WP-Safety

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Security & Risk Analysis

wordpress.org/plugins/memberwunder

Ein WordPress e-Learning (LMS) Plugin, um sogenannte WordPress Learning Management Systeme zu erstellen mit anpassbaren Designs und sofort einsetzbare …

10 active installs v1.0.2 PHP 5.3+ WP 4.4.8+ Updated Dec 21, 2017
e-learningelearninglearning-management-systemlmswordpress-lms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The Memberwunder v1.0.2 plugin presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating a significant number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The absence of any recorded historical CVEs or past vulnerabilities further suggests a relatively stable and well-maintained codebase, at least historically.

However, there are significant areas of concern highlighted by the static analysis. The presence of 3 unprotected AJAX handlers represents a substantial attack surface that could be exploited if any logic within these handlers is vulnerable to unauthorized execution. Furthermore, the static analysis identified the use of the `unserialize` function twice, which, if not handled with extreme care regarding input validation, can lead to serious security flaws like Remote Code Execution. The taint analysis, while not reporting critical or high-severity issues, did reveal 9 flows with unsanitized paths, which, in conjunction with the `unserialize` usage, warrants careful investigation. The percentage of properly escaped output (64%) also indicates that a significant portion of output might be vulnerable to Cross-Site Scripting (XSS) attacks.

In conclusion, while Memberwunder has adopted some beneficial security practices, the combination of unprotected AJAX endpoints and the potential risks associated with `unserialize` and unsanitized input flows create notable security weaknesses. These areas require immediate attention and robust sanitization/validation measures to mitigate potential exploitation.

Key Concerns

  • 3 AJAX handlers without auth checks
  • 2 uses of unserialize function
  • 9 flows with unsanitized paths
  • Only 64% of outputs properly escaped
Vulnerabilities
None known

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
26 prepared
Unescaped Output
153
267 escaped
Nonce Checks
10
Capability Checks
10
File Operations
6
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = \MemberWunder\Helpers\General::is_serialized( $value ) ? unserialize( $value ) : $value;include\controller\import_export\data.php:32
unserialize$result = @unserialize( $string );include\helpers\general.php:130

Bundled Libraries

Select2

SQL Query Safety

100% prepared26 total queries

Output Escaping

64% escaped420 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths
notice (include\controller\import_export\export.php:70)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Attack Surface

Entry Points6
Unprotected3

AJAX Handlers 3

authwp_ajax_twm_avatar_uploadinclude\controller\profile.php:21
authwp_ajax_twm_avatar_deleteinclude\controller\profile.php:22
authwp_ajax_twm_test_emailinclude\functions.php:1008

Shortcodes 3

[memberwunder-menu] include\controller\menu.php:141
[memberwunder-register-errors] include\controller\register.php:72
[twm-password-reset-form] include\controller\reset.php:22
WordPress Hooks 58
filterimage_size_names_chooseinclude\classes.php:64
filterupload_mimesinclude\classes.php:65
actioninitinclude\classes.php:68
actionadd_meta_boxesinclude\classes.php:70
actionwp_enqueue_scriptsinclude\classes.php:72
actionadmin_initinclude\classes.php:73
actionadmin_noticesinclude\classes.php:74
actionsave_postinclude\classes.php:76
actiontemplate_redirectinclude\classes.php:78
actiontwm_baseurl_changeinclude\classes.php:80
actionupdate_option_permalink_structureinclude\classes.php:81
actiontwm_allow_registration_changeinclude\classes.php:84
actionwp_headinclude\classes.php:87
filterbody_classinclude\classes.php:88
actionadmin_bar_menuinclude\classes.php:90
actioninitinclude\classes.php:91
actioninitinclude\classes.php:109
actionpre_get_postsinclude\classes.php:138
actiontwshp_after_body_startinclude\classes.php:152
actiontwshp_before_body_endinclude\classes.php:156
filterplugin_row_metainclude\classes.php:166
filterpost_type_linkinclude\classes.php:343
filtertemplate_includeinclude\classes.php:458
actionadmin_noticesinclude\controller\import_export\export.php:61
actioninitinclude\controller\menu.php:82
actionadmin_initinclude\controller\menu.php:83
filternav_menu_meta_box_objectinclude\controller\menu.php:85
filternav_menu_css_classinclude\controller\menu.php:90
filternav_menu_link_attributesinclude\controller\menu.php:99
filterwp_setup_nav_menu_iteminclude\controller\menu.php:142
filterwp_nav_menu_objectsinclude\controller\menu.php:143
actionadmin_menuinclude\controller\options\options.php:145
actionadmin_initinclude\controller\options\options.php:146
actionadmin_noticesinclude\controller\options\options.php:147
filterpre_handle_404include\controller\pages.php:36
actiontwm_pre_page_profileinclude\controller\profile.php:20
actiontwm_pre_page_registerinclude\controller\register.php:76
actionregister_postinclude\controller\register.php:79
actionuser_registerinclude\controller\register.php:80
actionuser_registerinclude\controller\register.php:81
filterinitinclude\controller\register.php:82
filterrandom_passwordinclude\controller\register.php:83
filterregistration_errorsinclude\controller\register.php:154
actionlogin_form_rpinclude\controller\reset.php:13
actionlogin_form_resetpassinclude\controller\reset.php:14
actionlogin_form_rpinclude\controller\reset.php:17
actionlogin_form_resetpassinclude\controller\reset.php:18
filterallow_password_resetinclude\controller\user\lostpassword.php:64
filterthe_contentinclude\functions.php:999
filterbody_classinclude\functions.php:1045
actionbefore_delete_postinclude\handlers\delete_course.php:10
actionadmin_noticesinclude\services\info.php:58
actionadmin_noticesinclude\services\notice.php:89
actionphpmailer_initinclude\services\smtp.php:15
actionadmin_initinclude\services\smtp.php:16
actionplugins_loadedmemberwunder.php:13
actionplugins_loadedmemberwunder.php:94
actionplugins_loadedmemberwunder.php:99
Maintenance & Trust

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedDec 21, 2017
PHP min version5.3
Downloads4K

Community Trust

Rating100/100
Number of ratings7
Active installs10
Alternatives

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Alternatives

WP Learn Manager

WP Learn Manager

learn-manager

B
84

WP Learn Manager is the most comprehensive, extensive, and feature-rich WordPress LMS plugin.

10 2 CVEs
LearnPress – Course Wishlist

LearnPress – Course Wishlist

learnpress-wishlist

A
100

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K No CVEs
LearnPress – Prerequisites Courses

LearnPress – Prerequisites Courses

learnpress-prerequisites-courses

A
92

LearnPress Prerequisites is an add-on for LearnPress allow you to set prerequisite courses for a certain course in a LearnPress site.

6K No CVEs
LearnPress – bbPress Integration

LearnPress – bbPress Integration

learnpress-bbpress

A
100

bbPress addon for LearnPress is a plugin which bring bbPress features to LearnPress - WordPress LMS Plugin.

2K No CVEs
LearnPress – BuddyPress Integration

LearnPress – BuddyPress Integration

learnpress-buddypress

A
100

LearnPress buddyPress bring wonderful profile page for LearnPress.

2K No CVEs
Developer Profile

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin Developer Profile

ezmarketing

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/memberwunder/assets/css/admin/main.css/wp-content/plugins/memberwunder/assets/css/admin/options.css/wp-content/plugins/memberwunder/assets/css/frontend/courses.css/wp-content/plugins/memberwunder/assets/css/frontend/lessons.css/wp-content/plugins/memberwunder/assets/css/frontend/quizes.css/wp-content/plugins/memberwunder/assets/css/frontend/register.css/wp-content/plugins/memberwunder/assets/css/frontend/styles.css/wp-content/plugins/memberwunder/assets/css/frontend/user.css+5 more
Generator Patterns
MemberWunder LMS
Version Parameters
memberwunder/assets/css/admin/main.css?ver=memberwunder/assets/css/admin/options.css?ver=memberwunder/assets/css/frontend/courses.css?ver=memberwunder/assets/css/frontend/lessons.css?ver=memberwunder/assets/css/frontend/quizes.css?ver=memberwunder/assets/css/frontend/register.css?ver=memberwunder/assets/css/frontend/styles.css?ver=memberwunder/assets/css/frontend/user.css?ver=memberwunder/assets/js/admin/main.js?ver=memberwunder/assets/js/admin/options.js?ver=memberwunder/assets/js/frontend/main.js?ver=memberwunder/assets/js/frontend/quizes.js?ver=memberwunder/assets/js/frontend/register.js?ver=

HTML / DOM Fingerprints

CSS Classes
twm-register-formtwm-login-formtwm-user-profiletwm-course-listtwm-lesson-contenttwm-quiz-form
Data Attributes
data-twm-module-iddata-twm-lesson-iddata-twm-quiz-id
JS Globals
TWM_VERSIONTWM_AJAX_URL
REST Endpoints
/wp-json/memberwunder/v1/courses/wp-json/memberwunder/v1/lessons/wp-json/memberwunder/v1/quizes
Shortcode Output
[memberwunder_register][memberwunder_login][memberwunder_profile][memberwunder_courses]
FAQ

Frequently Asked Questions about MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin