Does ProductDyno have any unpatched vulnerabilities?

No. All known vulnerabilities in ProductDyno have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ProductDyno compatible with WordPress 6.8.5?

According to WordPress.org data, ProductDyno 1.0.26 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ProductDyno compatible with PHP 5.2.4+?

ProductDyno requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ProductDyno updated?

ProductDyno was last updated on Aug 18, 2025. Frequent updates are generally a positive security signal.

What is ProductDyno's security score?

ProductDyno has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ProductDyno Security & Risk Analysis

wordpress.org/plugins/productdyno

DISCOVER THE EASIEST WAY TO SELL, LICENSE & SECURELY DELIVER ANY TYPE OF DIGITAL PRODUCT!

80 active installs v1.0.26 PHP 5.2.4+ WP 3.0.1+ Updated Aug 18, 2025

digital-productlicensingmember-managementmembershipmembership-site

A · Safe

CVEs total2

Unpatched0

Last CVEMar 10, 2025

Download

Safety Verdict

Is ProductDyno Safe to Use in 2026?

Generally Safe

Score 99/100

ProductDyno has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 10, 2025Updated 7mo ago

Risk Assessment

The Productdyno plugin v1.0.26 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. The static analysis reveals four AJAX handlers that lack authentication checks, presenting a direct attack vector for unauthenticated users. While the plugin demonstrates good practices with SQL queries being prepared and a reasonable percentage of output escaping, the absence of nonce and capability checks on these critical AJAX endpoints is a major oversight. Taint analysis also highlights four flows with unsanitized paths, although thankfully no critical or high severity vulnerabilities were identified in this area.

The plugin's vulnerability history, with two known medium-severity CVEs related to Cross-Site Scripting (XSS), reinforces the concern about input sanitization and output escaping. The fact that these vulnerabilities are marked as 'currently unpatched' is a significant red flag, suggesting that even if the current version (1.0.26) might not be directly affected, past issues indicate a potential for similar weaknesses to resurface or be present in other parts of the code. The last vulnerability was reported recently, implying ongoing security challenges.

In conclusion, while the plugin shows some positive signs regarding SQL handling and a majority of output escaping, the unauthenticated AJAX endpoints and the history of XSS vulnerabilities create a notable risk. The lack of proper authorization checks on multiple entry points is a critical flaw that attackers could exploit to perform unauthorized actions. Users of this plugin should exercise caution and ensure they have robust security measures in place.

Key Concerns

AJAX handlers without auth checks
Unsanitized paths in taint flows
Medium severity XSS vulnerabilities historically
No nonce checks
No capability checks
Output escaping not fully implemented

Vulnerabilities

ProductDyno Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-13413medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter

Mar 10, 2025 Patched in 1.0.25 (1d)

CVE-2025-22320medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting

Jan 3, 2025 Patched in 1.0.25 (63d)

Code Analysis

Analyzed Mar 16, 2026

ProductDyno Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

65% escaped69 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

_pd_show_alert (public\class-productdyno-public.php:1150)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

ProductDyno Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_pd_get_productsincludes\class-productdyno.php:173

authwp_ajax_pd_get_collectionsincludes\class-productdyno.php:176

authwp_ajax_pd_get_collection_productsincludes\class-productdyno.php:179

authwp_ajax_pd_clear_all_cache_dataincludes\class-productdyno.php:182

WordPress Hooks 11

actionplugins_loadedincludes\class-productdyno.php:142

actionadmin_enqueue_scriptsincludes\class-productdyno.php:157

actionadmin_enqueue_scriptsincludes\class-productdyno.php:158

actionadmin_menuincludes\class-productdyno.php:161

actionadd_meta_boxesincludes\class-productdyno.php:164

actionadmin_post_pd_verify_api_keyincludes\class-productdyno.php:167

actionsave_postincludes\class-productdyno.php:170

actioninitincludes\class-productdyno.php:185

actionwp_enqueue_scriptsincludes\class-productdyno.php:200

actionwp_enqueue_scriptsincludes\class-productdyno.php:201

filtertemplate_includeincludes\class-productdyno.php:203

Maintenance & Trust

ProductDyno Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 18, 2025

PHP min version5.2.4

Downloads6K

Community Trust

Rating80/100

Number of ratings5

Active installs80

Alternatives

ProductDyno Alternatives

Groups for MemberMouse

groups-for-membermouse

100

Groups for MemberMouse allows you to sell "seats" of membership to a Group Leader or Business.

10 No CVEs

HandyPlugins PaddlePress – Paddle Integration for WordPress

handyplugins-paddlepress

100

Easily accept credit card payments on your WordPress site with Paddle

70 No CVEs

LCK cloud Connector

lck-cloud-connector

100

Easily restrict access to your existing WordPress pages and posts. Official connector to build secure membership sites with LCK cloud.

0 No CVEs

MemberGlut – Role & User Management

memberglut

100

A powerful membership plugin with custom roles, capabilities, and access control. Create unlimited member roles and manage site access with ease.

0 No CVEs

MemberSonic Lite Membership Site Plugin

membership-site

Protect and sell your content, perfect for subscription sites, or selling individual downloadable products.

0 1 CVE

Developer Profile

ProductDyno Developer Profile

ProductDyno

1 plugin · 80 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

32 days

View full developer profile

Detection Fingerprints

How We Detect ProductDyno

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/productdyno/admin/css/productdyno-admin.css/wp-content/plugins/productdyno/admin/js/productdyno-admin.js

Script Paths

/wp-content/plugins/productdyno/admin/js/productdyno-admin.js

Version Parameters

productdyno-adminproductdyno

HTML / DOM Fingerprints

CSS Classes

pd-admin-page

HTML Comments

PD Plugin dashboard page

Data Attributes

data-productdyno-api-key

JS Globals

ProductdynoAdminproductdyno

FAQ