WP-Safety

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Security & Risk Analysis

wordpress.org/plugins/s2member

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K active installs v260410 PHP 5.6.2+ WP 4.2+ Updated Apr 10, 2026
content-restrictionmembers-onlymembershippaid-accesspaid-subscriptions
76
B · Generally Safe
CVEs total12
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Safe to Use in 2026?

Mostly Safe

Score 76/100

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions is generally safe to use. 12 past CVEs were resolved.

12 known CVEsLast CVE: Feb 18, 2026Updated 1mo ago
Risk Assessment

The s2member plugin exhibits a mixed security posture, with some encouraging signs alongside significant areas of concern. The presence of capability checks and a substantial number of correctly escaped outputs suggest an effort towards secure coding practices. However, the static analysis reveals a considerable attack surface with 5 AJAX handlers lacking authentication checks, which is a direct pathway for unauthorized actions. Furthermore, the use of dangerous functions like `unserialize` and `shell_exec` alongside a low percentage of prepared SQL statements indicate potential for code injection and SQL injection vulnerabilities if inputs are not rigorously sanitized. The taint analysis further highlights this, with 3 high severity flows that are not properly sanitized, posing a risk of sensitive data exposure or malicious code execution.

The vulnerability history of s2member is a major red flag. With 12 known CVEs, including 3 critical and 5 high severity vulnerabilities, it indicates a recurring pattern of security flaws. The common vulnerability types suggest a history of issues related to privilege management, code injection, deserialization, file inclusion, cross-site scripting, and access control. While there are currently no unpatched CVEs, the sheer volume and nature of past vulnerabilities suggest a need for extreme caution and regular auditing. The plugin's overall security is hampered by these historical issues and the identified code-level weaknesses, despite some good practices being in place.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous functions present (unserialize, shell_exec)
  • Low percentage of prepared SQL statements
  • High severity unsanitized taint flows
  • Large number of known CVEs (12)
  • Multiple critical and high severity past CVEs
  • Percentage of unescaped outputs
Vulnerabilities
12 published

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Security Vulnerabilities

CVEs by Year

1 CVE in 2012
2012
4 CVEs in 2024
2024
5 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
3
High
5
Medium
4

12 total CVEs

CVE-2026-1994critical · 9.8Improper Privilege Management

s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover

Feb 18, 2026 Patched in 260215 (2d)
CVE-2025-13732medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 18, 2026 Patched in 260101 (1d)
CVE-2025-62023critical · 9.8Improper Control of Generation of Code ('Code Injection')

s2Member <= 250905 - Unauthenticated Remote Code Execution

Oct 1, 2025 Patched in 251005 (29d)
CVE-2025-58998high · 8.1Deserialization of Untrusted Data

s2Member <= 250701 - Unauthenticated PHP Object Injection

Aug 21, 2025 Patched in 250905 (84d)
CVE-2025-32137high · 7.2Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

s2Member <= 250419 - Authenticated (Administrator+) Local File Inclusion

Apr 4, 2025 Patched in 250424 (22d)
CVE-2025-26879medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

s2Member Pro <= 241216 - Reflected Cross-Site Scripting

Feb 22, 2025 Patched in 250214 (10d)
CVE-2024-11376medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting

Feb 17, 2025 Patched in 250214 (1d)
CVE-2024-8326high · 8.8Exposure of Sensitive Information to an Unauthorized Actor

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure

Dec 16, 2024 Patched in 241216 (1d)
CVE-2024-51815high · 8.1Improper Control of Generation of Code ('Code Injection')

s2Member (Pro) <= 241114 - Unauthenticated Remote Code Execution

Dec 2, 2024 Patched in 241216 (17d)
CVE-2024-31237critical · 9.1Incorrect Privilege Assignment

s2Member <= 240315 - Limited Privilege Escalation

Apr 5, 2024 Patched in 240325 (11d)
CVE-2024-0899medium · 5.3Improper Access Control

s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure

Mar 18, 2024 Patched in 240315 (23d)
CVE-2011-5082high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting

Feb 12, 2012 Patched in 111220 (4363d)
Version History

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Release Timeline

v260410Current
v260325
v260312
v260301
v260215
v2601271 CVE
CVE-2026-1994
v2601011 CVE
CVE-2026-1994
v2510052 CVEs
CVE-2025-13732 CVE-2026-1994
v2509053 CVEs
CVE-2025-13732 CVE-2026-1994 CVE-2025-62023
v2507014 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2506074 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2505254 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2505114 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2505024 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2504244 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +1 more
v2504195 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +2 more
v2502145 CVEs
CVE-2025-13732 CVE-2025-58998 CVE-2026-1994 +2 more
v2412167 CVEs
CVE-2025-26879 CVE-2024-11376 CVE-2025-13732 +4 more
v2411149 CVEs
CVE-2025-26879 CVE-2024-11376 CVE-2025-13732 +6 more
v2403259 CVEs
CVE-2025-26879 CVE-2024-11376 CVE-2025-13732 +6 more
Code Analysis
Analyzed Mar 16, 2026

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Code Analysis

Dangerous Functions
7
Raw SQL Queries
42
4 prepared
Unescaped Output
586
930 escaped
Nonce Checks
22
Capability Checks
52
File Operations
214
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$old_user = unserialize(serialize($user)); // Copy existing User obj.src\includes\classes\users-list-in.inc.php:453
unserialize$value = unserialize ($value);src\includes\classes\utils-arrays.inc.php:50
unserializereturn @unserialize($value, ['allowed_classes' => false]);src\includes\classes\utils-arrays.inc.php:249
unserializereturn @unserialize($value);src\includes\classes\utils-arrays.inc.php:257
shell_exec@shell_exec ("mklink /J " . $esa ($jctn) . " " . $esa ($target));src\includes\classes\utils-dirs.inc.php:181
shell_exec@shell_exec($esa($openssl).' sha1 -sign '.$esa($private_key_file).' -out '.$esa($rsa_sha1_sig_file).src\includes\classes\utils-strings.inc.php:611
create_function$this->utf8_strlen = create_function('$text', 'return preg_match_all(src\includes\externals\markdown\nc-markdown.inc.php:1457

SQL Query Safety

9% prepared46 total queries

Output Escaping

61% escaped1516 total outputs
Data Flows · Security
33 unsanitized

Data Flow Analysis

25 flows33 with unsanitized paths
display_admin_notice (src\includes\classes\admin-notices.inc.php:73)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Attack Surface

Entry Points24
Unprotected5

AJAX Handlers 5

authwp_ajax_ws_plugin__s2member_update_roles_via_ajaxsrc\includes\hooks.inc.php:197
authwp_ajax_ws_plugin__s2member_sp_access_link_via_ajaxsrc\includes\hooks.inc.php:199
authwp_ajax_ws_plugin__s2member_reg_access_link_via_ajaxsrc\includes\hooks.inc.php:200
authwp_ajax_ws_plugin__s2member_delete_reset_all_ip_restrictions_via_ajaxsrc\includes\hooks.inc.php:202
authwp_ajax_ws_plugin__s2member_delete_reset_specific_ip_restrictions_via_ajaxsrc\includes\hooks.inc.php:203

Shortcodes 19

[s2Key] src\includes\codes.inc.php:23
[s2Get] src\includes\codes.inc.php:24
[s2Eot] src\includes\codes.inc.php:25
[s2File] src\includes\codes.inc.php:26
[s2Stream] src\includes\codes.inc.php:27
[s2If] src\includes\codes.inc.php:29
[_s2If] src\includes\codes.inc.php:30
[__s2If] src\includes\codes.inc.php:31
[___s2If] src\includes\codes.inc.php:32
[____s2If] src\includes\codes.inc.php:33
[_____s2If] src\includes\codes.inc.php:34
[______s2If] src\includes\codes.inc.php:35
[_______s2If] src\includes\codes.inc.php:36
[________s2If] src\includes\codes.inc.php:37
[_________s2If] src\includes\codes.inc.php:38
[__________s2If] src\includes\codes.inc.php:39
[s2Member-Profile] src\includes\codes.inc.php:41
[s2Member-PayPal-Button] src\includes\codes.inc.php:42
[s2Member-Security-Badge] src\includes\codes.inc.php:43
WordPress Hooks 169
actionall_admin_noticess2member.php:177
actionall_admin_noticess2member.php:183
actionadmin_inits2member.php:193
actionadmin_noticess2member.php:204
filterwp_mail_fromsrc\includes\classes\email-configs.inc.php:45
filterwp_mail_from_namesrc\includes\classes\email-configs.inc.php:46
filterws_plugin__s2member_check_file_download_access_usersrc\includes\classes\files-in.inc.php:132
filtergettext_with_contextsrc\includes\classes\labels.inc.php:46
filterlogin_redirectsrc\includes\classes\login-redirects-r.inc.php:94
filterlogin_redirectsrc\includes\classes\login-redirects-r.inc.php:95
filterplugin_action_linkssrc\includes\classes\menu-pages.inc.php:142
filterwp_headerssrc\includes\classes\no-cache.inc.php:67
filterws_plugin__s2member_no_cache_headers_selectivesrc\includes\classes\no-cache.inc.php:71
actionwpsrc\includes\classes\no-cache.inc.php:74
filterws_plugin__s2member_no_cache_headers_selectivesrc\includes\classes\no-cache.inc.php:79
filtercomment_feed_wheresrc\includes\classes\querys.inc.php:122
filterwp_get_nav_menu_itemssrc\includes\classes\querys.inc.php:126
filterredirect_canonicalsrc\includes\classes\ssl-in.inc.php:74
filterhome_urlsrc\includes\classes\ssl-in.inc.php:81
filternetwork_home_urlsrc\includes\classes\ssl-in.inc.php:82
filtersite_urlsrc\includes\classes\ssl-in.inc.php:85
filternetwork_site_urlsrc\includes\classes\ssl-in.inc.php:86
filterplugins_urlsrc\includes\classes\ssl-in.inc.php:91
filtercontent_urlsrc\includes\classes\ssl-in.inc.php:92
filterincludes_urlsrc\includes\classes\ssl-in.inc.php:93
filtergettextsrc\includes\classes\translations.inc.php:48
filteruser_has_capsrc\includes\classes\user-securities.inc.php:45
filteruse_curl_transportsrc\includes\classes\utils-urls.inc.php:220
actionpre_get_postssrc\includes\functions\api-functions.inc.php:1803
actionpre_get_postssrc\includes\functions\api-functions.inc.php:1849
filterwpmu_welcome_user_notificationsrc\includes\functions\pluggables.inc.php:84
actioninitsrc\includes\hooks.inc.php:25
actionset_current_usersrc\includes\hooks.inc.php:27
actioninitsrc\includes\hooks.inc.php:29
actioninitsrc\includes\hooks.inc.php:30
actioninitsrc\includes\hooks.inc.php:31
actioninitsrc\includes\hooks.inc.php:34
actioninitsrc\includes\hooks.inc.php:36
actioninitsrc\includes\hooks.inc.php:37
actioninitsrc\includes\hooks.inc.php:38
actioninitsrc\includes\hooks.inc.php:39
actioninitsrc\includes\hooks.inc.php:40
actioninitsrc\includes\hooks.inc.php:41
actioninitsrc\includes\hooks.inc.php:42
actioninitsrc\includes\hooks.inc.php:43
actioninitsrc\includes\hooks.inc.php:44
actioninitsrc\includes\hooks.inc.php:46
actioninitsrc\includes\hooks.inc.php:47
actioninitsrc\includes\hooks.inc.php:48
actioninitsrc\includes\hooks.inc.php:50
actioninitsrc\includes\hooks.inc.php:52
actioninitsrc\includes\hooks.inc.php:53
actioninitsrc\includes\hooks.inc.php:54
actioninitsrc\includes\hooks.inc.php:55
actioninitsrc\includes\hooks.inc.php:56
actioninitsrc\includes\hooks.inc.php:58
actioninitsrc\includes\hooks.inc.php:60
actioninitsrc\includes\hooks.inc.php:62
actionadmin_initsrc\includes\hooks.inc.php:64
actionadmin_initsrc\includes\hooks.inc.php:65
filterbbp_has_replies_querysrc\includes\hooks.inc.php:67
actionpre_get_postssrc\includes\hooks.inc.php:68
filterwp_list_pages_excludessrc\includes\hooks.inc.php:69
actionwpsrc\includes\hooks.inc.php:71
actionwpsrc\includes\hooks.inc.php:72
filterrest_pre_dispatchsrc\includes\hooks.inc.php:74
filterwp_mailsrc\includes\hooks.inc.php:76
filterwidget_textsrc\includes\hooks.inc.php:78
actionwp_print_stylessrc\includes\hooks.inc.php:80
actionwp_print_scriptssrc\includes\hooks.inc.php:81
filterscript_loader_tagsrc\includes\hooks.inc.php:82
actionwp_login_failedsrc\includes\hooks.inc.php:84
filterauthenticatesrc\includes\hooks.inc.php:85
filterwp_authenticate_usersrc\includes\hooks.inc.php:87
filterwp_authenticate_usersrc\includes\hooks.inc.php:88
actionwp_loginsrc\includes\hooks.inc.php:89
actionclear_auth_cookiesrc\includes\hooks.inc.php:90
actiondelete_usersrc\includes\hooks.inc.php:92
actionwpmu_delete_usersrc\includes\hooks.inc.php:93
actionremove_user_from_blogsrc\includes\hooks.inc.php:94
