WP-Safety

ITERAS Security & Risk Analysis

wordpress.org/plugins/iteras

Integration with ITERAS, a cloud-based state-of-the-art system for managing subscriptions and payments for magazines.

30 active installs v1.8.2 PHP 4.0+ WP 3.5.1+ Updated Unknown
paywallsubscribesubscriberssubscriptionsubscriptions
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 22, 2024
Plugin page Download
Safety Verdict

Is ITERAS Safe to Use in 2026?

Generally Safe

Score 99/100

ITERAS has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 22, 2024
Risk Assessment

The "iteras" v1.8.2 plugin exhibits a generally strong security posture with several positive indicators. The static analysis shows no directly exploitable entry points without authentication checks, and a high percentage of output is properly escaped. Crucially, all SQL queries utilize prepared statements, and there are instances of both nonce and capability checks, demonstrating an awareness of secure coding practices. The absence of critical or high-severity taint flows further suggests that sensitive data is handled with care.

However, there are areas that warrant attention. The presence of two taint flows with unsanitized paths, even without critical or high severity, indicates a potential for vulnerabilities if these paths are ever exposed to user input. The single file operation and external HTTP request, while not inherently problematic, are potential attack vectors that should be scrutinized for proper sanitization and validation. The vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium-severity vulnerability, specifically CSRF, which suggests that thorough input validation and nonce usage across all interactive elements are paramount.

Overall, "iteras" v1.8.2 appears to be a reasonably secure plugin, particularly in its handling of database interactions and output. The main areas for improvement lie in ensuring all unsanitized paths are either eliminated or rigorously secured, and maintaining vigilance against potential CSRF-like vulnerabilities through consistent nonce implementation.

Key Concerns

  • Taint flows with unsanitized paths
  • Past medium severity CVE (CSRF)
  • One file operation (potential risk)
  • One external HTTP request (potential risk)
Vulnerabilities
1

ITERAS Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-53710medium · 4.3Cross-Site Request Forgery (CSRF)

ITERAS <= 1.8.0 - Cross-Site Request Forgery

Nov 22, 2024 Patched in 1.8.1 (82d)
Code Analysis
Analyzed Mar 16, 2026

ITERAS Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
7
43 escaped
Nonce Checks
2
Capability Checks
5
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

86% escaped50 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
save_settings_form (admin\iteras-admin.php:348)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ITERAS Attack Surface

Entry Points9
Unprotected0

Shortcodes 9

[iteras-ordering] public\iteras-public.php:49
[iteras-paywall-login] public\iteras-public.php:50
[iteras-selfservice] public\iteras-public.php:51
[iteras-if-logged-in-link] public\iteras-public.php:52
[iteras-if-logged-in] public\iteras-public.php:53
[iteras-if-not-logged-in] public\iteras-public.php:54
[iteras-paywall-content] public\iteras-public.php:56
[iteras-return-to-page] public\iteras-public.php:58
[iteras-signup] public\iteras-public.php:60
WordPress Hooks 26
actioninitadmin\iteras-admin.php:33
actioninitadmin\iteras-admin.php:34
actionadmin_enqueue_scriptsadmin\iteras-admin.php:37
actionadmin_enqueue_scriptsadmin\iteras-admin.php:38
actionadmin_menuadmin\iteras-admin.php:41
filtermanage_post_posts_columnsadmin\iteras-admin.php:48
actionmanage_post_posts_custom_columnadmin\iteras-admin.php:49
filtermanage_page_posts_columnsadmin\iteras-admin.php:50
actionmanage_page_posts_custom_columnadmin\iteras-admin.php:51
actionload-post.phpadmin\iteras-admin.php:53
actionload-post-new.phpadmin\iteras-admin.php:54
filterbulk_actions-edit-postadmin\iteras-admin.php:57
filterhandle_bulk_actions-edit-postadmin\iteras-admin.php:58
filterbulk_actions-edit-pageadmin\iteras-admin.php:59
filterhandle_bulk_actions-edit-pageadmin\iteras-admin.php:60
actionadd_meta_boxesadmin\iteras-admin.php:88
actionsave_postadmin\iteras-admin.php:89
actionplugins_loadediteras.php:52
actionplugins_loadediteras.php:62
actioninitpublic\iteras-public.php:36
actioninitpublic\iteras-public.php:37
actionwpmu_new_blogpublic\iteras-public.php:40
actionwp_enqueue_scriptspublic\iteras-public.php:43
actionwp_enqueue_scriptspublic\iteras-public.php:44
filterthe_contentpublic\iteras-public.php:46
filterthe_content_feedpublic\iteras-public.php:47
Maintenance & Trust

ITERAS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version4.0
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs30
Alternatives

ITERAS Alternatives

Contentlockr

Contentlockr

newsroomie

A
100

Unlock more subscribers and traffic.

0 No CVEs
Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
Autoship Cloud for WooCommerce Subscription Products

Autoship Cloud for WooCommerce Subscription Products

autoship-cloud

A
99

Use one plugin to automate repeat orders, product subscriptions, and scheduled deliveries for your WooCommerce subscriptions products.

200 2 CVEs
Zlick Paywall

Zlick Paywall

zlick-paywall

A
99

Sell subscriptions and one-off access to your content with industry-leading conversion rates, a simple platform to operate, and no upfront costs.

100 1 CVE
Easy Email Subscription

Easy Email Subscription

email-subscription-with-secure-captcha

A
95

Easy Email Subscription form with secured captcha.

30 3 CVEs
Developer Profile

ITERAS Developer Profile

ITERAS

1 plugin · 30 total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
82 days
View full developer profile
Detection Fingerprints

How We Detect ITERAS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/iteras/public/css/iteras-public.css/wp-content/plugins/iteras/public/js/iteras-public.js/wp-content/plugins/iteras/admin/css/iteras-admin.css/wp-content/plugins/iteras/admin/js/iteras-admin.js/wp-content/plugins/iteras/admin/js/iteras-settings.js/wp-content/plugins/iteras/admin/js/iteras-metabox.js
Script Paths
/wp-content/plugins/iteras/public/js/iteras-public.js/wp-content/plugins/iteras/admin/js/iteras-admin.js/wp-content/plugins/iteras/admin/js/iteras-settings.js/wp-content/plugins/iteras/admin/js/iteras-metabox.js
Version Parameters
iteras/public/css/iteras-public.css?ver=iteras/public/js/iteras-public.js?ver=iteras/admin/css/iteras-admin.css?ver=iteras/admin/js/iteras-admin.js?ver=iteras/admin/js/iteras-settings.js?ver=iteras/admin/js/iteras-metabox.js?ver=

HTML / DOM Fingerprints

CSS Classes
iteras-paywall-enablediteras-paywall-redirectiteras-paywall-samepageiteras-paywall-customiteras-paywall-active
Data Attributes
data-iteras-paywall-iddata-iteras-paywall-leveldata-iteras-paywall-type
JS Globals
iteras_public_paramsiteras_settings_paramsiteras_metabox_params
FAQ

Frequently Asked Questions about ITERAS