Does Click & Pledge – Paid Memberships Pro have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Click & Pledge – Paid Memberships Pro compatible with WordPress 6.9.4?

According to WordPress.org data, Click & Pledge – Paid Memberships Pro 25.12000000-WP6.9-PMP3.6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Click & Pledge – Paid Memberships Pro updated?

Click & Pledge – Paid Memberships Pro was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Click & Pledge – Paid Memberships Pro's security score?

Click & Pledge – Paid Memberships Pro has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Click & Pledge – Paid Memberships Pro Security & Risk Analysis

wordpress.org/plugins/click-pledge-paid-memberships-pro

Click & Pledge payment gateway integration for Paid Memberships Pro with Salesforce support.

10 active installs v25.12000000-WP6.9-PMP3.6.3 PHP + WP 5.2+ Updated Dec 17, 2025

click-and-pledgemembership-paymentspaid-memberships-propayment-gatewaysalesforce-integration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Click & Pledge – Paid Memberships Pro Safe to Use in 2026?

Generally Safe

Score 100/100

Click & Pledge – Paid Memberships Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "click-pledge-paid-memberships-pro" plugin v25.12000000-WP6.9-PMP3.6.3 exhibits a concerning security posture due to a significant number of unprotected entry points. The static analysis reveals 8 AJAX handlers, all of which lack authentication checks, exposing a substantial attack surface to unauthenticated users. This is further compounded by the presence of the dangerous `unserialize` function, which can lead to remote code execution if improperly handled with untrusted input. While the plugin demonstrates good practices in SQL query preparation (95% prepared) and output escaping (92% escaped), the lack of basic security checks on AJAX endpoints and the potential risk from `unserialize` outweigh these strengths. The absence of any recorded vulnerabilities in its history might suggest a lack of widespread exploitation or an assumption of security, but it does not negate the risks identified in the code. The plugin's overall security is weakened by these identified weaknesses, requiring immediate attention.

Key Concerns

AJAX handlers without auth checks
Dangerous function 'unserialize' found
No nonce checks on AJAX handlers
No capability checks on AJAX handlers
Flows with unsanitized paths found

Vulnerabilities

None known

Click & Pledge – Paid Memberships Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Click & Pledge – Paid Memberships Pro Release Timeline

v25.12000000-WP6.9-PMP3.6.3Current

v25.09000000-WP6.8.2-PMP3.5.5

v25.05010000-WP6.8.1-PMP3.4.6

v25.05000000-WP6.8.1-PMP3.4.6

v25.02000000-WP6.7.1-PMP3.3.3

v4.2112000000-WP5.8.2-PMP2.6.6

v4.2108000000-WP5.8-PMP2.5.10.2

v04.2103000000-WP5.7-PMP2.5.7

v04.2101000000-WP5.6-PMP2.5.2

v04.2011010000-WP.5.5.3-PMP2.4.4

v04.2006000000-WP.5.4.2-PMP2.3.3

v4.24080000-WP6.6.1-PMP3.1.3

v4.23110000-WP6.4.1-PMP2.12.4

v4.23040000-WP6.2.1-PMP2.10.3

v4.22030000-WP5.9.1-PMP2.7.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

Code Analysis

Analyzed Mar 17, 2026

Click & Pledge – Paid Memberships Pro Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

87 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$avcrds = unserialize($optionsarry['available_cards']);classes\class.pmprogateway_clickandpledge.php:655

SQL Query Safety

95% prepared19 total queries

Output Escaping

92% escaped95 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

cnp_getCnPPMPUserEmailAccountList (classes\class.pmprogateway_clickandpledge.php:331)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Click & Pledge – Paid Memberships Pro Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_cnp_getcodeclasses\class.pmprogateway_clickandpledge.php:127

noprivwp_ajax_cnp_getcodeclasses\class.pmprogateway_clickandpledge.php:128

authwp_ajax_cnp_pmpgetaccountsclasses\class.pmprogateway_clickandpledge.php:129

noprivwp_ajax_cnp_pmpgetaccountsclasses\class.pmprogateway_clickandpledge.php:130

authwp_ajax_cnp_pmprefreshAccountsclasses\class.pmprogateway_clickandpledge.php:131

noprivwp_ajax_cnp_pmprefreshAccountsclasses\class.pmprogateway_clickandpledge.php:132

authwp_ajax_getCnPPMPUserEmailAccountListclasses\class.pmprogateway_clickandpledge.php:134

noprivwp_ajax_getCnPPMPUserEmailAccountListclasses\class.pmprogateway_clickandpledge.php:135

WordPress Hooks 15

actioninitclasses\class.pmprogateway_clickandpledge.php:5

filterpmpro_gatewaysclasses\class.pmprogateway_clickandpledge.php:107

filterpmpro_payment_optionsclasses\class.pmprogateway_clickandpledge.php:110

filterpmpro_payment_option_fieldsclasses\class.pmprogateway_clickandpledge.php:111

actionpmpro_after_membership_level_profile_fieldsclasses\class.pmprogateway_clickandpledge.php:114

actionprofile_updateclasses\class.pmprogateway_clickandpledge.php:115

actionpmpro_membership_level_after_other_settingsclasses\class.pmprogateway_clickandpledge.php:118

actionpmpro_save_membership_levelclasses\class.pmprogateway_clickandpledge.php:119

actionpmpro_activationclasses\class.pmprogateway_clickandpledge.php:123

actionpmpro_deactivationclasses\class.pmprogateway_clickandpledge.php:124

actionpmpro_cron_example_subscription_updatesclasses\class.pmprogateway_clickandpledge.php:125

actionpmpro_checkout_preheaderclasses\class.pmprogateway_clickandpledge.php:142

filterpmpro_checkout_orderclasses\class.pmprogateway_clickandpledge.php:143

filterpmpro_include_cardtype_fieldclasses\class.pmprogateway_clickandpledge.php:145

actionwp_footerclasses\class.pmprogateway_clickandpledge.php:3083

Scheduled Events 1

pmpro_cron_example_subscription_updates

Maintenance & Trust

Click & Pledge – Paid Memberships Pro Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Click & Pledge – Paid Memberships Pro Alternatives

Click & Pledge WPJobBoard

click-pledge-wpjobboard

Click & Pledge payment gateway integration for WPJobBoard with Salesforce support.

40 1 CVE

Click & Pledge for Gravity Forms

gravity-forms-click-pledge

100

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 No CVEs

Voguepay plugin for Paid Memberships Pro

pmpro-voguepay

This plugin allows you to accept payment from local and international customers on Paid Memberships Pro.

10 No CVEs

Paystack WooCommerce Payment Gateway

woo-paystack

100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs

elegro Crypto Payment

elegro-payment

Increase your customers base by accepting cryptocurrencies.

20K No CVEs

Developer Profile

Click & Pledge – Paid Memberships Pro Developer Profile

ClickandPledge

5 plugins · 200 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect Click & Pledge – Paid Memberships Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/click-pledge-paid-memberships-pro/css/pmpro-click-pledge.css/wp-content/plugins/click-pledge-paid-memberships-pro/js/pmpro-click-pledge.js

Script Paths

/wp-content/plugins/click-pledge-paid-memberships-pro/js/pmpro-click-pledge.js

Version Parameters

click-pledge-paid-memberships-pro/css/pmpro-click-pledge.css?ver=click-pledge-paid-memberships-pro/js/pmpro-click-pledge.js?ver=

HTML / DOM Fingerprints

CSS Classes

pmpro_card_fields

JS Globals

pmpro_click_pledge_params

FAQ