WP-Safety

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Security & Risk Analysis

wordpress.org/plugins/paid-membership

Monetize digital content with creator subscriptions, micro-payments, and a tokens wallet system.

20 active installs v3.2.5 PHP 7.4+ WP 5.1+ Updated Sep 9, 2025
creatorsmicropaymentssubscriptionstokenswallet
96
A · Safe
CVEs total5
Unpatched0
Last CVEJun 27, 2025
Plugin page Download
Safety Verdict

Is MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Safe to Use in 2026?

Generally Safe

Score 96/100

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jun 27, 2025Updated 6mo ago
Risk Assessment

The "paid-membership" plugin v3.2.5 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped outputs. The plugin also shows a good number of nonce and capability checks. However, the significant presence of 8 unprotected AJAX handlers creates a substantial attack surface, posing a considerable risk for unauthorized actions or privilege escalation if not properly secured by the calling context.

The taint analysis reveals 3 high-severity flows with unsanitized paths, indicating potential vulnerabilities where untrusted input could lead to unintended consequences, although no critical severity flows were detected. The vulnerability history shows 5 previously disclosed medium-severity vulnerabilities, primarily related to Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF). While there are currently no unpatched CVEs, the history of these common vulnerability types suggests a pattern of potential weaknesses in input sanitization and user action verification.

In conclusion, while the plugin incorporates several strong security measures, the unprotected AJAX endpoints and the history of XSS/CSRF vulnerabilities are significant concerns. The high-severity taint flows warrant immediate investigation. The plugin's strengths lie in its use of prepared statements and output escaping, but the large attack surface without authentication and past vulnerability patterns suggest a need for diligent ongoing security practices and potential code review for the identified taint flows.

Key Concerns

  • 8 unprotected AJAX handlers
  • 3 high severity taint flows
  • 5 known medium severity CVEs
  • Use of unserialize()
  • Use of preg_replace(/e)
Vulnerabilities
5

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
4 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-5937medium · 4.3Cross-Site Request Forgery (CSRF)

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset

Jun 27, 2025 Patched in 3.2.1 (1d)
CVE-2025-31075medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MicroPayments <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2025 Patched in 2.9.30 (6d)
CVE-2025-26579medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MicroPayments <= 3.2.4 - Reflected Cross-Site Scripting

Mar 12, 2025 Patched in 3.2.5 (352d)
CVE-2024-13391medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 17, 2025 Patched in 2.9.30 (1d)
CVE-2022-27629medium · 5.4Cross-Site Request Forgery (CSRF)

MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership <= 1.9.5 - Cross-Site Request Forgery

Apr 20, 2022 Patched in 1.9.6 (643d)
Code Analysis
Analyzed Mar 16, 2026

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
22 prepared
Unescaped Output
107
1079 escaped
Nonce Checks
12
Capability Checks
10
File Operations
37
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize'memberships' => unserialize( 'a:3:{i:0;a:5:{s:5:"label";s:5:"Basic";s:4:"role";s:5:"Basic";inc\options.php:829
unserialize$memberships = unserialize( stripslashes( sanitize_textarea_field( $_POST['importMemberships'] ) ) )inc\options.php:2157
preg_replace(/e)preg_replace('/einc\shortcodes.php:26

SQL Query Safety

96% prepared23 total queries

Output Escaping

91% escaped1186 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

14 flows5 with unsanitized paths
vwpm_content (inc\shortcodes.php:1093)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Attack Surface

Entry Points33
Unprotected8

AJAX Handlers 9

authwp_ajax_vwpm_pluploadpaid-membership.php:357
noprivwp_ajax_vwpm_pluploadpaid-membership.php:358
authwp_ajax_vwpm_donatepaid-membership.php:361
noprivwp_ajax_vwpm_donatepaid-membership.php:362
authwp_ajax_vwpm_contentpaid-membership.php:365
noprivwp_ajax_vwpm_contentpaid-membership.php:366
authwp_ajax_vwpm_downloadspaid-membership.php:371
noprivwp_ajax_vwpm_downloadspaid-membership.php:372
authwp_ajax_vwpm_uploadpaid-membership.php:375

