[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQOegLEq8OZUzsG23kQSMQ3QQjVTxePl9hW_g-jmhEE4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":137,"fingerprints":283},"memberfindme-login-connector","MembershipWorks Login Connector","6.4","MembershipWorks","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourcefound\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmembershipworks.com\u002F\" rel=\"nofollow ugc\">MembershipWorks\u003C\u002Fa> (formerly MemberFindMe) is a comprehensive website, membership management and event management solution for small to mid sized chambers, professional groups, associations and other member organizations.\u003C\u002Fp>\n\u003Cp>This plugin supplements the main MembershipWorks plugin (version 5.0 and up) to allow your members signing in to MembershipWorks to be simultaneously signed in as a WordPress user. This lets you use other plugins that rely on the WordPress user system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Creates a new user account on WordPress (if account does not already exist) upon member login or signup\u003C\u002Fli>\n\u003Cli>Replaces Gravatar with the member’s MembershipWorks avatar\u003C\u002Fli>\n\u003Cli>Adds a login\u002Flogout widget\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows members to sign in to MembershipWorks and as a WordPress user on your site.",800,30902,100,2,"2026-02-22T06:57:00.000Z","6.9.4","4.0","",[20,21,22,23,24],"member-login","memberfindme","membership","membership-management","membershipworks","https:\u002F\u002Fmembershipworks.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberfindme-login-connector.6.4.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"sourcefound",4,4000,92,1,94,"2026-04-05T10:21:28.488Z",[40,59,81,101,121],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":27,"num_ratings":27,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":57,"download_link":58,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wild-apricot-login","Wild Apricot Login","1.0.16","Wild Apricot","https:\u002F\u002Fprofiles.wordpress.org\u002Fwild-apricot\u002F","\u003Cp>The \u003Ca href=\"http:\u002F\u002Fwww.wildapricot.com\u002F\" rel=\"nofollow ugc\">Wild Apricot\u003C\u002Fa> Login plugin allows you to restrict content on your WordPress to your Wild Apricot members, and provide access to restricted Wild Apricot content such as member directories and member-only events. Any restricted Wild Apricot content – embedded using Wild Apricot widgets – can be accessed without further authentication.\u003C\u002Fp>\n\u003Cp>You can display a login button for single sign-on by adding a widget – installed along with the Wild Apricot Login plugin – to the header in your WordPress theme layout, or by inserting a shortcode in your page content. A shortcode can be added to a WordPress page to restrict WordPress content to Wild Apricot members. As well, you can use the plugin to add Wild Apricot membership levels as WordPress roles.\u003C\u002Fp>\n","Provides single sign-on service for Wild Apricot members to provide access to restricted Wild Apricot content.",16008,"2025-12-11T14:56:00.000Z","6.9.0","4.0.1",[53,54,55,23,56],"event-management","events","members","wild-apricot","http:\u002F\u002Fwww.wildapricot.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwild-apricot-login.1.0.17.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":79,"download_link":80,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gym-studio-membership-management","Gym Studio Membership Management","1.2.0","Fitsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Ffitsoft\u002F","\u003Cp>Gym Studio Membership Management creates editor buttons for embedding class calendar, schedule of classes, login area, chat, and membership checkout to a post or a page. From the “Membership Management” page you can also manage classes, instructors, members, and memberships. Now includes an optional floating widget for all pages.\u003C\u002Fp>\n\u003Cp>New Features:\u003Cbr \u002F>\n* Refresh block update when editing\u003Cbr \u002F>\n* Updated Calendar\u003C\u002Fp>\n\u003Cp>Major features in Gym Studio Membership Management include:\u003Cbr \u002F>\n* Add a monthly class calendar along with class details to the frontend.\u003Cbr \u002F>\n* Add a login area with member’s dashboard to your site for updating payment information.\u003Cbr \u002F>\n* Add a schedule of classes to your website.\u003Cbr \u002F>\n* When a member signs up a QR-barcode it is automatically generated for the member.\u003Cbr \u002F>\n* Automatically charge members by a selected timeframe and with a number of recurring payments.\u003Cbr \u002F>\n* Track payments and unpaid members. See who has paid for what and their payment history.\u003Cbr \u002F>\n* New Promocode system set promo start date, end date, number of usage and discounts by percentage, sales price or discounted value.\u003C\u002Fp>\n\u003Cp>PS: You’ll need a \u003Ca href=\"http:\u002F\u002Fnews.fitsoft.com\u002Fwordpress-plugin-setup\" rel=\"nofollow ugc\">Fitsoft Plugin password\u003C\u002Fa> for instruction to create one.  It is free to signup and use; Transaction fee applies on a business or a commercial site.\u003C\u002Fp>\n\u003Cp>Also if you find any bugs or request for us to add new features please email us at support@fitsoft.com. Please check welcome email for instruction and app download links.\u003C\u002Fp>\n","Gym Studio Membership Management adds class calendar, schedule of classes and membership checkout to your posts and pages.",90,21773,78,15,"2025-07-02T23:12:00.000Z","6.8.5","4.2.4",[75,76,77,23,78],"class-calendar","class-schedule","member","schedule-of-classes","https:\u002F\u002Fnews.fitsoft.com\u002Fwordpress-plugin-setup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgym-studio-membership-management.1.2.0.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":13,"num_ratings":14,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":98,"download_link":99,"security_score":100,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"administrator-access-to-pmpro-protected-content","Administrator Access to PMPro Protected Content","1.3","Thomas S","https:\u002F\u002Fprofiles.wordpress.org\u002Feighty20results\u002F","\u003Cp>By default Paid Memberships Pro will \u003Cem>not\u003C\u002Fem> let an administrator get access to a protected post or page without making the administrator a member of one of the membership levels that are required for that post\u002Fpage in the “Require Membership” checkboxes in the post\u002Fpage editor.\u003C\u002Fp>\n\u003Cp>This is contrary to what a traditional interpretation of the “Administrator” role represents for WordPress (or any user based security system). People expect the administrator\u002Froot account(s) on the system to have full access to administer and view the content on the site.\u003C\u002Fp>\n\u003Cp>This behavior also represents one of the frequent problems experienced when trying to use a WordPress front-end post or page editor; The expected content for the post\u002Fpage being edited either doesn’t show up, or is being redirected away from.\u003C\u002Fp>\n\u003Cp>This plugin will remove the PMPro access restrictions to content for any user assigned to the WordPress ‘administrator’ role.\u003C\u002Fp>\n\u003Cp>As of version 1.2, the same functionality has been extended to the PMPro [membership] short code.\u003Cbr \u002F>\nThis plugin should be used with caution!\u003C\u002Fp>\n\u003Ch3>Credit\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Ca href=\"https:\u002F\u002Fwww.freeiconspng.com\u002Fimg\u002F29108\" rel=\"nofollow ugc\">Unlock Hd Icon by Ahkâm\u003C\u002Fa> – Copyright (c) Ahkâm\u003Cbr \u002F>\nThis plugin uses the logo by \u003Ca href=\"https:\u002F\u002Fwww.paid-memberships-pro.com\u002F\" rel=\"nofollow ugc\">Paid Memberships Pro\u003C\u002Fa> – Copyright (c) Stranger Studios, LLC\u003C\u002Fp>\n\u003Ch3>v1.3\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>REFACTOR: Updated to signify support for latest WordPress releases\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>v1.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>ENHANCEMENT: Add check override when using [membership] short code\u003C\u002Fli>\n\u003Cli>BUG FIX: Didn’t guarantee false return when user isn’t logged in or not an admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>v1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>BUG FIX: Didn’t prevent redirect(s) when accessing the Membership Account page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>v1.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial release of plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Overrides the PMPro \"Require Membership\" settings and grants view access to any user assigned to the WordPress \"Administrator\" rol …",60,2535,"2020-09-16T20:02:00.000Z","5.5.18","4.8",[22,23,95,96,97],"page-editor","paid-memberships-pro","pmpro","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadministrator-access-to-pmpro-protected-content","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadministrator-access-to-pmpro-protected-content.zip",85,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":27,"num_ratings":27,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":18,"download_link":120,"security_score":35,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"memberclicks-professional-authentication","MC Professional Authentication and User Sync","1.0.2","MemberClicks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmemberclicks\u002F","\u003Cp>The MC Professional Authentication and User Sync plugin allows you to offer exclusive member content on your WordPress site by restricting access to some or all areas of your site. As the administrator, you have control over permissions with the flexibility to set content access based on the member types and group affiliations that are already set up within your MC Professional system.