Does MemberMagix have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MemberMagix compatible with WordPress 6.9.4?

According to WordPress.org data, MemberMagix 4.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MemberMagix compatible with PHP 7.4+?

MemberMagix requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MemberMagix updated?

MemberMagix was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is MemberMagix's security score?

MemberMagix has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MemberMagix Security & Risk Analysis

wordpress.org/plugins/membermagix

A lightweight membership plugin with passwordless magic-link authentication, server-side content protection, and elegant subscriber onboarding.

0 active installs v4.0.4 PHP 7.4+ WP 6.0+ Updated Apr 14, 2026

content-protectionmagic-linkmembershippasswordless-loginpaywall

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MemberMagix Safe to Use in 2026?

Generally Safe

Score 100/100

MemberMagix has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The MemberMagix plugin v4.0.4 exhibits a generally good security posture with several strengths. The code demonstrates a strong commitment to secure coding practices, as evidenced by 100% of SQL queries utilizing prepared statements and an exceptionally high 99% of output being properly escaped. The plugin also implements a reasonable number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities. Furthermore, the absence of any recorded historical CVEs or known vulnerabilities is a positive indicator of the plugin's stability and developer diligence.

However, there are areas of concern that warrant attention. The plugin exposes three REST API routes without permission callbacks, creating a significant attack surface that could potentially be exploited if not properly secured at the application layer. Additionally, the taint analysis revealed one high-severity flow with unsanitized paths. While the overall number of flows is small, this indicates a specific weakness that could lead to path traversal or similar vulnerabilities if user input is not adequately validated and sanitized within these flows.

In conclusion, MemberMagix v4.0.4 is a relatively secure plugin with strong coding practices in critical areas like SQL and output escaping. The lack of historical vulnerabilities is a significant strength. Nevertheless, the unprotected REST API routes and the identified high-severity taint flow represent notable risks that should be addressed to further enhance the plugin's security.

Key Concerns

REST API routes without permission callbacks
High severity taint flow with unsanitized paths

Vulnerabilities

None known

MemberMagix Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MemberMagix Release Timeline

v4.0.4Current

Code Analysis

Analyzed Apr 16, 2026

MemberMagix Code Analysis

Dangerous Functions

Raw SQL Queries

65 prepared

Unescaped Output

301 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared65 total queries

Output Escaping

99% escaped303 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

admin_notices (includes/class-member-management.php:659)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

MemberMagix Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 3

authwp_ajax_mmax_dismiss_smtp_noticeincludes/class-magic-link.php:40

authwp_ajax_mmax_send_test_emailincludes/class-magic-link.php:41

authwp_ajax_mmax_review_prompt_actionincludes/class-mmax-admin.php:26

REST API Routes 3

GET/wp-json/mmax/v1/overlay/(?P<post_id>\d+)includes/class-content-protection.php:1306

