WP-Safety

Maven Member Security & Risk Analysis

wordpress.org/plugins/maven-member

Maven Member™ lets you protect pages, posts and categories using flexible roles that you can define.

40 active installs v1.0.35 PHP + WP 3.0+ Updated Jan 25, 2013
authenticationblockcommunitycontentroles
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Maven Member Safe to Use in 2026?

Generally Safe

Score 85/100

Maven Member has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The maven-member plugin exhibits a concerning security posture primarily due to a large number of AJAX handlers lacking authentication checks. While the plugin shows strength in its use of prepared statements for SQL queries and has no recorded vulnerability history, the unprotected entry points create a significant attack surface. The presence of the `unserialize` function, even without immediate taint flow indicators, is a potential risk that requires careful monitoring. The low percentage of properly escaped output is another area of concern, as it could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled correctly before being displayed.

Despite the positive indicators like no CVEs and secure SQL practices, the high number of unprotected AJAX endpoints represents a critical weakness. Attackers could potentially exploit these endpoints to perform unauthorized actions or gather sensitive information. The `unserialize` function also introduces a latent risk, as it can be exploited if an attacker can control the serialized data that gets processed. The limited output escaping further exacerbates these risks by increasing the likelihood of XSS vulnerabilities.

In conclusion, while the absence of historical vulnerabilities and secure database practices are positive, the plugin's security is significantly undermined by its numerous unprotected AJAX handlers and insufficient output escaping. The presence of `unserialize` adds another layer of potential risk. Recommendations should focus on implementing robust authentication and capability checks for all AJAX handlers and ensuring all output is properly escaped to mitigate the identified risks.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function: unserialize
  • Low percentage of properly escaped output
  • Bundled libraries: TinyMCE (potential for outdated version)
Vulnerabilities
None known

Maven Member Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Maven Member Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
5 prepared
Unescaped Output
191
5 escaped
Nonce Checks
4
Capability Checks
17
File Operations
2
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$option = unserialize($option[0]->option_value);models\maven-member-base-model.php:37

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared5 total queries

Output Escaping

3% escaped196 total outputs
Attack Surface
29 unprotected

Maven Member Attack Surface

Entry Points32
Unprotected29

AJAX Handlers 29

authwp_ajax_maven_roles_addcontrollers\maven-member-manager-class.php:137
authwp_ajax_maven_roles_updatecontrollers\maven-member-manager-class.php:138
authwp_ajax_maven_roles_removecontrollers\maven-member-manager-class.php:139
authwp_ajax_maven_roles_get_users_by_rolecontrollers\maven-member-manager-class.php:140
authwp_ajax_maven_roles_get_allcontrollers\maven-member-manager-class.php:141
authwp_ajax_maven_roles_get_roles_by_usercontrollers\maven-member-manager-class.php:142
authwp_ajax_maven_users_add_role_to_usercontrollers\maven-member-manager-class.php:144
authwp_ajax_maven_users_get_allcontrollers\maven-member-manager-class.php:146
authwp_ajax_maven_users_reset_rolescontrollers\maven-member-manager-class.php:147
authwp_ajax_maven_users_enable_usercontrollers\maven-member-manager-class.php:148
authwp_ajax_maven_users_save_usercontrollers\maven-member-manager-class.php:149
authwp_ajax_maven_users_delete_usercontrollers\maven-member-manager-class.php:150
authwp_ajax_maven_users_addcontrollers\maven-member-manager-class.php:151
authwp_ajax_maven_pages_save_template_rolescontrollers\maven-member-manager-class.php:153
authwp_ajax_maven_setting_savecontrollers\maven-member-manager-class.php:155
authwp_ajax_maven_setting_save_captchascontrollers\maven-member-manager-class.php:156
authwp_ajax_maven_setting_resetcontrollers\maven-member-manager-class.php:157
authwp_ajax_maven_category_get_rolescontrollers\maven-member-manager-class.php:159
authwp_ajax_maven_categories_add_rolescontrollers\maven-member-manager-class.php:160
authwp_ajax_maven_categories_addcontrollers\maven-member-manager-class.php:161
authwp_ajax_maven_categories_deletecontrollers\maven-member-manager-class.php:162
authwp_ajax_maven_categories_reset_rolescontrollers\maven-member-manager-class.php:163
authwp_ajax_maven_categories_updatecontrollers\maven-member-manager-class.php:164
authwp_ajax_maven_import_import_userscontrollers\maven-member-manager-class.php:166
authwp_ajax_maven_import_remove_userscontrollers\maven-member-manager-class.php:167
authwp_ajax_maven_registration_update_fields_to_displaycontrollers\maven-member-manager-class.php:169
authwp_ajax_maven_registration_insert_fieldcontrollers\maven-member-manager-class.php:170
authwp_ajax_maven_registration_remove_fieldcontrollers\maven-member-manager-class.php:171
authwp_ajax_maven_registration_reset_fieldscontrollers\maven-member-manager-class.php:172

