Does Unlock Protocol have any unpatched vulnerabilities?

No. All known vulnerabilities in Unlock Protocol have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Unlock Protocol compatible with WordPress 5.9.13?

According to WordPress.org data, Unlock Protocol 4.0.2 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Unlock Protocol compatible with PHP 7.0+?

Unlock Protocol requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Unlock Protocol updated?

Unlock Protocol was last updated on Aug 1, 2023. Frequent updates are generally a positive security signal.

What is Unlock Protocol's security score?

Unlock Protocol has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Unlock Protocol Security & Risk Analysis

wordpress.org/plugins/unlock-protocol

This plugin lets authors add locks to their posts and pages so that only paying visitors can view their content.

70 active installs v4.0.2 PHP 7.0+ WP 5.1+ Updated Aug 1, 2023

ethereummembershipmonetizationpaywallunlock

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Unlock Protocol Safe to Use in 2026?

Generally Safe

Score 85/100

Unlock Protocol has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "unlock-protocol" v4.0.2 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin has a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, meaning there are no direct entry points for attackers to exploit. Furthermore, the code appears to follow good practices by using prepared statements for its single SQL query, performing capability checks, and utilizing a nonce check. The absence of known vulnerabilities, including critical or high-severity ones, and a clean vulnerability history further bolster its security profile. The plugin also demonstrates a good approach to output sanitization, with 72% of outputs being properly escaped, which helps mitigate cross-site scripting (XSS) risks.

Key Concerns

Output escaping not fully implemented
External HTTP requests present

Vulnerabilities

None known

Unlock Protocol Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Unlock Protocol Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

72% escaped46 total outputs

Attack Surface

Unlock Protocol Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actioninitinc\classes\blocks\class-unlock-box-block.php:45

actionrest_api_initinc\classes\class-api.php:40

actionwp_enqueue_scriptsinc\classes\class-assets.php:44

actionlogin_enqueue_scriptsinc\classes\class-assets.php:45

actionadmin_enqueue_scriptsinc\classes\class-assets.php:46

actionenqueue_block_editor_assetsinc\classes\class-blocks.php:42

actioninitinc\classes\class-fullpostpage.php:41

actionenqueue_block_editor_assetsinc\classes\class-fullpostpage.php:42

actionlogin_forminc\classes\class-login.php:46

actionauthenticateinc\classes\class-login.php:47

actionunlock_protocol_register_userinc\classes\class-login.php:48

actionwpinc\classes\class-login.php:49

filterunlock_authenticate_userinc\classes\class-login.php:54

actioninitinc\classes\class-menu.php:30

actionadmin_menuinc\classes\class-menu.php:31

actionadmin_noticesinc\classes\class-menu.php:47

filterthe_contentinc\classes\fullpostpage\class-unlock-box-full-post-page.php:44

Maintenance & Trust

Unlock Protocol Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedAug 1, 2023

PHP min version7.0

Downloads13K

Community Trust

Rating100/100

Number of ratings4

Active installs70

Alternatives

Unlock Protocol Alternatives

Ko-fi Button

ko-fi-button

100

Receive donations on your Ko-fi page with a button on your WordPress site.

5K 1 CVE

codoc

A WordPress plugin for monetizing your website with paid articles, Reader Plans, and tipping.

2K 1 CVE

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Leaky Paywall

leaky-paywall

The subscription engine for news & niche publishers.

800 1 unpatched

Steady for WordPress

steady-wp

Steady is the perfect plugin for regular payments: offer subscriptions, pledges, use a flexible paywall or start a subscription crowdfunding campaign.

600 No CVEs

Developer Profile

Unlock Protocol Developer Profile

julien51

3 plugins · 100 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Unlock Protocol

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/unlock-protocol/assets/build/css/main.css/wp-content/plugins/unlock-protocol/assets/build/css/style-admin.css/wp-content/plugins/unlock-protocol/assets/build/js/admin.js

Version Parameters

unlock-protocol/style.css?ver=unlock-protocol-admin.js?ver=

HTML / DOM Fingerprints

JS Globals

unlockProtocol

REST Endpoints

/wp-json/unlock-protocol/v1

FAQ