WP-Safety

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Security & Risk Analysis

wordpress.org/plugins/pmpro-discord-add-on

This add-on enables connecting your PMPro enabled website to your discord server. Now you can add/remove PMPro members directly to your discord server …

800 active installs v2.0.1 PHP 7.0+ WP 5.0+ Updated Dec 1, 2025
discordfriendshang-outtalkvideo-chat
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Safe to Use in 2026?

Generally Safe

Score 100/100

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The plugin "pmpro-discord-add-on" v2.0.1 demonstrates a generally good security posture with a robust implementation of security checks. The absence of any recorded vulnerabilities or CVEs, combined with a comprehensive use of nonce and capability checks across all identified entry points (AJAX handlers, shortcodes, cron events), indicates a proactive approach to security by the developers. The high percentage of SQL queries utilizing prepared statements further strengthens this assessment.

However, the static analysis reveals a significant concern regarding the presence of the `unserialize()` function, which is a known attack vector if used with untrusted user input. While the current taint analysis doesn't indicate critical or high severity flows stemming from this, the potential for exploitation exists. The taint analysis did identify one flow with an unsanitized path, which warrants further investigation to ensure no vulnerabilities are present. The moderate percentage of properly escaped outputs also suggests a small risk of cross-site scripting (XSS) vulnerabilities if certain dynamic content is not handled with sufficient care.

In conclusion, the plugin exhibits strong security foundations, particularly in its handling of entry points and data integrity with prepared statements. The vulnerability history is a significant positive indicator. The primary areas for improvement and vigilance are the use of `unserialize()` and the single unsanitized path identified in the taint analysis, which, although not currently flagged as critical, represent potential risks that should be mitigated.

Key Concerns

  • Presence of unserialize() function
  • Flow with unsanitized path identified
  • Only 67% of outputs properly escaped
Vulnerabilities
None known

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Code Analysis

Dangerous Functions
5
Raw SQL Queries
4
18 prepared
Unescaped Output
105
218 escaped
Nonce Checks
11
Capability Checks
11
File Operations
7
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserialize$all_roles = unserialize( get_option( 'ets_pmpro_discord_all_roles' ) );includes\classes\class-pmpro-discord-admin-setting.php:107
unserialize$roles_color = unserialize( get_option( 'ets_pmpro_discord_roles_color' ) );includes\classes\class-pmpro-discord-admin-setting.php:108
unserialize$all_roles = unserialize( get_option( 'ets_pmpro_discord_all_roles' ) );includes\classes\class-pmpro-discord-admin-setting.php:219
unserialize$roles_color = unserialize( get_option( 'ets_pmpro_discord_roles_color' ) );includes\classes\class-pmpro-discord-admin-setting.php:220
unserialize$all_roles = unserialize( get_option( 'ets_pmpro_discord_all_roles' ) );includes\classes\class-pmpro-discord-admin-setting.php:306

SQL Query Safety

82% prepared22 total queries

Output Escaping

67% escaped323 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths
ets_pmpro_discord_as_handler_add_member_to_guild (includes\classes\class-discord-api.php:416)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 5

authwp_ajax_ets_pmpro_discord_clear_logsincludes\classes\class-discord-addon-logs.php:8
authwp_ajax_disconnect_from_discordincludes\classes\class-discord-api.php:14
authwp_ajax_ets_pmpro_discord_load_discord_rolesincludes\classes\class-discord-api.php:20
authwp_ajax_ets_pmpro_discord_member_table_run_apiincludes\classes\class-discord-api.php:36
authwp_ajax_ets_pmpro_discord_notice_dismissincludes\classes\class-pmpro-discord-admin-setting.php:63

