WP-Safety

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Security & Risk Analysis

wordpress.org/plugins/chama

💳 A WordPress plugin for monetizing your tribe! 🚀

10 active installs v1.0.12 PHP 7.4+ WP 5.3+ Updated Feb 9, 2026
content-restrictiondonationmembershipstripesubscription
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Safe to Use in 2026?

Generally Safe

Score 100/100

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "chama" plugin v1.0.12 exhibits a generally strong security posture, with excellent adherence to common WordPress security best practices. All identified entry points, including AJAX handlers and REST API routes, are protected with authentication checks. The plugin demonstrates robust output escaping, with 100% of outputs properly escaped, significantly mitigating Cross-Site Scripting (XSS) risks. Furthermore, a substantial majority of SQL queries utilize prepared statements, reducing the likelihood of SQL injection vulnerabilities. The plugin also implements a healthy number of nonce and capability checks.

However, the presence of two instances of the `unserialize` function is a notable concern. While the static analysis doesn't explicitly flag these as unsanitized, `unserialize` is inherently risky if not handled with extreme caution and proper input validation, as it can lead to object injection vulnerabilities. The single identified unsanitized path in the taint analysis, while classified as high severity and not critical, warrants careful investigation to understand its potential impact.

With no recorded vulnerabilities or CVEs in its history, the "chama" plugin's track record is clean. This suggests a history of responsible development. Despite the minor concerns around `unserialize` and the high-severity taint flow, the overall security of the plugin appears to be good. The strengths in output escaping, prepared statements, and protected entry points outweigh the identified weaknesses, suggesting a low overall risk, provided the `unserialize` usage and the high-severity taint flow are addressed.

Key Concerns

  • Dangerous function unserialize used
  • High severity unsanitized path found
Vulnerabilities
None known

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Code Analysis

Dangerous Functions
2
Raw SQL Queries
8
16 prepared
Unescaped Output
4
1063 escaped
Nonce Checks
38
Capability Checks
15
File Operations
1
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$payment_data = unserialize(base64_decode($meta));templates\content-payment.php:29
unserialize$payment_data = unserialize(base64_decode($meta));templates\content-subscription.php:27

Bundled Libraries

Stripe PHP

SQL Query Safety

67% prepared24 total queries

Output Escaping

100% escaped1067 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

14 flows1 with unsanitized paths
<metaboxes> (inc\metaboxes.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 2

authwp_ajax_chama_synchronize_subscription_renewalsinc\utilities.php:204
authwp_ajax_chama_cancel_subscriptioninc\utilities.php:238

REST API Routes 8

POST/wp-json/v1/stripepaymentinc\template-functions.php:1100
POST/wp-json/v1/stripesubscriptioninc\template-functions.php:1108
POST/wp-json/v1/stripevalidateinc\template-functions.php:1116
POST/wp-json/v1/stripecancelinc\template-functions.php:1124
POST/wp-json/v1/stripedeleteinc\template-functions.php:1132
POST/wp-json/v1/stripepauseinc\template-functions.php:1140
POST/wp-json/v1/striperesumeinc\template-functions.php:1148
POST/wp-json/v1/stripesetupinc\template-functions.php:1156

Shortcodes 20

[chama_login_page] inc\shortcodes.php:15
[chama_registration_page] inc\shortcodes.php:16
[chama_edit_account_page] inc\shortcodes.php:17
[chama_edit_password_page] inc\shortcodes.php:18
[chama_forgot_password_page] inc\shortcodes.php:19
[chama_reset_password_page] inc\shortcodes.php:20
[chama_verify_email_page] inc\shortcodes.php:21
[chama_account_page] inc\shortcodes.php:22
[chama_hub_page] inc\shortcodes.php:23
[chama_donate_page] inc\shortcodes.php:24
[chama_membership_page] inc\shortcodes.php:25
[chama_crowdfunding_page] inc\shortcodes.php:26
[chama_commissions_page] inc\shortcodes.php:27
[chama_payment_page] inc\shortcodes.php:28
[chama_payment_confirmation_page] inc\shortcodes.php:29
[chama_subscription_page] inc\shortcodes.php:30
[chama_subscription_confirmation_page] inc\shortcodes.php:31
[chama_newsletter_sign_up_form] inc\shortcodes.php:32
[chama_newsletter_sign_up_confirmation_page] inc\shortcodes.php:33
[chama_newsletter_opt_out_confirmation_page] inc\shortcodes.php:34
WordPress Hooks 119
actioninitchama.php:104
actioninitchama.php:105
actioninitchama.php:106
actioninitchama.php:107
actioninitchama.php:108
actioninitchama.php:109
actioninitchama.php:110
actioninitchama.php:111
actionadmin_noticeschama.php:112
actionchama_cron_sync_pending_paymentschama.php:113
actionchama_cron_sync_pending_subscriptionschama.php:114
actionchama_cron_sync_missing_subscription_renewalschama.php:115
actioninitinc\gateways\stripe\stripe-apple-pay.php:9
filterquery_varsinc\gateways\stripe\stripe-apple-pay.php:18
actiontemplate_redirectinc\gateways\stripe\stripe-apple-pay.php:38
filterredirect_canonicalinc\gateways\stripe\stripe-apple-pay.php:49
filterchama_get_nav_menu_itemsinc\menu-helper.php:60
filterchama_get_nav_menu_objectinc\menu-helper.php:61
actionadd_meta_boxesinc\metaboxes.php:32
actionsave_postinc\metaboxes.php:99
filtermanage_posts_columnsinc\metaboxes.php:101
filtermanage_pages_columnsinc\metaboxes.php:102
filtermanage_chama_newsletter_columnsinc\metaboxes.php:103
actionmanage_posts_custom_columninc\metaboxes.php:124
actionmanage_pages_custom_columninc\metaboxes.php:125
filterparse_queryinc\metaboxes.php:184
actionadmin_bar_menuinc\options.php:34
actionadmin_menuinc\options.php:38
actionadmin_menuinc\options.php:69
actionwp_after_admin_bar_renderinc\options.php:81
actionadmin_initinc\options.php:118
actionadmin_initinc\options.php:323
actionadmin_initinc\options.php:491
actionadmin_initinc\options.php:496
actionadmin_initinc\options.php:528
actionadmin_initinc\options.php:771
actionadmin_initinc\options.php:917
actionadmin_initinc\options.php:1028
actionadmin_initinc\options.php:1299
actionadmin_initinc\options.php:1452
actionadmin_initinc\options.php:1475
actionadmin_initinc\options.php:1526
actionadmin_initinc\options.php:1615
actionadmin_initinc\options.php:1620
actionadmin_initinc\options.php:1718
actionadmin_noticesinc\options.php:1957
filterdisplay_post_statesinc\pages.php:82
filterbody_classinc\pages.php:86
filtercomments_arrayinc\protection.php:70
filtercomments_openinc\protection.php:71
filterpings_openinc\protection.php:72
filtergettextinc\protection.php:100
filterthe_contentinc\protection.php:290
filterthe_content_rssinc\protection.php:291
filterpost_thumbnail_htmlinc\protection.php:426
filterget_post_metadatainc\protection.php:496
actionadmin_noticesinc\shared.php:1724
actionadmin_noticesinc\shared.php:1733
actionadmin_noticesinc\shared.php:1824
actionadmin_noticesinc\shared.php:1843
actioninitinc\shared.php:2017
actionadmin_initinc\shared.php:2022
actioninitinc\shared.php:2101
actioninitinc\shortcodes.php:12
actionwp_enqueue_scriptsinc\template-functions.php:5
actioninitinc\template-functions.php:203
actioninitinc\template-functions.php:247
actioninitinc\template-functions.php:411
actioninitinc\template-functions.php:528
actioninitinc\template-functions.php:590
actioninitinc\template-functions.php:651
actioninitinc\template-functions.php:713
actioninitinc\template-functions.php:765
actioninitinc\template-functions.php:790
actioninitinc\template-functions.php:844
actioninitinc\template-functions.php:899
actioninitinc\template-functions.php:993
actioninitinc\template-functions.php:1014
actioninitinc\template-functions.php:1044
filterquery_varsinc\template-functions.php:1065
actionuser_registerinc\template-functions.php:1070
actioninitinc\template-functions.php:1072
actiontemplate_redirectinc\template-functions.php:1085
actiontemplate_redirectinc\template-functions.php:1096
actionrest_api_initinc\template-functions.php:1166
filtershow_admin_barinc\template-functions.php:2144
actionadmin_initinc\template-functions.php:2165
actioninitinc\template-functions.php:2183
filterwp_nav_menu_argsinc\template-functions.php:2207
filterwp_get_nav_menu_itemsinc\template-functions.php:2226
actionwp_logininc\template-functions.php:2346
actioninitinc\template-functions.php:2403
actioncategory_add_form_fieldsinc\terms.php:25
actionpost_tag_add_form_fieldsinc\terms.php:26
actionadmin_initinc\terms.php:27
actioncategory_edit_form_fieldsinc\terms.php:56
actionpost_tag_edit_form_fieldsinc\terms.php:57
actionadmin_initinc\terms.php:58
actionsaved_categoryinc\terms.php:66
actionsaved_post_taginc\terms.php:67
actionadmin_initinc\terms.php:68
filtermanage_edit-category_columnsinc\terms.php:107
filtermanage_edit-post_tag_columnsinc\terms.php:108
actionadmin_initinc\terms.php:109
actionmanage_category_custom_columninc\terms.php:138
actionmanage_post_tag_custom_columninc\terms.php:139
actionadmin_initinc\terms.php:140
actionadmin_initinc\users.php:8
actionadmin_noticesinc\users.php:19
actionadmin_initinc\users.php:28
actionadmin_noticesinc\users.php:39
filteruser_row_actionsinc\users.php:83
filtermanage_users_columnsinc\users.php:90
filtermanage_users_custom_columninc\users.php:114
actionremove_user_roleinc\users.php:141
actionadd_user_roleinc\users.php:168
actiondelete_userinc\users.php:200
actionadmin_print_stylesinc\utilities.php:8
actioninitinc\webhooks.php:9

