WP-Safety

CRM Memberships Security & Risk Analysis

wordpress.org/plugins/crm-memberships

WordPress plugin for content protection, membership management, and CRM integration. Create courses, restrict content, and integrate with CRMs.

0 active installs v2.7 PHP + WP + Updated Feb 18, 2026
content-protectionmembershipsonline-coursespremium-contentsubscriptions
66
C · Use Caution
CVEs total3
Unpatched1
Last CVEDec 4, 2025
Plugin page Download
Safety Verdict

Is CRM Memberships Safe to Use in 2026?

Use With Caution

Score 66/100

CRM Memberships has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Dec 4, 2025Updated 1mo ago
Risk Assessment

The "crm-memberships" plugin version 2.7 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The presence of two AJAX handlers lacking authentication checks presents a direct attack vector. Furthermore, the plugin's history reveals a concerning trend with three known CVEs, including one critical and one unpatched vulnerability. This history, coupled with common vulnerability types like missing authorization and XSS, suggests recurring security weaknesses within the plugin's development.

Despite the strong indicators for secure coding in SQL and output handling, the direct exposure of AJAX endpoints and the persistent history of vulnerabilities, particularly the unpatched critical one, contribute to a notable risk. The plugin's attack surface, while not exceptionally large, contains unprotected entry points, which, when combined with past vulnerabilities, makes it a target for exploitation. Users of this plugin should be aware of these ongoing risks and prioritize updating to a version that addresses the known critical vulnerability.

Key Concerns

  • Unpatched critical CVE exists
  • 2 AJAX handlers without auth checks
  • Total known CVEs: 3
  • History of missing authorization vulnerabilities
  • History of XSS vulnerabilities
Vulnerabilities
3

CRM Memberships Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
2

3 total CVEs

CVE-2025-13313critical · 9.8Missing Authorization

CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint

Dec 4, 2025 Patched in 2.7 (82d)
CVE-2025-13312medium · 5.3Missing Authorization

CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action

Dec 4, 2025Unpatched
CVE-2023-27427medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Apr 24, 2023 Patched in 2.5 (899d)
Code Analysis
Analyzed Mar 17, 2026

CRM Memberships Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
78 prepared
Unescaped Output
16
338 escaped
Nonce Checks
2
Capability Checks
5
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

99% prepared79 total queries

Output Escaping

95% escaped354 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<add-pub-wizard> (includes\view\admin\add-pub-wizard.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

CRM Memberships Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 2

authwp_ajax_ntzcrm_login_shortcodeincludes\class\ntzcrm-admin.php:18
authwp_ajax_export_subscriberincludes\class\ntzcrm-admin.php:19

Shortcodes 5

[ntzcrm_icon] includes\class\class-ntzcrm-post-permission.php:22
[ntzcrm_login] includes\class\class-ntzcrm-post-permission.php:23
[ntzcrm_restrict] includes\class\class-ntzcrm-post-permission.php:24
[ntzcrm_testdesign] includes\class\class-ntzcrm-post-permission.php:25
[ntzcrm_publications] includes\class\class-ntzcrm-post-permission.php:26
WordPress Hooks 27
filterwp_nav_menu_itemsincludes\class\class-ntzcrm-post-permission.php:28
filterthe_contentincludes\class\class-ntzcrm-post-permission.php:31
filterbody_classincludes\class\class-ntzcrm-post-permission.php:32
actionadmin_initincludes\class\class-ntzcrm-post-permission.php:161
actionin_admin_footerincludes\class\class-ntzcrm-post-permission.php:162
actionwp_footerincludes\class\class-ntzcrm-post-permission.php:163
actionwp_headincludes\class\class-ntzcrm-post-permission.php:164
actionwp_headincludes\class\class-ntzcrm-post-permission.php:169
actionadmin_menuincludes\class\ntzcrm-admin.php:23
actionadmin_initincludes\class\ntzcrm-admin.php:25
filtermanage_users_custom_columnincludes\class\ntzcrm-admin.php:26
filtermanage_post_posts_columnsincludes\class\ntzcrm-admin.php:29
actionbulk_edit_custom_boxincludes\class\ntzcrm-admin.php:31
actionwp_logoutincludes\class\ntzcrm-admin.php:34
filterafter_password_resetincludes\class\ntzcrm-admin.php:35
actionwp_loginincludes\class\ntzcrm-admin.php:36
filterlogin_headincludes\class\ntzcrm-admin.php:37
actionshow_user_profileincludes\class\ntzcrm-admin.php:40
actionedit_user_profileincludes\class\ntzcrm-admin.php:41
actionuser_new_formincludes\class\ntzcrm-admin.php:42
actionadd_meta_boxesincludes\class\ntzcrm-admin.php:44
actionpersonal_options_updateincludes\class\ntzcrm-admin.php:46
actionedit_user_profile_updateincludes\class\ntzcrm-admin.php:47
actionedit_user_created_userincludes\class\ntzcrm-admin.php:48
actionsave_postincludes\class\ntzcrm-admin.php:50
filtermanage_users_columnsincludes\class\ntzcrm-admin.php:52
filtermanage_users_sortable_columnsincludes\class\ntzcrm-admin.php:53
Maintenance & Trust

CRM Memberships Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

CRM Memberships Alternatives

Subscriptions & Memberships for PayPal

Subscriptions & Memberships for PayPal

subscriptions-memberships-for-paypal

A
95

A simple and easy way to sell subscriptions and / or memberships with PayPal. No Coding Required. Official PayPal Partner.

1K 4 CVEs
EasyMe Connect

EasyMe Connect

easyme-connect

B
78

Connects your EasyMe account to Wordpress.

500 1 unpatched
Hype

Hype

pico

C
63

Intelligent popups and landing pages to fully manage email and phone number signups, newsletters, subscriptions, donations, and memberships.

30 1 unpatched
Wallkit Subscriptions & Paywall Plugin for WordPress

Wallkit Subscriptions & Paywall Plugin for WordPress

wallkit

A
92

A Plug & Play paid-content system to manage subscribers, gather fees and drive additional content sales.

20 No CVEs
MemberSonic Lite Membership Site Plugin

MemberSonic Lite Membership Site Plugin

membership-site

A
98

Protect and sell your content, perfect for subscription sites, or selling individual downloadable products.

0 1 CVE
Developer Profile

CRM Memberships Developer Profile

dripadmin

1 plugin · 0 total installs

55
trust score
Avg Security Score
66/100
Avg Patch Time
491 days
View full developer profile
Detection Fingerprints

How We Detect CRM Memberships

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crm-memberships/assets/css/frontend/style.css/wp-content/plugins/crm-memberships/assets/css/frontend/memberships-styles.css/wp-content/plugins/crm-memberships/assets/js/frontend/memberships-script.js
Script Paths
/wp-content/plugins/crm-memberships/assets/js/frontend/memberships-script.js
Version Parameters
crm-memberships/assets/css/frontend/style.css?ver=crm-memberships/assets/css/frontend/memberships-styles.css?ver=crm-memberships/assets/js/frontend/memberships-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ntzcrmpartialviewcrm-subscribe-titlecrm-subscribe-linkcrm-subscribe-twocrm-subscribe-onecrm-subscribe-boxcrm-subscribe-wrapper
Data Attributes
data-ntzcrm-id
JS Globals
ntzcrm_dbquery
Shortcode Output
[ntzcrm_icon][ntzcrm_login][ntzcrm_restrict][ntzcrm_testdesign]
FAQ

Frequently Asked Questions about CRM Memberships