\u003C\u002Fp>\n\u003Cp>To log in to your restricted WordPress site, your members can utilize convenient single sign-on (SSO) with their regular MC Professional credentials and will be able to access specific content and pages based on your settings. You even can customize the WordPress site login screen. Additionally, the plugin enables you to sync user records across your MC Professional system and WordPress site to ensure you have one consistent source of truth for user authentication.\u003C\u002Fp>\n\u003Cp>The plugin reaches out to MemberClicks Professional servers using the domain and API credentials that you enter in the plugin settings page. The plugin uses standard OAuth2 protocols to authenticate members, and data is transferred over secure connections. You can find Terms of Use, Privacy Policy and other legal documents in the \u003Ca href=\"https:\u002F\u002Fmemberclicks.com\u002Flegal\u002F\" rel=\"nofollow ugc\">Legal Center\u003C\u002Fa>.\u003C\u002Fp>\n","Provides SSO (Single Sign-On) with MemberClicks Professional to restrict content based on member group. Sync user records for consistent access.",20,2758,"2024-11-01T15:44:00.000Z","6.6.5","6.6","7.2",[116,117,23,118,119],"mc-professional","memberclicks","sso","user-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberclicks-professional-authentication.1.0.2.zip",{"slug":23,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":27,"downloaded":128,"rating":27,"num_ratings":27,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":135,"download_link":136,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"Membership Management","1.3.3","Digitally Cultured","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitally-cultured\u002F","\u003Cp>Unlock the full potential of your organization with our Membership Management Plugin. Designed for professional organizations and non-profits, this feature-rich tool allows you to easily manage and organize your membership list. Keep track of member status, contact information, and more, all within the familiar WordPress environment. As your organization grows, our plugin scales with you, offering future features like member self-service options for updating information and dues payment. Simplify your membership management today.\u003C\u002Fp>\n","Empower your organization with our Membership Management Plugin for WordPress. Effortlessly maintain and track membership status, contact details, and …",1614,"2025-12-02T14:16:00.000Z","6.5.8","5.0","7.4",[134,23],"crm","https:\u002F\u002Fgithub.com\u002Fchrisjangl\u002Fmembership-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembership-management.1.3.3.zip",{"attackSurface":138,"codeSignals":205,"taintFlows":232,"riskAssessment":270,"analyzedAt":282},{"hooks":139,"ajaxHandlers":193,"restRoutes":201,"shortcodes":202,"cronEvents":203,"entryPointCount":204,"unprotectedCount":204},[140,146,150,155,159,163,166,170,174,178,181,185,188],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","init","sf_mfl_init","memberfindmelogin.php",102,{"type":141,"name":147,"callback":148,"file":144,"line":149},"clear_auth_cookie","sf_mfl_clear_auth_cookie",112,{"type":151,"name":152,"callback":153,"file":144,"line":154},"filter","nocache_headers","sf_mfl_nocache_headers",118,{"type":141,"name":156,"callback":157,"file":144,"line":158},"widgets_init","sf_widget_login_init",176,{"type":151,"name":160,"callback":161,"file":144,"line":162},"send_email_change_email","__return_false",204,{"type":151,"name":164,"callback":161,"file":144,"line":165},"send_password_change_email",205,{"type":141,"name":167,"callback":168,"file":144,"line":169},"login_form_login","sf_login",242,{"type":141,"name":171,"callback":172,"priority":36,"file":144,"line":173},"wp_authenticate","sf_authenticate",279,{"type":141,"name":175,"callback":176,"file":144,"line":177},"login_form_logout","sf_logout",295,{"type":141,"name":179,"callback":176,"file":144,"line":180},"wp_logout",296,{"type":141,"name":182,"callback":183,"file":144,"line":184},"login_form_lostpassword","sf_password",357,{"type":141,"name":186,"callback":183,"file":144,"line":187},"login_form_retrievepassword",358,{"type":151,"name":189,"callback":190,"priority":191,"file":144,"line":192},"get_avatar","sf_get_avatar",99,371,[194,197,199],{"action":183,"nopriv":195,"callback":183,"hasNonce":196,"hasCapCheck":196,"file":144,"line":69},true,false,{"action":168,"nopriv":195,"callback":168,"hasNonce":196,"hasCapCheck":196,"file":144,"line":198},80,{"action":176,"nopriv":196,"callback":176,"hasNonce":196,"hasCapCheck":196,"file":144,"line":200},82,[],[],[],3,{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":209,"fileOperations":27,"externalRequests":204,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":231},[],{"prepared":27,"raw":27,"locations":208},[],{"escaped":70,"rawEcho":210,"locations":211},9,[212,215,217,219,221,223,225,227,229],{"file":144,"line":213,"context":214},137,"raw