WP-Safety

Verify Customers Licenses for Gumroad Security & Risk Analysis

wordpress.org/plugins/verify-customers-licenses-gumroad

Verify your Gumroad's customers licenses right within WordPress.

10 active installs v1.0.0 PHP 7.2+ WP 5.4+ Updated Nov 5, 2020
digial-productsgumroadgumroad-apilicense-verifyverify-licenses
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Verify Customers Licenses for Gumroad Safe to Use in 2026?

Generally Safe

Score 85/100

Verify Customers Licenses for Gumroad has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "verify-customers-licenses-gumroad" plugin v1.0.0 exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices, with no dangerous functions, all SQL queries using prepared statements, and a high percentage of output escaping. The presence of nonce and capability checks on entry points further strengthens its defense. Crucially, the absence of any taint analysis findings and a clean vulnerability history with zero recorded CVEs are significant positives, indicating a lack of known exploitable issues and a history of responsible development.

However, a few minor areas warrant attention. The plugin makes one external HTTP request, which, while not inherently a vulnerability, can represent a potential attack vector if not handled with extreme care and proper validation of the response. While the total number of entry points is low and all are protected, the presence of AJAX handlers always introduces a slightly higher risk profile compared to completely inaccessible code. Despite these minor considerations, the overall picture is one of a well-secured plugin with a strong emphasis on preventing common web vulnerabilities.

Key Concerns

  • External HTTP request present
Vulnerabilities
None known

Verify Customers Licenses for Gumroad Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Verify Customers Licenses for Gumroad Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
12 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

92% escaped13 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
vclg_http_api_callback (inc\callback.php:6)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Verify Customers Licenses for Gumroad Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_vclg_actioninc\callback.php:3
noprivwp_ajax_vclg_actioninc\callback.php:4

Shortcodes 1

[vclg_form] inc\shortcodes.php:5
WordPress Hooks 5
actionadmin_menuadmin\menu.php:7
actionadmin_initadmin\menu.php:13
actionadmin_enqueue_scriptsinc\enqueue.php:8
actionwp_enqueue_scriptsinc\enqueue.php:22
filtervclg_options_pageinc\hooks.php:8
Maintenance & Trust

Verify Customers Licenses for Gumroad Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedNov 5, 2020
PHP min version7.2
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Verify Customers Licenses for Gumroad Alternatives

Gumpress

Gumpress

gumpress

A
85

Sync and checkout with Gumroad for personalized Gumroad storefront.

70 No CVEs
Gumroad Shortcode

Gumroad Shortcode

gumroad-shortcode

A
85

Simple plugin that shows gumroad products on any page

20 No CVEs
CouponFlow for Gumroad with Contact Form 7

CouponFlow for Gumroad with Contact Form 7

couponflow-for-gumroad-cf7

A
100

Automatically generate and send personalized Gumroad coupon codes from Contact Form 7 submissions.

0 No CVEs
Developer Profile

Verify Customers Licenses for Gumroad Developer Profile

unistudio

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Verify Customers Licenses for Gumroad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/verify-customers-licenses-gumroad/admin/assets/css/admin.css/wp-content/plugins/verify-customers-licenses-gumroad/admin/assets/js/admin.js/wp-content/plugins/verify-customers-licenses-gumroad/frontend/assets/css/app.css/wp-content/plugins/verify-customers-licenses-gumroad/frontend/assets/js/app.js
Script Paths
/wp-content/plugins/verify-customers-licenses-gumroad/admin/assets/js/admin.js/wp-content/plugins/verify-customers-licenses-gumroad/frontend/assets/js/app.js
Version Parameters
verify-customers-licenses-gumroad/admin/assets/css/admin.css?ver=verify-customers-licenses-gumroad/admin/assets/js/admin.js?ver=verify-customers-licenses-gumroad/frontend/assets/css/app.css?ver=verify-customers-licenses-gumroad/frontend/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
vclg-adminvclg-front-app
JS Globals
vclg_callback_paramsvclg_nonce
Shortcode Output
<p>You must be <a href=""><u>logged</u></a> in as an administrator to be able to verify the licenses of your customers.</p>
FAQ

Frequently Asked Questions about Verify Customers Licenses for Gumroad