POST/wp-json/mmax/v1/magic-linkincludes/class-magic-link.php:602

GET/wp-json/mmax/v1/sessionincludes/class-magic-link.php:641

Shortcodes 2

[mmax_cutoff] includes/class-content-protection.php:385

[mmax_membership_form] includes/class-magic-link.php:24

WordPress Hooks 47

actioninitincludes/class-content-protection.php:382

actioninitincludes/class-content-protection.php:388

actionadd_meta_boxesincludes/class-content-protection.php:391

actionsave_postincludes/class-content-protection.php:392

actionadmin_initincludes/class-content-protection.php:395

actiontemplate_redirectincludes/class-content-protection.php:398

actionrest_api_initincludes/class-content-protection.php:401

filterrest_prepare_postincludes/class-content-protection.php:404

filterrest_prepare_pageincludes/class-content-protection.php:405

filtermmax_admin_tabsincludes/class-content-protection.php:408

actionmmax_cleanup_expired_tokensincludes/class-content-protection.php:411

actionwp_enqueue_scriptsincludes/class-content-protection.php:1209

filterthe_contentincludes/class-content-protection.php:1233

actioninitincludes/class-magic-link.php:27

actionadmin_initincludes/class-magic-link.php:30

actionrest_api_initincludes/class-magic-link.php:33

actionwp_mail_failedincludes/class-magic-link.php:36

actionadmin_noticesincludes/class-magic-link.php:39

actionuser_registerincludes/class-magic-link.php:44

actionwp_footerincludes/class-magic-link.php:47

actiontemplate_redirectincludes/class-magic-link.php:50

filtershow_admin_barincludes/class-magic-link.php:53

actionadmin_initincludes/class-magic-link.php:54

filterwp_is_application_passwords_available_for_userincludes/class-magic-link.php:55

filtershow_password_fieldsincludes/class-magic-link.php:58

filterallow_password_resetincludes/class-magic-link.php:59

actionuser_profile_update_errorsincludes/class-magic-link.php:60

filterwp_authenticate_userincludes/class-magic-link.php:61

filteruser_row_actionsincludes/class-magic-link.php:62

filterrest_pre_insert_userincludes/class-magic-link.php:63

filterwp_mail_fromincludes/class-magic-link.php:188

filterwp_mail_from_nameincludes/class-magic-link.php:189

filtermanage_users_columnsincludes/class-member-management.php:24

actionmanage_users_custom_columnincludes/class-member-management.php:25

filtermanage_users_sortable_columnsincludes/class-member-management.php:26

actionadmin_action_mmax_export_usersincludes/class-member-management.php:29

actionadmin_menuincludes/class-member-management.php:32

actionpre_user_queryincludes/class-member-management.php:35

filterbulk_actions-usersincludes/class-member-management.php:38

filterhandle_bulk_actions-usersincludes/class-member-management.php:39

actionadmin_noticesincludes/class-member-management.php:42

actionadmin_menuincludes/class-mmax-admin.php:24

actionadmin_enqueue_scriptsincludes/class-mmax-admin.php:25

actionplugins_loadedmembermagix.php:55

actionwp_enqueue_scriptsmembermagix.php:73

filterscript_loader_tagmembermagix.php:105

actionwp_enqueue_scriptsmembermagix.php:113

Scheduled Events 1

mmax_cleanup_expired_tokens

Maintenance & Trust

MemberMagix Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 14, 2026

PHP min version7.4

Downloads90

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

MemberMagix Alternatives

codoc

A WordPress plugin for monetizing your website with paid articles, Reader Plans, and tipping.

2K 1 CVE

Magic Login – Passwordless Authentication for WordPress – Login Without Password

magic-login

100

Passwordless login for WordPress. Streamline the login process by sending magic links to your users.

2K No CVEs

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Leaky Paywall

leaky-paywall

The subscription engine for news & niche publishers.

700 5 CVEs

Memberstack – Member Management & Content Protection

memberstack

100

Transform your WordPress site into a premium membership platform. Create members-only content and manage subscriptions with ease.

100 No CVEs

Developer Profile

MemberMagix Developer Profile

Hendrik Bondzio

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MemberMagix

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/membermagix/assets/css/subscription-form.css/wp-content/plugins/membermagix/assets/js/mmax-form-utils.js/wp-content/plugins/membermagix/assets/js/mmax-membership-form.js/wp-content/plugins/membermagix/assets/js/alpine.min.js

Script Paths

/wp-content/plugins/membermagix/assets/js/mmax-form-utils.js/wp-content/plugins/membermagix/assets/js/mmax-membership-form.js/wp-content/plugins/membermagix/assets/js/alpine.min.js

Version Parameters

membermagix/assets/css/subscription-form.css?ver=membermagix/assets/js/mmax-form-utils.js?ver=membermagix/assets/js/mmax-membership-form.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

x-cloak

JS Globals

mmax_ajax

REST Endpoints

/wp-json/mmax/v1/

FAQ