[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvVHwFRqQy-hwqENOb916Wru41PQIkVDsPlukJtTE3XQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":118,"fingerprints":285},"idpay-paid-memberships-pro","IDPay For Paid Memberships Pro","1.2.1","IDPay","https:\u002F\u002Fprofiles.wordpress.org\u002Fidpayir\u002F","\u003Cp>After installing and enabling this plugin, your customers can pay through IDPay gateway.\u003Cbr \u002F>\nFor doing a transaction through IDPay gateway, you must have an API Key. You can obtain the API Key by going to your \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fdashboard\u002Fweb-services\" rel=\"nofollow ugc\">dashboard\u003C\u002Fa> in your IDPay \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fuser\" rel=\"nofollow ugc\">account\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>1.2.1, Nov 13, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Tested Up With WordPress 6.1 And Paid Memberships Pro Plugin 2.9.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.2.0, June 18, 2022\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First Official Release\u003C\u002Fli>\n\u003Cli>Tested Up With WordPress 6.0 And Paid Memberships Pro Plugin 2.9.5\u003C\u002Fli>\n\u003Cli>Check Double Spending Correct\u003C\u002Fli>\n\u003Cli>Check Does Not Xss Attack Correct\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.1.1, October 13, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>check GET parameters if POST was empty in relation with IDPay webservices new update.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.1.0, July 18, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fix error handling in creating transactions.\u003C\u002Fli>\n\u003Cli>Add IDPay logo to submit button.\u003C\u002Fli>\n\u003Cli>Some other bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.4, May 19, 2019\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Solve problem with language packs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.3, May 19, 2019\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add Iranian currencies to the currencies’ settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.2, May 13, 2019\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Try to connect to the gateway several times.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.1, May 05, 2019\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Update Plugin header.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0, May 05, 2019\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Develope release\u003C\u002Fli>\n\u003C\u002Ful>\n","After installing and enabling this plugin, your customers can pay through IDPay gateway.",50,2851,0,"2022-11-13T14:03:00.000Z","6.1.10","",[18,19,20,21,22],"gateway","idpay","memberships","paid-memberships-pro","restrict-content","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidpay-paid-memberships-pro.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"idpayir",7,1370,30,84,"2026-04-04T04:34:17.886Z",[36,50,70,85,106],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":10,"active_installs":41,"downloaded":42,"rating":41,"num_ratings":43,"last_updated":44,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":45,"homepage":16,"download_link":49,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"idpay-for-restrict-content-pro","IDPay For Restrict Content Pro (RCP)","1.2.2","\u003Cp>After installing and enabling this plugin, your customers can pay through IDPay gateway.\u003Cbr \u002F>\nFor doing a transaction through IDPay gateway, you must have an API Key. You can obtain the API Key by going to your \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fdashboard\u002Fweb-services\" rel=\"nofollow ugc\">dashboard\u003C\u002Fa> in your IDPay \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fuser\" rel=\"nofollow ugc\">account\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>1.2.2, Nov 13, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Tested Up With WordPress 6.1 And Restrict Content Pro version 3.5.3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.2.1, June 18, 2022\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First Official Release\u003C\u002Fli>\n\u003Cli>Tested Up With WordPress 6.0 And RCP Plugin 3.5.3\u003C\u002Fli>\n\u003Cli>Check Double Spending Correct\u003C\u002Fli>\n\u003Cli>Check Does Not Xss Attack Correct\u003C\u002Fli>\n\u003Cli>Fix Changing Membership\u003C\u002Fli>\n\u003Cli>Fix Email Verification Process After Payment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.3, January 30, 2021\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>fix sticking in loading state’s bug.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.2, December 20, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>change configuration for currencies and fix decimal place in numbers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.1, October 13, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>check GET parameters if POST was empty in relation with IDPay webservices new update.