WP-Safety

Unilevel MLM Plan Security & Risk Analysis

wordpress.org/plugins/unilevel-mlm-plan

Unilevel MLM Plan software has been design to help customers to make the high profit gain based on level.

10 active installs v2.1 PHP 8.0+ WP 6.1+ Updated Dec 8, 2025
genealogymlmnetworkunilevel-mlm-planunilevel-network
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Unilevel MLM Plan Safe to Use in 2026?

Generally Safe

Score 99/100

Unilevel MLM Plan has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 3mo ago
Risk Assessment

The 'unilevel-mlm-plan' v2.1 plugin presents a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and a reasonable rate of output escaping, significant concerns arise from its attack surface. All 14 identified AJAX handlers lack authentication checks, creating a large entry point for potential unauthorized actions. Furthermore, the taint analysis reveals 5 flows with unsanitized paths, and all of these are classified as high severity, indicating a tangible risk of vulnerabilities like Cross-Site Scripting (XSS) or other forms of injection if user-supplied data is not properly handled before being processed or displayed. The plugin's vulnerability history, featuring a medium-severity CVE related to XSS, reinforces these concerns, suggesting a pattern where input sanitization has been a past weakness. Although the current CVE is patched, the presence of high-severity taint flows without corresponding capability checks on AJAX handlers is a critical area of immediate concern. The lack of capability checks on the AJAX handlers is a significant oversight.

Key Concerns

  • 14 unprotected AJAX handlers
  • 5 high severity unsanitized taint flows
  • No capability checks on AJAX handlers
  • Medium severity CVE history (XSS)
  • 79% output escaping (not 100%)
Vulnerabilities
1

Unilevel MLM Plan Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12324medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page'

Jan 6, 2025 Patched in 2.0.0 (318d)
Code Analysis
Analyzed Mar 16, 2026

Unilevel MLM Plan Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
110 prepared
Unescaped Output
40
154 escaped
Nonce Checks
17
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

90% prepared122 total queries

Output Escaping

79% escaped194 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
<create-first-user> (includes\admin\settings\view\create-first-user.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Unilevel MLM Plan Attack Surface

Entry Points14
Unprotected14

AJAX Handlers 14

authwp_ajax_ump_user_registerincludes\ump-hooks.php:7
noprivwp_ajax_ump_user_registerincludes\ump-hooks.php:8
authwp_ajax_ump_username_existincludes\ump-hooks.php:10
noprivwp_ajax_ump_username_existincludes\ump-hooks.php:11
authwp_ajax_ump_email_existincludes\ump-hooks.php:13
noprivwp_ajax_ump_email_existincludes\ump-hooks.php:14
authwp_ajax_ump_epin_existincludes\ump-hooks.php:16
noprivwp_ajax_ump_epin_existincludes\ump-hooks.php:17
authwp_ajax_ump_password_validationincludes\ump-hooks.php:19
noprivwp_ajax_ump_password_validationincludes\ump-hooks.php:20
authwp_ajax_ump_sponsor_existincludes\ump-hooks.php:22
noprivwp_ajax_ump_sponsor_existincludes\ump-hooks.php:23
authwp_ajax_update_payment_status_umpincludes\ump-hooks.php:27
noprivwp_ajax_update_payment_status_umpincludes\ump-hooks.php:28
WordPress Hooks 13
actionadmin_menuincludes\admin\class-ump-admin-menus.php:15
actioninitincludes\admin\class-ump-admin.php:13
filterpage_templateincludes\catalog\class-ump-templates.php:6
actionwp_enqueue_scriptsincludes\catalog\class-ump-templates.php:11
actionwp_enqueue_scriptsincludes\catalog\class-ump-templates.php:15
actioninitincludes\class-ump.php:67
actioninitincludes\class-ump.php:68
actionadmin_enqueue_scriptsincludes\class-ump.php:81
actionump_user_check_validateincludes\ump-hooks.php:25
filtermanage_users_columnsincludes\ump-hooks.php:30
actionmanage_users_custom_columnincludes\ump-hooks.php:31
actionmanage_users_columnsincludes\ump-hooks.php:32
actionwp_headincludes\ump-hooks.php:34
Maintenance & Trust

Unilevel MLM Plan Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version8.0
Downloads10K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Unilevel MLM Plan Alternatives

Binary MLM For WooCommerce

Binary MLM For WooCommerce

woo-binary-mlm

A
99

Binary MLM plugin for WooCommerce with advanced features to manage users, commissions, and eCommerce growth.

20 2 CVEs
MLM Soft Integration

MLM Soft Integration

mlm-soft-integration

A
100

Plugin integrates your Wordpress site with your instance of mlm-soft.com cloud platform.

10 No CVEs
BuddyPress

BuddyPress

buddypress

B
76

Get together safely, in your own way, in WordPress.

100K 24 CVEs
Simple Social Icons

Simple Social Icons

simple-social-icons

A
100

This plugin provides two ways to display social icons: a traditional widget (available on all WordPress versions) and block variations for the core So &hellip;

100K No CVEs
Lightweight Social Icons

Lightweight Social Icons

lightweight-social-icons

A
85

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs
Developer Profile

Unilevel MLM Plan Developer Profile

LETSCMS MLM Software

5 plugins · 80 total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
241 days
View full developer profile
Detection Fingerprints

How We Detect Unilevel MLM Plan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/unilevel-mlm-plan/assets/css/bootstrap.css/wp-content/plugins/unilevel-mlm-plan/assets/css/ump.css/wp-content/plugins/unilevel-mlm-plan/assets/js/main.js/wp-content/plugins/unilevel-mlm-plan/assets/js/chart.js/wp-content/plugins/unilevel-mlm-plan/assets/js/bootstrap.min.js/wp-content/plugins/unilevel-mlm-plan/assets/js/bootstrap.bundle.min.js/wp-content/plugins/unilevel-mlm-plan/assets/css/admin.css/wp-content/plugins/unilevel-mlm-plan/assets/js/admin.js
Script Paths
/wp-content/plugins/unilevel-mlm-plan/assets/js/main.js/wp-content/plugins/unilevel-mlm-plan/assets/js/chart.js/wp-content/plugins/unilevel-mlm-plan/assets/js/bootstrap.min.js/wp-content/plugins/unilevel-mlm-plan/assets/js/bootstrap.bundle.min.js/wp-content/plugins/unilevel-mlm-plan/assets/js/admin.js
Version Parameters
unilevel-mlm-plan/assets/css/bootstrap.css?ver=unilevel-mlm-plan/assets/css/ump.css?ver=unilevel-mlm-plan/assets/js/main.js?ver=unilevel-mlm-plan/assets/js/chart.js?ver=1.0.0unilevel-mlm-plan/assets/js/bootstrap.min.js?ver=unilevel-mlm-plan/assets/js/bootstrap.bundle.min.js?ver=unilevel-mlm-plan/assets/css/admin.css?ver=unilevel-mlm-plan/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ump-register-formump-downlines-wrapper
Data Attributes
data-ump-user-id
JS Globals
ump_ajax_obj
REST Endpoints
/wp-json/ump/v1/register/wp-json/ump/v1/check-username/wp-json/ump/v1/check-email/wp-json/ump/v1/check-epin
Shortcode Output
[ump_register_form][ump_downlines]
FAQ

Frequently Asked Questions about Unilevel MLM Plan