WP-Safety

Emailchef Add On for Paid Memberships Pro Security & Risk Analysis

wordpress.org/plugins/emailchef-add-on-for-pmp

Enhance your membership website's functionality with the Paid Memberships Pro plugin, and seamlessly subscribe WordPress users and members to you …

0 active installs v1.9.1 PHP 7.0+ WP 6.0+ Updated Unknown
email-marketingemailchefpaid-memberships-propmpro
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Emailchef Add On for Paid Memberships Pro Safe to Use in 2026?

Generally Safe

Score 100/100

Emailchef Add On for Paid Memberships Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The emailchef-add-on-for-pmp plugin v1.9.1 exhibits a mixed security posture. On the positive side, the code analysis reveals no dangerous functions, all SQL queries use prepared statements, and there are no identified taint flows with unsanitized paths or critical/high severity issues. The absence of any recorded vulnerabilities or CVEs in its history is also a strong indicator of responsible development and maintenance in the past. However, a significant concern lies in the attack surface. Two AJAX handlers are present, and crucially, both lack authentication checks. This directly exposes potentially sensitive functionality to unauthenticated users, creating a notable risk. While the plugin demonstrates good practices in data handling and query security, the unprotected entry points represent a clear vulnerability that could be exploited by attackers.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
Vulnerabilities
None known

Emailchef Add On for Paid Memberships Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Emailchef Add On for Paid Memberships Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
30 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

70% escaped43 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
page_options_ajax_check_login (admin\class-emailchef-add-on-for-pmp-admin.php:125)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Emailchef Add On for Paid Memberships Pro Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_emailchef-add-on-for-pmp_check_loginincludes\class-emailchef-add-on-for-pmp.php:168
authwp_ajax_emailchef-add-on-for-pmp_disconnectincludes\class-emailchef-add-on-for-pmp.php:169
WordPress Hooks 21
actionplugins_loadedincludes\class-emailchef-add-on-for-pmp.php:142
actionadmin_enqueue_scriptsincludes\class-emailchef-add-on-for-pmp.php:164
actionadmin_menuincludes\class-emailchef-add-on-for-pmp.php:165
actionadmin_enqueue_scriptsincludes\class-emailchef-add-on-for-pmp.php:166
actionadmin_initincludes\class-emailchef-add-on-for-pmp.php:167
actionadmin_post_pmproecaddon_save_dataincludes\class-emailchef-add-on-for-pmp.php:175
actionshow_user_profileincludes\class-emailchef-add-on-for-pmp.php:176
actionedit_user_profileincludes\class-emailchef-add-on-for-pmp.php:177
actionpmpro_show_user_profileincludes\class-emailchef-add-on-for-pmp.php:178
actionpersonal_options_updateincludes\class-emailchef-add-on-for-pmp.php:179
actionedit_user_profile_updateincludes\class-emailchef-add-on-for-pmp.php:180
actionpmpro_personal_options_updateincludes\class-emailchef-add-on-for-pmp.php:181
actionpmpro_after_checkoutincludes\class-emailchef-add-on-for-pmp.php:182
actionpmpro_checkout_after_tos_fieldsincludes\class-emailchef-add-on-for-pmp.php:183
actionwp_enqueue_scriptsincludes\class-emailchef-add-on-for-pmp.php:206
actionwp_enqueue_scriptsincludes\class-emailchef-add-on-for-pmp.php:207
actionpmproecaddon_api_responseincludes\class-emailchef-add-on-for-pmp.php:208
actionpmpro_after_checkoutincludes\class-emailchef-add-on-for-pmp.php:213
actionpmpro_checkout_after_tos_fieldsincludes\class-emailchef-add-on-for-pmp.php:214
actionpmpro_after_checkoutincludes\class-emailchef-add-on-for-pmp.php:216
actionuser_registerincludes\class-emailchef-add-on-for-pmp.php:217
Maintenance & Trust

Emailchef Add On for Paid Memberships Pro Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Emailchef Add On for Paid Memberships Pro Alternatives

Administrator Access to PMPro Protected Content

Administrator Access to PMPro Protected Content

administrator-access-to-pmpro-protected-content

A
85

Overrides the PMPro "Require Membership" settings and grants view access to any user assigned to the WordPress "Administrator" rol …

60 No CVEs
E20R Better Members List for Paid Memberships Pro

E20R Better Members List for Paid Memberships Pro

e20r-members-list

A
85

Extensible, sortable & bulk action capable members listing + export to CSV tool for Paid Memberships Pro.

10 No CVEs
First Data for Paid Memberships Pro

First Data for Paid Memberships Pro

first-data-for-pmpro

A
85

First Data for Paid Memberships Pro allows merchants to accept all major credit cards for both one-time and recurring membership payments.

10 No CVEs
WP Security Audit Log addon for Paid Memberships Pro

WP Security Audit Log addon for Paid Memberships Pro

wp-security-audit-log-for-paid-memberships-pro

A
85

An Addon to the WP Security Audit Log plugin to log events from Paid Memberships Pro plugin

10 No CVEs
Zesty Custom Post Types for Paid Memberships Pro

Zesty Custom Post Types for Paid Memberships Pro

zesty-custom-post-types-for-paid-memberships-pro

A
85

Restrict any custom post type with Paid Memberships Pro.

10 No CVEs
Developer Profile

Emailchef Add On for Paid Memberships Pro Developer Profile

Emailchef

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Emailchef Add On for Paid Memberships Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/emailchef-add-on-for-pmp/admin/css/emailchef-add-on-for-pmp-admin.css/wp-content/plugins/emailchef-add-on-for-pmp/admin/js/emailchef-add-on-for-pmp-admin.js/wp-content/plugins/emailchef-add-on-for-pmp/public/css/emailchef-add-on-for-pmp-public.css/wp-content/plugins/emailchef-add-on-for-pmp/public/js/emailchef-add-on-for-pmp-public.js
Script Paths
/wp-content/plugins/emailchef-add-on-for-pmp/admin/js/emailchef-add-on-for-pmp-admin.js/wp-content/plugins/emailchef-add-on-for-pmp/public/js/emailchef-add-on-for-pmp-public.js
Version Parameters
emailchef-add-on-for-pmp/admin/css/emailchef-add-on-for-pmp-admin.css?ver=emailchef-add-on-for-pmp/admin/js/emailchef-add-on-for-pmp-admin.js?ver=emailchef-add-on-for-pmp/public/css/emailchef-add-on-for-pmp-public.css?ver=emailchef-add-on-for-pmp/public/js/emailchef-add-on-for-pmp-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
pmproecaddon_sectiontitlepmproecaddon_contentpmproecaddon_titlepmproecaddon_subTitlepmproecaddon_input_grouppmproecaddon_button
HTML Comments
<!-- Account details --><!-- Consumer Key --><!-- Consumer Secret --><!-- Login -->+3 more
Data Attributes
data-nonce-action="emailchef-add-on-for-pmp_check_login"data-nonce-field="_pmproecaddon_nonce"data-nonce-field="_pmproecaddon_nonce"data-nonce-action="emailchef-add-on-for-pmp_edit_user_optin"data-nonce-field="_pmproecaddon_edit_user_optin_nonce"data-nonce-field="_pmproecaddon_edit_user_optin_nonce"
JS Globals
pmproecaddon_login_object
FAQ

Frequently Asked Questions about Emailchef Add On for Paid Memberships Pro