Shortcodes 2

[discord_connect_button] includes\classes\class-pmpro-discord-admin-setting.php:19
[discord_user_info] includes\classes\class-pmpro-discord-admin-setting.php:21
WordPress Hooks 39
actionadmin_noticesincludes\classes\class-discord-addon-admin-notices.php:21
actioninitincludes\classes\class-discord-api.php:8
actioninitincludes\classes\class-discord-api.php:11
actiondelete_userincludes\classes\class-discord-api.php:17
actionpmpro_after_change_membership_levelincludes\classes\class-discord-api.php:22
actionets_pmpro_discord_as_handle_pmpro_expiryincludes\classes\class-discord-api.php:24
actionets_pmpro_discord_as_handle_pmpro_cancelincludes\classes\class-discord-api.php:26
actionets_pmpro_discord_as_handle_add_member_to_guildincludes\classes\class-discord-api.php:28
actionets_pmpro_discord_as_schedule_delete_memberincludes\classes\class-discord-api.php:30
actionets_pmpro_discord_as_schedule_member_put_roleincludes\classes\class-discord-api.php:32
actionets_pmpro_discord_as_schedule_delete_roleincludes\classes\class-discord-api.php:34
actionpmpro_subscription_payment_failedincludes\classes\class-discord-api.php:40
actionaction_scheduler_failed_executionincludes\classes\class-discord-api.php:42
actionets_pmpro_discord_as_send_dmincludes\classes\class-discord-api.php:44
actionets_pmrpo_discord_schedule_expiration_warningsincludes\classes\class-discord-api.php:46
actionpmpro_after_checkoutincludes\classes\class-discord-api.php:48
actionpmpro_subscription_payment_completedincludes\classes\class-discord-api.php:50
actionadmin_menuincludes\classes\class-pmpro-discord-admin-setting.php:8
actionadmin_enqueue_scriptsincludes\classes\class-pmpro-discord-admin-setting.php:10
actionadmin_enqueue_scriptsincludes\classes\class-pmpro-discord-admin-setting.php:13
actionwp_enqueue_scriptsincludes\classes\class-pmpro-discord-admin-setting.php:16
actionpmpro_show_user_profileincludes\classes\class-pmpro-discord-admin-setting.php:24
actionwp_body_openincludes\classes\class-pmpro-discord-admin-setting.php:26
actionpmpro_after_change_membership_levelincludes\classes\class-pmpro-discord-admin-setting.php:29
actionpmpro_membership_post_membership_expiryincludes\classes\class-pmpro-discord-admin-setting.php:32
actionadmin_post_pmpro_discord_save_application_detailsincludes\classes\class-pmpro-discord-admin-setting.php:34
actionadmin_post_pmpro_discord_save_role_mappingincludes\classes\class-pmpro-discord-admin-setting.php:36
actionadmin_post_pmpro_discord_save_advance_settingsincludes\classes\class-pmpro-discord-admin-setting.php:38
actionadmin_post_pmpro_discord_save_appearance_settingsincludes\classes\class-pmpro-discord-admin-setting.php:40
actionpmpro_delete_membership_levelincludes\classes\class-pmpro-discord-admin-setting.php:42
actionpmpro_checkout_after_pricing_fieldsincludes\classes\class-pmpro-discord-admin-setting.php:44
filterpmpro_manage_memberslist_custom_columnincludes\classes\class-pmpro-discord-admin-setting.php:48
filterpmpro_manage_memberslist_columnsincludes\classes\class-pmpro-discord-admin-setting.php:50
filteraction_scheduler_queue_runner_batch_sizeincludes\classes\class-pmpro-discord-admin-setting.php:52
filteraction_scheduler_queue_runner_concurrent_batchesincludes\classes\class-pmpro-discord-admin-setting.php:54
filterpmpro_change_levelincludes\classes\class-pmpro-discord-admin-setting.php:56
filterets_pmpro_show_connect_button_on_profileincludes\classes\class-pmpro-discord-admin-setting.php:58
filtermanage_users_columnsincludes\classes\class-pmpro-discord-admin-setting.php:60
filtermanage_users_custom_columnincludes\classes\class-pmpro-discord-admin-setting.php:61

Scheduled Events 1

ets_pmrpo_discord_schedule_expiration_warnings
Maintenance & Trust

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 1, 2025
PHP min version7.0
Downloads35K

Community Trust

Rating86/100
Number of ratings20
Active installs800
Alternatives

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Alternatives

Connect LearnDash to Discord

Connect LearnDash to Discord

connect-learndash-and-discord

A
100

Create a community of your students by connecting your LearnDash Website to your Discord server.

40 No CVEs
Connect Tutor LMS to Discord

Connect Tutor LMS to Discord

connect-tutorlms-to-discord

A
100

Create a community of your students by connecting your TUTOR LMS Website to your Discord server.

30 No CVEs
Connect LearnPress to Discord

Connect LearnPress to Discord

connect-learnpress-discord-add-on

A
100

Create a community of your students by connecting your LearnPress Website to your Discord server.

10 No CVEs
Connect LifterLMS to Discord

Connect LifterLMS to Discord

connect-lifterlms-to-discord

A
100

Create a community of your students by connecting your LifterLMS Website to your Discord server.

10 No CVEs
Connect Restrict Content Pro to Discord AddOn

Connect Restrict Content Pro to Discord AddOn

connect-restrictcontentpro-to-discord-addon

A
100

This add-on enables connecting your Restrict Content enabled website to your discord server. Now you can add/remove RCP customers directly to your dis …

10 No CVEs
Developer Profile

ExpressTechSoftwares Discord Add-on for Paid Memberships Pro Developer Profile

expresstechsoftware

14 plugins · 2K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect ExpressTechSoftwares Discord Add-on for Paid Memberships Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pmpro-discord-add-on/includes/js/admin.js/wp-content/plugins/pmpro-discord-add-on/includes/js/front.js/wp-content/plugins/pmpro-discord-add-on/includes/css/admin.css/wp-content/plugins/pmpro-discord-add-on/includes/css/front.css
Script Paths
/wp-content/plugins/pmpro-discord-add-on/includes/js/admin.js/wp-content/plugins/pmpro-discord-add-on/includes/js/front.js
Version Parameters
pmpro-discord-add-on/includes/js/admin.js?ver=pmpro-discord-add-on/includes/js/front.js?ver=pmpro-discord-add-on/includes/css/admin.css?ver=pmpro-discord-add-on/includes/css/front.css?ver=

HTML / DOM Fingerprints

CSS Classes
ets-pmpro-discord-button
Data Attributes
data-discord-logged-out-textdata-discord-logged-in-textdata-discord-disconnect-textdata-discord-btn-colordata-discord-btn-disconnect-colordata-discord-allow-none-member
JS Globals
ets_pmpro_discord_vars
Shortcode Output
[discord_connect_button][discord_user_info]
FAQ

Frequently Asked Questions about ExpressTechSoftwares Discord Add-on for Paid Memberships Pro