Shortcodes 24

[videowhisper_packages_process] paid-membership.php:282
[videowhisper_content_upload_guest] paid-membership.php:284
[videowhisper_transactions] paid-membership.php:286
[videowhisper_creator_stats] paid-membership.php:288
[videowhisper_client_subscribe] paid-membership.php:290
[videowhisper_client_subscriptions] paid-membership.php:291
[videowhisper_provider_subscriptions] paid-membership.php:293
[videowhisper_content_upload] paid-membership.php:295
[videowhisper_content_list] paid-membership.php:296
[videowhisper_content_seller] paid-membership.php:298
[videowhisper_content] paid-membership.php:299
[videowhisper_membership_buy] paid-membership.php:301
[videowhisper_content_edit] paid-membership.php:302
[videowhisper_my_wallet] paid-membership.php:303
[videowhisper_wallet] paid-membership.php:305
[videowhisper_donate] paid-membership.php:306
[videowhisper_donate_progress] paid-membership.php:307
[videowhisper_downloads] paid-membership.php:342
[videowhisper_download] paid-membership.php:343
[videowhisper_download_preview] paid-membership.php:344
[videowhisper_download_upload] paid-membership.php:346
[videowhisper_download_import] paid-membership.php:347
[videowhisper_postdownloads] paid-membership.php:349
[videowhisper_postdownloads_process] paid-membership.php:350
WordPress Hooks 33
actionbp_template_titlepaid-membership.php:163
actionbp_template_contentpaid-membership.php:164
actionbp_template_titlepaid-membership.php:194
actionbp_template_contentpaid-membership.php:195
actionbp_template_titlepaid-membership.php:204
actionbp_template_contentpaid-membership.php:205
filtermanage_users_columnspaid-membership.php:267
actionmanage_users_custom_columnpaid-membership.php:268
filtermanage_users_sortable_columnspaid-membership.php:269
actionpre_user_querypaid-membership.php:270
filternext_posts_link_attributespaid-membership.php:278
filterprevious_posts_link_attributespaid-membership.php:279
actionbp_after_activity_post_formpaid-membership.php:313
actionbp_setup_navpaid-membership.php:315
actionbp_register_activity_actionspaid-membership.php:318
actionwoocommerce_before_add_to_cart_formpaid-membership.php:323
filterpost_thumbnail_htmlpaid-membership.php:326
actionadd_meta_boxespaid-membership.php:328
actionsave_postpaid-membership.php:329
filterthe_contentpaid-membership.php:331
actionbefore_delete_postpaid-membership.php:334
filterthe_contentpaid-membership.php:338
filtercomments_openpaid-membership.php:1892
filterthe_commentspaid-membership.php:1909
filtercomments_openpaid-membership.php:1910
actioninitpaid-membership.php:2979
actionplugins_loadedpaid-membership.php:2980
actiontemplate_redirectpaid-membership.php:2983
actioncron_membership_updatepaid-membership.php:2985
actioncron_subscriptions_processpaid-membership.php:2986
actioncron_packages_processpaid-membership.php:2987
actionadmin_menupaid-membership.php:2990
actionadmin_bar_menupaid-membership.php:2991

Scheduled Events 3

cron_membership_update
cron_subscriptions_process
cron_packages_process
Maintenance & Trust

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 9, 2025
PHP min version7.4
Downloads29K

Community Trust

Rating84/100
Number of ratings5
Active installs20
Alternatives

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Alternatives

AtomX Services

AtomX Services

atomx-services

A
100

Generation of purchase codes/tokens for AtomX extension (or based on AtomX) for products and subscriptions.

0 No CVEs
DL Gift Wallet

DL Gift Wallet

dl-gift-wallet

A
100

Let customers buy gift credit that’s added directly to the recipient’s account as store credit, usable on both one-off orders and subscriptions.

0 No CVEs
PREMIUUM Content Monetization

PREMIUUM Content Monetization

premiuum-content-monetization

A
85

Revenue-per-Link™ content monetization. PREMIUUM makes it easy to sell articles, music, videos, files & links via subscriptions and/or micropayments.

0 No CVEs
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
99

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs
Wallet for WooCommerce

Wallet for WooCommerce

woo-wallet

A
94

A extendable WooCommerce wallet system which support payment, partial payment, cashback reward program as well as refund for your WooCommerce store.

20K 7 CVEs
Developer Profile

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet Developer Profile

videowhisper

12 plugins · 1K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
1072 days
View full developer profile
Detection Fingerprints

How We Detect MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/paid-membership/inc/videowhisper-paid-content.css/wp-content/plugins/paid-membership/inc/videowhisper-paid-content.js
Script Paths
/wp-content/plugins/paid-membership/inc/videowhisper-paid-content.js
Version Parameters
paid-membership/inc/videowhisper-paid-content.css?ver=paid-membership/inc/videowhisper-paid-content.js?ver=

HTML / DOM Fingerprints

CSS Classes
videowhisper-paid-content-admin
HTML Comments
<!-- VW PAID CONTENT AREA -->
Data Attributes
data-videowhisper-paid-content
JS Globals
window.vw_paid_contentvar vw_paid_content
Shortcode Output
[videowhisper_creator_stats[videowhisper_content_list[videowhisper_my_content[videowhisper_my_purchases
FAQ

Frequently Asked Questions about MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet