/) * (@dav74) * [2 years, 11 months ago](https://wordpress.org/support/topic/previous-plugin-vulnerability/) * Hello, * I really like your plugin but my hosting made me aware that there was a plugin vulnerability a couple years ago (cross site scripting) which could lead to your site being hacked. I’m sure you have fully patched that and operate with more precautions nowadays since that, but of course any plugin which gives the ability to change user roles carries a risk. * Can you tell me, if I disable your plugin when it is not in use, does that minimse any potential risk? It would be great to know. * Thanks again Viewing 1 replies (of 1 total) * Plugin Author [Vladimir Garagulya](https://wordpress.org/support/users/shinephp/) * (@shinephp) * [2 years, 11 months ago](https://wordpress.org/support/topic/previous-plugin-vulnerability/#post-16793278) * Hi, * Sure, once you deactivate the URE plugin, its code can not be executed. Viewing 1 replies (of 1 total) The topic ‘Previous plugin vulnerability’ is closed to new replies. * ![](https://ps.w.org/user-role-editor/assets/icon-256x256.jpg?rev=1020390) * [User Role Editor](https://wordpress.org/plugins/user-role-editor/) * [Frequently Asked Questions](https://wordpress.org/plugins/user-role-editor/#faq) * [Support Threads](https://wordpress.org/support/plugin/user-role-editor/) * [Active Topics](https://wordpress.org/support/plugin/user-role-editor/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/user-role-editor/unresolved/) * [Reviews](https://wordpress.org/support/plugin/user-role-editor/reviews/) * 1 reply * 2 participants * Last reply from: [Vladimir Garagulya](https://wordpress.org/support/users/shinephp/) * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/previous-plugin-vulnerability/#post-16793278) * Status: not resolved