Does Subscription System have any unpatched vulnerabilities?

No. All known vulnerabilities in Subscription System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subscription System compatible with WordPress 6.8.5?

According to WordPress.org data, Subscription System 1.0.14 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Subscription System compatible with PHP 7.4+?

Subscription System requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Subscription System updated?

Subscription System was last updated on Feb 17, 2026. Frequent updates are generally a positive security signal.

What is Subscription System's security score?

Subscription System has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subscription System Security Review

Safety Verdict

Is Subscription System Safe to Use in 2026?

Generally Safe

Score 100/100

Subscription System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "subscription-system" plugin v1.0.14 presents a mixed security posture. While the absence of any known CVEs and a good number of nonce and capability checks are positive indicators, several areas raise concerns. The static analysis reveals a significant attack surface with 18 unprotected entry points, specifically 16 AJAX handlers and 2 REST API routes lacking authentication or permission checks. Furthermore, the taint analysis identified 14 high-severity flows with unsanitized paths, indicating potential for serious vulnerabilities despite the absence of 'critical' findings. The moderate use of prepared statements and output escaping suggests room for improvement in data handling practices. The vulnerability history being completely clear is a strength, implying a history of stable code, but this should not overshadow the immediate risks identified in the current static analysis.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
High severity unsanitized taint flows
SQL queries not using prepared statements
Output not properly escaped

Vulnerabilities

None known

Subscription System Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Subscription System Code Analysis

Dangerous Functions

0

Raw SQL Queries

85

177 prepared

Unescaped Output

385

1461 escaped

Nonce Checks

65

Capability Checks

26

File Operations

7

External Requests

3

Bundled Libraries

1

Bundled Libraries

Stripe PHP

SQL Query Safety

68% prepared262 total queries

Output Escaping

79% escaped1846 total outputs

Data Flows

14 unsanitized

Data Flow Analysis

25 flows14 with unsanitized paths

ajax_sync_plan_with_stripe (admin\class-subs-sys-admin.php:2272)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