Shortcodes 3

[mvn-block] controllers\maven-member-blocker-class.php:16
[mvn-login] controllers\maven-member-short-codes-class.php:12
[mvn-registration] controllers\maven-member-short-codes-class.php:14
WordPress Hooks 40
actionwidgets_initaddons\widgets\logout\mvn_widget_logout.php:84
actioninitcontrollers\maven-member-auto-logout-class.php:8
actionwp_logincontrollers\maven-member-auto-logout-class.php:13
actionget_headercontrollers\maven-member-auto-logout-class.php:14
actionadmin_initcontrollers\maven-member-auto-logout-class.php:15
actioninitcontrollers\maven-member-blocker-class.php:11
filterlogin_redirectcontrollers\maven-member-blocker-class.php:23
filterauthenticatecontrollers\maven-member-blocker-class.php:24
actiondbx_post_advancedcontrollers\maven-member-blocker-class.php:25
filterthe_contentcontrollers\maven-member-blocker-class.php:29
filterthe_postcontrollers\maven-member-blocker-class.php:30
filterthe_excerptcontrollers\maven-member-blocker-class.php:31
filtercomments_templatecontrollers\maven-member-blocker-class.php:283
actioninitcontrollers\maven-member-categories-class.php:14
actioncategory_add_form_fieldscontrollers\maven-member-categories-class.php:20
actioncategory_edit_form_fieldscontrollers\maven-member-categories-class.php:21
actionedited_categorycontrollers\maven-member-categories-class.php:22
actioncreated_categorycontrollers\maven-member-categories-class.php:23
actioninitcontrollers\maven-member-fields-class.php:10
actioninitcontrollers\maven-member-manager-class.php:40
actionadmin_menucontrollers\maven-member-manager-class.php:120
actionadmin_bar_menucontrollers\maven-member-manager-class.php:123
actionadmin_print_stylescontrollers\maven-member-manager-class.php:125
actionadmin_enqueue_scriptscontrollers\maven-member-manager-class.php:126
actioninitcontrollers\maven-member-pages-class.php:17
actionsave_postcontrollers\maven-member-pages-class.php:23
actionadd_meta_boxescontrollers\maven-member-pages-class.php:24
actioninitcontrollers\maven-member-registration-class.php:15
actioninitcontrollers\maven-member-settings-class.php:42
actioninitcontrollers\maven-member-short-codes-class.php:8
actioninitcontrollers\maven-member-users-class.php:10
actionedit_user_profilecontrollers\maven-member-users-class.php:17
actionshow_user_profilecontrollers\maven-member-users-class.php:18
actionpersonal_options_updatecontrollers\maven-member-users-class.php:19
actionedit_user_profile_updatecontrollers\maven-member-users-class.php:20
actionedit_user_profilecontrollers\maven-member-users-class.php:23
actionprofile_updatecontrollers\maven-member-users-class.php:26
actionuser_registercontrollers\maven-member-users-class.php:28
filtereditable_rolescontrollers\maven-member-users-class.php:31
actioninitcontrollers\maven-member-wizard-class.php:8
Maintenance & Trust

Maven Member Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedJan 25, 2013
PHP min version
Downloads20K

Community Trust

Rating54/100
Number of ratings10
Active installs40
Alternatives

Maven Member Alternatives

Members Category

Members Category

members-category

A
85

Members Category is an add-in for WP-Members™ plugin that restricts specified categories to registered users.

20 No CVEs
ContentLock

ContentLock

contentlock

A
90

Secure access to your content (Pages, Posts, or Custom Post Types) with ContentLock's email-based two-step verification!

0 3 CVEs
IntelliBuilder

IntelliBuilder

intelli-builder

A
92

IntelliBuilder: Control Gutenberg block visibility with custom rules for user roles, devices, locations, and more.

0 No CVEs
Advanced Access Manager – Access Governance for WordPress

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

A
95

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs
Block Visibility — Conditional Visibility Control for the Block Editor

Block Visibility — Conditional Visibility Control for the Block Editor

block-visibility

A
100

Easily show or hide any WordPress block. Schedule block visibility. Restrict blocks to specific screen sizes, user roles, post types, and more.

40K No CVEs
Developer Profile

Maven Member Developer Profile

mustela

2 plugins · 6K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Maven Member

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/maven-member/css/admin.css/wp-content/plugins/maven-member/css/wp-maven.css/wp-content/plugins/maven-member/css/impromptu.css/wp-content/plugins/maven-member/css/tabs.css/wp-content/plugins/maven-member/js/maven-member-admin.js/wp-content/plugins/maven-member/js/jquery-impromptu.3.1.min.js/wp-content/plugins/maven-member/js/admin/maven-member-roles.js/wp-content/plugins/maven-member/js/admin/maven-member-users.js+6 more
Script Paths
/wp-content/plugins/maven-member/js/maven-member-admin.js/wp-content/plugins/maven-member/js/jquery-impromptu.3.1.min.js/wp-content/plugins/maven-member/js/admin/maven-member-roles.js/wp-content/plugins/maven-member/js/admin/maven-member-users.js/wp-content/plugins/maven-member/js/admin/maven-member-categories.js/wp-content/plugins/maven-member/js/admin/maven-member-registration.js+4 more
Version Parameters
maven-member/css/admin.css?ver=maven-member/css/wp-maven.css?ver=maven-member/css/impromptu.css?ver=maven-member/css/tabs.css?ver=maven-member/js/maven-member-admin.js?ver=maven-member/js/jquery-impromptu.3.1.min.js?ver=maven-member/js/admin/maven-member-roles.js?ver=maven-member/js/admin/maven-member-users.js?ver=maven-member/js/admin/maven-member-categories.js?ver=maven-member/js/admin/maven-member-registration.js?ver=maven-member/js/admin/maven-member-templates.js?ver=maven-member/js/admin/maven-member-import.js?ver=maven-member/js/admin/maven-member-wizard.js?ver=maven-member/js/admin/maven-member-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
maven_wp_admin-cssmaven_admin-cssmaven_admin-impromptutabsmaven_admin_rolesmaven_admin_usersmaven_admin_categoriesmaven_admin_registration+4 more
Data Attributes
data-wbm-member
JS Globals
mavenConfig
FAQ

Frequently Asked Questions about Maven Member