Does Members – Membership & User Role Editor Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Members – Membership & User Role Editor Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Members – Membership & User Role Editor Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Members – Membership & User Role Editor Plugin 3.2.19 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Members – Membership & User Role Editor Plugin compatible with PHP 7.4+?

Members – Membership & User Role Editor Plugin requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Members – Membership & User Role Editor Plugin updated?

Members – Membership & User Role Editor Plugin was last updated on Feb 13, 2026. Frequent updates are generally a positive security signal.

What is Members – Membership & User Role Editor Plugin's security score?

Members – Membership & User Role Editor Plugin has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Members – Membership & User Role Editor Plugin Security & Risk Analysis

wordpress.org/plugins/members

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K active installs v3.2.19 PHP 7.4+ WP 6.0+ Updated Feb 13, 2026

accesscapabilitiesmembershipspermissionsroles

A · Safe

CVEs total1

Unpatched0

Last CVEDec 10, 2024

Plugin page Download

Safety Verdict

Is Members – Membership & User Role Editor Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Members – Membership & User Role Editor Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 10, 2024Updated 1mo ago

Risk Assessment

The "members" plugin v3.2.19 presents a mixed security posture. The static analysis reveals a robust adherence to many security best practices, with all identified entry points (AJAX handlers, shortcodes, cron events) appearing to have appropriate authentication checks. The significant number of nonce and capability checks further indicates a developer's awareness of WordPress security fundamentals. However, a notable concern arises from the complete absence of prepared statements for the single SQL query identified, which, while not currently leading to exploitable taint flows in static analysis, represents a significant risk for potential SQL injection vulnerabilities. Additionally, the 33% of output that is not properly escaped poses a risk of Cross-Site Scripting (XSS) attacks, especially if sensitive data is involved.

The vulnerability history, while showing no currently unpatched CVEs, does reveal a past medium-severity vulnerability related to the exposure of sensitive information. This, combined with the unescaped output, suggests a potential pattern of overlooking or underestimating risks associated with data handling and output sanitization. While the absence of critical taint flows and dangerous functions is positive, the identified weaknesses in SQL query preparation and output escaping, coupled with the past vulnerability, suggest that while the plugin has good foundational security, there are areas that require immediate attention to mitigate potential risks.

Key Concerns

SQL queries without prepared statements
Significant percentage of unescaped output
Past medium vulnerability (sensitive info exposure)

Vulnerabilities

Members – Membership & User Role Editor Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11008medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

Dec 10, 2024 Patched in 3.2.11 (1d)

Code Analysis

Analyzed Mar 16, 2026

Members – Membership & User Role Editor Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

125

250 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

67% escaped375 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

members_login_redirect (inc\functions-shortcodes.php:317)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Members – Membership & User Role Editor Plugin Attack Surface

Entry Points15

Unprotected0

AJAX Handlers 4

authwp_ajax_members_notification_dismissadmin\class-notifications.php:45

authwp_ajax_members_dismiss_review_promptadmin\class-review-prompt.php:13

authwp_ajax_mbrs_toggle_addonadmin\class-settings.php:143

authwp_ajax_members_dismiss_upgrade_headeradmin\functions-admin.php:274

Shortcodes 11

[members_login_form] inc\functions-shortcodes.php:31

[login-form] inc\functions-shortcodes.php:32

[members_access] inc\functions-shortcodes.php:35

[access] inc\functions-shortcodes.php:36

[members_feed] inc\functions-shortcodes.php:39

[feed] inc\functions-shortcodes.php:40

[members_logged_in] inc\functions-shortcodes.php:43

[is_user_logged_in] inc\functions-shortcodes.php:44

[members_not_logged_in] inc\functions-shortcodes.php:47

[get_avatar] inc\functions-shortcodes.php:50

[avatar] inc\functions-shortcodes.php:51

WordPress Hooks 176

actionplugins_loadedaddons\members-acf-integration\src\Plugin.php:33

filteracf/settings/capabilityaddons\members-acf-integration\src\Plugin.php:50

actionsave_postaddons\members-acf-integration\src\Plugin.php:53

actionsave_postaddons\members-acf-integration\src\Plugin.php:54

actionadmin_menuaddons\members-acf-integration\src\Plugin.php:57

actionadmin_menuaddons\members-acf-integration\src\Plugin.php:58

filterregister_post_type_argsaddons\members-acf-integration\src\Plugin.php:61

actionmembers_register_role_groupsaddons\members-acf-integration\src\Plugin.php:64

actionmembers_register_cap_groupsaddons\members-acf-integration\src\Plugin.php:65

actionmembers_register_capsaddons\members-acf-integration\src\Plugin.php:66

filteracf/settings/capabilityaddons\members-acf-integration\src\Plugin.php:107

actionadmin_menuaddons\members-acf-integration\src\Plugin.php:148

actionadmin_initaddons\members-admin-access\app\functions-admin.php:15

actionmembers_register_settings_viewsaddons\members-admin-access\app\functions-admin.php:18

filterwoocommerce_prevent_admin_accessaddons\members-admin-access\app\functions-admin.php:35

filtershow_admin_baraddons\members-admin-access\app\functions.php:15

actionadmin_bar_menuaddons\members-admin-access\app\functions.php:18

filterrender_blockaddons\members-block-permissions\src\Block.php:34

actionenqueue_block_editor_assetsaddons\members-block-permissions\src\Editor.php:32

actionmembers_register_capsaddons\members-block-permissions\src\Integration.php:34

filterregister_taxonomy_argsaddons\members-category-and-tag-caps\src\functions-filters.php:27

filtermap_meta_capaddons\members-category-and-tag-caps\src\functions-filters.php:62

actionmembers_register_capsaddons\members-core-create-caps\addon.php:7

actionadmin_menuaddons\members-core-create-caps\addon.php:10

filterregister_post_type_argsaddons\members-core-create-caps\addon.php:13

actionadmin_footeraddons\members-core-create-caps\addon.php:87

actionmembers_register_role_groupsaddons\members-edd-integration\src\functions-filters.php:29

actionmembers_register_cap_groupsaddons\members-edd-integration\src\functions-filters.php:51

actionmembers_register_capsaddons\members-edd-integration\src\functions-filters.php:85

actionmembers_register_role_groupsaddons\members-givewp-integration\src\functions-filters.php:29

actionmembers_register_cap_groupsaddons\members-givewp-integration\src\functions-filters.php:51

actionmembers_register_capsaddons\members-givewp-integration\src\functions-filters.php:84

actioninitaddons\members-meta-box-integration\src\Plugin.php:31

filterregister_post_type_argsaddons\members-meta-box-integration\src\Plugin.php:48

actionmembers_register_role_groupsaddons\members-meta-box-integration\src\Plugin.php:51

actionmembers_register_cap_groupsaddons\members-meta-box-integration\src\Plugin.php:52

actionmembers_register_capsaddons\members-meta-box-integration\src\Plugin.php:53

actionmembers_register_capsaddons\members-privacy-caps\addon.php:7

filtermap_meta_capaddons\members-privacy-caps\addon.php:8

actionmembers_load_role_editaddons\members-role-hierarchy\admin\class-edit-role.php:62

actionmembers_load_role_newaddons\members-role-hierarchy\admin\class-edit-role.php:63

actionmembers_role_updatedaddons\members-role-hierarchy\admin\class-edit-role.php:66

actionmembers_role_addedaddons\members-role-hierarchy\admin\class-edit-role.php:67

actionmembers_add_role_meta_boxesaddons\members-role-hierarchy\admin\class-edit-role.php:79

actionmembers_load_manage_rolesaddons\members-role-hierarchy\admin\class-manage-roles.php:60

filtermembers_manage_roles_columnsaddons\members-role-hierarchy\admin\class-manage-roles.php:72

filtermembers_manage_roles_column_positionaddons\members-role-hierarchy\admin\class-manage-roles.php:74

actionadmin_headaddons\members-role-hierarchy\admin\class-manage-roles.php:76

actionadmin_initaddons\members-role-hierarchy\admin\functions-settings.php:16

filtereditable_rolesaddons\members-role-hierarchy\inc\functions-filters.php:16

filtermap_meta_capaddons\members-role-hierarchy\inc\functions-filters.php:19

filtermembers_remove_old_levelsaddons\members-role-levels\addon.php:71

actionmembers_load_manage_rolesaddons\members-role-levels\admin\class-column-level.php:42

actionadmin_headaddons\members-role-levels\admin\class-column-level.php:55

filtermembers_manage_roles_columnsaddons\members-role-levels\admin\class-column-level.php:58

filtermembers_manage_roles_column_leveladdons\members-role-levels\admin\class-column-level.php:61

actionmembers_load_role_editaddons\members-role-levels\admin\class-meta-box-level.php:43

actionmembers_load_role_newaddons\members-role-levels\admin\class-meta-box-level.php:44

actionmembers_role_updatedaddons\members-role-levels\admin\class-meta-box-level.php:47

actionmembers_role_addedaddons\members-role-levels\admin\class-meta-box-level.php:48

actionmembers_add_role_meta_boxesaddons\members-role-levels\admin\class-meta-box-level.php:60

actionmembers_register_role_groupsaddons\members-woocommerce-integration\src\functions-filters.php:29

actionmembers_register_cap_groupsaddons\members-woocommerce-integration\src\functions-filters.php:51

actionmembers_register_capsaddons\members-woocommerce-integration\src\functions-filters.php:88

actionadmin_footeradmin\class-cap-tabs.php:115

actionadmin_footeradmin\class-cap-tabs.php:116

actionadmin_menuadmin\class-manage-roles.php:61

actionadmin_enqueue_scriptsadmin\class-manage-roles.php:111

actionload-users.phpadmin\class-manage-users.php:64

actionload-users.phpadmin\class-manage-users.php:65

actionload-users.phpadmin\class-manage-users.php:66

actionrestrict_manage_usersadmin\class-manage-users.php:79

filtermanage_users_columnsadmin\class-manage-users.php:82

actionadmin_enqueue_scriptsadmin\class-manage-users.php:85

actionadmin_footeradmin\class-manage-users.php:86

actionadmin_headadmin\class-manage-users.php:87

actionadmin_noticesadmin\class-manage-users.php:112

actionload-post.phpadmin\class-meta-box-content-permissions.php:56

actionload-post-new.phpadmin\class-meta-box-content-permissions.php:57

actionadmin_enqueue_scriptsadmin\class-meta-box-content-permissions.php:78

actionadd_meta_boxesadmin\class-meta-box-content-permissions.php:81

actionsave_postadmin\class-meta-box-content-permissions.php:84

actionmembers_load_role_editadmin\class-meta-box-custom-cap.php:41

actionmembers_load_role_newadmin\class-meta-box-custom-cap.php:42

actionmembers_add_role_meta_boxesadmin\class-meta-box-custom-cap.php:54

actionmembers_load_role_editadmin\class-meta-box-publish-role.php:41

actionmembers_load_role_newadmin\class-meta-box-publish-role.php:42

actionmembers_add_role_meta_boxesadmin\class-meta-box-publish-role.php:54

actionadmin_enqueue_scriptsadmin\class-notifications.php:38

actionadmin_footeradmin\class-notifications.php:39

actionadmin_initadmin\class-notifications.php:40

actionadmin_footeradmin\class-notifications.php:42

actionmembers_admin_notifications_updateadmin\class-notifications.php:44

actionadmin_noticesadmin\class-review-prompt.php:12

actionmembers_load_role_editadmin\class-role-edit.php:78

actionadmin_menuadmin\class-role-new.php:97

actionadmin_menuadmin\class-role-new.php:99

filtermembers_new_role_default_capsadmin\class-role-new.php:151

actionadmin_enqueue_scriptsadmin\class-role-new.php:277

actioncurrent_screenadmin\class-roles.php:33

filtermanage_members_page_roles_columnsadmin\class-roles.php:36

actionmembers_load_manage_rolesadmin\class-roles.php:39

actionadmin_menuadmin\class-settings.php:142

actionadmin_initadmin\class-settings.php:281

actionadmin_enqueue_scriptsadmin\class-settings.php:287

actionadmin_headadmin\class-settings.php:301

actionload-user-edit.phpadmin\class-user-edit.php:46

actionload-profile.phpadmin\class-user-edit.php:47

actionadmin_enqueue_scriptsadmin\class-user-edit.php:60

actionadmin_footeradmin\class-user-edit.php:61

actionadmin_headadmin\class-user-edit.php:62

actionshow_user_profileadmin\class-user-edit.php:64

actionedit_user_profileadmin\class-user-edit.php:65

actionprofile_updateadmin\class-user-edit.php:68

actionload-user-new.phpadmin\class-user-new.php:57

actionuser_registeradmin\class-user-new.php:60

actionuser_new_formadmin\class-user-new.php:73

actionadmin_enqueue_scriptsadmin\class-user-new.php:76

actionadmin_footeradmin\class-user-new.php:77

actionmembers_register_addonsadmin\functions-addons.php:18

actionadmin_enqueue_scriptsadmin\functions-admin.php:17

actionadmin_enqueue_scriptsadmin\functions-admin.php:18

actionadmin_enqueue_scriptsadmin\functions-admin.php:142

actionin_admin_headeradmin\functions-admin.php:182

actionin_admin_footeradmin\functions-admin.php:238

actionmembers_register_settings_viewsadmin\functions-settings.php:17

actionwp_before_admin_bar_renderinc\functions-admin-bar.php:17

actioninitinc\functions-cap-groups.php:17

actionmembers_register_cap_groupsinc\functions-cap-groups.php:18

actioninitinc\functions-capabilities.php:17

actionmembers_register_capsinc\functions-capabilities.php:18

filtermembers_get_capabilitiesinc\functions-capabilities.php:21

filtermembers_get_capabilitiesinc\functions-capabilities.php:22

actionafter_setup_themeinc\functions-content-permissions.php:14

filterthe_contentinc\functions-content-permissions.php:149

filterget_the_excerptinc\functions-content-permissions.php:150

filterthe_excerptinc\functions-content-permissions.php:151

filterthe_content_feedinc\functions-content-permissions.php:152

filterget_comment_textinc\functions-content-permissions.php:153

filtercomments_templateinc\functions-content-permissions.php:156

filtermembers_post_error_messageinc\functions-content-permissions.php:159