18 unprotected

Subscription System Attack Surface

Entry Points76

Unprotected18

AJAX Handlers 64

authwp_ajax_sync_plan_with_stripeadmin\class-subs-sys-admin.php:1367

authwp_ajax_test_stripe_connectionadmin\class-subs-sys-admin.php:1368

authwp_ajax_install_stripe_sdkadmin\class-subs-sys-admin.php:1369

authwp_ajax_check_stripe_api_keyadmin\class-subs-sys-admin.php:1370

authwp_ajax_manage_subscriptionadmin\class-subs-sys-admin.php:1371

authwp_ajax_download_subscription_logadmin\class-subs-sys-admin.php:1372

authwp_ajax_get_work_items_by_channeladmin\class-subs-sys-admin.php:1373

authwp_ajax_subscription_actionadmin\class-subs-sys-admin.php:1699

noprivwp_ajax_subscription_actionadmin\class-subs-sys-admin.php:1700

authwp_ajax_process_subscription_paymentincludes\class-subs-sys-ajax.php:36

noprivwp_ajax_process_subscription_paymentincludes\class-subs-sys-ajax.php:37

authwp_ajax_complete_subscription_paymentincludes\class-subs-sys-ajax.php:38

noprivwp_ajax_complete_subscription_paymentincludes\class-subs-sys-ajax.php:39

authwp_ajax_cancel_subscriptionincludes\class-subs-sys-ajax.php:40

authwp_ajax_test_ajaxincludes\class-subs-sys-ajax.php:41

noprivwp_ajax_test_ajaxincludes\class-subs-sys-ajax.php:42

authwp_ajax_test_stripe_connectionincludes\class-subs-sys-ajax.php:43

noprivwp_ajax_test_stripe_connectionincludes\class-subs-sys-ajax.php:44

authwp_ajax_check_session_statusincludes\class-subs-sys-ajax.php:45

noprivwp_ajax_check_session_statusincludes\class-subs-sys-ajax.php:46

authwp_ajax_create_checkout_sessionincludes\class-subs-sys-ajax.php:47

noprivwp_ajax_create_checkout_sessionincludes\class-subs-sys-ajax.php:48

authwp_ajax_get_order_detailsincludes\class-subs-sys-ajax.php:49

authwp_ajax_get_admin_order_detailsincludes\class-subs-sys-ajax.php:50

authwp_ajax_update_order_statusincludes\class-subs-sys-ajax.php:51

authwp_ajax_test_create_subscriptionincludes\class-subs-sys-ajax.php:52

noprivwp_ajax_test_create_subscriptionincludes\class-subs-sys-ajax.php:53

authwp_ajax_test_db_connectionincludes\class-subs-sys-ajax.php:54

noprivwp_ajax_test_db_connectionincludes\class-subs-sys-ajax.php:55

authwp_ajax_pause_subscriptionincludes\class-subs-sys-ajax.php:56

noprivwp_ajax_pause_subscriptionincludes\class-subs-sys-ajax.php:57

authwp_ajax_resume_subscriptionincludes\class-subs-sys-ajax.php:58

noprivwp_ajax_resume_subscriptionincludes\class-subs-sys-ajax.php:59

authwp_ajax_update_billing_infoincludes\class-subs-sys-ajax.php:60

authwp_ajax_create_direct_checkoutincludes\class-subs-sys-ajax.php:61

authwp_ajax_handle_webhook_eventincludes\class-subs-sys-ajax.php:62

authwp_ajax_test_direct_subscriptionincludes\class-subs-sys-ajax.php:63

authwp_ajax_test_db_structureincludes\class-subs-sys-ajax.php:64

authwp_ajax_test_webhook_processingincludes\class-subs-sys-ajax.php:65

authwp_ajax_check_user_subscriptionincludes\class-subs-sys-ajax.php:66

authwp_ajax_get_content_optionsincludes\class-subs-sys-ajax.php:67

authwp_ajax_subscribe_to_content_planincludes\class-subs-sys-ajax.php:68

noprivwp_ajax_subscribe_to_content_planincludes\class-subs-sys-ajax.php:69

authwp_ajax_process_content_subscription_paymentincludes\class-subs-sys-ajax.php:70

authwp_ajax_unsubscribe_from_content_planincludes\class-subs-sys-ajax.php:71

authwp_ajax_test_content_ajaxincludes\class-subs-sys-ajax.php:72

noprivwp_ajax_subs_sys_forgot_passwordincludes\class-subs-sys-shortcodes.php:60

noprivwp_ajax_subs_sys_reset_passwordincludes\class-subs-sys-shortcodes.php:61

authwp_ajax_subs_sys_update_profileincludes\class-subs-sys-shortcodes.php:64

authwp_ajax_update_billing_infoincludes\class-subs-sys-shortcodes.php:65

authwp_ajax_subs_sys_update_avatarincludes\class-subs-sys-shortcodes.php:66

authwp_ajax_test_smtp_connectionincludes\class-subs-sys-smtp.php:45

authwp_ajax_subscription_actionincludes\class-subs-sys.php:227

noprivwp_ajax_subscription_actionincludes\class-subs-sys.php:228

authwp_ajax_test_stripe_connectionincludes\class-subs-sys.php:234

authwp_ajax_install_stripe_sdkincludes\class-subs-sys.php:235

authwp_ajax_sync_plan_with_stripeincludes\class-subs-sys.php:236

authwp_ajax_check_stripe_api_keyincludes\class-subs-sys.php:237

authwp_ajax_ss_subscribeincludes\class-subs-sys.php:258

noprivwp_ajax_ss_subscribeincludes\class-subs-sys.php:259

noprivwp_ajax_subs_sys_registerincludes\class-subs-sys.php:265

noprivwp_ajax_subs_sys_loginincludes\class-subs-sys.php:266

authwp_ajax_get_work_items_by_channelpublic\class-subs-sys-public.php:400

authwp_ajax_add_user_work_logpublic\class-subs-sys-public.php:401

REST API Routes 2

POST/wp-json/subscription-system/v1/webhookincludes\class-subs-sys-webhook.php:31

POST/wp-json/subscription-system/v1/webhookincludes\class-subs-sys-webhooks.php:31