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.0, Jul 09, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Develope Release\u003C\u002Fli>\n\u003C\u002Ful>\n",100,2802,1,"2022-11-13T14:08:00.000Z",[18,19,46,47,48],"payment","restrict-content-pro","%d8%a2%db%8c%d8%af%db%8c-%d9%be%db%8c","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidpay-for-restrict-content-pro.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":13,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":16,"tags":63,"homepage":68,"download_link":69,"security_score":41,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"click-pledge-paid-memberships-pro","Click & Pledge – Paid Memberships Pro","25.12000000-WP6.9-PMP3.6.3","ClickandPledge","https:\u002F\u002Fprofiles.wordpress.org\u002Fclickandpledge\u002F","\u003Cp>The Paid Memberships Pro Click & Pledge Gateway plugin enables seamless online payment processing for your WordPress Paid Memberships Pro site. With this integration, you can securely accept payments through your Click & Pledge account, including all major credit card brands: Visa, American Express, Discover, and MasterCard.\u003C\u002Fp>\n\u003Ch4>Paid Memberships Pro plugin\u003C\u002Fh4>\n\u003Cp>Paid Memberships Pro allows you to create unlimited membership levels and control access to premium content across your site. Restrict pages, posts, categories, videos, forums, downloads, support resources, or offer single “à la carte” access, all from one powerful platform.\u003Cbr \u002F>\nWhether you’re managing an online community, nonprofit membership program, or subscription-based business, Paid Memberships Pro works right out of the box while remaining highly customizable for developers with advanced needs.\u003Cbr \u002F>\nTogether, Paid Memberships Pro and Click & Pledge deliver a reliable, secure, and scalable membership and payment solution—making it easy to manage memberships, collect payments, and grow your organization with confidence.\u003C\u002Fp>\n\u003Ch4>About Click & Pledge\u003C\u002Fh4>\n\u003Cp>Click & Pledge began on May 30, 2000, with a simple but powerful question:\u003Cbr \u002F>\nWhat if online fundraising could be easier for everyone?\u003Cbr \u002F>\nWhat started as a small side project to help our local community, quickly sparked a vision much larger than we ever imagined. We saw an opportunity not just to build software, but to transform the way nonprofits and donors connect.\u003Cbr \u002F>\nMore than 25 years later, that vision has grown into a global platform serving over 20,000 organizations and powering more than $1 billion in charitable contributions.\u003Cbr \u002F>\nAt Click & Pledge, we believe fundraising isn’t just a transaction, but moment of human connection. That’s why we’re committed to reimagining the giving experience from the donor’s perspective, ensuring every interaction is intuitive, meaningful, and effective.\u003Cbr \u002F>\nFrom innovative fundraising tools to our comprehensive Academy, we empower nonprofits and partners to master both the technology and the human behavior behind successful giving.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong> This addon requires a Click & Pledge Account to accept credit and debit card payments. You can apply for an account at \u003Ca href=\"https:\u002F\u002Fclickandpledge.com\u002Fsign-up\u002F\" rel=\"nofollow ugc\">Click & Pledge\u003C\u002Fa>. Please contact \u003Ca href=\"https:\u002F\u002Fsupport.clickandpledge.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew?ticket_form_id=36546115502619\" rel=\"nofollow ugc\">Support\u003C\u002Fa> with any questions.\u003C\u002Fp>\n","Click & Pledge payment gateway integration for Paid Memberships Pro with Salesforce support.",10,5045,"2025-12-17T14:12:00.000Z","6.9.4","5.2",[64,65,21,66,67],"click-and-pledge","membership-payments","payment-gateway","salesforce-integration","https:\u002F\u002Fsupport.clickandpledge.com\u002Fhc\u002Fen-us\u002Farticles\u002F40827837803291-PaidMembershipsPro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclick-pledge-paid-memberships-pro.25.12000000-WP6.9-PMP3.6.3.zip",{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":16,"requires_php":16,"tags":82,"homepage":16,"download_link":84,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"woo-idpay-gateway","IDPay Payment Gateway for Woocommerce","2.2.5","\u003Cp>\u003Ca href=\"https:\u002F\u002Fidpay.ir\" rel=\"nofollow ugc\">IDPay\u003C\u002Fa> is one of the Financial Technology providers in Iran.\u003C\u002Fp>\n\u003Cp>IDPay provides some payment services and this plugin enables the IDPay’s payment gateway for Woocommerce.\u003C\u002Fp>\n","IDPay payment method for Woocommerce.",1000,56424,74,6,"2023-12-05T08:09:00.000Z","6.4.8",[18,19,46,83,48],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-idpay-gateway.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":41,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"iceyi-members-only","My Members Only – Membership for WordPress","6.8.9","uri","https:\u002F\u002Fprofiles.wordpress.org\u002Ficelayer\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpbrisko.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">My Members Only\u003C\u002Fa> WordPress Plugin makes it easy for anyone to protect content on a WordPress site in any post or page using members-only content type and shortcodes.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[membersonly]\nProtected Content Here\n[\u002Fmembersonly] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The shortcode can be used along with other shortcodes, this plugin is very simple and light weight making it a very useful tool for any WordPress website.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[membersonly]\n[myshortcode title=\"Post title here\"]\nProtected Content\n[\u002Fmembersonly] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Restrict access to\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Downloads\u003C\u002Fli>\n\u003Cli>Articles in Whole or Part\u003C\u002Fli>\n\u003Cli>Videos\u003C\u002Fli>\n\u003Cli>Private Forums\u003C\u002Fli>\n\u003Cli>Premium Support\u003C\u002Fli>\n\u003Cli>And so much more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Superb “Plugin is Superb! exactly what I wanted thanks – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fzala5958\u002F\" rel=\"ugc\">zala5958\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Built-In Protected Members Only Content\u003C\u002Fh4>\n\u003Cp>What is Members Only Content, Members Only content allows you to create special content that only your members can see.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>all post in the members-only content area is protected.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Only if a user is logged in they will be able to access, the default access level is a subscriber for all content in the “members-only content” section.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>members-only content does not affect shortcode content restrictions, this feature allows for full content protection.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>New in 4.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Present Users who are not logged in with a link to “Register or Login Here”,\u003C\u002Fli>\n\u003Cli>Redirect Users to current page after login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>Create a Post or Page or protect existing content.\u003C\u002Fli>\n\u003Cli>Place the shortcodes around the content you wish to protect.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>New Shortcode Options Use With Options\u003C\u002Fp>\n\u003Cul>\n\u003Cli>display=”Custom text” change the message for none logged in user (default: You Must be Logged in to view this content)\u003C\u002Fli>\n\u003Cli>linkto=”\u002Fwp-admin\u002F” Link to a specific page, recommended usage would be to use \u002Fwp-admin\u002F without http:\u002F\u002Fwww this is very good practice in case if you are using SSL or custom subdomain, Note that this will also disable Auto redirect (default: WordPress Login Page)\u003C\u002Fli>\n\u003Cli>linktext=”Click Here” change the text for the link (default: Register or Login Here)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Example Shortcodes\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[membersonly]\nPremium Content Here\n[\u002Fmembersonly] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>With Options\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[membersonly display=\"Login To Download\" linkto=\"\u002Fwp-admin\u002F\" linktext=\"Login Here\"] protected content here [\u002Fmembersonly] \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>the user will then have to be logged in to view.\u003C\u002Fp>\n","Protect content in posts and pages with shortcodes.",12627,86,3,"2024-01-09T03:02:00.000Z","5.7.15","5.3.0","7.4",[101,102,20,103,22],"members","membership","restrict","https:\u002F\u002Fwpbrisko.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ficeyi-members-only.6.8.9.zip",{"slug":107,"name":108,"version":109,"author":7,"author_profile":8,"description":110,"short_description":10,"active_installs":41,"downloaded":111,"rating":112,"num_ratings":43,"last_updated":113,"tested_up_to":81,"requires_at_least":16,"requires_php":16,"tags":114,"homepage":16,"download_link":117,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"idpay-gateway-gravity-forms","IDPay For Wp Gravity Forms","3.1.1","\u003Cp>After installing and enabling this plugin, your customers can pay through IDPay gateway.\u003Cbr \u002F>\nFor doing a transaction through IDPay gateway, you must have an API Key. You can obtain the API Key by going to your \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fdashboard\u002Fweb-services\" rel=\"nofollow ugc\">dashboard\u003C\u002Fa> in your IDPay \u003Ca href=\"https:\u002F\u002Fidpay.ir\u002Fuser\" rel=\"nofollow ugc\">account\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>3.1.1, DEC 04, 2023\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>New Version Plugin And Many Add Features\u003C\u002Fli>\n\u003Cli>Fix All Problems\u003C\u002Fli>\n\u003Cli>Update Structures\u003C\u002Fli>\n\u003Cli>Tested Up With WordPress 6.4.1 And GravityForm 2.7.17\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2.0.0, STP 11, 2023\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>New Version Plugin And Many Add Features\u003C\u002Fli>\n\u003Cli>Fix All Problems\u003C\u002Fli>\n\u003Cli>Update Structures\u003C\u002Fli>\n\u003Cli>Tested Up With WordPress 6.3.1 And GravityForm 2.7.12\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1.2, Nov 13, 2022\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Tested Up With WordPress 6.1 And GravityForm 2.6.3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.1.1, June 18, 2022\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Tested Up With WordPress 6.0 And GravityForm 2.6.3\u003C\u002Fli>\n\u003Cli>Check Double Spending Correct\u003C\u002Fli>\n\u003Cli>Check Does Not Xss Attack Correct\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.5, January 30, 2021\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>add deactivation method.\u003C\u002Fli>\n\u003Cli>add checkbox to use Gravity Forms confirmations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.4, December 9, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>add name and email to gateway configuration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.3, October 11, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>check GET parameters if POST was empty in relation with IDPay webservices new update.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.2, October 6, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Prevent IDPay logo applying in all forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.1, August 22, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fix a typo bug.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.0, Jul 08, 2020\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Develope release.\u003C\u002Fli>\n\u003C\u002Ful>\n",7372,20,"2023-12-09T05:55:00.000Z",[18,115,116,19,46],"gravity-forms","gravityforms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidpay-gateway-gravity-forms.zip",{"attackSurface":119,"codeSignals":180,"taintFlows":204,"riskAssessment":270,"analyzedAt":284},{"hooks":120,"ajaxHandlers":167,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":179,"unprotectedCount":179},[121,127,132,135,139,142,145,148,151,155,158,161,164],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","init","idpay_pmpro_load_textdomain","idpay-paid-memberships-pro.php",51,{"type":122,"name":128,"callback":129,"priority":130,"file":125,"line":131},"plugins_loaded","load_idpay_pmpro_class",11,54,{"type":122,"name":128,"callback":123,"priority":133,"file":125,"line":134},12,55,{"type":136,"name":137,"callback":137,"file":125,"line":138},"filter","pmpro_gateways",73,{"type":136,"name":140,"callback":140,"file":125,"line":141},"pmpro_payment_options",79,{"type":136,"name":143,"callback":143,"priority":58,"file":125,"line":144},"pmpro_payment_option_fields",83,{"type":136,"name":146,"callback":146,"file":125,"line":147},"pmpro_currencies",89,{"type":136,"name":149,"callback":149,"priority":58,"file":125,"line":150},"pmpro_checkout_before_change_membership_level",97,{"type":136,"name":152,"callback":153,"file":125,"line":154},"pmpro_include_billing_address_fields","__return_false",101,{"type":136,"name":156,"callback":153,"file":125,"line":157},"pmpro_include_payment_information_fields",102,{"type":136,"name":159,"callback":159,"file":125,"line":160},"pmpro_required_billing_fields",103,{"type":122,"name":162,"callback":162,"file":125,"line":163},"pmpro_checkout_after_form",117,{"type":122,"name":165,"callback":165,"file":125,"line":166},"pmpro_invoice_bullets_bottom",121,[168,174],{"action":169,"nopriv":170,"callback":171,"hasNonce":172,"hasCapCheck":172,"file":125,"line":173},"idpay-ins",true,"pmpro_wp_ajax_idpay_ins",false,109,{"action":169,"nopriv":172,"callback":171,"hasNonce":172,"hasCapCheck":172,"file":125,"line":175},113,[],[],[],2,{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":195,"fileOperations":13,"externalRequests":43,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":203},[],{"prepared":13,"raw":183,"locations":184},4,[185,188,191,193],{"file":125,"line":186,"context":187},44,"$wpdb->get_var() with variable interpolation",{"file":125,"line":189,"context":190},45,"$wpdb->query() with