output",{"file":144,"line":216,"context":214},139,{"file":144,"line":218,"context":214},141,{"file":144,"line":220,"context":214},145,{"file":144,"line":222,"context":214},157,{"file":144,"line":224,"context":214},159,{"file":144,"line":226,"context":214},169,{"file":144,"line":228,"context":214},238,{"file":144,"line":230,"context":214},353,[],[233,259],{"entryPoint":234,"graph":235,"unsanitizedCount":14,"severity":258},"sf_password (memberfindmelogin.php:298)",{"nodes":236,"edges":255},[237,242,248,251],{"id":238,"type":239,"label":240,"file":144,"line":241},"n0","source","$_POST",307,{"id":243,"type":244,"label":245,"file":144,"line":246,"wp_function":247},"n1","sink","wp_remote_get() [SSRF]",310,"wp_remote_get",{"id":249,"type":239,"label":240,"file":144,"line":250},"n2",340,{"id":252,"type":244,"label":253,"file":144,"line":230,"wp_function":254},"n3","echo() [XSS]","echo",[256,257],{"from":238,"to":243,"sanitized":196},{"from":249,"to":252,"sanitized":196},"medium",{"entryPoint":260,"graph":261,"unsanitizedCount":14,"severity":258},"\u003Cmemberfindmelogin> (memberfindmelogin.php:0)",{"nodes":262,"edges":267},[263,264,265,266],{"id":238,"type":239,"label":240,"file":144,"line":241},{"id":243,"type":244,"label":245,"file":144,"line":246,"wp_function":247},{"id":249,"type":239,"label":240,"file":144,"line":250},{"id":252,"type":244,"label":253,"file":144,"line":230,"wp_function":254},[268,269],{"from":238,"to":243,"sanitized":196},{"from":249,"to":252,"sanitized":196},{"summary":271,"deductions":272},"The memberfindme-login-connector plugin version 6.4 exhibits a concerning security posture due to a significant number of unprotected entry points.  All three identified AJAX handlers lack authentication checks, presenting a direct avenue for attackers to interact with potentially sensitive functionalities. While the plugin demonstrates good practices in its handling of SQL queries, ensuring they are prepared statements, and has no recorded vulnerability history, these strengths are overshadowed by the critical lack of authorization on its AJAX endpoints.  The taint analysis also revealed flows with unsanitized paths, although these did not escalate to critical or high severity, they warrant attention as potential precursors to more severe issues if combined with exploitable entry points. The absence of nonce checks further exacerbates the risk associated with the unprotected AJAX handlers. Overall, while the plugin is free of known vulnerabilities and handles database interactions securely, its direct exposure of AJAX endpoints without proper authentication and authorization is a significant security weakness that requires immediate attention.",[273,275,278,280],{"reason":274,"points":70},"Unprotected AJAX handlers",{"reason":276,"points":277},"No nonce checks",5,{"reason":279,"points":277},"Unsanitized paths in taint flows",{"reason":281,"points":204},"Insufficient output escaping","2026-03-16T19:19:47.116Z",{"wat":284,"direct":293},{"assetPaths":285,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[286,287],"\u002Fwp-content\u002Fplugins\u002Fmemberfindme-login-connector\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmemberfindme-login-connector\u002Fscripts.js",[],[287],[291,292],"memberfindme-login-connector\u002Fstyle.css?ver=","memberfindme-login-connector\u002Fscripts.js?ver=",{"cssClasses":294,"htmlComments":303,"htmlAttributes":315,"restEndpoints":318,"jsGlobals":322,"shortcodeOutput":324},[295,296,297,298,299,300,301,302],"login-form","login-username","login-password","login-submit","login-request","login-message","login-ack","widget_sf_widget_login",[304,305,306,307,308,309,310,311,312,313,314]," Copyright 2013-2023  SOURCEFOUND INC.  (email : info@sourcefound.com)"," This program is free software; you can redistribute it and\u002For modify"," it under the terms of the GNU General Public License, version 2, as "," published by the Free Software Foundation."," This program is distributed in the hope that it will be useful,"," but WITHOUT ANY WARRANTY; without even the implied warranty of"," MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the"," GNU General Public License for more details."," You should have received a copy of the GNU General Public License"," along with this program; if not, write to the Free Software"," Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA",[316,317],"onkeyup","onclick",[319,320,321],"\u002Fwp-json\u002Fsf_password","\u002Fwp-json\u002Fsf_login","\u002Fwp-json\u002Fsf_logout",[323],"sf_wpl",[]]