Does O3World Members-Only Categories have any unpatched vulnerabilities?

No. All known vulnerabilities in O3World Members-Only Categories have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is O3World Members-Only Categories compatible with WordPress 3.3.0?

According to WordPress.org data, O3World Members-Only Categories 1.03 has been tested up to WordPress 3.3.0. Check the plugin's changelog for the latest compatibility information.

How often is O3World Members-Only Categories updated?

O3World Members-Only Categories was last updated on Jan 5, 2012. Frequent updates are generally a positive security signal.

What is O3World Members-Only Categories's security score?

O3World Members-Only Categories has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

O3World Members-Only Categories Security & Risk Analysis

wordpress.org/plugins/o3world-members-only-categories

Designate categories as "members-only" via 'Privacy Settings.' Assign them to users via 'Profile.'

10 active installs v1.03 PHP + WP 3.0.0+ Updated Jan 5, 2012

accessassigncategoriescontentusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is O3World Members-Only Categories Safe to Use in 2026?

Generally Safe

Score 85/100

O3World Members-Only Categories has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The static analysis of the "o3world-members-only-categories" plugin version 1.03 indicates a generally good security posture due to the absence of identified dangerous functions, external requests, file operations, and SQL queries that are not using prepared statements. The plugin also demonstrates a limited attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, and notably, zero unprotected entry points. The vulnerability history is clean, with no recorded CVEs, suggesting a history of stable and secure code.

However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks if it's not properly sanitized before being displayed to users. Additionally, while capability checks are present, the absence of nonce checks in the zero identified entry points is a notable oversight, potentially leaving the plugin open to cross-site request forgery (CSRF) attacks on any functionality that might exist but wasn't detected by the static analysis tools.

In conclusion, the plugin benefits from a small attack surface and a clean vulnerability history. The primary weaknesses lie in the complete omission of output escaping and the potential for CSRF due to missing nonce checks on entry points, even if these entry points are currently unexposed or unverified. Addressing the output escaping and nonce check issues would significantly improve the plugin's security.

Key Concerns

Output escaping is not implemented
No nonce checks found

Vulnerabilities

None known

O3World Members-Only Categories Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

O3World Members-Only Categories Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

O3World Members-Only Categories Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_inito3world-members-only-categories.php:246

actionshow_user_profileo3world-members-only-categories.php:248

actionedit_user_profileo3world-members-only-categories.php:249

actionpersonal_options_updateo3world-members-only-categories.php:251

actionedit_user_profile_updateo3world-members-only-categories.php:252

actionpre_get_postso3world-members-only-categories.php:254

Maintenance & Trust

O3World Members-Only Categories Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.0

Last updatedJan 5, 2012

PHP min version

Downloads5K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

O3World Members-Only Categories Alternatives

User-Cats Manager

user-cats-manager

Provides to admin users a way to select what categorie determined users can write. (administrators have access to all categories)

10 No CVEs

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

SimpleTOC – Table of Contents Block

simpletoc

100

SEO-friendly Table of Contents Gutenberg block. No JavaScript and no CSS means faster loading.

10K No CVEs

Developer Profile

O3World Members-Only Categories Developer Profile

kris-o3world

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect O3World Members-Only Categories

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

Data Attributes

name="o3_moc_cats"id="o3_moc_cats"name="o3_moc_cat_.*"id="o3_moc_cat_.*"

FAQ