Does Binary MLM Plan have any unpatched vulnerabilities?

Yes — Binary MLM Plan currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Binary MLM Plan compatible with WordPress 6.9.4?

According to WordPress.org data, Binary MLM Plan 5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Binary MLM Plan compatible with PHP 8.0+?

Binary MLM Plan requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Binary MLM Plan updated?

Binary MLM Plan was last updated on Dec 13, 2025. Frequent updates are generally a positive security signal.

What is Binary MLM Plan's security score?

Binary MLM Plan has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Binary MLM Plan Security Review — Score 71/100 (generally safe)

Safety Verdict

Is Binary MLM Plan Safe to Use in 2026?

Mostly Safe

Score 71/100

Binary MLM Plan is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Oct 16, 2025Updated 3mo ago

Risk Assessment

The "binary-mlm-plan" plugin v5.1 exhibits a mixed security posture. While it demonstrates good practices in SQL query sanitization (96% prepared statements) and output escaping (82%), significant concerns arise from its attack surface and taint analysis. A large portion of its AJAX handlers (14 out of 14) are exposed without authentication checks, presenting a substantial risk for unauthorized actions. The taint analysis reveals 11 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if user input is not properly validated before being used in sensitive operations. The plugin's vulnerability history, including one currently unpatched high-severity CVE and past issues like SQL injection and authorization bypass, further exacerbates these concerns. This history suggests a recurring pattern of security flaws that have not been fully remediated. The plugin's strengths lie in its careful handling of SQL queries and output, but the numerous unprotected entry points and critical taint flows, coupled with a history of vulnerabilities, paint a picture of a plugin that requires immediate attention to address its significant security weaknesses.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Unpatched high severity CVE
Bundled outdated library
Low capability check coverage

Vulnerabilities

3

Binary MLM Plan Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1

Medium

2

3 total CVEs

CVE-2025-11895medium · 4.3Authorization Bypass Through User-Controlled Key

Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

Oct 16, 2025Unpatched

CVE-2025-10038medium · 6.5Incorrect Privilege Assignment

Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation

Oct 14, 2025 Patched in 5.0 (23d)

CVE-2025-47671high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Binary MLM Plan <= 3.0 - Unauthenticated SQL Injection

May 21, 2025 Patched in 5.0 (170d)

Code Analysis

Analyzed Mar 16, 2026

Binary MLM Plan Code Analysis

Dangerous Functions

0

Raw SQL Queries

10

234 prepared

Unescaped Output

106

483 escaped

Nonce Checks

10

Capability Checks

2

File Operations

0

External Requests

0

Bundled Libraries

1

Bundled Libraries

DataTables1.11.5

SQL Query Safety

96% prepared244 total queries

Output Escaping

82% escaped589 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

18 flows11 with unsanitized paths

<html-admin-settings> (includes\admin\views\html-admin-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Binary MLM Plan Attack Surface

Entry Points18

Unprotected14

AJAX Handlers 14

authwp_ajax_bmp_user_registerincludes\bmp-hooks.php:6

noprivwp_ajax_bmp_user_registerincludes\bmp-hooks.php:7

authwp_ajax_bmp_username_existincludes\bmp-hooks.php:10

noprivwp_ajax_bmp_username_existincludes\bmp-hooks.php:11

authwp_ajax_bmp_position_existincludes\bmp-hooks.php:14

noprivwp_ajax_bmp_position_existincludes\bmp-hooks.php:15

authwp_ajax_bmp_email_existincludes\bmp-hooks.php:18

noprivwp_ajax_bmp_email_existincludes\bmp-hooks.php:19

authwp_ajax_bmp_epin_existincludes\bmp-hooks.php:22

noprivwp_ajax_bmp_epin_existincludes\bmp-hooks.php:23

authwp_ajax_bmp_password_validationincludes\bmp-hooks.php:26

noprivwp_ajax_bmp_password_validationincludes\bmp-hooks.php:27

authwp_ajax_bmp_join_networkincludes\bmp-hooks.php:36

noprivwp_ajax_bmp_join_networkincludes\bmp-hooks.php:37

Shortcodes 4

[bmp_register] includes\catalog\class-bmp-template.php:6

[join_network] includes\catalog\class-bmp-template.php:13

[bmp_genealogy] includes\catalog\class-bmp-template.php:20

[bmp_account_detail] includes\catalog\class-bmp-template.php:28

WordPress Hooks 24

actionadmin_enqueue_scriptsincludes\admin\class-bmp-admin-assets.php:21

actionadmin_enqueue_scriptsincludes\admin\class-bmp-admin-assets.php:22

actionadmin_menuincludes\admin\class-bmp-admin-menus.php:19

actionadmin_menuincludes\admin\class-bmp-admin-menus.php:20

actioninitincludes\admin\class-bmp-admin.php:14

filterbmp_settings_tabs_arrayincludes\admin\settings\class-bmp-settings-page.php:36

