WP-Safety

MC Professional Authentication and User Sync Security & Risk Analysis

wordpress.org/plugins/memberclicks-professional-authentication

Provides SSO (Single Sign-On) with MemberClicks Professional to restrict content based on member group. Sync user records for consistent access.

20 active installs v1.0.2 PHP 7.2+ WP 6.6+ Updated Nov 1, 2024
mc-professionalmemberclicksmembership-managementssouser-authentication
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is MC Professional Authentication and User Sync Safe to Use in 2026?

Generally Safe

Score 92/100

MC Professional Authentication and User Sync has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "memberclicks-professional-authentication" v1.0.2 plugin exhibits a strong security posture based on the provided static analysis. The absence of any detected dangerous functions, raw SQL queries, unsanitized paths in taint analysis, and a 100% rate of properly escaped output are significant strengths. Furthermore, the complete lack of known vulnerabilities in its history suggests a history of secure development practices or minimal exposure to security research.

However, a notable area of concern is the absence of capability checks. While nonce checks are present on four entry points, the lack of capability checks means that even if nonces are validated, there's no mechanism to ensure that the user performing the action has the necessary permissions. This could potentially allow authenticated users to perform actions they shouldn't be able to, depending on the plugin's functionality. The presence of external HTTP requests also warrants careful consideration to ensure these are made securely and to trusted endpoints.

Overall, the plugin is well-developed from a code hygiene perspective, with no immediate critical vulnerabilities apparent. The primary risk lies in the potential for privilege escalation due to the absence of capability checks. The vulnerability history being completely clear is a positive indicator, but the lack of capability checks remains a notable oversight in securing the plugin's operations.

Key Concerns

  • Missing capability checks
  • External HTTP requests present
Vulnerabilities
None known

MC Professional Authentication and User Sync Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MC Professional Authentication and User Sync Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
52 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

100% escaped52 total outputs
Attack Surface

MC Professional Authentication and User Sync Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actionplugins_loadedincludes\class-memberclicks-professional-authentication.php:142
actionadmin_enqueue_scriptsincludes\class-memberclicks-professional-authentication.php:157
actionadmin_enqueue_scriptsincludes\class-memberclicks-professional-authentication.php:158
actionadmin_menuincludes\class-memberclicks-professional-authentication.php:159
actionadmin_initincludes\class-memberclicks-professional-authentication.php:160
actionadmin_post_updateincludes\class-memberclicks-professional-authentication.php:161
actionpre_user_queryincludes\class-memberclicks-professional-authentication.php:162
filtermanage_users_columnsincludes\class-memberclicks-professional-authentication.php:164
filtermanage_users_custom_columnincludes\class-memberclicks-professional-authentication.php:165
filtermanage_users_sortable_columnsincludes\class-memberclicks-professional-authentication.php:166
actionwp_enqueue_scriptsincludes\class-memberclicks-professional-authentication.php:181
actionwp_enqueue_scriptsincludes\class-memberclicks-professional-authentication.php:182
actionlogin_formincludes\class-memberclicks-professional-authentication.php:183
actionlogin_footerincludes\class-memberclicks-professional-authentication.php:184
actionparse_requestincludes\class-memberclicks-professional-authentication.php:185
actionwp_logoutincludes\class-memberclicks-professional-authentication.php:186
filterauthenticateincludes\class-memberclicks-professional-authentication.php:188
filterlogin_messageincludes\class-memberclicks-professional-authentication.php:189
filterquery_varsincludes\class-memberclicks-professional-authentication.php:190
Maintenance & Trust

MC Professional Authentication and User Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedNov 1, 2024
PHP min version7.2
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

MC Professional Authentication and User Sync Alternatives

BlossomThemes Toolkit

BlossomThemes Toolkit

blossomthemes-toolkit

A
100

BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.

30K No CVEs
Login for Google Apps

Login for Google Apps

google-apps-login

A
100

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE
SAML Single Sign On – SSO Login

SAML Single Sign On – SSO Login

miniorange-saml-20-single-sign-on

A
98

SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]

10K 6 CVEs
WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

wpo365-login

A
90

WordPress + Microsoft Entra | Ext. ID | B2C | M365 Integration for your Digital Workplace. For SSO, Mail, Roles, Access, Profiles, SharePoint, PowerBI …

10K 4 CVEs
OAuth Single Sign On – SSO (OAuth Client)

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

B
82

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs
Developer Profile

MC Professional Authentication and User Sync Developer Profile

MemberClicks

1 plugin · 20 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MC Professional Authentication and User Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/memberclicks-professional-authentication/css/memberclicks-professional-authentication-admin.css/wp-content/plugins/memberclicks-professional-authentication/js/memberclicks-professional-authentication-admin.js
Script Paths
admin/js/memberclicks-professional-authentication-admin.js
Version Parameters
memberclicks-professional-authentication/css/memberclicks-professional-authentication-admin.css?ver=memberclicks-professional-authentication/js/memberclicks-professional-authentication-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
memberclicks-professional-authentication-admin-css
HTML Comments
This function is provided for demonstration purposes only.An instance of this class should be passed to the run() functiondefined in MemberClicks_Professional_Authentication_Loader as all of the hooks are definedin that particular class.+3 more
Data Attributes
data-plugin-name="memberclicks-professional-authentication"data-plugin-version="1.0.2"
JS Globals
memberclicks_professional_authentication_admin_object
FAQ

Frequently Asked Questions about MC Professional Authentication and User Sync