Does Members for Ko-fi have any unpatched vulnerabilities?

No. All known vulnerabilities in Members for Ko-fi have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Members for Ko-fi compatible with WordPress 6.8.5?

According to WordPress.org data, Members for Ko-fi 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Members for Ko-fi compatible with PHP 7.4+?

Members for Ko-fi requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Members for Ko-fi updated?

Members for Ko-fi was last updated on Sep 6, 2025. Frequent updates are generally a positive security signal.

What is Members for Ko-fi's security score?

Members for Ko-fi has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Members for Ko-fi Security & Risk Analysis

wordpress.org/plugins/members-for-kofi

Integrate with Ko-fi to manage WordPress users or roles via webhook.

10 active installs v1.0.1 PHP 7.4+ WP 5.6+ Updated Sep 6, 2025

ko-fimembershiprolesuser-managementwebhook

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Members for Ko-fi Safe to Use in 2026?

Generally Safe

Score 100/100

Members for Ko-fi has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "members-for-kofi" plugin v1.0.1 exhibits a generally strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers, are protected by authentication checks, which is a significant positive. The plugin also demonstrates good practices by utilizing prepared statements for a majority of its SQL queries and properly escaping most of its output. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment.

However, a critical concern arises from the taint analysis, which reveals five flows with unsanitized paths. While these flows are not categorized as critical or high severity, the presence of unsanitized paths indicates a potential risk for input validation vulnerabilities. Additionally, the plugin performs file operations and has one capability check. Although the specific nature and security implications of these are not detailed, they represent areas that warrant closer inspection. The overall security is good due to robust entry point protection and standard practices, but the taint analysis highlights a specific area for improvement and vigilance.

In conclusion, "members-for-kofi" v1.0.1 is likely a secure plugin due to its focus on authentication and basic security measures. The lack of known vulnerabilities is reassuring. The primary area of concern is the five unsanitized paths identified in the taint analysis, which could potentially lead to security issues if not handled carefully in subsequent code reviews or updates. The presence of file operations and a capability check, while not inherently insecure, require careful implementation to avoid introducing vulnerabilities.

Key Concerns

Unsanitized paths in taint analysis
File operations present

Vulnerabilities

None known

Members for Ko-fi Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Members for Ko-fi Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

77% prepared13 total queries

Output Escaping

78% escaped80 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

handle_pagination (src\Admin\AdminSettings.php:471)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Members for Ko-fi Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_members_for_kofi_paginationsrc\Admin\AdminSettings.php:63

authwp_ajax_members_for_kofi_clear_logssrc\Admin\AdminSettings.php:64

authwp_ajax_members_for_kofi_update_rows_per_pagesrc\Admin\AdminSettings.php:65

authwp_ajax_members_for_kofi_filter_logssrc\Admin\AdminSettings.php:66

authwp_ajax_members_for_kofi_refresh_logssrc\Admin\AdminSettings.php:67

WordPress Hooks 13

actionplugins_loadedmembers-for-kofi.php:52

actionadmin_initsrc\Admin\AdminSettings.php:57

actionadmin_enqueue_scriptssrc\Admin\AdminSettings.php:60

actioninitsrc\Cron\RoleExpiryChecker.php:57

actionkofi_members_check_role_expirysrc\Cron\RoleExpiryChecker.php:66

actionadmin_menusrc\Plugin.php:49

actionadmin_initsrc\Plugin.php:50

actioninitsrc\Plugin.php:51

actioninitsrc\Plugin.php:52

actioninitsrc\Plugin.php:53

actiontemplate_redirectsrc\Plugin.php:54

filterquery_varssrc\Plugin.php:75

actionkofi_members_check_expired_rolessrc\Plugin.php:208

Scheduled Events 2

kofi_members_check_role_expiry

kofi_members_check_expired_roles

Maintenance & Trust

Members for Ko-fi Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 6, 2025

PHP min version7.4

Downloads253

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Members for Ko-fi Alternatives

Members – Membership & User Role Editor Plugin

members

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE

Ko-fi Button

ko-fi-button

100

Receive donations on your Ko-fi page with a button on your WordPress site.

5K 1 CVE

User Registration Aide

user-registration-aide

Adds custom user fields to better manage users & members & customize login-registration page css & messages. Lets you customize the entire …

100 1 unpatched

User Management

user-management

User Import Export plugin allows you to export and import WordPress Users and Roles.

60 1 unpatched

Role Based Content Restrictor

role-based-content-restrictor

100

Restrict access to pages, posts, and custom post types by user roles. Redirect unauthorized users to a custom page or a global fallback.

50 No CVEs

Developer Profile

Members for Ko-fi Developer Profile

trudslev

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Members for Ko-fi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/members-for-kofi/assets/css/admin-styles.css/wp-content/plugins/members-for-kofi/assets/js/admin-settings.js/wp-content/plugins/members-for-kofi/assets/js/frontend.js

Script Paths

/wp-content/plugins/members-for-kofi/assets/js/admin-settings.js/wp-content/plugins/members-for-kofi/assets/js/frontend.js

Version Parameters

members-for-kofi/assets/css/admin-styles.css?ver=members-for-kofi/assets/js/admin-settings.js?ver=members-for-kofi/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

members-for-kofi-settings-sectionmembers-for-kofi-settings-fieldmembers-for-kofi-tier-mapping-row

HTML Comments

Data Attributes

data-kofi-members-ajax-urldata-kofi-members-pagination-noncedata-kofi-members-clear-logs-noncedata-kofi-members-rows-per-page-noncedata-kofi-members-filter-noncedata-kofi-members-refresh-logs-nonce

JS Globals

kofiMembers

REST Endpoints

/wp-json/members-for-kofi/v1/webhook

FAQ