Does Content For Money have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Content For Money compatible with WordPress 4.9.29?

According to WordPress.org data, Content For Money 1.1.4 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Content For Money updated?

Content For Money was last updated on Jul 9, 2018. Frequent updates are generally a positive security signal.

What is Content For Money's security score?

Content For Money has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content For Money Security & Risk Analysis

wordpress.org/plugins/content-for-money

THE NON MEMBERS, WHO PAY TO READ THE HIDDEN CONTENT, ARE ABLE TO READ ONLY ONCE THE HIDDEN CONTENT. IF THEY VISIT AGAIN THEY MUST PAY AGAIN TO READ TH …

10 active installs v1.1.4 PHP + WP 3.0.0+ Updated Jul 9, 2018

free-for-membershide-contentpay-to-see-contentpaypal

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Content For Money Safe to Use in 2026?

Generally Safe

Score 85/100

Content For Money has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "content-for-money" plugin v1.1.4 presents a mixed security posture. On the positive side, it shows no known CVEs and utilizes prepared statements for all its SQL queries, which are crucial for preventing SQL injection vulnerabilities. The absence of file operations and external HTTP requests also reduces the attack surface in those areas. However, significant concerns arise from the static analysis.

The most critical finding is that 0% of the total 6 output locations are properly escaped. This lack of output escaping leaves the plugin highly susceptible to Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected and executed within the WordPress dashboard or on the frontend, depending on where the content is displayed. While the plugin has only one entry point (a shortcode) and it has a capability check, the lack of proper output sanitization for any data displayed via that shortcode is a major weakness.

The vulnerability history is currently clean, indicating a positive track record. However, this history does not mitigate the identified XSS risk from the static analysis. The taint analysis shows one flow with an unsanitized path, but this did not reach critical or high severity, which is a small positive. In conclusion, while the plugin avoids common pitfalls like raw SQL queries and has a clean CVE history, the complete absence of output escaping creates a substantial XSS risk that needs immediate attention.

Key Concerns

No output escaping
Unsanitized path in taint analysis

Vulnerabilities

None known

Content For Money Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Content For Money Release Timeline

v1.1.4Current

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0

Code Analysis

Analyzed Mar 17, 2026

Content For Money Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped6 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

printAdminPanel (contentformoney.php:38)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Content For Money Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[paycontent] contentformoney.php:217

WordPress Hooks 3

filtercomment_textcontentformoney.php:167

actionadmin_menucontentformoney.php:215

actionactivate_contentformoney/contentformoney.phpcontentformoney.php:216

Maintenance & Trust

Content For Money Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 9, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Content For Money Alternatives

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Payment Plugins for PayPal WooCommerce

pymntpl-paypal-woocommerce

Developed exclusively between Payment Plugins and PayPal, PayPal for WooCommerce integrates with PayPal's newest API's.

90K 1 CVE

Donations via PayPal

paypal-donations

100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE

Accept Donations with PayPal & Stripe

easy-paypal-donation

Add a PayPal or Stripe Donation Button to your website and start collecting donations today. No Coding Required. Official PayPal & Stripe Partner.

10K 8 CVEs

Developer Profile

Content For Money Developer Profile

Panagiotis Angelidis

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Content For Money

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[paycontent][/paycontent][paycontent amount='']

FAQ