filterenable_edit_any_user_configurationsrc\includes\hooks.inc.php:96
filterpre_option_default_rolesrc\includes\hooks.inc.php:98
filterpre_site_option_default_user_rolesrc\includes\hooks.inc.php:99
filterpre_site_option_add_new_userssrc\includes\hooks.inc.php:100
filterpre_site_option_dashboard_blogsrc\includes\hooks.inc.php:101
filterpre_option_users_can_registersrc\includes\hooks.inc.php:102
filterpre_site_option_registrationsrc\includes\hooks.inc.php:103
filterbp_core_get_root_optionssrc\includes\hooks.inc.php:104
filterbp_core_get_site_optionssrc\includes\hooks.inc.php:105
filterrandom_passwordsrc\includes\hooks.inc.php:107
actionuser_registersrc\includes\hooks.inc.php:108
actionregister_formsrc\includes\hooks.inc.php:109
filterregistration_errorssrc\includes\hooks.inc.php:110
filtersend_password_change_emailsrc\includes\hooks.inc.php:111
filteradd_signup_metasrc\includes\hooks.inc.php:113
filterbp_signup_usermetasrc\includes\hooks.inc.php:114
filterbp_core_activated_usersrc\includes\hooks.inc.php:115
filterwpmu_validate_user_signupsrc\includes\hooks.inc.php:116
actionsignup_hidden_fieldssrc\includes\hooks.inc.php:117
filterregistration_errorssrc\includes\hooks.inc.php:118
filterwpmu_signup_user_notification_emailsrc\includes\hooks.inc.php:119
filter_wpmu_activate_existing_error_src\includes\hooks.inc.php:120
actionwpmu_activate_usersrc\includes\hooks.inc.php:121
actionwpmu_activate_blogsrc\includes\hooks.inc.php:122
actionsignup_extra_fieldssrc\includes\hooks.inc.php:123
actionplugins_loadedsrc\includes\hooks.inc.php:125
actionbp_after_signup_profile_fieldssrc\includes\hooks.inc.php:127
actionbp_signup_validatesrc\includes\hooks.inc.php:128
actionbp_after_profile_field_contentsrc\includes\hooks.inc.php:129
actionbp_profile_field_itemsrc\includes\hooks.inc.php:130
actionxprofile_updated_profilesrc\includes\hooks.inc.php:131
actionwp_loginsrc\includes\hooks.inc.php:133
actionlogin_headsrc\includes\hooks.inc.php:134
filterlogin_headerurlsrc\includes\hooks.inc.php:135
filterlogin_headertextsrc\includes\hooks.inc.php:136
actionlogin_footersrc\includes\hooks.inc.php:137
filterlostpassword_urlsrc\includes\hooks.inc.php:138
actionlogin_footersrc\includes\hooks.inc.php:140
actionwp_footersrc\includes\hooks.inc.php:141
actionlogin_footersrc\includes\hooks.inc.php:143
actionwp_footersrc\includes\hooks.inc.php:144
actionlogin_footersrc\includes\hooks.inc.php:146
actionwp_footersrc\includes\hooks.inc.php:147
actionlogin_footersrc\includes\hooks.inc.php:149
actionwp_footersrc\includes\hooks.inc.php:150
actionwp_footersrc\includes\hooks.inc.php:152
actionadmin_initsrc\includes\hooks.inc.php:154
actionadmin_initsrc\includes\hooks.inc.php:155
actionload-settings.phpsrc\includes\hooks.inc.php:157
actionload-options-general.phpsrc\includes\hooks.inc.php:158
actionload-options-reading.phpsrc\includes\hooks.inc.php:159
actionload-user-new.phpsrc\includes\hooks.inc.php:160
actionadd_meta_boxessrc\includes\hooks.inc.php:162
actionsave_postsrc\includes\hooks.inc.php:163
actionadmin_menusrc\includes\hooks.inc.php:164
actionnetwork_admin_menusrc\includes\hooks.inc.php:165
actionadmin_bar_menusrc\includes\hooks.inc.php:166
actionadmin_print_scriptssrc\includes\hooks.inc.php:167
actionadmin_print_stylessrc\includes\hooks.inc.php:168
actionadmin_menusrc\includes\hooks.inc.php:169
actionadmin_noticessrc\includes\hooks.inc.php:171
actionuser_admin_noticessrc\includes\hooks.inc.php:172
actionnetwork_admin_noticessrc\includes\hooks.inc.php:173
actionpre_user_querysrc\includes\hooks.inc.php:175
filtermanage_users_columnssrc\includes\hooks.inc.php:176
filtermanage_users_custom_columnsrc\includes\hooks.inc.php:177
filtermanage_users_sortable_columnssrc\includes\hooks.inc.php:178
filterpre_user_querysrc\includes\hooks.inc.php:179
actionedit_user_profilesrc\includes\hooks.inc.php:180
actionshow_user_profilesrc\includes\hooks.inc.php:181
actionedit_user_profile_updatesrc\includes\hooks.inc.php:182
actionpersonal_options_updatesrc\includes\hooks.inc.php:183
actionset_user_rolesrc\includes\hooks.inc.php:184
filtershow_password_fieldssrc\includes\hooks.inc.php:185
actionadd_user_metasrc\includes\hooks.inc.php:187
actionupdate_user_metasrc\includes\hooks.inc.php:188
actionadded_user_metasrc\includes\hooks.inc.php:190
actionupdated_user_metasrc\includes\hooks.inc.php:191
actiondeleted_user_metasrc\includes\hooks.inc.php:192
filtercron_schedulessrc\includes\hooks.inc.php:194
actionws_plugin__s2member_auto_eot_system__schedulesrc\includes\hooks.inc.php:195
actionws_plugin__s2member_during_collective_modssrc\includes\hooks.inc.php:205
actionws_plugin__s2member_during_collective_eotssrc\includes\hooks.inc.php:206
filterws_plugin__s2member_content_redirect_statussrc\includes\hooks.inc.php:208
filterbbp_get_caps_for_rolesrc\includes\hooks.inc.php:210
actionbbp_activationsrc\includes\hooks.inc.php:211
actionhttp_api_debugsrc\includes\hooks.inc.php:213
actionplugins_loadedsrc\includes\hooks.inc.php:215
actioninitsrc\includes\syscon.inc.php:675

