Does All in One Invite Codes have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is All in One Invite Codes compatible with WordPress 6.8.5?

According to WordPress.org data, All in One Invite Codes 1.2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is All in One Invite Codes compatible with PHP 5.3+?

All in One Invite Codes requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is All in One Invite Codes updated?

All in One Invite Codes was last updated on Jun 26, 2025. Frequent updates are generally a positive security signal.

What is All in One Invite Codes's security score?

All in One Invite Codes has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All in One Invite Codes Security & Risk Analysis

wordpress.org/plugins/all-in-one-invite-codes

Intelligent automatic invite codes system. Create Invite only Registration Funnels, Products and more.

300 active installs v1.2.0 PHP 5.3+ WP 4.9+ Updated Jun 26, 2025

invite-codesinvite-onlyregistration

A · Safe

CVEs total2

Unpatched0

Last CVEJul 21, 2022

Plugin page Download

Safety Verdict

Is All in One Invite Codes Safe to Use in 2026?

Generally Safe

Score 99/100

All in One Invite Codes has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jul 21, 2022Updated 10mo ago

Risk Assessment

The 'all-in-one-invite-codes' v1.2.0 plugin presents a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of properly escaped output and no identified file operations or external HTTP requests, significant concerns remain. The presence of an unprotected AJAX handler is a critical finding, creating an accessible entry point that could be exploited without proper authentication. Although taint analysis found no unsanitized paths, the existence of an unprotected endpoint bypasses this protection. The plugin has a history of two medium severity vulnerabilities, both related to Cross-Site Scripting, with the last one occurring in July 2022. While these are currently patched, the recurring nature of XSS issues suggests a potential weakness in input sanitization in certain contexts. The plugin also uses bundled libraries, DataTables and Freemius v1.0, which if outdated, could introduce further risks, although their current version status is not detailed here. In conclusion, the plugin has strengths in output escaping and avoiding dangerous functions, but the unprotected AJAX handler and historical XSS vulnerabilities are serious points of concern that elevate the overall risk.

Key Concerns

AJAX handler without authentication check
Past medium severity XSS vulnerabilities
Bundled outdated library (Freemius v1.0)

Vulnerabilities

2 published

All in One Invite Codes Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

WF-63c1e570-c0de-44e0-ac39-0b9006c43efa-all-in-one-invite-codesmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All in One Invite Codes <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 21, 2022 Patched in 1.1.0 (551d)

WF-facf765a-ddce-485b-adce-99ee22262951-all-in-one-invite-codesmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All in One Invite Codes <= 1.0.14 - Cross-Site Scripting

May 17, 2022 Patched in 1.0.15 (616d)

Version History

All in One Invite Codes Release Timeline

v1.2.0Current

v1.1.15

v1.1.14

v1.1.13

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.151 CVE

WF-63c1e570-c0de-44e0-ac39-0b9006c43efa-all-in-one-invite-codes

v1.0.142 CVEs

WF-63c1e570-c0de-44e0-ac39-0b9006c43efa-all-in-one-invite-codes WF-facf765a-ddce-485b-adce-99ee22262951-all-in-one-invite-codes

v1.0.132 CVEs

WF-63c1e570-c0de-44e0-ac39-0b9006c43efa-all-in-one-invite-codes WF-facf765a-ddce-485b-adce-99ee22262951-all-in-one-invite-codes

Code Analysis

Analyzed Mar 16, 2026

All in One Invite Codes Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesFreemius1.0

SQL Query Safety

50% prepared4 total queries

Output Escaping

83% escaped144 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

all_in_one_invite_code_register_form (includes\default-registration.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

All in One Invite Codes Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 5

authwp_ajax_all_in_one_invite_codes_disable_codeincludes\admin\admin-ajax.php:40

authwp_ajax_all_in_one_invite_codes_send_invite_mailincludes\admin\admin-ajax.php:81

authwp_ajax_aioic_generate_multiple_invitesincludes\admin\admin-ajax.php:83

authwp_ajax_all_in_one_invite_codes_create_codeincludes\generate-invite-codes.php:6

authwp_ajax_all_in_one_invite_codes_send_inviteincludes\send-invite-email.php:102

Shortcodes 4

[all_in_one_invite_codes_list_codes_by_user] includes\shortcodes.php:6

[all_in_one_invite_codes_invited_by_user_filter] includes\shortcodes.php:134

[all_in_one_invite_codes_list_codes_not_assigend] includes\shortcodes.php:200

[all_in_one_invite_codes_create] includes\shortcodes.php:247

WordPress Hooks 37

actioninitall-in-one-invite-codes.php:75

actioninitall-in-one-invite-codes.php:76

actioninitall-in-one-invite-codes.php:77

actionadmin_menuall-in-one-invite-codes.php:78

actionadmin_enqueue_scriptsall-in-one-invite-codes.php:79

actionadmin_enqueue_scriptsall-in-one-invite-codes.php:80

actionwp_footerall-in-one-invite-codes.php:81

actionadmin_noticesall-in-one-invite-codes.php:410

filterhandle_gdpr_admin_noticeall-in-one-invite-codes.php:422

actionadmin_menuincludes\admin\admin-settings.php:13

actionadmin_initincludes\admin\admin-settings.php:69

actionadmin_menuincludes\admin\invite-codes-bulk.php:13

actionadmin_enqueue_scriptsincludes\admin\invite-codes-bulk.php:15

actionadd_meta_boxesincludes\admin\invite-codes-options.php:20

actionsave_post_tk_invite_codesincludes\admin\invite-codes-options.php:291

actionsave_postincludes\admin\invite-codes-options.php:332

actionadmin_menuincludes\admin\invite-codes-options.php:341

filterwp_insert_post_dataincludes\admin\invite-codes-options.php:344

actioninitincludes\admin\invite-codes-post-type.php:49

filterpage_row_actionsincludes\admin\invite-codes-post-type.php:77

actionmanage_tk_invite_codes_posts_columnsincludes\admin\invite-codes-post-type.php:101

actionmanage_tk_invite_codes_posts_custom_columnincludes\admin\invite-codes-post-type.php:173

actionadmin_head-post.phpincludes\admin\invite-codes-post-type.php:240

actionadmin_head-post-new.phpincludes\admin\invite-codes-post-type.php:241

actionpost_submitbox_misc_actionsincludes\admin\invite-codes-post-type.php:274

actionadmin_enqueue_scriptsincludes\admin\pricing-page\pricing-page.php:25

actionadmin_menuincludes\admin\tree.php:13

filterwp_list_pagesincludes\admin\tree.php:124

filterpost_type_linkincludes\admin\tree.php:125

filterwp_list_pagesincludes\admin\tree.php:150

filterpost_type_linkincludes\admin\tree.php:151

filterwp_list_pagesincludes\admin\tree.php:176

filterpost_type_linkincludes\admin\tree.php:177

actionadmin_enqueue_scriptsincludes\admin\tree.php:213

actionregister_formincludes\default-registration.php:32

filterregistration_errorsincludes\default-registration.php:72

actionuser_registerincludes\default-registration.php:166

Maintenance & Trust

All in One Invite Codes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 26, 2025

PHP min version5.3

Downloads14K

Community Trust

Rating100/100

Number of ratings3

Active installs300

Alternatives

All in One Invite Codes Alternatives

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 1 unpatched

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 43 CVEs

Event Tickets and Registration

event-tickets

Event Tickets allows your visitors to RSVP and buy tickets to events on your site. Also works seamlessly with The Events Calendar.

90K 12 CVEs

LoginWP (Formerly Peter's Login Redirect)

peters-login-redirect

Redirect users to different locations after they log in, log out and register based on different conditions.

90K 3 CVEs

Developer Profile

All in One Invite Codes Developer Profile

Themekraft

12 plugins · 5K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect All in One Invite Codes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-in-one-invite-codes/assets/css/admin.css/wp-content/plugins/all-in-one-invite-codes/assets/css/invite-codes-shortcode.css/wp-content/plugins/all-in-one-invite-codes/assets/css/style.css/wp-content/plugins/all-in-one-invite-codes/assets/js/admin.js/wp-content/plugins/all-in-one-invite-codes/assets/js/invite-codes-shortcode.js/wp-content/plugins/all-in-one-invite-codes/assets/js/public.js/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/jquery.min.js/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/underscore.min.js

Script Paths

/wp-content/plugins/all-in-one-invite-codes/assets/js/admin.js/wp-content/plugins/all-in-one-invite-codes/assets/js/invite-codes-shortcode.js/wp-content/plugins/all-in-one-invite-codes/assets/js/public.js/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/jquery.min.js/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/underscore.min.js

Version Parameters

/wp-content/plugins/all-in-one-invite-codes/assets/css/admin.css?ver=/wp-content/plugins/all-in-one-invite-codes/assets/css/invite-codes-shortcode.css?ver=/wp-content/plugins/all-in-one-invite-codes/assets/css/style.css?ver=/wp-content/plugins/all-in-one-invite-codes/assets/js/admin.js?ver=/wp-content/plugins/all-in-one-invite-codes/assets/js/invite-codes-shortcode.js?ver=/wp-content/plugins/all-in-one-invite-codes/assets/js/public.js?ver=/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/jquery.min.js?ver=/wp-content/plugins/all-in-one-invite-codes/assets/js/vendor/underscore.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

all-in-one-invite-codes

Data Attributes

data-invite-codes-noncedata-invite-codes-security

JS Globals

tk_invite_codes_ajax_object

REST Endpoints

/wp-json/tk-invite-codes/v1/invite-code

Shortcode Output

[invite_codes_form][invite_codes_table]

FAQ