filtermembers_post_error_messageinc\functions-content-permissions.php:160

filtermembers_post_error_messageinc\functions-content-permissions.php:161

filtermembers_post_error_messageinc\functions-content-permissions.php:162

filtermembers_post_error_messageinc\functions-content-permissions.php:163

filtermembers_post_error_messageinc\functions-content-permissions.php:164

filtermembers_post_error_messageinc\functions-content-permissions.php:165

filtermembers_post_error_messageinc\functions-content-permissions.php:166

actiontemplate_redirectinc\functions-private-site.php:19

filterthe_content_feedinc\functions-private-site.php:22

filterthe_excerpt_rssinc\functions-private-site.php:23

filtercomment_text_rssinc\functions-private-site.php:24

filtermembers_feed_error_messageinc\functions-private-site.php:28

filtermembers_feed_error_messageinc\functions-private-site.php:29

filtermembers_feed_error_messageinc\functions-private-site.php:31

filtermembers_feed_error_messageinc\functions-private-site.php:32

filtermembers_feed_error_messageinc\functions-private-site.php:33

filtermembers_feed_error_messageinc\functions-private-site.php:34

filtermembers_feed_error_messageinc\functions-private-site.php:35

filtermembers_feed_error_messageinc\functions-private-site.php:36

filterrest_authentication_errorsinc\functions-private-site.php:39

filterposts_resultsinc\functions-private-site.php:42

actioninitinc\functions-role-groups.php:17

actionmembers_register_role_groupsinc\functions-role-groups.php:18

actionwp_roles_initinc\functions-roles.php:17

actionmembers_register_rolesinc\functions-roles.php:18

actioninitinc\functions-shortcodes.php:17

filterlogin_redirectinc\functions-shortcodes.php:19

filterlogin_form_bottominc\functions-shortcodes.php:241

filteruser_has_capinc\functions-users.php:18

actionwidgets_initinc\functions-widgets.php:17

actionplugins_loadedmembers.php:109

actionadmin_noticesmembers.php:185

actionplugins_loadedmembers.php:272

actionenqueue_block_editor_assetsmembers.php:275

actionadmin_menuvendor-prefixed\caseproof\growth-tools\src\App.php:47

Scheduled Events 1

members_admin_notifications_update

Maintenance & Trust

Members – Membership & User Role Editor Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 13, 2026

PHP min version7.4

Downloads6.8M

Community Trust

Rating98/100

Number of ratings1,242

Active installs300K

Alternatives

Members – Membership & User Role Editor Plugin Alternatives

Custom Access Roles

custom-access-roles

Create custom roles with editing capability for only specific pages, categories and post types.

200 No CVEs

Editorial Access Manager

editorial-access-manager

Allow for granular editorial access control for all post types in WordPress

80 No CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags

press-permit-core

100

The permissions plugin for posts, pages, categories, tags and more. You can control permissions for roles, individual users, and even custom groups.

10K No CVEs

Melapress Role Editor

melapress-role-editor

The complete WordPress user roles plugin for everyone

60 1 CVE

Developer Profile

Members – Membership & User Role Editor Plugin Developer Profile

Blair Williams

4 plugins · 630K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1044 days

View full developer profile

Detection Fingerprints

How We Detect Members – Membership & User Role Editor Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/members/assets/css/members.css/wp-content/plugins/members/assets/js/members.js/wp-content/plugins/members/assets/js/dist/admin/members-admin-vue.js/wp-content/plugins/members/assets/js/dist/admin/members-admin-vue.css

Script Paths

/wp-content/plugins/members/assets/js/members.js/wp-content/plugins/members/assets/js/dist/admin/members-admin-vue.js

Version Parameters

members/assets/css/members.css?ver=members/assets/js/members.js?ver=members/assets/js/dist/admin/members-admin-vue.js?ver=members/assets/js/dist/admin/members-admin-vue.css?ver=

HTML / DOM Fingerprints

CSS Classes

members-titlemembers-fieldmembers-sectionmembers-role-selectormembers-capability-controlmembers-content-permissions

HTML Comments

Data Attributes

data-members-roledata-members-capabilitydata-members-user-id

JS Globals

MembersMembersAdmin

REST Endpoints

/wp-json/members/v1/roles/wp-json/members/v1/capabilities/wp-json/members/v1/users

Shortcode Output

[members_account][members_login][members_register][members_lost_password]

FAQ