Shortcodes 10

[subscriptionsystem_register] includes\class-subs-sys-shortcodes.php:48

[subscriptionsystem_login] includes\class-subs-sys-shortcodes.php:49

[subscriptionsystem_forgot_password] includes\class-subs-sys-shortcodes.php:50

[subscriptionsystem_account] includes\class-subs-sys-shortcodes.php:51

[pricing_plans] includes\class-subs-sys-shortcodes.php:52

[subscription_checkout] includes\class-subs-sys-shortcodes.php:53

[subscription_success] includes\class-subs-sys-shortcodes.php:54

[content_subscription_plans] includes\class-subs-sys-shortcodes.php:55

[content_subscription_checkout] includes\class-subs-sys-shortcodes.php:56

[content_subscription_success] includes\class-subs-sys-shortcodes.php:57

WordPress Hooks 37

actionadmin_initadmin\class-subs-sys-admin.php:55

actionadmin_menuadmin\class-subs-sys-admin.php:58

actionadmin_initadmin\class-subs-sys-admin.php:61

actionadmin_initadmin\class-subs-sys-admin.php:64

actionadmin_initadmin\class-subs-sys-admin.php:67

actionadmin_initadmin\class-subs-sys-admin.php:70

actionadmin_initadmin\class-subs-sys-admin.php:73

actionadmin_initadmin\class-subs-sys-admin.php:1696

actionadmin_bar_menuadmin\class-subs-sys-admin.php:1703

actionpublish_postincludes\class-subs-sys-content-manager.php:44

actionpublish_pageincludes\class-subs-sys-content-manager.php:45

actiontransition_post_statusincludes\class-subs-sys-content-manager.php:46

actioninitincludes\class-subs-sys-content-manager.php:49

actioninitincludes\class-subs-sys-db-updater.php:45

actionplugins_loadedincludes\class-subs-sys-db-updater.php:48

actionadmin_noticesincludes\class-subs-sys-db-updater.php:51

actionphpmailer_initincludes\class-subs-sys-smtp.php:39

filterwp_mail_fromincludes\class-subs-sys-smtp.php:40

filterwp_mail_from_nameincludes\class-subs-sys-smtp.php:41

actionrest_api_initincludes\class-subs-sys-webhook.php:24

actionrest_api_initincludes\class-subs-sys-webhooks.php:24

actionplugins_loadedincludes\class-subs-sys.php:203

actionadmin_enqueue_scriptsincludes\class-subs-sys.php:217

actionadmin_enqueue_scriptsincludes\class-subs-sys.php:218

actionadmin_initincludes\class-subs-sys.php:224

actionadmin_bar_menuincludes\class-subs-sys.php:231

actionwp_enqueue_scriptsincludes\class-subs-sys.php:251

actionwp_enqueue_scriptsincludes\class-subs-sys.php:252

actioninitincludes\class-subs-sys.php:255

actionafter_setup_themeincludes\class-subs-sys.php:269

actionadmin_initincludes\class-subs-sys.php:272

actionwp_footerpublic\class-subs-sys-public.php:51

actionwp_headpublic\class-subs-sys-public.php:52

actiontemplate_redirectpublic\class-subs-sys-public.php:53

actiontemplate_redirectpublic\class-subs-sys-public.php:54

actionwp_headpublic\class-subs-sys-public.php:55

actionplugins_loadedsubscription-system.php:344

Maintenance & Trust

Subscription System Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 17, 2026

PHP min version7.4

Downloads752

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Subscription System Alternatives

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B

76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 29 CVEs

Pie Register – User Registration, Profiles & Content Restriction

pie-register

D

40

Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more. Pie Register is a User Registration p …

2K 1 unpatched

Memberstack – Member Management & Content Protection

memberstack

A

100

Transform your WordPress site into a premium membership platform. Create members-only content and manage subscriptions with ease.

100 No CVEs

MyASP MemberShip

myasp-membership

A

100

Membership plugin for MyASP Users.

100 No CVEs

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B

76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 68 CVEs

Developer Profile

Subscription System Developer Profile

joeyoungblood

3 plugins · 90 total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

3404 days

View full developer profile

Detection Fingerprints

How We Detect Subscription System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscription-system/assets/css/admin.css/wp-content/plugins/subscription-system/assets/css/frontend.css/wp-content/plugins/subscription-system/assets/js/admin.js/wp-content/plugins/subscription-system/assets/js/frontend.js

Version Parameters

subscription-system/assets/css/admin.css?ver=subscription-system/assets/css/frontend.css?ver=subscription-system/assets/js/admin.js?ver=subscription-system/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

subs-sys-admin-pagesubs-sys-frontend-wrapsubs-sys-plan-listsubs-sys-subscription-form

Data Attributes

data-subs-sys-plan-iddata-subs-sys-user-id

JS Globals

subsSysAdminsubsSysFrontend

REST Endpoints

/wp-json/subs-sys/v1/plans/wp-json/subs-sys/v1/subscribe

Shortcode Output

[subscription_plans][subscribe_form][my_subscriptions]

FAQ

Subscription System Security & Risk Analysis

Is Subscription System Safe to Use in 2026?

Generally Safe

Key Concerns

Subscription System Security Vulnerabilities

Subscription System Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Subscription System Attack Surface

AJAX Handlers 64

REST API Routes 2

Shortcodes 10

Subscription System Maintenance & Trust

Maintenance Signals

Community Trust

Subscription System Alternatives

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

Pie Register – User Registration, Profiles & Content Restriction

Memberstack – Member Management & Content Protection

MyASP MemberShip

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Subscription System Developer Profile

How We Detect Subscription System

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Subscription System