Does MemberSpace – Membership Plugin and Paid Subscriptions have any unpatched vulnerabilities?

No. All known vulnerabilities in MemberSpace – Membership Plugin and Paid Subscriptions have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MemberSpace – Membership Plugin and Paid Subscriptions compatible with WordPress 6.9.4?

According to WordPress.org data, MemberSpace – Membership Plugin and Paid Subscriptions 2.1.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MemberSpace – Membership Plugin and Paid Subscriptions compatible with PHP 7.4+?

MemberSpace – Membership Plugin and Paid Subscriptions requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

MemberSpace – Membership Plugin and Paid Subscriptions Security & Risk Analysis

wordpress.org/plugins/memberspace

MemberSpace is a powerful WordPress membership plugin that makes it easy to create membership sites and sell paid subscriptions.

300 active installs v2.1.15 PHP 7.4+ WP 5.8+ Updated Oct 30, 2025

membersmembershipmembership-pluginpaid-subscriptionssubscriptions

A · Safe

CVEs total2

Unpatched0

Last CVEMar 20, 2025

Plugin page Download

Safety Verdict

Is MemberSpace – Membership Plugin and Paid Subscriptions Safe to Use in 2026?

Generally Safe

Score 99/100

MemberSpace – Membership Plugin and Paid Subscriptions has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 20, 2025Updated 5mo ago

Risk Assessment

The static analysis of memberspace v2.1.15 indicates a generally strong security posture with a zero attack surface and no dangerous functions identified. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and performing output escaping on a high percentage of outputs. The absence of file operations and external HTTP requests is also positive. However, the presence of one unsanitized path in the taint analysis, even if not critical or high severity, warrants attention as it represents a potential avenue for vulnerabilities.

The plugin's vulnerability history shows two known medium severity CVEs, both of which appear to be patched, which is a good sign. The common vulnerability type being Cross-site Scripting suggests a recurring challenge in input sanitization or output encoding, despite the otherwise good escaping metrics. The last reported vulnerability being in the future is likely a data anomaly and should be disregarded in practical assessment. Overall, memberspace v2.1.15 has strengths in its limited attack surface and adherence to secure coding practices for database interactions, but the identified taint flow and historical XSS vulnerabilities indicate areas that require ongoing vigilance and potentially deeper code review to ensure complete security.

Key Concerns

Unsanitized path in taint analysis
Historical medium severity XSS vulnerabilities

Vulnerabilities

MemberSpace – Membership Plugin and Paid Subscriptions Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-26874medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting

Mar 20, 2025 Patched in 2.1.14 (6d)

CVE-2024-13727medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting

Mar 2, 2025 Patched in 2.1.14 (2d)

Code Analysis

Analyzed Mar 16, 2026

MemberSpace – Membership Plugin and Paid Subscriptions Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

58 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

81% escaped72 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<notification-bar> (admin\partials\notification-bar.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MemberSpace – Membership Plugin and Paid Subscriptions Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionall_admin_noticesincludes\memberspace-verify-requirements.php:24

actionadmin_initincludes\memberspace.php:26

actionadmin_initincludes\memberspace.php:29

actionadmin_initincludes\memberspace.php:31

actionadmin_menuincludes\memberspace.php:34

actionplugins_loadedincludes\memberspace.php:37

actionadmin_post_manual_refresh_site_configincludes\memberspace.php:40

actionadmin_noticesincludes\memberspace.php:43

actionadmin_noticesincludes\memberspace.php:46

actionadmin_enqueue_scriptsincludes\memberspace.php:49

actionupdate_option_memberspace_subdomainincludes\memberspace.php:52

actionwp_body_openincludes\memberspace.php:55

actionwp_headincludes\memberspace.php:58

actionwp_headincludes\memberspace.php:61

filterplugin_action_links_memberspace/memberspace.phpincludes\memberspace.php:64

Maintenance & Trust

MemberSpace – Membership Plugin and Paid Subscriptions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedOct 30, 2025

PHP min version7.4

Downloads15K

Community Trust

Rating86/100

Number of ratings12

Active installs300

Alternatives

MemberSpace – Membership Plugin and Paid Subscriptions Alternatives

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2member

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K 12 CVEs

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Subscriptions & Memberships for PayPal

subscriptions-memberships-for-paypal

A simple and easy way to sell subscriptions and / or memberships with PayPal. No Coding Required. Official PayPal Partner.

1K 4 CVEs

Connector Wizard (formerly LC Wizard)

ghl-wizard

Connect WordPress with LeadConnector CRM to automate memberships, content protection, WooCommerce, and more for a seamless and powerful experience.

900 1 unpatched

GHL Connect for WooCommerce

ghl-connect

100

GHL Connect for WooCommerce is a plugin that connects the WordPress/WooCommerce with Go High Level CRM.

300 No CVEs

Developer Profile

MemberSpace – Membership Plugin and Paid Subscriptions Developer Profile

memberspace

1 plugin · 300 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect MemberSpace – Membership Plugin and Paid Subscriptions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/memberspace/admin/css/plugin-list-screen.css/wp-content/plugins/memberspace/admin/css/custom.css/wp-content/plugins/memberspace/admin/js/custom.js/wp-content/plugins/memberspace/public/widget.js.php

Version Parameters

memberspace/admin/css/plugin-list-screen.css?ver=memberspace/admin/css/custom.css?ver=memberspace/admin/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

memberspace-activation-bannermemberspace-notification-barmemberspace-settings-page

HTML Comments

+1 more

Data Attributes

data-memberspace-subdomaindata-memberspace-site-iddata-memberspace-pub-keydata-memberspace-site-contactdata-memberspace-signup-uridata-memberspace-admin-uri+2 more

JS Globals

MemberSpace_varswindow.MemberSpace_vars

FAQ