WP-Safety

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Security & Risk Analysis

wordpress.org/plugins/ecommerce-user-profiles-by-profilegrid

Sell more on WooCommerce with modern user profiles, user activities, content restriction, groups, paid memberships, and social commerce.

400 active installs v3.4 PHP + WP 3.5+ Updated Jan 19, 2026
ecommercemembersmembershiponline-storewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Safe to Use in 2026?

Generally Safe

Score 100/100

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

This plugin, "ecommerce-user-profiles-by-profilegrid" v3.4, exhibits a concerning security posture primarily due to its unprotected entry points. With two AJAX handlers identified and both lacking authentication checks, there is a significant risk of unauthorized actions being performed. While the static analysis did not reveal dangerous functions, external requests, or file operations, the absence of capability checks and the limited nonce check further exacerbate the potential for exploitation. The SQL queries show a moderate level of security with 50% using prepared statements, but the remaining half, combined with a concerning percentage of unescaped output (39%), could still lead to vulnerabilities like SQL injection or cross-site scripting if not handled carefully in the remaining code paths.

The plugin's vulnerability history is remarkably clean, showing no known CVEs. This suggests a generally well-maintained codebase or a lack of significant past discoveries. However, this positive history should not overshadow the immediate risks identified in the current code analysis. The lack of taint analysis results also prevents a deeper understanding of how data flows through the plugin and whether sensitive information is being handled securely.

In conclusion, while the absence of known historical vulnerabilities is a positive indicator, the current version of this plugin has critical security weaknesses related to its attack surface. The two unprotected AJAX handlers present a clear and present danger. Mitigation efforts should prioritize securing these entry points immediately. The moderate SQL and output escaping practices also warrant attention for a more robust security profile.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without auth checks
  • SQL queries not using prepared statements
  • Output escaping is not properly implemented
  • Missing capability checks
Vulnerabilities
None known

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
30
46 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

61% escaped76 total outputs
Attack Surface
2 unprotected

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_pg_install_profilegridincludes\class-profilegrid-woocommerce.php:166
authwp_ajax_pg_woocommerce_get_orderincludes\class-profilegrid-woocommerce.php:185
WordPress Hooks 25
actionplugins_loadedincludes\class-profilegrid-woocommerce.php:140
actionactivated_pluginincludes\class-profilegrid-woocommerce.php:153
actionadmin_enqueue_scriptsincludes\class-profilegrid-woocommerce.php:154
actionadmin_enqueue_scriptsincludes\class-profilegrid-woocommerce.php:155
actionadmin_menuincludes\class-profilegrid-woocommerce.php:156
actionprofile_magic_setting_optionincludes\class-profilegrid-woocommerce.php:157
actionadmin_noticesincludes\class-profilegrid-woocommerce.php:158
actionnetwork_admin_noticesincludes\class-profilegrid-woocommerce.php:159
actionprofile_magic_group_optionincludes\class-profilegrid-woocommerce.php:160
actionprofile_magic_group_woocommerce_optionincludes\class-profilegrid-woocommerce.php:161
actionwpmu_new_blogincludes\class-profilegrid-woocommerce.php:162
filterpm_profile_tabsincludes\class-profilegrid-woocommerce.php:163
actionadmin_footerincludes\class-profilegrid-woocommerce.php:165
actionprofile_magic_profile_settings_tabincludes\class-profilegrid-woocommerce.php:179
actionprofile_magic_profile_settings_tabincludes\class-profilegrid-woocommerce.php:180
actionprofile_magic_profile_settings_tabincludes\class-profilegrid-woocommerce.php:181
actionprofile_magic_profile_settings_tab_contentincludes\class-profilegrid-woocommerce.php:182
actionprofile_magic_profile_settings_tab_contentincludes\class-profilegrid-woocommerce.php:183
actionprofile_magic_profile_settings_tab_contentincludes\class-profilegrid-woocommerce.php:184
actionprofile_magic_update_frontend_user_settingsincludes\class-profilegrid-woocommerce.php:186
actionprofile_magic_update_frontend_user_settingsincludes\class-profilegrid-woocommerce.php:187
actionprofile_magic_show_additional_header_infoincludes\class-profilegrid-woocommerce.php:188
actionprofile_magic_profile_tab_linkincludes\class-profilegrid-woocommerce.php:189
actionprofile_magic_profile_tab_extension_contentincludes\class-profilegrid-woocommerce.php:190
actionbefore_woocommerce_initprofilegrid-woocommerce.php:53
Maintenance & Trust

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 19, 2026
PHP min version
Downloads8K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Alternatives

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Alternatives

FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin

FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin

trustpulse-api

A
100

TrustPulse is a FOMO social proof plugin that leverages the power of social proof to instantly boost site conversions by up to 15%!

20K No CVEs
StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More

StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More

storeengine

A
97

Sell digital & physical products with StoreEngine—a lightweight eCommerce solution with memberships, subscriptions, affiliates, coupons & licensing.

700 2 CVEs
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B
76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 39 CVEs
StoreCustomizer – A plugin to Customize all WooCommerce Pages

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

A
100

A store editor plugin for editing all WooCommerce store and product pages, cart, checkout and user account pages, all within the WordPress Customizer

20K No CVEs
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

wc-multivendor-membership

B
83

A simple woocommerce memberships plugin for offering free and premium subscription for your multi-vendor marketplace - WCFM Marketplace, WC Vendors &a …

10K 5 CVEs
Developer Profile

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration Developer Profile

Metagauss

7 plugins · 79K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
250 days
View full developer profile
Detection Fingerprints

How We Detect Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ecommerce-user-profiles-by-profilegrid/admin/css/profilegrid-woocommerce-admin.css/wp-content/plugins/ecommerce-user-profiles-by-profilegrid/admin/js/profilegrid-woocommerce-admin.js
Script Paths
/wp-content/plugins/ecommerce-user-profiles-by-profilegrid/admin/js/profilegrid-woocommerce-admin.js
Version Parameters
profilegrid-woocommerce-admin.css?ver=profilegrid-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
pm_ajax_object
FAQ

Frequently Asked Questions about Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration