Does Leaky Paywall have any unpatched vulnerabilities?

Yes — Leaky Paywall currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Leaky Paywall compatible with WordPress 6.9.4?

According to WordPress.org data, Leaky Paywall 5.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Leaky Paywall compatible with PHP 7.4+?

Leaky Paywall requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Leaky Paywall updated?

Leaky Paywall was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Leaky Paywall's security score?

Leaky Paywall has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leaky Paywall Security & Risk Analysis

wordpress.org/plugins/leaky-paywall

The subscription engine for news & niche publishers.

800 active installs v5.0.1 PHP 7.4+ WP 5.6+ Updated Mar 12, 2026

content-restrictionmembershipmetered-paywallpaywallsubscription-plugin

B · Generally Safe

CVEs total5

Unpatched1

Last CVEDec 10, 2025

Plugin page Download

Safety Verdict

Is Leaky Paywall Safe to Use in 2026?

Mostly Safe

Score 72/100

Leaky Paywall is generally safe to use. 5 past CVEs were resolved. Keep it updated.

5 known CVEs 1 unpatched Last CVE: Dec 10, 2025Updated 23d ago

Risk Assessment

The "leaky-paywall" v5.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, along with a robust number of nonce and capability checks. This suggests an awareness of common web security vulnerabilities. However, significant concerns arise from the attack surface. A notable portion of AJAX handlers and REST API routes lack proper authentication and permission checks, creating potential entry points for unauthorized actions. The taint analysis further highlights these weaknesses, with a substantial number of flows containing unsanitized paths, including several of high severity. The plugin's vulnerability history, with 5 past CVEs and one currently unpatched, reinforces these concerns, particularly the prevalence of missing authorization, CSRF, and XSS, which align with the taint analysis findings. While the plugin has strengths in its general coding practices, the identified vulnerabilities in its entry points and data handling, coupled with its past security incidents, necessitate careful attention and remediation.

Key Concerns

Unpatched CVE
High severity taint flows
Unprotected AJAX handlers
Unprotected REST API routes
Flows with unsanitized paths

Vulnerabilities

Leaky Paywall Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2025-66124medium · 5.3Missing Authorization

Leaky Paywall <= 4.22.5 - Missing Authorization

Dec 10, 2025Unpatched

CVE-2025-31083medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Leaky Paywall <= 4.21.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2025 Patched in 4.21.8 (6d)

CVE-2024-37540medium · 4.3Cross-Site Request Forgery (CSRF)

Leaky Paywall <= 4.21.2 - Cross-Site Request Forgery

Jul 6, 2024 Patched in 4.21.3 (54d)

CVE-2024-33594medium · 5.3External Control of Assumed-Immutable Web Parameter

Leaky Paywall <= 4.20.8 - Missing Authorization to Price Manipulation

Apr 25, 2024 Patched in 4.20.9 (7d)

CVE-2021-39357medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting

Oct 18, 2021 Patched in 4.16.6 (827d)

Code Analysis

Analyzed Mar 16, 2026

Leaky Paywall Code Analysis

Dangerous Functions

Raw SQL Queries

37 prepared

Unescaped Output

114

1571 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared39 total queries

Output Escaping

93% escaped1685 total outputs

Data Flows

19 unsanitized

Data Flow Analysis

25 flows19 with unsanitized paths

build_leaky_paywall_subscription_row_ajax (functions.php:1771)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Leaky Paywall Attack Surface

Entry Points34

Unprotected10

AJAX Handlers 21

authwp_ajax_leaky_paywall_process_notice_linkclass.php:58

authwp_ajax_leaky_paywall_add_subscriberclass.php:59

authwp_ajax_issuem-leaky-paywall-add-new-subscription-rowfunctions.php:1781

authwp_ajax_issuem-leaky-paywall-add-new-subscription-row-post-typefunctions.php:1908

authwp_ajax_leaky-paywall-get-restriction-row-post-type-taxonomiesfunctions.php:2063

authwp_ajax_issuem-leaky-paywall-add-new-restriction-rowfunctions.php:2087

authwp_ajax_lp_reports_get_datainclude\admin\insights\functions.php:3

authwp_ajax_leaky_paywall_reporting_tool_processinclude\admin\tools\export.php:18

authwp_ajax_lp_test_insights_connectioninclude\class-lp-event-tracking.php:46

noprivwp_ajax_leaky_paywall_process_cookieinclude\class-restrictions.php:109

authwp_ajax_leaky_paywall_process_cookieinclude\class-restrictions.php:110

noprivwp_ajax_leaky_paywall_process_apple_payinclude\gateways\stripe\functions.php:156