actionbmp_check_downline_validateincludes\bmp-hooks.php:29

actionbmp_user_check_validateincludes\bmp-hooks.php:30

actionbmp_user_payout_listincludes\bmp-hooks.php:31

actionbmp_user_account_detailincludes\bmp-hooks.php:32

actionbmp_user_downlines_listincludes\bmp-hooks.php:33

actionbmp_user_check_payoutincludes\bmp-hooks.php:34

actionbmp_user_payout_detailincludes\bmp-hooks.php:35

actionwp_headincludes\bmp-hooks.php:38

filterquery_varsincludes\bmp-hooks.php:39

filterrewrite_rules_arrayincludes\bmp-hooks.php:40

actionbmp_admin_payout_detailincludes\bmp-hooks.php:43

actionbmp_admin_bonus_detailsincludes\bmp-hooks.php:44

actionbmp_admin_user_account_detailincludes\bmp-hooks.php:45

actionbmp_admin_user_downlines_listincludes\bmp-hooks.php:46

actionbmp_admin_user_payout_listincludes\bmp-hooks.php:47

actionbmp_mlm_deactivate_hookincludes\bmp-hooks.php:48

actionbmp_frontend_scriptincludes\bmp-hooks.php:49

actioninitincludes\class-bmp.php:75

Maintenance & Trust

Binary MLM Plan Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 13, 2025

PHP min version8.0

Downloads14K

Community Trust

Rating74/100

Number of ratings3

Active installs40

Alternatives

Binary MLM Plan Alternatives

Unilevel MLM Plan

unilevel-mlm-plan

A

99

Unilevel MLM Plan software has been design to help customers to make the high profit gain based on level.

10 1 CVE

Developer Profile

Binary MLM Plan Developer Profile

LETSCMS MLM Software

5 plugins · 80 total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

241 days

View full developer profile

Detection Fingerprints

How We Detect Binary MLM Plan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/binary-mlm-plan/assets/css/admin/admin.css/wp-content/plugins/binary-mlm-plan/assets/css/bootstrap.css/wp-content/plugins/binary-mlm-plan/assets/fontawesome/css/all.min.css/wp-content/plugins/binary-mlm-plan/assets/js/admin/admin.js/wp-content/plugins/binary-mlm-plan/assets/js/bootstrap.js/wp-content/plugins/binary-mlm-plan/assets/fontawesome/js/all.min.js/wp-content/plugins/binary-mlm-plan/assets/datatable/datatables.css/wp-content/plugins/binary-mlm-plan/assets/datatable/datatables.js+4 more

Script Paths

/wp-content/plugins/binary-mlm-plan/assets/js/admin/admin.js/wp-content/plugins/binary-mlm-plan/assets/js/bootstrap.js/wp-content/plugins/binary-mlm-plan/assets/fontawesome/js/all.min.js/wp-content/plugins/binary-mlm-plan/assets/datatable/datatables.js/wp-content/plugins/binary-mlm-plan/assets/js/dataTable.js/wp-content/plugins/binary-mlm-plan/assets/js/genealogy/genealogy_boot.js+1 more

HTML / DOM Fingerprints

CSS Classes

bmp_admin_stylesbmp_admin_bootstrapbmp_fs_cssbmp_dataTable_cssbmp_dataTable_jsbmp_dataTablebmp_admin_gene_cssbmp-genboot-js+1 more

HTML Comments

Data Attributes

data-bs-toggledata-bs-targetdata-bs-dismissdata-bs-backdropdata-bs-keyboard

JS Globals

genealogy_data

FAQ

Binary MLM Plan Security & Risk Analysis

Is Binary MLM Plan Safe to Use in 2026?

Mostly Safe

Key Concerns

Binary MLM Plan Security Vulnerabilities

CVEs by Year

Severity Breakdown

Binary MLM Plan Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Binary MLM Plan Attack Surface

AJAX Handlers 14

Shortcodes 4

Binary MLM Plan Maintenance & Trust

Maintenance Signals

Community Trust

Binary MLM Plan Alternatives

Unilevel MLM Plan

Binary MLM Plan Developer Profile

How We Detect Binary MLM Plan

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Binary MLM Plan