Scheduled Events 1

ws_plugin__s2member_auto_eot_system__schedule
Maintenance & Trust

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 10, 2026
PHP min version5.6.2
Downloads1.6M

Community Trust

Rating82/100
Number of ratings233
Active installs9K
Alternatives

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

A
97

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 36 CVEs
Simple Membership

Simple Membership

simple-membership

B
82

Simple membership plugin adds membership functionality to your site. Protect members only content using content protection easily.

40K 26 CVEs
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

B
82

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 17 CVEs
Restrict User Access – Ultimate Membership & Content Protection

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

A
99

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs
Developer Profile

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions Developer Profile

Cristián Lávaque

3 plugins · 29K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
380 days
View full developer profile
Detection Fingerprints

How We Detect s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/s2member/src/css//wp-content/plugins/s2member/src/js/
Script Paths
/wp-content/plugins/s2member/src/js/s2member-global.js/wp-content/plugins/s2member/src/js/s2member-admin.js/wp-content/plugins/s2member/src/js/s2member-frontend.js
Version Parameters
s2member/style.css?ver=s2member-global.js?ver=s2member-admin.js?ver=s2member-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
s2member-level-accesss2member-account-pages2member-login-forms2member-register-forms2member-password-reset-forms2member-protected-content
HTML Comments
<!-- s2Member v2.6.0+ -><!-- s2Member v2.6.0- Pro --><!-- s2Member v2.6.0- Framework --><!-- s2Member v2.6.0+ Membership Options -->+2 more
Data Attributes
data-s2member-formdata-s2member-logindata-s2member-registerdata-s2member-password-resetdata-s2member-protected
JS Globals
window.s2member_configvar s2member_ajax_urlvar s2member_noncevar s2member_is_logged_invar s2member_user_levelvar s2member_payment_gateway
REST Endpoints
/wp-json/s2member/v1/account/wp-json/s2member/v1/registration/wp-json/s2member/v1/login
Shortcode Output
[s2member_account][s2member_login][s2member_register][s2member_password_reset]
FAQ

Frequently Asked Questions about s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions