ifthenpay | Payments for MemberPress Security & Risk Analysis

wordpress.org/plugins/ifthenpay-payments-for-memberpress

Adds ifthenpay payment methods to MemberPress: cards, wallets, local bank transfers; supports one-time and period-based recurring memberships.

0 active installs v1.0.0 PHP 7.4+ WP 6.5+ Updated Nov 27, 2025
ifthenpaymemberpressrecurringrefundssubscriptions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is ifthenpay | Payments for MemberPress Safe to Use in 2026?

Generally Safe

Score 100/100

ifthenpay | Payments for MemberPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The ifthenpay-payments-for-memberpress v1.0.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While the code demonstrates good practices in SQL query preparation and output escaping, the presence of 5 AJAX handlers without authentication checks represents a substantial attack surface. The taint analysis revealing 3 high-severity flows with unsanitized paths further exacerbates this risk, suggesting potential vulnerabilities that could be exploited without proper authorization.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This absence of historical vulnerabilities is a positive indicator, suggesting either robust past development or a lack of targeted attacks. However, it does not negate the immediate risks identified in the static and taint analysis. The strengths lie in secure database interactions and output handling, but these are overshadowed by the numerous unprotected entry points and high-severity taint flows, which demand immediate attention to mitigate potential security breaches.

Key Concerns

  • 5 unprotected AJAX handlers
  • 3 high severity unsanitized taint flows
  • 2 missing nonce checks
  • 1 file operation
Vulnerabilities
None known

ifthenpay | Payments for MemberPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ifthenpay | Payments for MemberPress Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

ifthenpay | Payments for MemberPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
11 prepared
Unescaped Output
1
68 escaped
Nonce Checks
2
Capability Checks
3
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared11 total queries

Output Escaping

99% escaped69 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
record_payment_failure (src\Gateway\MeprIfthenpayGateway.php:649)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

ifthenpay | Payments for MemberPress Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_iftp_mepr_refund_send_tokensrc\Plugin.php:65
authwp_ajax_iftp_mepr_refund_verify_tokensrc\Plugin.php:66
authwp_ajax_iftp_mepr_refund_and_cancel_modalsrc\Plugin.php:67
authwp_ajax_iftp_mepr_refund_amountsrc\Plugin.php:68
authwp_ajax_iftp_mepr_set_refund_amountsrc\Plugin.php:69
WordPress Hooks 3
actionadmin_noticesifthenpay-payments-for-memberpress.php:48
filtermepr-gateway-pathssrc\Plugin.php:59
actionadmin_enqueue_scriptssrc\Plugin.php:62
Maintenance & Trust

ifthenpay | Payments for MemberPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 27, 2025
PHP min version7.4
Downloads155

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

ifthenpay | Payments for MemberPress Developer Profile

Ifthenpay

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ifthenpay | Payments for MemberPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/css/refund-guard.css/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-utils.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-ajax.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-modals.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-core.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard.js
Script Paths
/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-utils.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-ajax.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-modals.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard-core.js/wp-content/plugins/ifthenpay-payments-for-memberpress/assets/js/refund-guard.js
Version Parameters
ifthenpay-payments-for-memberpress/assets/css/refund-guard.css?ver=ifthenpay-payments-for-memberpress/assets/js/refund-guard-utils.js?ver=ifthenpay-payments-for-memberpress/assets/js/refund-guard-ajax.js?ver=ifthenpay-payments-for-memberpress/assets/js/refund-guard-modals.js?ver=ifthenpay-payments-for-memberpress/assets/js/refund-guard-core.js?ver=ifthenpay-payments-for-memberpress/assets/js/refund-guard.js?ver=

HTML / DOM Fingerprints

JS Globals
window.iftp_mp_refund_guard_i18n
REST Endpoints
/wp-json/ifthenpay/memberpress/v1/refund/send-token/wp-json/ifthenpay/memberpress/v1/refund/verify-token/wp-json/ifthenpay/memberpress/v1/refund/show-refund-and-cancel-modal/wp-json/ifthenpay/memberpress/v1/refund/get-refund-amount/wp-json/ifthenpay/memberpress/v1/refund/set-refund-amount
FAQ

Frequently Asked Questions about ifthenpay | Payments for MemberPress