IDPay For Paid Memberships Pro Security & Risk Analysis

The idpay-paid-memberships-pro plugin version 1.2.1 exhibits a concerning security posture due to significant vulnerabilities in its access control mechanisms. While the plugin shows no past CVEs, suggesting a history of relative security, the static analysis reveals critical weaknesses. The presence of two unprotected AJAX handlers represents a direct pathway for unauthorized actions, as there are no nonce or capability checks in place for these entry points. Furthermore, all four SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities, especially when handling user-supplied data. The taint analysis indicating flows with unsanitized paths, though not classified as critical or high, combined with the lack of proper SQL sanitization, points to a substantial risk of data manipulation and potential compromise.

Despite the absence of known vulnerabilities and a high percentage of properly escaped output, the unprotected entry points and raw SQL queries are major concerns. The plugin's attack surface, though small in terms of entry points, is highly exposed. The lack of any nonce or capability checks on the AJAX handlers is a critical oversight that could allow unauthenticated users to trigger potentially sensitive actions within the plugin. The reliance on raw SQL queries without prepared statements is a widespread vulnerability pattern that exposes the database to significant risks. In conclusion, while the plugin has a clean vulnerability history, the current version has several critical security flaws that require immediate attention.