WP-Safety

CM Registration – Tailored tool for seamless login and invitation-based registrations Security & Risk Analysis

wordpress.org/plugins/cm-invitation-codes

Manage user registration forms with invitation codes and control access. Simplify login and registration processes using Ajax based solution.

40 active installs v2.5.9 PHP 5.2.4+ WP 5.4.0+ Updated Jan 29, 2026
invitation-codelogin-formregistrationregistration-formuser-registration
98
A · Safe
CVEs total2
Unpatched0
Last CVEOct 10, 2025
Plugin page Download
Safety Verdict

Is CM Registration – Tailored tool for seamless login and invitation-based registrations Safe to Use in 2026?

Generally Safe

Score 98/100

CM Registration – Tailored tool for seamless login and invitation-based registrations has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 10, 2025Updated 2mo ago
Risk Assessment

The "cm-invitation-codes" plugin version 2.5.9 presents a mixed security posture. While it demonstrates good practices like a high percentage of SQL queries using prepared statements and a decent number of nonce and capability checks, several concerning aspects warrant attention. The static analysis reveals a significant attack surface with 6 AJAX handlers, and crucially, 3 of these lack proper authentication checks. This creates direct entry points for unauthenticated users to potentially trigger plugin functionalities. Furthermore, the taint analysis highlights 4 flows with unsanitized paths, indicating a potential for path traversal or arbitrary file read/write vulnerabilities, although no critical or high severity taint flows were identified. The vulnerability history shows 2 past medium severity CVEs, specifically related to Open Redirect and Missing Authorization. The recurrence of "Missing Authorization" in past vulnerabilities aligns with the current finding of unprotected AJAX handlers, suggesting a persistent weakness in access control implementation. Despite the absence of currently unpatched CVEs and the absence of dangerous function usage, the combination of unprotected AJAX endpoints and unsanitized path flows presents a moderate risk that could be exploited by attackers. The plugin's strengths lie in its SQL handling and use of nonces, but these are overshadowed by the direct, unauthenticated entry points and potential path manipulation risks.

Key Concerns

  • Unprotected AJAX handlers found
  • Flows with unsanitized paths identified
  • Past medium severity CVEs (Open Redirect, Missing Auth)
  • Lower than ideal output escaping percentage
Vulnerabilities
2

CM Registration – Tailored tool for seamless login and invitation-based registrations Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-11167medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect

Oct 10, 2025 Patched in 2.5.7 (1d)
CVE-2025-32210medium · 4.3Missing Authorization

CM Registration and Invitation Codes <= 2.5.5 - Missing Authorization

Apr 7, 2025 Patched in 2.5.6 (177d)
Code Analysis
Analyzed Mar 16, 2026

CM Registration – Tailored tool for seamless login and invitation-based registrations Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
16 prepared
Unescaped Output
249
286 escaped
Nonce Checks
15
Capability Checks
2
File Operations
3
External Requests
5
Bundled Libraries
0

SQL Query Safety

89% prepared18 total queries

Output Escaping

53% escaped535 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
init (controller\EmailVerificationController.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

CM Registration – Tailored tool for seamless login and invitation-based registrations Attack Surface

Entry Points10
Unprotected3

AJAX Handlers 6

authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147
authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148
authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149
authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150
authwp_ajax_cmregf_save_wizard_optionswizard\wizard.php:29
authwp_ajax_cmregf_create_pageswizard\wizard.php:30

Shortcodes 4

[cminds_free_registration] package\cminds-free.php:54
[cminds_free_guide] package\cminds-free.php:55
[cminds_upgrade_box] package\cminds-free.php:56
[cminds_free_activation] package\cminds-free.php:57
WordPress Hooks 31
actionwp_enqueue_scriptscontroller\EmailVerificationController.php:49
actionwp_enqueue_scriptscontroller\EmailVerificationController.php:75
filterposts_joincontroller\InvitationCodesBackendController.php:97
filtercmloc_login_verification_enabledcontroller\RegistrationController.php:88
actionactivated_plugincore\Core.php:28
actioninitcore\Core.php:60
actionadmin_menucore\Core.php:61
actionadd_meta_boxescore\metabox\MetaBox.php:20
actionsave_postcore\metabox\MetaBox.php:21
actioninitcore\model\Model.php:9
actioninitcore\model\TaxonomyTerm.php:24
actioninitcore\shortcode\Shortcode.php:11
actionwidgets_initcore\widget\Widget.php:18
actioncmreg_load_label_filemodel\Labels.php:19
filterwp_redirectmodel\User.php:30
actionactivated_pluginpackage\cminds-free.php:31
actionadmin_initpackage\cminds-free.php:33
actionadmin_menupackage\cminds-free.php:34
actionadmin_enqueue_scriptspackage\cminds-free.php:35
actionadmin_enqueue_scriptspackage\cminds-free.php:36
actioncminds_download_sysinfopackage\cminds-free.php:48
actioninitpackage\cminds-free.php:50
actioninitpackage\cminds-free.php:51
filterplugin_row_metapackage\cminds-free.php:59
actionwp_dashboard_setuppackage\cminds-free.php:62
actionadmin_footerpackage\cminds-free.php:157
filterwp_mail_content_typepackage\cminds-free.php:311
filterwp_mail_content_typepackage\cminds-free.php:2076
filterwp_mail_content_typepackage\cminds-free.php:2167
actionadmin_menuwizard\wizard.php:28
actionadmin_enqueue_scriptswizard\wizard.php:31
Maintenance & Trust

