Does InPlayer Paywall have any unpatched vulnerabilities?

No. All known vulnerabilities in InPlayer Paywall have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is InPlayer Paywall compatible with WordPress 4.9.29?

According to WordPress.org data, InPlayer Paywall 1.0.6 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is InPlayer Paywall updated?

InPlayer Paywall was last updated on Feb 6, 2018. Frequent updates are generally a positive security signal.

What is InPlayer Paywall's security score?

InPlayer Paywall has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

InPlayer Paywall Security & Risk Analysis

wordpress.org/plugins/inplayer-paywall

The InPlayer Paywall plugin is a simple way for monetizing your digital content.

10 active installs v1.0.6 PHP + WP 3.0.1+ Updated Feb 6, 2018

content-monetizationearn-moneymonetizationpaywallprotection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is InPlayer Paywall Safe to Use in 2026?

Generally Safe

Score 85/100

InPlayer Paywall has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The inplayer-paywall plugin v1.0.6 presents a significant security risk due to its large, unprotected attack surface. While the code does not utilize dangerous functions, performs SQL queries using prepared statements, and has no known historical vulnerabilities, these strengths are heavily overshadowed by critical weaknesses. The analysis reveals 20 AJAX handlers that lack any form of authentication or capability checks, representing a substantial entry point for potential attacks. Furthermore, only 5% of output is properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks. The presence of 3 unsanitized path flows, even without a critical or high severity rating, indicates potential for directory traversal or unauthorized file access. The lack of historical vulnerabilities is positive, but it does not mitigate the immediate risks identified in the current code analysis. The plugin's security posture is concerning due to the high number of unprotected entry points and poor output escaping, which are fundamental security oversights.

Key Concerns

Large attack surface without auth checks
Low percentage of properly escaped output
Unsanitized path flows

Vulnerabilities

None known

InPlayer Paywall Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

InPlayer Paywall Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

5% escaped83 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

activate_account (includes\InPlayerForms.php:41)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

20 unprotected

InPlayer Paywall Attack Surface

Entry Points21

Unprotected20

AJAX Handlers 20

authwp_ajax_inplayer_register_accountincludes\InPlayerAdmin.php:67

authwp_ajax_inplayer_activate_accountincludes\InPlayerAdmin.php:68

authwp_ajax_inplayer_resend_activationincludes\InPlayerAdmin.php:69

authwp_ajax_inplayer_platform_loginincludes\InPlayerAdmin.php:70

authwp_ajax_inplayer_change_passwordincludes\InPlayerAdmin.php:71

authwp_ajax_inplayer_forgot_passwordincludes\InPlayerAdmin.php:72

authwp_ajax_inplayer_reset_passwordincludes\InPlayerAdmin.php:73

authwp_ajax_inplayer_verify_payment_methodincludes\InPlayerAdmin.php:74

authwp_ajax_inplayer_remove_access_feeincludes\InPlayerAdmin.php:75

authwp_ajax_inplayer_transactionsincludes\InPlayerAdmin.php:76

authwp_ajax_inplayer_platform_payoutincludes\InPlayerAdmin.php:77

authwp_ajax_inplayer_save_assetincludes\InPlayerAdmin.php:80

authwp_ajax_inplayer_delete_assetincludes\InPlayerAdmin.php:81

authwp_ajax_inplayer_reactivate_assetincludes\InPlayerAdmin.php:82

authwp_ajax_inplayer_save_packageincludes\InPlayerAdmin.php:85

authwp_ajax_inplayer_update_packageincludes\InPlayerAdmin.php:86

authwp_ajax_inplayer_delete_packageincludes\InPlayerAdmin.php:87

authwp_ajax_inplayer_reactivate_packageincludes\InPlayerAdmin.php:88

authwp_ajax_inplayer_ovp_ooyalaincludes\InPlayerAdmin.php:91

authwp_ajax_assets_shortcodesincludes\InPlayerAdmin.php:114

Shortcodes 1

[inplayer] includes\InPlayerPlugin.php:47

WordPress Hooks 13

actionwp_loadedincludes\InPlayerAdmin.php:30

actionadmin_noticesincludes\InPlayerAdmin.php:34

actionadmin_initincludes\InPlayerAdmin.php:37

actionadmin_menuincludes\InPlayerAdmin.php:38

actionadmin_menuincludes\InPlayerAdmin.php:41

actionadmin_enqueue_scriptsincludes\InPlayerAdmin.php:44

actioninitincludes\InPlayerAdmin.php:94

filtermce_external_pluginsincludes\InPlayerAdmin.php:100

filtermce_buttonsincludes\InPlayerAdmin.php:106

actionadmin_print_footer_scriptsincludes\InPlayerAdmin.php:117

actionwp_dashboard_setupincludes\InPlayerAdmin.php:126

actionplugins_loadedincludes\InPlayerPlugin.php:32

actionwp_enqueue_scriptsincludes\InPlayerPlugin.php:41

Maintenance & Trust

InPlayer Paywall Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 6, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings3

Active installs10

Alternatives

InPlayer Paywall Alternatives

Steady for WordPress

steady-wp

Steady is the perfect plugin for regular payments: offer subscriptions, pledges, use a flexible paywall or start a subscription crowdfunding campaign.

600 No CVEs

Zlick Paywall

zlick-paywall

Sell subscriptions and one-off access to your content with industry-leading conversion rates, a simple platform to operate, and no upfront costs.

100 1 CVE

Conscent Paywall

conscent-paywall

Conscent.ai is the world’s fastest growing advanced analytics and revenue optimization solutions for the media and news publishing industry.

0 No CVEs

Recognyze.AI

recognyze-client

100

Protect your content and earn from AI usage. Manage posts, track AI crawlers, and verify authenticity with Recognyze.AI.

0 No CVEs

Website Article Monetization By MageNet

website-article-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

Developer Profile

InPlayer Paywall Developer Profile

InPlayer

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect InPlayer Paywall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/inplayer-paywall/assets/css/inplayer-admin.css/wp-content/plugins/inplayer-paywall/assets/js/inplayer-admin.js/wp-content/plugins/inplayer-paywall/assets/js/inplayer-editor.js

HTML / DOM Fingerprints

CSS Classes

inplayer-paywall

HTML Comments

Data Attributes

data-iddata-asset-iddata-asset-type

JS Globals

inplayernotifications

REST Endpoints

/wp-json/inplayer-paywall/v1/asset/wp-json/inplayer-paywall/v1/assets/wp-json/inplayer-paywall/v1/package/wp-json/inplayer-paywall/v1/packages/wp-json/inplayer-paywall/v1/transaction/wp-json/inplayer-paywall/v1/transactions

Shortcode Output

[inplayer-asset id="" type=""][inplayer-asset id="" type="" ]

FAQ