Does MemberSonic Lite Membership Site Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in MemberSonic Lite Membership Site Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MemberSonic Lite Membership Site Plugin compatible with WordPress 5.6.17?

According to WordPress.org data, MemberSonic Lite Membership Site Plugin 2.0.2 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is MemberSonic Lite Membership Site Plugin compatible with PHP 5.6+?

MemberSonic Lite Membership Site Plugin requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MemberSonic Lite Membership Site Plugin updated?

MemberSonic Lite Membership Site Plugin was last updated on Unknown. Frequent updates are generally a positive security signal.

What is MemberSonic Lite Membership Site Plugin's security score?

MemberSonic Lite Membership Site Plugin has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MemberSonic Lite Membership Site Plugin Security Review

Safety Verdict

Is MemberSonic Lite Membership Site Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

MemberSonic Lite Membership Site Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 28, 2016

Risk Assessment

The "membership-site" plugin v2.0.2 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and performing some capability checks, significant concerns arise from its attack surface and taint analysis. The presence of unprotected AJAX handlers and a substantial number of flows with unsanitized paths, including eight critical severity flows, presents a considerable risk. These unprotected entry points and unsanitized data flows could potentially be exploited for various attacks, such as unauthorized actions or data leakage, if not properly handled by the application logic.

The plugin's vulnerability history, though marked by a single critical CVE in 2016, highlights past security weaknesses, specifically in authentication bypass. While this specific CVE is now patched, the historical pattern of such vulnerabilities, combined with the current static analysis findings, suggests that authentication and authorization are areas that require ongoing scrutiny. The plugin's strengths lie in its SQL practices and the existence of some security checks. However, the identified unprotected AJAX endpoints and critical taint flows are the most pressing security concerns, demanding immediate attention to mitigate potential exploitation.

Key Concerns

Unprotected AJAX handlers found
Critical severity taint flows found
Significant number of unsanitized paths
Unescaped output found
Past critical CVE indicating auth bypass risk

Vulnerabilities

1

MemberSonic Lite Membership Site Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

Patched Has unpatched

Severity Breakdown

Critical

1

1 total CVE

CVE-2016-10971critical · 9.8Authentication Bypass Using an Alternate Path or Channel

MemberSonic Lite Membership Site Plugin <= 1.2 - Authentication Bypass

Jun 28, 2016 Patched in 1.302 (2765d)

Code Analysis

Analyzed Mar 17, 2026

MemberSonic Lite Membership Site Plugin Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

51 prepared

Unescaped Output

98

105 escaped

Nonce Checks

5

Capability Checks

4

File Operations

1

External Requests

1

Bundled Libraries

0

SQL Query Safety

100% prepared51 total queries

Output Escaping

52% escaped203 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

17 flows12 with unsanitized paths

savestep1 (admin\model\add-edit-membership-level.php:21)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

MemberSonic Lite Membership Site Plugin Attack Surface

Entry Points11

Unprotected4

AJAX Handlers 6

authwp_ajax_membersonic_loginmembersonic_class.php:39

noprivwp_ajax_membersonic_loginmembersonic_class.php:40

authwp_ajax_mslite_saveNewUsermembersonic_class.php:41

noprivwp_ajax_mslite_saveNewUsermembersonic_class.php:42

authwp_ajax_mslite_updateUserMembershiphtmlmembersonic_class.php:43

authwp_ajax_mslite_updateUserMembershipsavemembersonic_class.php:44

Shortcodes 5

[REGISTRATION_WSO] membersonic_class.php:12

[MSREGISTRATION] membersonic_class.php:13

[MSLOGIN] membersonic_class.php:14

[MSPASSWORDRESET] membersonic_class.php:15

[PASSWORDRESET] membersonic_class.php:16

WordPress Hooks 25

filterwp_mail_from_namehelper\mailer-helper.php:8

filterwp_mail_content_typehelper\mailer-helper.php:64

filterwp_mail_content_typehelper\mailer-helper.php:99

filterwp_mail_content_typehelper\mailer-helper.php:120

actionadmin_menumembersonic_class.php:18

actionget_sidebarmembersonic_class.php:21

filterwp_nav_menu_objectsmembersonic_class.php:22

actionpre_get_postsmembersonic_class.php:26

actionwp_headmembersonic_class.php:28

actionadd_meta_boxesmembersonic_class.php:31

actionsave_postmembersonic_class.php:32

actiontrash_postmembersonic_class.php:34

actiontrash_pagemembersonic_class.php:35

actiondelete_usermembersonic_class.php:36

filterwp_mail_content_typemembersonic_class.php:37

filterretrieve_password_messagemembersonic_class.php:46

actionadmin_enqueue_scriptsmembersonic_class.php:48

actionwp_enqueue_scriptsmembersonic_class.php:49

actionadmin_footermembersonic_class.php:50

actionplugins_loadedmembersonic_class.php:53

actionplugins_loadedmembersonic_class.php:55

actionplugins_loadedmembersonic_class.php:58

actionplugins_loadedmembersonic_class.php:61

filterget_pagesmembersonic_class.php:560

filterthe_commentsmembersonic_class.php:561

Maintenance & Trust

MemberSonic Lite Membership Site Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedUnknown

PHP min version5.6

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

MemberSonic Lite Membership Site Plugin Alternatives

CRM Memberships

crm-memberships

C

66

WordPress plugin for content protection, membership management, and CRM integration. Create courses, restrict content, and integrate with CRMs.

0 1 unpatched

Members – Membership & User Role Editor Plugin

members

A

99

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B

76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 39 CVEs

Simple Membership

simple-membership

B

82

Simple membership plugin adds membership functionality to your site. Protect members only content using content protection easily.

40K 24 CVEs

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

B

82

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 16 CVEs

Developer Profile

MemberSonic Lite Membership Site Plugin Developer Profile

Plugin Results

1 plugin · 0 total installs

78

trust score

Avg Security Score

98/100

Avg Patch Time

2765 days

View full developer profile

Detection Fingerprints

How We Detect MemberSonic Lite Membership Site Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/membership-site/admin/css/admin.css/wp-content/plugins/membership-site/admin/js/admin.js/wp-content/plugins/membership-site/front_end/css/front.css/wp-content/plugins/membership-site/front_end/js/front.js

Script Paths

/wp-content/plugins/membership-site/admin/js/admin.js/wp-content/plugins/membership-site/front_end/js/front.js

Version Parameters

membership-site/admin/css/admin.css?ver=membership-site/admin/js/admin.js?ver=membership-site/front_end/css/front.css?ver=membership-site/front_end/js/front.js?ver=

HTML / DOM Fingerprints

CSS Classes

ms-login-formms-registration-formms-password-reset-formmembersoniclite-admin-wrapmembersoniclite-metabox

HTML Comments

+1 more

Data Attributes

data-membersonic-login-noncedata-membersonic-registration-noncedata-membersonic-password-reset-nonce

JS Globals

membersonicLiteAjaxmembersonicLiteSettings

REST Endpoints

/wp-json/membersoniclite/v1/login/wp-json/membersoniclite/v1/register/wp-json/membersoniclite/v1/password-reset

Shortcode Output

[REGISTRATION_WSO][MSREGISTRATION][MSLOGIN][MSPASSWORDRESET]

FAQ

MemberSonic Lite Membership Site Plugin Security & Risk Analysis