CM Registration – Tailored tool for seamless login and invitation-based registrations Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version5.2.4
Downloads32K

Community Trust

Rating76/100
Number of ratings8
Active installs40
Alternatives

CM Registration – Tailored tool for seamless login and invitation-based registrations Alternatives

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

userswp

A
89

Light weight Front-end login form, User Registration, User Profile and Members Directory plugin.

20K 14 CVEs
Pie Register – User Registration, Profiles & Content Restriction

Pie Register – User Registration, Profiles & Content Restriction

pie-register

D
40

Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more. Pie Register is a User Registration p &hellip;

2K 1 unpatched
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

profile-builder

B
76

Powerful user profile plugin to create front-end user registration forms, login & user profile forms. Includes user role editor & content restriction.

50K 32 CVEs
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

custom-registration-form-builder-with-submission-manager

B
76

Create customized user registration forms, accept payments, track submissions, manage users, analyze stats, assign user roles and more!

9K 44 CVEs
Normalized Forms with Captcha

Normalized Forms with Captcha

normalized-forms-with-captcha

A
100

Custom Responsive Contact, Login & Register Forms with Captcha. Redirection of Register and Login links to a theme based Register page.

10 No CVEs
Developer Profile

CM Registration – Tailored tool for seamless login and invitation-based registrations Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
546 days
View full developer profile
Detection Fingerprints

How We Detect CM Registration – Tailored tool for seamless login and invitation-based registrations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cm-invitation-codes/assets/css/bootstrap.min.css/wp-content/plugins/cm-invitation-codes/assets/css/select2.css/wp-content/plugins/cm-invitation-codes/assets/css/frontend.css/wp-content/plugins/cm-invitation-codes/assets/css/tooltip.css/wp-content/plugins/cm-invitation-codes/assets/js/bootstrap.min.js/wp-content/plugins/cm-invitation-codes/assets/js/select2.full.js/wp-content/plugins/cm-invitation-codes/assets/js/jquery.validate.min.js/wp-content/plugins/cm-invitation-codes/assets/js/common.js+9 more
Script Paths
/wp-content/plugins/cm-invitation-codes/assets/js/invitation-codes.js/wp-content/plugins/cm-invitation-codes/assets/js/invitation-codes-backend.js/wp-content/plugins/cm-invitation-codes/assets/js/account-verification.js/wp-content/plugins/cm-invitation-codes/assets/js/cmreg_show_toast_message.js
Version Parameters
cm-invitation-codes/assets/css/bootstrap.min.css?ver=cm-invitation-codes/assets/css/select2.css?ver=cm-invitation-codes/assets/css/frontend.css?ver=cm-invitation-codes/assets/css/tooltip.css?ver=cm-invitation-codes/assets/js/bootstrap.min.js?ver=cm-invitation-codes/assets/js/select2.full.js?ver=cm-invitation-codes/assets/js/jquery.validate.min.js?ver=cm-invitation-codes/assets/js/common.js?ver=cm-invitation-codes/assets/js/frontend.js?ver=cm-invitation-codes/assets/js/tooltip.js?ver=cm-invitation-codes/assets/js/backend.js?ver=cm-invitation-codes/assets/css/backend.css?ver=cm-invitation-codes/assets/css/admin-notice.css?ver=cm-invitation-codes/assets/js/admin-notice.js?ver=cm-invitation-codes/assets/js/invitation-codes.js?ver=cm-invitation-codes/assets/js/invitation-codes-backend.js?ver=cm-invitation-codes/assets/js/account-verification.js?ver=cm-invitation-codes/assets/js/cmreg_show_toast_message.js?ver=

HTML / DOM Fingerprints

CSS Classes
cmreg-login-formcmreg-register-formcmreg-invitation-code-wrappercmreg-account-activation-status
HTML Comments
<!-- IMPORTANT: don't change this file --><!-- START: CM Registration and Invitation Codes Backend template --><!-- END: CM Registration and Invitation Codes Backend template --><!-- START: CM Registration and Invitation Codes Admin Notice -->+1 more
Data Attributes
data-invitation-codes-urldata-cmreg-invite-codes-ajax-urldata-cmreg-nonce
JS Globals
cmreg_common_varscmreg_frontend_varscmreg_tooltip_varscmreg_backend_varscmreg_invitation_codes_varscmreg_invitation_codes_backend_vars+1 more
REST Endpoints
/wp-json/cmreg/v1/invitation-codes
FAQ

Frequently Asked Questions about CM Registration – Tailored tool for seamless login and invitation-based registrations