Does Savvy Membership have any unpatched vulnerabilities?

No. All known vulnerabilities in Savvy Membership have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Savvy Membership compatible with WordPress 6.7.5?

According to WordPress.org data, Savvy Membership 1.3.27 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Savvy Membership compatible with PHP 7.4+?

Savvy Membership requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Savvy Membership updated?

Savvy Membership was last updated on Jul 7, 2025. Frequent updates are generally a positive security signal.

What is Savvy Membership's security score?

Savvy Membership has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Savvy Membership Security & Risk Analysis

wordpress.org/plugins/savvy-membership

A membership tool providing exclusive content, job/scholarship saving, and email marketing integration.

0 active installs v1.3.27 PHP 7.4+ WP 5.0+ Updated Jul 7, 2025

educationemail-marketingjobsmembership

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Savvy Membership Safe to Use in 2026?

Generally Safe

Score 100/100

Savvy Membership has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The savvy-membership plugin v1.3.27 presents a mixed security posture. On the positive side, it shows a strong adherence to secure coding practices with a high percentage of SQL queries using prepared statements and a good proportion of output being properly escaped. The absence of known CVEs and bundled libraries is also reassuring. However, several concerns arise from the static analysis. A notable portion of the attack surface, specifically 4 out of 9 AJAX handlers, lack authentication checks. This creates a potential entry point for unauthorized actions if these handlers are exploitable. Furthermore, the taint analysis revealed 4 high-severity flows with unsanitized paths, indicating a risk of data being processed without proper sanitization, which could lead to various vulnerabilities like cross-site scripting (XSS) or file inclusion if these flows are triggered by user-supplied input.

The vulnerability history is clean, with no recorded CVEs. While this is generally a positive indicator of the plugin's past security, it doesn't entirely negate the risks identified in the current code analysis. The lack of historical vulnerabilities might mean the plugin hasn't been a target or that previous vulnerabilities have been effectively addressed. The presence of 7 flows with unsanitized paths in the taint analysis, even with no critical severity, warrants attention. Coupled with the unprotected AJAX handlers, these findings suggest that while the plugin has strengths in its data handling for the most part, specific areas require immediate review and remediation to prevent potential exploitation.

Key Concerns

AJAX handlers without auth checks
High severity taint flows with unsanitized paths
Flows with unsanitized paths (not high/critical)

Vulnerabilities

None known

Savvy Membership Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Savvy Membership Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

111 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

94% prepared36 total queries

Output Escaping

82% escaped136 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

12 flows7 with unsanitized paths

render_savvy_register_member_page (includes\admin-management.php:384)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Savvy Membership Attack Surface

Entry Points15

Unprotected4

AJAX Handlers 9

authwp_ajax_savvy_delete_memberincludes\admin-management.php:379

authwp_ajax_savvy_toggle_favoriteincludes\favorites-system.php:120

noprivwp_ajax_savvy_toggle_favoriteincludes\favorites-system.php:121

authwp_ajax_savvy_logoutincludes\page-management.php:119

noprivwp_ajax_savvy_logoutincludes\page-management.php:120

authwp_ajax_savvy_register_emailincludes\registration_form.php:137

noprivwp_ajax_savvy_register_emailincludes\registration_form.php:138

authwp_ajax_savvy_save_reminderincludes\reminders-system.php:306

noprivwp_ajax_savvy_save_reminderincludes\reminders-system.php:307

Shortcodes 6

[savvymember_login_form] includes\login_form.php:204

[savvy_premium_posts] includes\shortcodes.php:104

[savvy_favorite_heart] includes\shortcodes.php:157

[savvy_reminder_button] includes\shortcodes.php:216

[savvy_display_favorites] includes\shortcodes.php:318

[savvy_newsletter] includes\shortcodes.php:386

WordPress Hooks 30

actionadmin_menuincludes\admin-management.php:56

actionadmin_menuincludes\admin-management.php:59

actionadmin_enqueue_scriptsincludes\admin-management.php:545

actioninitincludes\custom-post-types.php:57

actioninitincludes\custom-post-types.php:79

filtertemplate_includeincludes\custom-post-types.php:106

filterquery_varsincludes\custom-post-types.php:115

filterpost_type_linkincludes\custom-post-types.php:126

actionadmin_initincludes\custom-post-types.php:168

filteruser_has_capincludes\custom-post-types.php:188

actionwp_enqueue_scriptsincludes\favorites-system.php:142

actionwp_enqueue_scriptsincludes\favorites-system.php:150

actionwp_enqueue_scriptsincludes\frontend-assets.php:106

actionwp_enqueue_scriptsincludes\frontend-assets.php:119

actionwp_enqueue_scriptsincludes\frontend-assets.php:132

filterwp_nav_menu_itemsincludes\frontend-assets.php:156

actioninitincludes\page-management.php:71

actiontemplate_redirectincludes\page-management.php:125

actionwp_footerincludes\registration_form.php:134

actionwp_footerincludes\reminders-system.php:212

actionwp_enqueue_scriptsincludes\reminders-system.php:326

filtercron_schedulesincludes\reminders-system.php:338

actionsavvy_check_remindersincludes\reminders-system.php:350

actioninitincludes\user-roles.php:33

actionadmin_initincludes\user-roles.php:48

actionadmin_initincludes\user-roles.php:61

actioninitincludes\user-roles.php:98

actioninitincludes\user-roles.php:110

filtermap_meta_capincludes\user-roles.php:129

actionset_current_userincludes\user-roles.php:146

Scheduled Events 1

savvy_check_reminders

Maintenance & Trust

Savvy Membership Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 7, 2025

PHP min version7.4

Downloads492

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Savvy Membership Alternatives

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Recapture for Restrict Content Pro

recapture-for-restrict-content-pro

100

Recapture is the easiest and most effective way to recover abandoned carts and do email marketing for your Restrict Content Pro site in WordPress.

20 No CVEs

Emailchef Add On for Paid Memberships Pro

emailchef-add-on-for-pmp

100

Enhance your membership website's functionality with the Paid Memberships Pro plugin, and seamlessly subscribe WordPress users and members to you …

0 No CVEs

Omnisend for Paid Memberships Pro Add-On

omnisend-for-paid-memberships-pro-add-on

100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

0 No CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

Developer Profile

Savvy Membership Developer Profile

nalery

4 plugins · 0 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Savvy Membership

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/savvy-membership/assets/css/savvy-members-admin.css/wp-content/plugins/savvy-membership/assets/js/savvy-members-admin.js/wp-content/plugins/savvy-membership/assets/js/savvy-members-frontend.js/wp-content/plugins/savvy-membership/assets/css/savvy-members-frontend.css

Script Paths

/wp-content/plugins/savvy-membership/assets/js/savvy-members-admin.js/wp-content/plugins/savvy-membership/assets/js/savvy-members-frontend.js

Version Parameters

savvy-membership/assets/css/savvy-members-admin.css?ver=savvy-membership/assets/js/savvy-members-admin.js?ver=savvy-membership/assets/js/savvy-members-frontend.js?ver=savvy-membership/assets/css/savvy-members-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

savvy-dashboard-widgetssavvy-stats-gridsavvy-stat-cardsavvy-stat-numbersavvy-quick-actions

HTML Comments

+6 more

Data Attributes

data-savvy-membership-plugin-version

JS Globals

savvyVars

Shortcode Output

[savvy_premium_posts][custom_registration_form][savvy_my_account][savvy_display_favorites]

FAQ