Does Partners have any unpatched vulnerabilities?

Yes — Partners currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Partners compatible with WordPress 4.1.42?

According to WordPress.org data, Partners 0.2.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Partners updated?

Partners was last updated on Mar 11, 2015. Frequent updates are generally a positive security signal.

What is Partners's security score?

Partners has a WP-Safety security score of 38/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Partners Security & Risk Analysis

wordpress.org/plugins/partners

Creates a fenced membership area with private content.

100 active installs v0.2.0 PHP + WP 4.0+ Updated Mar 11, 2015

businesscorporatemembermembershipprivate

D · High Risk

CVEs total2

Unpatched2

Last CVEJan 14, 2025

Plugin page Download

Safety Verdict

Is Partners Safe to Use in 2026?

High Risk

Score 38/100

Partners carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Jan 14, 2025Updated 11yr ago

Risk Assessment

The "partners" plugin version 0.2.0 presents a concerning security posture, despite some positive indicators. While the attack surface is seemingly controlled with no unprotected entry points and a majority of SQL queries using prepared statements, significant risks are revealed through code signals and vulnerability history. The presence of the `unserialize` function, a known vector for deserialization vulnerabilities, coupled with a high number of flows with unsanitized paths and two high-severity taint flows, indicates a potential for serious security breaches. Furthermore, the plugin has a history of critical vulnerabilities, including Cross-site Scripting and Deserialization of Untrusted Data, with two unpatched CVEs, one of which is critical. This pattern suggests recurring security weaknesses that have not been adequately addressed, making it a high-risk plugin.

While the plugin demonstrates some good practices like non-trivial capability checks and nonce checks, these are overshadowed by critical flaws. The low percentage of properly escaped output is another major red flag, increasing the likelihood of Cross-site Scripting attacks. The file operation and external HTTP requests being zero are positive, but do not mitigate the core dangers. In conclusion, the "partners" plugin version 0.2.0 is not recommended for use in a production environment due to its critical vulnerability history, exploitable code signals like unserialize, and a high number of unsanitized taint flows.

Key Concerns

Unpatched critical CVE
Unpatched medium CVE
High severity taint flows
Dangerous function: unserialize
Low percentage of output escaping
Flows with unsanitized paths

Vulnerabilities

Partners Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-22751medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Partners <= 0.2.0 - Reflected Cross-Site Scripting

Jan 14, 2025Unpatched

CVE-2024-56059critical · 9.8Deserialization of Untrusted Data

Partners <= 0.2.0 - Unauthenticated PHP Object Injection

Dec 17, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Partners Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $decoded_data );inc\MightyDev\Partners.php:380

SQL Query Safety

85% prepared20 total queries

Output Escaping

9% escaped65 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

12 flows8 with unsanitized paths

mdpartners_view (partners.php:77)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Partners Attack Surface

Entry Points9

Unprotected0

Shortcodes 9

[nooz] inc\MightyDev\Nooz.php:161

[nooz-release] inc\MightyDev\Nooz.php:162

[nooz-coverage] inc\MightyDev\Nooz.php:163

[partners_login_form] partners.php:40

[partners_registration_form] partners.php:43

[partners_forgot_password_form] partners.php:46

[partners_reset_password_form] partners.php:49

[partners_is_authenticated] partners.php:54

[partners_is_not_authenticated] partners.php:56

WordPress Hooks 25

actionadmin_initinc\MightyDev\Nooz.php:53

actionupdated_optioninc\MightyDev\Nooz.php:54

actioninitinc\MightyDev\Nooz.php:63

actionadmin_menuinc\MightyDev\Nooz.php:68

filterthe_contentinc\MightyDev\Nooz.php:73

actionadmin_initinc\MightyDev\Nooz.php:84

actionadmin_initinc\MightyDev\Partners.php:102

actionadmin_enqueue_scriptsinc\MightyDev\Partners.php:105

actionadmin_headinc\WPAlchemy\MetaBox.php:16

actionadmin_footerinc\WPAlchemy\MetaBox.php:18

actionadmin_initinc\WPAlchemy\MetaBox.php:501

actionimport_post_metainc\WPAlchemy\MetaBox.php:504

filteroutputinc\WPAlchemy\MetaBox.php:564

actionsave_postinc\WPAlchemy\MetaBox.php:574

actionadmin_headinc\WPAlchemy\MetaBox.php:614

actionadmin_footerinc\WPAlchemy\MetaBox.php:616

actionadmin_noticesinc\WPAlchemy\Notice.php:25

actionadmin_initinc\WPAlchemy\Page.php:57

actionadmin_menuinc\WPAlchemy\Page.php:70

actioninitpartners.php:41

actioninitpartners.php:44

actioninitpartners.php:47

actioninitpartners.php:50

actioninitpartners.php:52

actionadmin_menupartners.php:60

Maintenance & Trust

Partners Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedMar 11, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Partners Alternatives

BuddyPress Members Only

buddypress-members-only

BuddyPress Members Only restricts Your Buddypress and Wordpress to logged in/registered members.

1K 2 CVEs

ExpressTechSoftwares Addon for MemberPress and Discord

expresstechsoftwares-memberpress-discord-add-on

This add-on enables connecting your MemberPress enabled website to your discord server. Now you can add/remove MemberPress members directly to your di …

200 1 unpatched

Private Area for WordPress

wp-private-area

Private Area allows you to create restricted sections of your website that only logged users can access, and that are completely invisible to search e …

80 No CVEs

WP-BusinessDirectory – Business directory plugin for WordPress

wp-businessdirectory

WP-BusinessDirectory is not just a simple business directory plugin, it is the most advanced business directory, classified ads directory, job listing …

40 1 unpatched

BP Custom Functionalities

bp-custom-functionalities

BP Custom Functionalities provides custom functionalities that regular BuddyPress users requires.

10 No CVEs

Developer Profile

Partners Developer Profile

farinspace

2 plugins · 2K total installs

trust score

Avg Security Score

62/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Partners

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/partners/css/main.css/wp-content/plugins/partners/js/main.js

Script Paths

/wp-content/plugins/partners/js/main.js

Version Parameters

partners/css/main.css?ver=partners/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-list-tablemembers-table-actions

HTML Comments

+6 more

Data Attributes

id="partners-table"name="mdpartners_approved_email_nonce"name="mdpartners_denied_email_nonce"

Shortcode Output

[partners_login_form][partners_registration_form][partners_forgot_password_form][partners_reset_password_form]

FAQ