authwp_ajax_leaky_paywall_process_apple_payinclude\gateways\stripe\functions.php:157

noprivwp_ajax_leaky_paywall_create_stripe_checkout_subscriptioninclude\gateways\stripe\functions.php:213

authwp_ajax_leaky_paywall_create_stripe_checkout_subscriptioninclude\gateways\stripe\functions.php:214

noprivwp_ajax_leaky_paywall_process_user_registration_validationinclude\registration-functions.php:619

authwp_ajax_leaky_paywall_process_user_registration_validationinclude\registration-functions.php:620

noprivwp_ajax_leaky_paywall_validate_registrationinclude\registration-functions.php:1222

authwp_ajax_leaky_paywall_validate_registrationinclude\registration-functions.php:1223

noprivwp_ajax_leaky_paywall_store_nag_locationinclude\registration-functions.php:1414

authwp_ajax_leaky_paywall_store_nag_locationinclude\registration-functions.php:1415

REST API Routes 6

POST/wp-json/lp-list-builder/v1/flowinclude\list-builder\class-lp-list-builder.php:719

POST/wp-json/lp-list-builder/v1/signupinclude\list-builder\class-lp-list-builder.php:732

POST/wp-json/lp-list-builder/v1/logininclude\list-builder\class-lp-list-builder.php:753

POST/wp-json/lp-list-builder/v1/password-reset/requestinclude\list-builder\class-lp-list-builder.php:773

POST/wp-json/lp-list-builder/v1/password-reset/verifyinclude\list-builder\class-lp-list-builder.php:782

POST/wp-json/lp-list-builder/v1/password-reset/confirminclude\list-builder\class-lp-list-builder.php:792

Shortcodes 7

[leaky_paywall_login] shortcodes.php:68

[leaky_paywall_subscription] shortcodes.php:152

[leaky_paywall_profile] shortcodes.php:508

[leaky_paywall_register_form] shortcodes.php:1057

[leaky_paywall_subscriber] shortcodes.php:1117

[leaky_paywall_not_subscriber] shortcodes.php:1179

[leaky_paywall_account] shortcodes.php:1207

WordPress Hooks 123

actionhttp_api_curlclass.php:44

actionadmin_enqueue_scriptsclass.php:46

filterscript_loader_tagclass.php:47

actionadmin_print_stylesclass.php:48

actionwp_enqueue_scriptsclass.php:49

actionadmin_menuclass.php:51

actionadmin_menuclass.php:52

actionadmin_menuclass.php:53

actionadmin_noticesclass.php:54

actionadmin_noticesclass.php:55

actionadmin_noticesclass.php:56

actionwpclass.php:61

actionwpclass.php:62

actionrest_api_initclass.php:63

actionwp_headclass.php:64

filterissuem_pdf_attachment_urlclass.php:66

filterthe_contentclass.php:75

actionadmin_initfunctions.php:2549

actionleaky_paywall_process_renewal_reminderfunctions.php:2647

actionadmin_initfunctions.php:2660

actionleaky_paywall_process_expiration_checkfunctions.php:2741

actionadmin_initfunctions.php:2797

actionadmin_initfunctions.php:2817

actionleaky_paywall_run_status_migration_batchfunctions.php:2986

actionzeen101_dot_com_leaky_rss_feed_checkfunctions.php:3794

filterupload_mimesfunctions.php:3832

actionshow_user_profilefunctions.php:4099

actionedit_user_profilefunctions.php:4100

filterplugin_row_metafunctions.php:4157

actioninitfunctions.php:4238

actionadmin_bar_menufunctions.php:4725

actionadmin_noticesfunctions.php:4811

actionadmin_initfunctions.php:4841

actionwp_login_failedfunctions.php:5026

actionadmin_print_styles-plugins.phpfunctions.php:5069

actionwp_dashboard_setupinclude\admin\dashboard-widgets.php:24

actioninitinclude\admin\lp-incomplete-user.php:18

actionadd_meta_boxesinclude\admin\lp-incomplete-user.php:19

actioninitinclude\admin\lp-transaction.php:20

actionadd_meta_boxesinclude\admin\lp-transaction.php:21

filtermanage_edit-lp_transaction_columnsinclude\admin\lp-transaction.php:23

actionmanage_lp_transaction_posts_custom_columninclude\admin\lp-transaction.php:24

actionrestrict_manage_postsinclude\admin\lp-transaction.php:26

actionpre_get_postsinclude\admin\lp-transaction.php:27

filtermanage_edit-lp_transaction_sortable_columnsinclude\admin\lp-transaction.php:28

filtermonths_dropdown_resultsinclude\admin\lp-transaction.php:29

actionin_admin_headerinclude\admin\lp-transaction.php:31

actionadmin_menuinclude\admin\onboarding\class-onboarding.php:17

actionadmin_initinclude\admin\onboarding\class-onboarding.php:18

actionadmin_initinclude\admin\onboarding\class-onboarding.php:19

actionadmin_enqueue_scriptsinclude\admin\onboarding\class-onboarding.php:20

actionadmin_noticesinclude\admin\onboarding\tracking.php:24

actionleaky_paywall_tracking_sendinclude\admin\onboarding\tracking.php:36

actionadmin_menuinclude\admin\onboarding.php:22

actionadmin_initinclude\admin\onboarding.php:24

actionleaky_paywall_status_transitioninclude\admin\subscribers\functions.php:258

actionadmin_initinclude\admin\subscribers\subscriber.php:8

actionadmin_initinclude\admin\subscribers\subscriber.php:9

filterwp_check_filetype_and_extinclude\admin\tools\import.php:54

actionadmin_initinclude\admin\tools\tools.php:381

actionleaky_paywall_new_subscriberinclude\class-lp-event-tracking.php:54

actionleaky_paywall_update_subscriberinclude\class-lp-event-tracking.php:55

actionleaky_paywall_cancelled_subscriberinclude\class-lp-event-tracking.php:56

actionleaky_paywall_level_transitioninclude\class-lp-event-tracking.php:59

actionleaky_paywall_status_transitioninclude\class-lp-event-tracking.php:60

actionleaky_paywall_failed_paymentinclude\class-lp-event-tracking.php:63

actionleaky_paywall_stripe_charge_succeededinclude\class-lp-event-tracking.php:64

actionleaky_paywall_authorizenet_signupinclude\class-lp-event-tracking.php:65

actionleaky_paywall_after_authorizenet_renewalinclude\class-lp-event-tracking.php:66

actionleaky_paywall_net_authorize_customer_subscription_failedinclude\class-lp-event-tracking.php:67

filterleaky_paywall_current_user_can_accessinclude\class-lp-event-tracking.php:70

actionleaky_paywall_is_restricted_contentinclude\class-lp-event-tracking.php:71

actionshutdowninclude\class-lp-event-tracking.php:72

actionwp_logininclude\class-lp-event-tracking.php:75

actionwp_footerinclude\class-lp-event-tracking.php:80

actionsanitize_comment_cookiesinclude\class-lp-logging.php:25

actionadmin_initinclude\class-lp-nag-impressions.php:31

actionadmin_menuinclude\class-lp-onboarding.php:20

actionadmin_initinclude\class-lp-onboarding.php:22

actionrest_api_initinclude\class-rest-restrictions.php:106

actionrest_api_initinclude\class-rest-subscribers.php:24

filterthe_contentinclude\class-restrictions.php:618

actionplugins_loadedinclude\gateways\gateway-functions.php:21

actionleaky_paywall_before_registration_submit_fieldinclude\gateways\gateway-functions.php:126

actioninitinclude\gateways\gateway-functions.php:151

actionwpinclude\gateways\gateway-functions.php:183

actionwp_enqueue_scriptsinclude\gateways\gateway-functions.php:208

filterleaky_paywall_subscription_options_payment_optionsinclude\gateways\gateway-functions.php:232

filterleaky_paywall_subscription_options_payment_optionsinclude\gateways\paypal\functions.php:34

filterleaky_paywall_subscription_options_payment_optionsinclude\gateways\stripe\functions.php:41

actionleaky_paywall_before_process_stripe_webhookinclude\gateways\stripe\functions.php:638

actionleaky_paywall_before_process_stripe_webhookinclude\gateways\stripe\functions.php:759

actioninitinclude\gateways\stripe\functions.php:879

actioninitinclude\gateways\stripe\functions.php:1067

actionadmin_initinclude\gateways\stripe\functions.php:1109

actionadmin_initinclude\gateways\stripe\functions.php:1130

actionleaky_paywall_subscriber_email_changedinclude\gateways\stripe\functions.php:1260

actionleaky_paywall_after_process_registrationinclude\gateways\stripe\functions.php:1365

filterleaky_paywall_payment_intent_paramsinclude\gateways\stripe\functions.php:1413

filterleaky_paywall_payment_intent_argsinclude\gateways\stripe\functions.php:1424

filterleaky_paywall_process_stripe_payment_customer_paramsinclude\gateways\stripe\functions.php:1437

filterleaky_paywall_stripe_subscription_paramsinclude\gateways\stripe\functions.php:1449

filterleaky_paywall_stripe_plan_paramsinclude\gateways\stripe\functions.php:1463

filterleaky_paywall_stripe_subscription_argsinclude\gateways\stripe\functions.php:1478

actionadmin_initinclude\gateways\stripe\functions.php:1490

actionadmin_initinclude\gateways\stripe\functions.php:1521

actionadmin_initinclude\license-key.php:61

actionadmin_initinclude\license-key.php:62

actionleaky_paywall_after_licenses_settingsinclude\license-key.php:64

actionwp_footerinclude\list-builder\class-lp-list-builder.php:19

actionwp_enqueue_scriptsinclude\list-builder\class-lp-list-builder.php:20

actionrest_api_initinclude\list-builder\class-lp-list-builder.php:21

actionafter_setup_themeinclude\list-builder\class-lp-list-builder.php:22

filterleaky_paywall_settings_tab_sectionsinclude\list-builder\settings.php:12

actionleaky_paywall_output_settings_fieldsinclude\list-builder\settings.php:13

actionleaky_paywall_update_settingsinclude\list-builder\settings.php:14

actioninitinclude\registration-functions.php:121

actionrest_api_initinclude\rest-functions.php:31

actionplugins_loadedleaky-paywall.php:149

actionadd_meta_boxesmetaboxes.php:31

actionsave_postmetaboxes.php:233

actionlogin_form_bottomshortcodes.php:55

actioninitshortcodes.php:1286

Scheduled Events 4

leaky_paywall_process_renewal_reminder

leaky_paywall_process_expiration_check

zeen101_dot_com_leaky_rss_feed_check

leaky_paywall_tracking_send

Maintenance & Trust

Leaky Paywall Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads111K

Community Trust

Rating84/100

Number of ratings33

Active installs800

Alternatives

Leaky Paywall Alternatives

Contentlockr

newsroomie

100

Unlock more subscribers and traffic.

0 No CVEs

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 29 CVEs

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 16 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

Developer Profile

Leaky Paywall Developer Profile

ZEEN101

2 plugins · 1K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

180 days

View full developer profile

Detection Fingerprints

How We Detect Leaky Paywall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leaky-paywall/assets/css/admin.css/wp-content/plugins/leaky-paywall/assets/css/block-editor.css/wp-content/plugins/leaky-paywall/assets/css/custom.css/wp-content/plugins/leaky-paywall/assets/css/frontend.css/wp-content/plugins/leaky-paywall/assets/css/leaky-paywall-pay-form.css/wp-content/plugins/leaky-paywall/assets/css/leaky-paywall-checkout.css/wp-content/plugins/leaky-paywall/assets/js/admin.js/wp-content/plugins/leaky-paywall/assets/js/checkout.js+5 more

Script Paths

/wp-content/plugins/leaky-paywall/assets/js/admin.js/wp-content/plugins/leaky-paywall/assets/js/checkout.js/wp-content/plugins/leaky-paywall/assets/js/custom.js/wp-content/plugins/leaky-paywall/assets/js/donate.js/wp-content/plugins/leaky-paywall/assets/js/editor.js/wp-content/plugins/leaky-paywall/assets/js/frontend.js+1 more

Version Parameters

leaky-paywall/assets/css/admin.css?ver=leaky-paywall/assets/css/block-editor.css?ver=leaky-paywall/assets/css/custom.css?ver=leaky-paywall/assets/css/frontend.css?ver=leaky-paywall/assets/css/leaky-paywall-pay-form.css?ver=leaky-paywall/assets/css/leaky-paywall-checkout.css?ver=leaky-paywall/assets/js/admin.js?ver=leaky-paywall/assets/js/checkout.js?ver=leaky-paywall/assets/js/custom.js?ver=leaky-paywall/assets/js/donate.js?ver=leaky-paywall/assets/js/editor.js?ver=leaky-paywall/assets/js/frontend.js?ver=leaky-paywall/assets/js/leaky-paywall-pay-form.js?ver=leaky-paywall/vendor/woocommerce/action-scheduler/action-scheduler.php?ver=

HTML / DOM Fingerprints

CSS Classes

leaky-paywall-checkout-formleaky-paywall-donate-buttonleaky-paywall-pay-formleaky-paywall-checkout-fieldsleaky-paywall-checkout-header

HTML Comments

+4 more

Data Attributes

data-lp-restriction-typedata-lp-restriction-iddata-lp-plan-iddata-lp-user-iddata-lp-post-id

JS Globals

leaky_paywall_paramsleaky_paywall_localize

REST Endpoints

/wp-json/leaky-paywall/v1/restrictions/wp-json/leaky-paywall/v1/subscribers/wp-json/leaky-paywall/v1/transactions

Shortcode Output

[leaky_paywall_login_form][leaky_paywall_register_form][leaky_paywall_subscribe_form][leaky_paywall_renew_form]

FAQ