WP-Safety

Voguepay plugin for Paid Memberships Pro Security & Risk Analysis

wordpress.org/plugins/pmpro-voguepay

This plugin allows you to accept payment from local and international customers on Paid Memberships Pro.

10 active installs v1.0.0 PHP + WP 4.4+ Updated Jan 8, 2020
mastercardonline-paymentpaid-memberships-propayment-gatewayvoguepay
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Voguepay plugin for Paid Memberships Pro Safe to Use in 2026?

Generally Safe

Score 85/100

Voguepay plugin for Paid Memberships Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The pmpro-voguepay v1.0.0 plugin presents a significant security risk primarily due to its unprotected entry points. With two AJAX handlers identified and neither possessing authentication checks, an attacker could potentially trigger malicious actions without prior authorization. While the code signals show no dangerous functions or file operations, and external HTTP requests are limited, the absence of capability checks and nonce verification on these AJAX handlers creates a substantial vulnerability. The taint analysis reveals flows with unsanitized paths, which, despite not reaching critical or high severity in this specific analysis, indicate potential for injection-type attacks if not carefully managed by the application context. The plugin's history of zero known CVEs is a positive indicator of past security diligence, but it does not mitigate the immediate risks exposed by the current static analysis, particularly the direct access to AJAX endpoints. Overall, the plugin has weaknesses in its access control mechanisms that need to be addressed to improve its security posture.

Key Concerns

  • AJAX handlers without auth checks
  • Capability checks missing
  • Nonce checks missing
  • Flows with unsanitized paths
Vulnerabilities
None known

Voguepay plugin for Paid Memberships Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Voguepay plugin for Paid Memberships Pro Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Voguepay plugin for Paid Memberships Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
3
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

70% escaped10 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
class_pmpro_voguepay (class.pmprogateway_voguepay.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Voguepay plugin for Paid Memberships Pro Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_pmpro_voguepay_ipnclass.pmprogateway_voguepay.php:65
noprivwp_ajax_pmpro_voguepay_ipnclass.pmprogateway_voguepay.php:66
WordPress Hooks 13
actionplugins_loadedclass.pmprogateway_voguepay.php:23
actioninitclass.pmprogateway_voguepay.php:33
filterplugin_action_linksclass.pmprogateway_voguepay.php:36
filterpmpro_gatewaysclass.pmprogateway_voguepay.php:60
filterpmpro_payment_optionsclass.pmprogateway_voguepay.php:63
filterpmpro_payment_option_fieldsclass.pmprogateway_voguepay.php:64
filterpmpro_include_billing_address_fieldsclass.pmprogateway_voguepay.php:74
filterpmpro_include_payment_information_fieldsclass.pmprogateway_voguepay.php:75
filterpmpro_required_billing_fieldsclass.pmprogateway_voguepay.php:76
filterpmpro_checkout_default_submit_buttonclass.pmprogateway_voguepay.php:77
filterpmpro_checkout_before_change_membership_levelclass.pmprogateway_voguepay.php:78
filterpmpro_pages_shortcode_checkoutclass.pmprogateway_voguepay.php:80
filterpmpro_pages_shortcode_confirmationclass.pmprogateway_voguepay.php:81
Maintenance & Trust

Voguepay plugin for Paid Memberships Pro Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJan 8, 2020
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Voguepay plugin for Paid Memberships Pro Alternatives

VoguePay plugin for WooCommerce

VoguePay plugin for WooCommerce

woo-voguepay

A
85

Voguepay WooCommerce plugin allows you to accept payment from local and international customers on your store.

20 No CVEs
Bykea.Cash – Online Payments

Bykea.Cash – Online Payments

bykea-cash-online-payments

A
85

The Bykea Cash plugin allows you to collect payments on your WordPress WooCommerce website instantly using Credit/Debit Cards (VISA, MasterCard, PayPa …

200 No CVEs
Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Paysera Payment Gateway for WooCommerce

Paysera Payment Gateway for WooCommerce

woo-payment-gateway-paysera

A
99

Paysera payments + delivery

7K 1 CVE
ABA PayWay Payment Gateway for WooCommerce

ABA PayWay Payment Gateway for WooCommerce

aba-payway-woocommerce-payment-gateway

A
99

PayWay is Cambodia's leading online payment gateway provided by Advanced Bank of Asia Ltd. (ABA Bank). It offers multiple way of checkout options …

200 1 CVE
Developer Profile

Voguepay plugin for Paid Memberships Pro Developer Profile

kunlexzy

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Voguepay plugin for Paid Memberships Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
pmpro_btnpmpro_btn-submit-checkout
Data Attributes
name="submit-checkout"
FAQ

Frequently Asked Questions about Voguepay plugin for Paid Memberships Pro