WP-Safety

Groups for MemberMouse Security & Risk Analysis

wordpress.org/plugins/groups-for-membermouse

Groups for MemberMouse allows you to sell "seats" of membership to a Group Leader or Business.

10 active installs v2.4.3 PHP 5.6+ WP 4.8+ Updated Sep 26, 2025
groupsmember-managementmembermousemembership-sitemm-groups
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Groups for MemberMouse Safe to Use in 2026?

Generally Safe

Score 100/100

Groups for MemberMouse has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "groups-for-membermouse" plugin v2.4.3 exhibits a mixed security posture with some concerning indicators despite a clean vulnerability history. While the plugin demonstrates good practices by predominantly using prepared statements for SQL queries and avoiding external HTTP requests, a significant weakness lies in its unprotected entry points. Three out of seven AJAX handlers lack authentication checks, presenting a potential avenue for unauthorized actions. Furthermore, the taint analysis revealed eight total flows, with a concerning six classified as high severity and all eight having unsanitized paths. This suggests that user-supplied data is not being adequately validated or escaped before being processed, which could lead to various injection vulnerabilities if exploited. The absence of any recorded CVEs or past vulnerabilities is a positive sign, indicating a potentially mature codebase or a lack of historical targeting. However, the static analysis findings, particularly the high severity taint flows and unprotected AJAX handlers, indicate a substantial risk that should not be overlooked. The plugin's strengths in SQL handling and external request management are overshadowed by the critical need for better input sanitization and authentication on its AJAX endpoints.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows
  • Unsanitized paths in taint flows
  • Low percentage of properly escaped output
  • Zero capability checks found
Vulnerabilities
None known

Groups for MemberMouse Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Groups for MemberMouse Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
128 prepared
Unescaped Output
158
2 escaped
Nonce Checks
6
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

96% prepared133 total queries

Output Escaping

1% escaped160 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
generate_group_leader_dashboard (includes\class.shortcodes.php:82)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Groups for MemberMouse Attack Surface

Entry Points10
Unprotected3

AJAX Handlers 7

authwp_ajax_dismiss_checkoutpage_noticegroups-for-membermouse.php:116
authwp_ajax_dismiss_confirmationpage_noticegroups-for-membermouse.php:117
authwp_ajax_groups_load_membersincludes\class.shortcodes.php:44
authwp_ajax_groups_get_signup_linkincludes\class.shortcodes.php:45
authwp_ajax_groups_update_group_nameincludes\class.shortcodes.php:46
authwp_ajax_groups_add_memberincludes\class.shortcodes.php:47
authwp_ajax_groups_delete_memberincludes\class.shortcodes.php:48

Shortcodes 3

[MM_Group_SignUp_Link] groups-for-membermouse.php:104
[MM_Group_Leader_Dashboard] includes\class.shortcodes.php:72
[MM_Group_Member_List] includes\class.shortcodes.php:73
WordPress Hooks 17
actionadmin_menugroups-for-membermouse.php:95
actionadmin_headgroups-for-membermouse.php:96
actionadmin_enqueue_scriptsgroups-for-membermouse.php:97
actionadmin_initgroups-for-membermouse.php:98
actionmm_member_addgroups-for-membermouse.php:99
actionmm_member_status_changegroups-for-membermouse.php:100
actionmm_payment_receivedgroups-for-membermouse.php:101
actionmm_member_membership_changegroups-for-membermouse.php:102
actionadmin_headgroups-for-membermouse.php:103
actionplugins_loadedgroups-for-membermouse.php:105
actiontemplate_redirectgroups-for-membermouse.php:106
actionwp_enqueue_scriptsgroups-for-membermouse.php:107
actionadmin_noticesgroups-for-membermouse.php:111
actionadmin_noticesgroups-for-membermouse.php:114
actionadmin_noticesgroups-for-membermouse.php:126
actionrest_api_initgroups-for-membermouse.php:183
actionwp_enqueue_scriptsincludes\class.shortcodes.php:41
Maintenance & Trust

Groups for MemberMouse Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 26, 2025
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Groups for MemberMouse Alternatives

ProductDyno

ProductDyno

productdyno

A
99

DISCOVER THE EASIEST WAY TO SELL, LICENSE & SECURELY DELIVER ANY TYPE OF DIGITAL PRODUCT!

80 2 CVEs
Groups

Groups

groups

A
98

Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.

10K 2 CVEs
Private groups

Private groups

bbp-private-groups

A
100

For bbPress - Creates private forum groups

1K No CVEs
Registration Options for BuddyPress

Registration Options for BuddyPress

bp-registration-options

A
85

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs
BuddyPress Group Email Subscription

BuddyPress Group Email Subscription

buddypress-group-email-subscription

A
92

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs
Developer Profile

Groups for MemberMouse Developer Profile

Matt Mintun

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Groups for MemberMouse

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/groups-for-membermouse/css/groups.css/wp-content/plugins/groups-for-membermouse/js/groups.js/wp-content/plugins/groups-for-membermouse/js/mm-groups-admin.js
Script Paths
/wp-content/plugins/groups-for-membermouse/js/groups.js/wp-content/plugins/groups-for-membermouse/js/mm-groups-admin.js
Version Parameters
groups-for-membermouse/css/groups.css?ver=groups-for-membermouse/js/groups.js?ver=groups-for-membermouse/js/mm-groups-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mm-groups-signup-link
JS Globals
mm_groups_admin_ajax_object
REST Endpoints
/wp-json/mm-groups/v1/create_group/wp-json/mm-groups/v1/add_group/wp-json/mm-groups/v1/delete_group/wp-json/mm-groups/v1/purchase_link/wp-json/mm-groups/v1/edit_group/wp-json/mm-groups/v1/update_group/wp-json/mm-groups/v1/edit_group_name/wp-json/mm-groups/v1/update_group_name/wp-json/mm-groups/v1/show_purchase_link/wp-json/mm-groups/v1/check_username/wp-json/mm-groups/v1/add_group_user/wp-json/mm-groups/v1/delete_group_member/wp-json/mm-groups/v1/group_leader_form/wp-json/mm-groups/v1/check_user/wp-json/mm-groups/v1/create_group_leader/wp-json/mm-groups/v1/change_group_cost/wp-json/mm-groups/v1/show_help_window/wp-json/mm-groups/v1/cancel_group/wp-json/mm-groups/v1/activate_group/wp-json/mm-groups/v1/delete_group_data
Shortcode Output
[MM_Group_SignUp_Link
FAQ

Frequently Asked Questions about Groups for MemberMouse