[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQ9xjD5Gnf9hqtdoKt__YpXKVdPSGDInGPjTM2kwMZos":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":14,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":74,"crawl_stats":36,"alternatives":78,"analysis":181,"fingerprints":428},"crm-memberships","CRM Memberships","2.7","dripadmin","https:\u002F\u002Fprofiles.wordpress.org\u002Fdripadmin\u002F","\u003Cp>CRM Memberships plugin allows restricting your content to paid or registered members only. Use it for creating online courses, marketing funnel fulfillment etc. CRM Memberships plugin also allows easy integration of WordPress with CRMS such as Salesforce.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Publications\u003C\u002Fstrong>: Create courses and publications. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Protection\u003C\u002Fstrong>: Allows restricting your content to paid or registered members only.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Tags\u003C\u002Fstrong>: Tag based permissions. Add permission tags to any posts, pages, categories or user profiles! \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Publication Wizard\u003C\u002Fstrong>: Create publications easily and associate access tags. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Publication Gallery\u003C\u002Fstrong>: Out of the box gallery page that lists all active publications. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong> Works with your existing contents.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Measure User Engagement\u003C\u002Fstrong>: Identify popular publications based on user actions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subscriber Reports\u003C\u002Fstrong>: List subscribers by Access Tags. \u003C\u002Fli>\n\u003Cli>Works with Salesforce CRM using our (\u003Ca href=\"http:\u002F\u002Fnetesenz.com\u002F\" rel=\"nofollow ugc\">Managed Package for Salesforce\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>Integration & Migration Help. \u003Ca href=\"http:\u002F\u002Fnetesenz.com\u002Fcontact-us.html\u002F\" rel=\"nofollow ugc\">Get it\u003C\u002Fa> for importing data from other CRM and membership products.\u003C\u002Fli>\n\u003Cli>Priority Support. \u003Ca href=\"http:\u002F\u002Fnetesenz.com\u002Fcontact-us.html\u002F\" rel=\"nofollow ugc\">Get it\u003C\u002Fa> Priority support plan will help you get the help from a dedicated team.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CRM Integration\u003C\u002Fstrong> We are going to add more CRM support in the future. You can request the one you want and we will add it for you on a priority basis! \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to use\u003C\u002Fstrong> Works out of the box with Minimal Settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Shortcode for CRM Memberships – Login page [ntzcrm_login] \u003C\u002Fli>\n\u003Cli>Shortcode for CRM Memberships – Publications page [ntzcrm_publications]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We try our best to provide support on WordPress.org forums. However, We have a special \u003Ca href=\"http:\u002F\u002Fnetesenz.com\u002Fcontact-us.html\u002F\" rel=\"nofollow ugc\">team support\u003C\u002Fa> where you can ask us questions and get help. Delivering a good user experience means a lot to us and so we try our best to reply each and every question that gets asked.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Select2 used https:\u002F\u002Fgithub.com\u002Fselect2\u002Fselect2 – License URI: https:\u002F\u002Fgithub.com\u002Fselect2\u002Fselect2\u002Fblob\u002Fdevelop\u002FLICENSE.md,\u003C\u002Fli>\n\u003Cli>jquery-timepicker used https:\u002F\u002Fgithub.com\u002Fjonthornton\u002Fjquery-timepicker\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin for content protection, membership management, and CRM integration. Create courses, restrict content, and integrate with CRMs.",0,3162,100,1,"2026-02-18T10:35:00.000Z","6.9.4","",[19,20,21,22,23],"content-protection","memberships","online-courses","premium-content","subscriptions","https:\u002F\u002Fntzapps.