Scheduled Events 3

chama_cron_sync_pending_payments
chama_cron_sync_pending_subscriptions
chama_cron_sync_missing_subscription_renewals
Maintenance & Trust

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 9, 2026
PHP min version7.4
Downloads769

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Alternatives

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 30 CVEs
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

B
82

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 16 CVEs
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2member

B
76

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K 12 CVEs
Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
Leaky Paywall

Leaky Paywall

leaky-paywall

A
95

The subscription engine for news & niche publishers.

800 5 CVEs
Developer Profile

ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content Developer Profile

chamawp

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chama/assets/css/frontend.css/wp-content/plugins/chama/assets/css/chama.css/wp-content/plugins/chama/assets/js/frontend.js/wp-content/plugins/chama/assets/js/chama.js/wp-content/plugins/chama/assets/js/common.js
Script Paths
/wp-content/plugins/chama/assets/js/frontend.js/wp-content/plugins/chama/assets/js/chama.js/wp-content/plugins/chama/assets/js/common.js
Version Parameters
chama/assets/css/frontend.css?ver=chama/assets/css/chama.css?ver=chama/assets/js/frontend.js?ver=chama/assets/js/chama.js?ver=chama/assets/js/common.js?ver=

HTML / DOM Fingerprints

CSS Classes
chama-buttonchama-cardchama-modalchama-donate-formchama-subscription-formchama-crowdfunding-formchama-campaign-detailschama-tier-details
HTML Comments
<!-- Chama Currency Select --><!-- Chama Donate Button --><!-- Chama Subscription Button --><!-- Chama Crowdfunding Form -->+6 more
Data Attributes
data-chama-iddata-chama-typedata-chama-amountdata-chama-currencydata-chama-gateway
JS Globals
chamaDataChamaFrontendChamaCommon
REST Endpoints
/wp-json/chama/v1/donate/wp-json/chama/v1/subscribe/wp-json/chama/v1/campaign/wp-json/chama/v1/tier/wp-json/chama/v1/webhook/stripe
Shortcode Output
[chama_hub_page][chama_donate_page][chama_membership_page][chama_crowdfunding_page]
FAQ

Frequently Asked Questions about ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content