Does Ultimate Member – Terms & Conditions have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultimate Member – Terms & Conditions have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Member – Terms & Conditions compatible with WordPress 6.7.5?

According to WordPress.org data, Ultimate Member – Terms & Conditions 2.2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Ultimate Member – Terms & Conditions compatible with PHP 5.6+?

Ultimate Member – Terms & Conditions requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultimate Member – Terms & Conditions updated?

Ultimate Member – Terms & Conditions was last updated on Feb 18, 2025. Frequent updates are generally a positive security signal.

What is Ultimate Member – Terms & Conditions's security score?

Ultimate Member – Terms & Conditions has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Member – Terms & Conditions Security & Risk Analysis

wordpress.org/plugins/um-terms-conditions

Add a terms and condition checkbox to your registration forms & require users to agree to your T&Cs before registering on your site.

5K active installs v2.2.0 PHP 5.6+ WP 5.5+ Updated Feb 18, 2025

communitymembermembershipuser-profile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Member – Terms & Conditions Safe to Use in 2026?

Generally Safe

Score 92/100

Ultimate Member – Terms & Conditions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The plugin 'um-terms-conditions' v2.2.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities, including critical or high severity ones, along with a history of no past issues, is a significant positive indicator. The code also demonstrates good security practices such as a high percentage of prepared SQL statements and properly escaped output, along with the presence of nonce and capability checks on its entry points. The limited attack surface, consisting solely of two AJAX handlers with apparent authentication, further contributes to its secure profile.

However, a complete absence of taint analysis results, indicating zero flows were analyzed, leaves a gap in understanding potential complex vulnerabilities that might not be caught by simple function or variable checks. While the static analysis reports no directly identifiable dangerous functions or file operations, the lack of taint analysis means there's no assurance against vulnerabilities like cross-site scripting (XSS) or insecure deserialization if they exist in more complex code paths. The presence of two AJAX handlers, even with assumed authentication, represents potential entry points that warrant close monitoring.

Overall, the plugin appears to be developed with security in mind, as evidenced by its clean vulnerability history and many good coding practices. The primary area for caution is the lack of detailed taint analysis, which is a potential blind spot. Given the absence of known vulnerabilities and the strong static analysis results in most areas, the risk is currently assessed as low, but further deeper analysis, particularly regarding taint flows, would be beneficial for a comprehensive understanding of its security.

Key Concerns

No taint flows analyzed

Vulnerabilities

None known

Ultimate Member – Terms & Conditions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Ultimate Member – Terms & Conditions Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared9 total queries

Output Escaping

89% escaped36 total outputs

Attack Surface

Ultimate Member – Terms & Conditions Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_terms_conditions_agreement_emailincludes\admin\class-dashboard.php:50

authwp_ajax_terms_conditions_agreement_email_stopincludes\admin\class-dashboard.php:51

WordPress Hooks 31

actionadmin_menuincludes\admin\class-dashboard.php:45

actionum_admin_do_action__terms_conditions_agreement_emailincludes\admin\class-dashboard.php:46

actionum_admin_do_action__terms_conditions_resetincludes\admin\class-dashboard.php:47

actionload-toplevel_page_ultimatememberincludes\admin\class-dashboard.php:240

filterum_email_notificationsincludes\admin\class-email.php:24

filterum_admin_settings_email_section_fieldsincludes\admin\class-email.php:25

filterum_email_templates_path_by_slugincludes\admin\class-email.php:26

filterum_settings_structureincludes\admin\class-settings.php:24

filterum_settings_mapincludes\admin\class-settings.php:25

actionadmin_enqueue_scriptsincludes\admin\class-terms-conditions-admin.php:20

actionum_admin_custom_register_metaboxesincludes\admin\class-terms-conditions-admin.php:21

filterum_override_templates_scan_filesincludes\admin\class-terms-conditions-admin.php:22

filterum_override_templates_get_template_path__um-terms-conditionsincludes\admin\class-terms-conditions-admin.php:23

actionum_after_user_account_updatedincludes\core\class-account.php:30

actionum_submit_account_terms-conditions_tab_errors_hookincludes\core\class-account.php:31

filterum_account_page_default_tabs_hookincludes\core\class-account.php:32

filterum_account_content_hook_terms-conditionsincludes\core\class-account.php:33

filterum_custom_success_message_handlerincludes\core\class-account.php:34

actionwp_enqueue_scriptsincludes\core\class-terms-conditions-public.php:20

actionum_after_form_fieldsincludes\core\class-terms-conditions-public.php:21

actionum_submit_form_registerincludes\core\class-terms-conditions-public.php:23

filterum_whitelisted_metakeysincludes\core\class-terms-conditions-public.php:24

filterum_before_save_filter_submittedincludes\core\class-terms-conditions-public.php:26

filterum_email_registration_dataincludes\core\class-terms-conditions-public.php:27

filterum_call_object_Terms_Conditionsincludes\core\um-terms-conditions-init.php:38

actionplugins_loadedincludes\core\um-terms-conditions-init.php:149

actionplugins_loadedum-terms-conditions.php:40

actionplugins_loadedum-terms-conditions.php:42

actionadmin_noticesum-terms-conditions.php:53

actionadmin_noticesum-terms-conditions.php:70

actionadmin_noticesum-terms-conditions.php:78

Maintenance & Trust

Ultimate Member – Terms & Conditions Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 18, 2025

PHP min version5.6

Downloads88K

Community Trust

Rating100/100

Number of ratings1

Active installs5K

Alternatives

Ultimate Member – Terms & Conditions Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 68 CVEs

Ultimate Member – reCAPTCHA

um-recaptcha

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs

WP User Manager – User Profile Builder & Membership

wp-user-manager

The most customizable profiles & community builder WordPress plugin with front-end login, registration, profile customization and content restriction.

10K 7 CVEs

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, …

6K 48 CVEs

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

Developer Profile

Ultimate Member – Terms & Conditions Developer Profile

Mykyta Synelnikov

5 plugins · 29K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Member – Terms & Conditions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/um-terms-conditions/admin/css/dashboard.css/wp-content/plugins/um-terms-conditions/admin/js/dashboard.js

Script Paths

/wp-content/plugins/um-terms-conditions/admin/js/dashboard.js

Version Parameters

um-terms-conditions/admin/css/dashboard.css?ver=um-terms-conditions/admin/js/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

um-tc-formum-tc-noticeum-tc-notice-errorum-tc-notice-successum_tooltipum-tc-progress-barum-tc-progress-bar-done

HTML Comments

+10 more

Data Attributes

data-um_ext_name="um-terms-conditions"data-um_ext_version="2.2.0"title="This tool removes information about Terms & Conditions agreement for members with selected role(s)."

title="This tool sends the `Terms & Conditions - Agreement request` email for members with selected role(s) who have not confirmed terms and conditions yet."

id="tcae_role"id="tcae_start"+1 more

JS Globals

um_terms_conditions_agreement_email

FAQ