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrm-memberships.2.7.zip",66,3,"2025-12-04 16:27:00","2026-03-15T15:16:48.613Z",[31,46,59],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-13313","crm-memberships-missing-authorization-to-privilege-escalation-via-unauthenticated-password-reset-in-ntzcrmchangepassword","CRM Memberships \u003C= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint","The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.",null,"\u003C=2.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2026-02-24 18:53:23",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe2837399-c44f-494e-bdc6-f9c6e4e2dc11?source=api-prod",82,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":36,"severity":52,"cvss_score":53,"cvss_vector":54,"vuln_type":41,"published_date":55,"updated_date":56,"references":57,"days_to_patch":36},"CVE-2025-13312","crm-memberships-missing-authorization-to-unauthenticated-ntzcrmaddnewtag-ajax-action","CRM Memberships \u003C= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action","The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags and modify CRM configuration that should be restricted to administrators.","\u003C=2.5","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2025-12-04 16:26:48","2025-12-05 04:29:12",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff61b9de5-5c37-4efb-ad1c-006e9fc05bc2?source=api-prod",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":36,"affected_versions":64,"patched_in_version":65,"severity":52,"cvss_score":66,"cvss_vector":67,"vuln_type":68,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2023-27427","crm-memberships-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings","CRM Memberships \u003C= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings","The CRM Memberships plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.2","2.5",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-04-24 00:00:00","2025-10-08 16:59:12",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F07c3c8d9-64c9-4d16-9a35-8477b358123f?source=api-prod",899,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":75,"trust_score":76,"computed_at":77},491,55,"2026-04-04T01:11:09.999Z",[79,103,123,142,162],{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":16,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":11,"last_vuln_date":102,"fetched_at":29},"subscriptions-memberships-for-paypal","Subscriptions & Memberships for PayPal","1.1.8","Scott Paterson","https:\u002F\u002Fprofiles.wordpress.org\u002Fscottpaterson\u002F","\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>This plugin will allow you to sell subscriptions and \u002F or memberships with PayPal on your WordPress website.\u003C\u002Fp>\n\u003Cp>The plugin can be setup to sell only subscriptions, or it can be setup to sell memberships and limit content on your site.\u003C\u002Fp>\n\u003Cp>You can sell subscriptions in terms of a set number of days, months, or years. As well as have subscriptions continue forever. You can also offer your customers a trial price.\u003C\u002Fp>\n\u003Cp>This PayPal plugin works with any WordPress theme.\u003C\u002Fp>\n\u003Cp>WP Plugin is an offical PayPal Partner based in Boulder, Colorado. You can visit WP Plugins website at \u003Ca href=\"https:\u002F\u002Fwpplugin.org\" rel=\"nofollow ugc\">wpplugin.org\u003C\u002Fa>. Various trademarks held by their respective owners.\u003C\u002Fp>\n\u003Ch4>Subscriptions & Memberships for PayPalFeatures\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>View payments received in your WordPress admin\u003C\u002Fli>\n\u003Cli>View subscribers in your WordPress admin\u003C\u002Fli>\n\u003Cli>Page \u002F Post Button shortcode inserter\u003C\u002Fli>\n\u003Cli>Page \u002F Post Button shortcode Login \u002F Logout shortcode inserter\u003C\u002Fli>\n\u003Cli>Built in support 25 currencies\u003C\u002Fli>\n\u003Cli>Built in support 20 languages\u003C\u002Fli>\n\u003Cli>Offer a trial subscription\u003C\u002Fli>\n\u003Cli>Offer an optional free trail\u003C\u002Fli>\n\u003Cli>Each button can have its own language and currency\u003C\u002Fli>\n\u003Cli>PayPal testing with Sandbox mode\u003C\u002Fli>\n\u003Cli>Choose  from 11 different PayPal Buy Now buttons\u003C\u002Fli>\n\u003Cli>Choose how the PayPal window opens\u003C\u002Fli>\n\u003Cli>Choose to automatically create a WordPress subscriber account for your members\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Ch4>Subscriptions & Memberships for PayPal Pro\u003C\u002Fh4>\n\u003Cp>We offer a Pro version of this plugin for business owners who need more features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom subscription levels\u003C\u002Fli>\n\u003Cli>Offer a second trial period\u003C\u002Fli>\n\u003Cli>Free membership registration\u003C\u002Fli>\n\u003Cli>Free membership level\u003C\u002Fli>\n\u003Cli>Add a price dropdown menu per button\u003C\u002Fli>\n\u003Cli>Add a text dropdown menu per button\u003C\u002Fli>\n\u003Cli>Add up to 2 input boxes per button\u003C\u002Fli>\n\u003Cli>Each button can have a separate PayPal account\u003C\u002Fli>\n\u003Cli>Each button can have a separate return URL\u003C\u002Fli>\n\u003Cli>Limit content by shortcode\u003C\u002Fli>\n\u003Cli>Link directly to buttons via URL and redirect to PayPal\u003C\u002Fli>\n\u003Cli>Button Widget\u003C\u002Fli>\n\u003Cli>Custom button image\u003C\u002Fli>\n\u003Cli>Further plugin development \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpplugin.org\u002Fdownloads\u002Fpaypal-subscriptions-memberships\u002F\" rel=\"nofollow ugc\">You can learn more about the Pro version here\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>WP Plugin is an offical PayPal Partner. Various trademarks held by their respective owners.\u003C\u002Fp>\n","A simple and easy way to sell subscriptions and \u002F or memberships with PayPal. No Coding Required. Official PayPal Partner.",1000,38342,78,12,"2025-12-04T02:44:00.000Z","3.5","5.4",[95,20,96,97,23],"membership","paypal","subscription","https:\u002F\u002Fwpplugin.org\u002Fdownloads\u002Fpaypal-subscriptions-memberships\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubscriptions-memberships-for-paypal.1.1.8.zip",95,4,"2025-11-28 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":14,"last_updated":113,"tested_up_to":16,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":89,"vuln_count":14,"unpatched_count":14,"last_vuln_date":122,"fetched_at":29},"easyme-connect","EasyMe Connect","3.0.3","easymebiz","https:\u002F\u002Fprofiles.wordpress.org\u002Feasymebiz\u002F","\u003Cp>Connects your EasyMe account and automatically embeds your custom javascript client code in your Web site.\u003C\u002Fp>\n\u003Cp>Grab and insert “Magic” EasyMe links from the links tab of any product and your booking modal will open as a layer on top of your own design.\u003C\u002Fp>\n\u003Cp>The plugin will automatically update your embedded code, so once connected, you can forget about it.\u003C\u002Fp>\n","Connects your EasyMe account to Wordpress.",500,12205,"2025-11-28T07:59:00.000Z","5.3","7.0",[117,118,119,21,23],"booking","easyme","events","https:\u002F\u002Feasyme.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyme-connect.3.0.3.zip","2025-05-07 00:00:00",{"slug":124,"name":125,"version":126,"author":125,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":101,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":138,"download_link":139,"security_score":140,"vuln_count":14,"unpatched_count":14,"last_vuln_date":141,"fetched_at":29},"pico","Hype","1.0.5","https:\u002F\u002Fprofiles.wordpress.org\u002Fpicoengineering\u002F","\u003Cp>Hype gives you all the tools you need to turn your site into an audience business. No need to redesign your site, learn to code, or hire a developer.\u003C\u002Fp>\n\u003Ch4>FOR COLLECTING SIGNUPS AND MANAGING NEWSLETTERS\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Register users while you collect emails and phone numbers.\u003C\u002Fstrong>\u003Cbr \u002F>\nHype’s popups and landing pages can register users on your site in seconds (no password needed), helping you collect email addresses and phone numbers at scale.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Offer free and paid newsletters side by side.\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily offer any combination of free and paid newsletters.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Engagement data that matter.\u003C\u002Fstrong>\u003Cbr \u002F>\nTransform your contact list into a sales funnel. Keep track of how often a user visits, when they last visited your site, and even what content categories they read the most.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy on-site integration.\u003C\u002Fstrong>\u003Cbr \u002F>\nUse Hype’s pre-made templates, with high-converting, third-party sign-in buttons built-in. Or connect with your own email embed forms on site with just one line of code.\u003C\u002Fp>\n\u003Ch4>FOR SUBSCRIPTIONS AND MEMBERSHIPS\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The easiest way to sell access to your content.\u003C\u002Fstrong>\u003Cbr \u002F>\nLaunch a subscription paywall or membership program in minutes with checkout flows that are sure to convert.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage members and leads in the same place.\u003C\u002Fstrong>\u003Cbr \u002F>\nHype is the only subscription and membership tool with a built-in CRM that helps you keep track of who’s paying and \u003Cem>who’s about to pay\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Just want to collect donations?\u003C\u002Fstrong>\u003Cbr \u002F>\nHype is the easiest way to offer donations via Stripe directly on your site or via landing page. All with Hype’s CRM and signup tools built in.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Effortless setup. No coding required.\u003C\u002Fstrong>\u003Cbr \u002F>\nHype can be up and running on your site in minutes. And the Hype app makes setting up all types of models – from multiple pricing tiers, metered paywalls, ‘freemium’ access, and trials – a breeze.\u003C\u002Fp>\n\u003Ch4>INTEGRATIONS\u003C\u002Fh4>\n\u003Cp>Hype integrates directly with Stripe and various email service providers, including Mailchimp, ConvertKit, and ActiveCampaign. Hype also integrates with Zapier, enabling workflows with thousands of other services.\u003C\u002Fp>\n","Intelligent popups and landing pages to fully manage email and phone number signups, newsletters, subscriptions, donations, and memberships.",30,6232,"2023-04-05T21:17:00.000Z","6.1.10","3.7","5.2.4",[20,137,23],"stripe","https:\u002F\u002Fgithub.com\u002FPicoNetworks\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpico.1.0.5.zip",63,"2025-12-04 00:00:00",{"slug":143,"name":144,"version":145,"author":143,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":11,"num_ratings":11,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":159,"download_link":160,"security_score":161,"vuln_count":11,"unpatched_count":11,"last_vuln_date":36,"fetched_at":29},"wallkit","Wallkit Subscriptions & Paywall Plugin for WordPress","3.4.4","https:\u002F\u002Fprofiles.wordpress.org\u002Fwallkit\u002F","\u003Cp>Wallkit is the most progressive paid-content system out in the market today. This versatile technological platform handles content access control, billing and administrative functions for membership-based content publishers.\u003C\u002Fp>\n\u003Cp>Wallkit software integrates seamlessly across WordPress users’ websites and your other platforms like Hubspot, Mailchimp and Stripe.\u003C\u002Fp>\n\u003Cp>This easy-to-install and lightning-fast system connects with Wallkit server to bring content protection, subscriber management, sign up\u002Fsign in, member-CRM plus access to analytics features.\u003C\u002Fp>\n\u003Cp>It’s free to use. Simply sign up for a Wallkit account once you’ve installed the Plugin at \u003Ca href=\"https:\u002F\u002Fwallkit.net\" rel=\"nofollow ugc\">www.wallkit.net\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Service is subject to Wallkit \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F19PTSlPcUSZKqTnJlolzOoaIH-PMsNElDO9_aAjaqQ6U\u002Fedit?usp=sharing\" rel=\"nofollow ugc\">Terms and Conditions\u003C\u002Fa>.\u003C\u002Fp>\n","A Plug & Play paid-content system to manage subscribers, gather fees and drive additional content sales.",20,4293,"2025-03-26T13:29:00.000Z","6.6.5","4.0","5.6",[20,156,157,158,23],"paid-membership","paywall","recurring-payments","https:\u002F\u002Fwallkit.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwallkit.zip",92,{"slug":163,"name":164,"version":165,"author":166,"author_profile":167,"description":168,"short_description":169,"active_installs":11,"downloaded":170,"rating":11,"num_ratings":11,"last_updated":17,"tested_up_to":171,"requires_at_least":172,"requires_php":154,"tags":173,"homepage":176,"download_link":177,"security_score":178,"vuln_count":14,"unpatched_count":11,"last_vuln_date":179,"fetched_at":180},"membership-site","MemberSonic Lite Membership Site Plugin","2.0.2","Plugin Results","https:\u002F\u002Fprofiles.wordpress.org\u002Fplugin-results\u002F","\u003Cp>Protect and sell your content, perfect for subscription sites, or selling individual downloadable products.\u003C\u002Fp>\n\u003Cp>Features Include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited membership levels\u002Fproducts\u003C\u002Fli>\n\u003Cli>Automatically creates member accounts\u003C\u002Fli>\n\u003Cli>Create free levels or sell access through Paypal\u003C\u002Fli>\n\u003Cli>Customized welcome emails\u003C\u002Fli>\n\u003Cli>Single view content protection settings screen\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.membersonic.com\u002F\" rel=\"nofollow ugc\">Upgrade To MemberSonic Pro Here.\u003C\u002Fa>\u003C\u002Fp>\n","Protect and sell your content, perfect for subscription sites, or selling individual downloadable products.",4335,"5.6.17","5.0",[19,174,163,20,175],"members","membersonic","https:\u002F\u002Fwww.membersonic.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembership-site.zip",98,"2016-06-28 00:00:00","2026-03-15T10:48:56.248Z",{"attackSurface":182,"codeSignals":322,"taintFlows":376,"riskAssessment":414,"analyzedAt":427},{"hooks":183,"ajaxHandlers":291,"restRoutes":300,"shortcodes":301,"cronEvents":319,"entryPointCount":320,"unprotectedCount":321},[184,190,194,198,203,207,211,216,219,224,227,232,236,239,243,247,251,255,259,262,265,269,273,276,279,283,287],{"type":185,"name":186,"callback":187,"file":188,"line":189},"filter","wp_nav_menu_items","ntzcrmNavMenuItems","includes\\class\\class-ntzcrm-post-permission.php",28,{"type":185,"name":191,"callback":192,"file":188,"line":193},"the_content","partialViewContent",31,{"type":185,"name":195,"callback":196,"file":188,"line":197},"body_class","addClassInBody",32,{"type":199,"name":200,"callback":201,"file":188,"line":202},"action","admin_init","ntzcrm_include_css",161,{"type":199,"name":204,"callback":205,"file":188,"line":206},"in_admin_footer","ntzcrm_include_js",162,{"type":199,"name":208,"callback":209,"file":188,"line":210},"wp_footer","ntzcrm_front_include_js",163,{"type":199,"name":212,"callback":213,"priority":214,"file":188,"line":215},"wp_head","ntzcrm_include_fronted_css",99,164,{"type":199,"name":212,"callback":217,"file":188,"line":218},"_checkPermission",169,{"type":199,"name":220,"callback":221,"file":222,"line":223},"admin_menu","ntzcrmAdminMenu","includes\\class\\ntzcrm-admin.php",23,{"type":199,"name":200,"callback":225,"file":222,"line":226},"ntzcrm_display_theme_panel_fields",25,{"type":185,"name":228,"callback":229,"priority":230,"file":222,"line":231},"manage_users_custom_column","ntzcrm_modify_user_table_row",10,26,{"type":185,"name":233,"callback":234,"file":222,"line":235},"manage_post_posts_columns","ntzcrmAddCustomScreenOption",29,{"type":199,"name":237,"callback":238,"priority":230,"file":222,"line":193},"bulk_edit_custom_box","ntzcrmBulkEditFields",{"type":199,"name":240,"callback":241,"priority":14,"file":222,"line":242},"wp_logout","ntzcrmUserLastLogout",34,{"type":185,"name":244,"callback":245,"file":222,"line":246},"after_password_reset","ntzcrmRedirectAfterPasswordReset",35,{"type":199,"name":248,"callback":249,"priority":230,"file":222,"line":250},"wp_login","ntzcrmUserLastLogin",36,{"type":185,"name":252,"callback":253,"file":222,"line":254},"login_head","ntzcrmCustomLoginLogo",37,{"type":199,"name":256,"callback":257,"file":222,"line":258},"show_user_profile","ntzcrm_user_tag_permission",40,{"type":199,"name":260,"callback":257,"file":222,"line":261},"edit_user_profile",41,{"type":199,"name":263,"callback":257,"file":222,"line":264},"user_new_form",42,{"type":199,"name":266,"callback":267,"file":222,"line":268},"add_meta_boxes","ntzcrm_post_tag_permission",44,{"type":199,"name":270,"callback":271,"file":222,"line":272},"personal_options_update","ntzcrmUpdateProfileFields",46,{"type":199,"name":274,"callback":271,"file":222,"line":275},"edit_user_profile_update",47,{"type":199,"name":277,"callback":271,"file":222,"line":278},"edit_user_created_user",48,{"type":199,"name":280,"callback":281,"file":222,"line":282},"save_post","ntzcrm_save_post_tag",50,{"type":185,"name":284,"callback":285,"file":222,"line":286},"manage_users_columns","ntzcrm_modify_user_table",52,{"type":185,"name":288,"callback":289,"file":222,"line":290},"manage_users_sortable_columns","ntzcrm_make_registered_column_sortable",53,[292,296],{"action":293,"nopriv":294,"callback":293,"hasNonce":294,"hasCapCheck":294,"file":222,"line":295},"ntzcrm_login_shortcode",false,18,{"action":297,"nopriv":294,"callback":298,"hasNonce":294,"hasCapCheck":294,"file":222,"line":299},"export_subscriber","ntzcrm_export_subscriber",19,[],[302,306,309,313,316],{"tag":303,"callback":304,"file":188,"line":305},"ntzcrm_icon","ntzcrmShortcode",22,{"tag":307,"callback":308,"file":188,"line":223},"ntzcrm_login","ntzcrmLogin",{"tag":310,"callback":311,"file":188,"line":312},"ntzcrm_restrict","ntzcrmRestrict",24,{"tag":314,"callback":315,"file":188,"line":226},"ntzcrm_testdesign","ntzcrmTestDesign",{"tag":317,"callback":318,"file":188,"line":231},"ntzcrm_publications","ntzcrmPublications",[],7,2,{"dangerousFunctions":323,"sqlUsage":324,"outputEscaping":330,"fileOperations":321,"externalRequests":11,"nonceChecks":321,"capabilityChecks":371,"bundledLibraries":372},[],{"prepared":89,"raw":14,"locations":325},[326],{"file":327,"line":328,"context":329},"includes\\class\\class-ntzcrm-api.php",687,"$wpdb->get_results() with variable interpolation",{"escaped":331,"rawEcho":332,"locations":333},338,16,[334,337,339,341,343,345,347,349,351,353,355,357,359,362,365,368],{"file":327,"line":335,"context":336},360,"raw output",{"file":327,"line":338,"context":336},413,{"file":327,"line":340,"context":336},489,{"file":327,"line":342,"context":336},569,{"file":327,"line":344,"context":336},618,{"file":327,"line":346,"context":336},662,{"file":327,"line":348,"context":336},702,{"file":327,"line":350,"context":336},746,{"file":327,"line":352,"context":336},862,{"file":327,"line":354,"context":336},1086,{"file":327,"line":356,"context":336},1115,{"file":188,"line":358,"context":336},417,{"file":360,"line":361,"context":336},"includes\\view\\admin\\add-pub-wizard.php",177,{"file":363,"line":364,"context":336},"includes\\view\\admin\\postmeta.php",81,{"file":366,"line":367,"context":336},"includes\\view\\admin\\subscribers.php",203,{"file":369,"line":370,"context":336},"includes\\view\\admin\\usermeta.php",14,5,[373],{"name":374,"version":36,"knownCves":375},"Select2",[],[377,395],{"entryPoint":378,"graph":379,"unsanitizedCount":11,"severity":394},"\u003Cadd-pub-wizard> (includes\\view\\admin\\add-pub-wizard.php:0)",{"nodes":380,"edges":391},[381,386],{"id":382,"type":383,"label":384,"file":360,"line":385},"n0","source","$_SERVER (x4)",79,{"id":387,"type":388,"label":389,"file":360,"line":45,"wp_function":390},"n1","sink","echo() [XSS]","echo",[392],{"from":382,"to":387,"sanitized":393},true,"low",{"entryPoint":396,"graph":397,"unsanitizedCount":11,"severity":394},"\u003Clogin> (includes\\view\\login.php:0)",{"nodes":398,"edges":411},[399,403,405,408],{"id":382,"type":383,"label":400,"file":401,"line":402},"$_GET (x2)","includes\\view\\login.php",58,{"id":387,"type":388,"label":389,"file":401,"line":404,"wp_function":390},69,{"id":406,"type":383,"label":407,"file":401,"line":320},"n2","$_REQUEST",{"id":409,"type":388,"label":389,"file":401,"line":410,"wp_function":390},"n3",109,[412,413],{"from":382,"to":387,"sanitized":393},{"from":406,"to":409,"sanitized":393},{"summary":415,"deductions":416},"The \"crm-memberships\" plugin version 2.7 exhibits a mixed security posture.  While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, significant concerns remain.  The presence of two AJAX handlers lacking authentication checks presents a direct attack vector.  Furthermore, the plugin's history reveals a concerning trend with three known CVEs, including one critical and one unpatched vulnerability. This history, coupled with common vulnerability types like missing authorization and XSS, suggests recurring security weaknesses within the plugin's development.\n\nDespite the strong indicators for secure coding in SQL and output handling, the direct exposure of AJAX endpoints and the persistent history of vulnerabilities, particularly the unpatched critical one, contribute to a notable risk. The plugin's attack surface, while not exceptionally large, contains unprotected entry points, which, when combined with past vulnerabilities, makes it a target for exploitation.  Users of this plugin should be aware of these ongoing risks and prioritize updating to a version that addresses the known critical vulnerability.",[417,419,421,423,425],{"reason":418,"points":149},"Unpatched critical CVE exists",{"reason":420,"points":230},"2 AJAX handlers without auth checks",{"reason":422,"points":371},"Total known CVEs: 3",{"reason":424,"points":371},"History of missing authorization vulnerabilities",{"reason":426,"points":371},"History of XSS vulnerabilities","2026-03-17T06:27:29.431Z",{"wat":429,"direct":440},{"assetPaths":430,"generatorPatterns":434,"scriptPaths":435,"versionParams":436},[431,432,433],"\u002Fwp-content\u002Fplugins\u002Fcrm-memberships\u002Fassets\u002Fcss\u002Ffrontend\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcrm-memberships\u002Fassets\u002Fcss\u002Ffrontend\u002Fmemberships-styles.css","\u002Fwp-content\u002Fplugins\u002Fcrm-memberships\u002Fassets\u002Fjs\u002Ffrontend\u002Fmemberships-script.js",[],[433],[437,438,439],"crm-memberships\u002Fassets\u002Fcss\u002Ffrontend\u002Fstyle.css?ver=","crm-memberships\u002Fassets\u002Fcss\u002Ffrontend\u002Fmemberships-styles.css?ver=","crm-memberships\u002Fassets\u002Fjs\u002Ffrontend\u002Fmemberships-script.js?ver=",{"cssClasses":441,"htmlComments":449,"htmlAttributes":450,"restEndpoints":452,"jsGlobals":453,"shortcodeOutput":455},[442,443,444,445,446,447,448],"ntzcrmpartialview","crm-subscribe-title","crm-subscribe-link","crm-subscribe-two","crm-subscribe-one","crm-subscribe-box","crm-subscribe-wrapper",[],[451],"data-ntzcrm-id",[],[454],"ntzcrm_dbquery",[456,457,458,459,460],"[ntzcrm_icon]","[ntzcrm_login]","[ntzcrm_restrict]","[ntzcrm_testdesign]","[ntzcrm_publications]"]