variable interpolation",{"file":125,"line":192,"context":190},311,{"file":125,"line":194,"context":190},580,{"escaped":196,"rawEcho":179,"locations":197},17,[198,201],{"file":125,"line":199,"context":200},268,"raw output",{"file":125,"line":202,"context":200},567,[],[205,232,241,250,259],{"entryPoint":206,"graph":207,"unsanitizedCount":30,"severity":231},"load_idpay_pmpro_class (idpay-paid-memberships-pro.php:58)",{"nodes":208,"edges":228},[209,214,219,223],{"id":210,"type":211,"label":212,"file":125,"line":213},"n0","source","$_GET['idpay_message'] (x2)",280,{"id":215,"type":216,"label":217,"file":125,"line":213,"wp_function":218},"n1","sink","echo() [XSS]","echo",{"id":220,"type":211,"label":221,"file":125,"line":222},"n2","$_GET (x5)",411,{"id":224,"type":216,"label":225,"file":125,"line":226,"wp_function":227},"n3","wp_redirect() [Open Redirect]",471,"wp_redirect",[229,230],{"from":210,"to":215,"sanitized":172},{"from":220,"to":224,"sanitized":172},"medium",{"entryPoint":233,"graph":234,"unsanitizedCount":43,"severity":231},"pmpro_checkout_after_form (idpay-paid-memberships-pro.php:267)",{"nodes":235,"edges":239},[236,238],{"id":210,"type":211,"label":237,"file":125,"line":213},"$_GET['idpay_message']",{"id":215,"type":216,"label":217,"file":125,"line":213,"wp_function":218},[240],{"from":210,"to":215,"sanitized":172},{"entryPoint":242,"graph":243,"unsanitizedCount":43,"severity":231},"pmpro_invoice_bullets_bottom (idpay-paid-memberships-pro.php:284)",{"nodes":244,"edges":248},[245,247],{"id":210,"type":211,"label":237,"file":125,"line":246},286,{"id":215,"type":216,"label":217,"file":125,"line":246,"wp_function":218},[249],{"from":210,"to":215,"sanitized":172},{"entryPoint":251,"graph":252,"unsanitizedCount":258,"severity":231},"pmpro_wp_ajax_idpay_ins (idpay-paid-memberships-pro.php:389)",{"nodes":253,"edges":256},[254,255],{"id":210,"type":211,"label":221,"file":125,"line":222},{"id":215,"type":216,"label":225,"file":125,"line":226,"wp_function":227},[257],{"from":210,"to":215,"sanitized":172},5,{"entryPoint":260,"graph":261,"unsanitizedCount":30,"severity":231},"\u003Cidpay-paid-memberships-pro> (idpay-paid-memberships-pro.php:0)",{"nodes":262,"edges":267},[263,264,265,266],{"id":210,"type":211,"label":212,"file":125,"line":213},{"id":215,"type":216,"label":217,"file":125,"line":213,"wp_function":218},{"id":220,"type":211,"label":221,"file":125,"line":222},{"id":224,"type":216,"label":225,"file":125,"line":226,"wp_function":227},[268,269],{"from":210,"to":215,"sanitized":172},{"from":220,"to":224,"sanitized":172},{"summary":271,"deductions":272},"The idpay-paid-memberships-pro plugin version 1.2.1 exhibits a concerning security posture due to significant vulnerabilities in its access control mechanisms. While the plugin shows no past CVEs, suggesting a history of relative security, the static analysis reveals critical weaknesses.  The presence of two unprotected AJAX handlers represents a direct pathway for unauthorized actions, as there are no nonce or capability checks in place for these entry points.  Furthermore, all four SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities, especially when handling user-supplied data. The taint analysis indicating flows with unsanitized paths, though not classified as critical or high, combined with the lack of proper SQL sanitization, points to a substantial risk of data manipulation and potential compromise.\n\nDespite the absence of known vulnerabilities and a high percentage of properly escaped output, the unprotected entry points and raw SQL queries are major concerns. The plugin's attack surface, though small in terms of entry points, is highly exposed.  The lack of any nonce or capability checks on the AJAX handlers is a critical oversight that could allow unauthenticated users to trigger potentially sensitive actions within the plugin. The reliance on raw SQL queries without prepared statements is a widespread vulnerability pattern that exposes the database to significant risks.  In conclusion, while the plugin has a clean vulnerability history, the current version has several critical security flaws that require immediate attention.",[273,275,278,280,282],{"reason":274,"points":58},"Unprotected AJAX handlers",{"reason":276,"points":277},"Raw SQL queries without prepared statements",8,{"reason":279,"points":258},"No nonce checks",{"reason":281,"points":258},"No capability checks",{"reason":283,"points":30},"Taint flows with unsanitized paths","2026-03-16T22:02:21.285Z",{"wat":286,"direct":292},{"assetPaths":287,"generatorPatterns":289,"scriptPaths":290,"versionParams":291},[288],"\u002Fwp-content\u002Fplugins\u002Fidpay-paid-memberships-pro\u002Fidpay-paid-memberships-pro.php",[],[],[],{"cssClasses":293,"htmlComments":295,"htmlAttributes":296,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":299},[294],"gateway_idpay",[],[294],[],[],[]]