WP-Safety

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Security & Risk Analysis

wordpress.org/plugins/wc-advanced-accounts

Customize the WooCommerce “My Account” page, enable secure OTP login and registration via SMS/email, and create membership-based content access and di …

50 active installs v1.4 PHP 7.4+ WP 6.3+ Updated Mar 13, 2026
content-restrictionmembershipmy-accountotppaid-membership
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "wc-advanced-accounts" plugin v1.4 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, 100% usage of prepared statements for SQL queries, and a high percentage of properly escaped output are positive indicators. The plugin also implements a substantial number of nonce and capability checks, suggesting an effort to protect its functionalities. The lack of any recorded vulnerability history, including CVEs, further reinforces this positive impression, indicating a stable and likely secure product over time.

However, there are specific areas of concern that slightly detract from an otherwise strong security profile. The presence of one REST API route without permission callbacks represents a potential entry point that could be accessed without proper authorization, which is a notable risk. While the attack surface is relatively small, even a single unprotected endpoint can be exploited. Furthermore, the analysis indicates a moderate level of output escaping, with 81% being properly escaped. This leaves approximately 19% of outputs that might be vulnerable to cross-site scripting (XSS) if the data being output is not sufficiently sanitized at its source.

In conclusion, "wc-advanced-accounts" v1.4 demonstrates strong adherence to secure coding practices in several key areas, particularly regarding database interactions and nonce protection. Its clean vulnerability history is a significant strength. The primary weaknesses lie in the unprotected REST API route and the percentage of unescaped output, which, while not critical based on this analysis, warrants attention to mitigate potential XSS risks and ensure all API endpoints are properly secured.

Key Concerns

  • REST API route without permission callback
  • Unescaped output (19% of outputs)
Vulnerabilities
None known

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
38
163 escaped
Nonce Checks
26
Capability Checks
11
File Operations
2
External Requests
7
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

81% escaped201 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
<login-otp> (inc\backend\actions\login-otp.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Attack Surface

Entry Points21
Unprotected1

AJAX Handlers 18

authwp_ajax_send_login_otpinc\backend\actions\login-otp.php:14
noprivwp_ajax_send_login_otpinc\backend\actions\login-otp.php:15
authwp_ajax_verify_login_otpinc\backend\actions\login-otp.php:16
noprivwp_ajax_verify_login_otpinc\backend\actions\login-otp.php:17
authwp_ajax_send_phone_verification_codeinc\backend\actions\phone-verification.php:17
noprivwp_ajax_send_phone_verification_codeinc\backend\actions\phone-verification.php:18
authwp_ajax_yoaa_verify_phone_codeinc\backend\actions\phone-verification.php:19
noprivwp_ajax_yoaa_verify_phone_codeinc\backend\actions\phone-verification.php:20
authwp_ajax_check_username_existsinc\backend\actions\phone-verification.php:23
noprivwp_ajax_check_username_existsinc\backend\actions\phone-verification.php:24
authwp_ajax_send_reset_otpinc\backend\actions\reset-password.php:16
noprivwp_ajax_send_reset_otpinc\backend\actions\reset-password.php:17
authwp_ajax_verify_reset_otpinc\backend\actions\reset-password.php:18
noprivwp_ajax_verify_reset_otpinc\backend\actions\reset-password.php:19
authwp_ajax_generate_sms_keyinc\backend\settings.php:18
authwp_ajax_never_show_wc_advanced_accounts_noticeinc\cores\notices.php:11
authwp_ajax_dismiss_premium_noticeinc\cores\notices.php:13
authwp_ajax_dismiss_settings_noticeinc\cores\notices.php:14

REST API Routes 2

POST/wp-json/yoohw/v1/noticeinc\backend\yoohw-news.php:120
POST/wp-json/yoohw-sms/v1/update-sms-quotainc\cores\api\sms\update-sms-quota.php:14

Shortcodes 1

[yoaa_membership] inc\backend\actions\membership\class-shortcodes.php:19
WordPress Hooks 87
actionwp_enqueue_scriptsinc\backend\actions\email-registration-disabled.php:10
actionwoocommerce_created_customerinc\backend\actions\email-registration-disabled.php:11
actionwp_enqueue_scriptsinc\backend\actions\email-registration-disabled.php:12
actionwoocommerce_save_account_detailsinc\backend\actions\email-registration-disabled.php:13
filterwoocommerce_billing_fieldsinc\backend\actions\email-registration-disabled.php:14
filterwoocommerce_checkout_fieldsinc\backend\actions\email-registration-disabled.php:15
actionwoocommerce_checkout_order_processedinc\backend\actions\email-registration-disabled.php:16
actionwoocommerce_customer_save_addressinc\backend\actions\email-registration-disabled.php:17
actionwp_enqueue_scriptsinc\backend\actions\email-registration-disabled.php:18
actionwp_enqueue_scriptsinc\backend\actions\email-registration-disabled.php:19
filterwp_mailinc\backend\actions\email-registration-disabled.php:20
actionwoocommerce_created_customerinc\backend\actions\email-verification.php:11
actionwoocommerce_registration_redirectinc\backend\actions\email-verification.php:12
filterwp_authenticate_userinc\backend\actions\email-verification.php:13
actioninitinc\backend\actions\email-verification.php:14
actioninitinc\backend\actions\email-verification.php:15
actionwoocommerce_before_reset_password_forminc\backend\actions\email-verification.php:16
actionwoocommerce_customer_reset_passwordinc\backend\actions\email-verification.php:17
actionpassword_resetinc\backend\actions\email-verification.php:18
filterwoocommerce_registration_errorsinc\backend\actions\email-verification.php:19
actionwp_enqueue_scriptsinc\backend\actions\email-verification.php:20
filterwoocommerce_checkout_fieldsinc\backend\actions\email-verification.php:22
actionwp_enqueue_scriptsinc\backend\actions\email-verification.php:23
actionwoocommerce_thankyouinc\backend\actions\email-verification.php:24
actionwpinc\backend\actions\email-verification.php:25
filterwoocommerce_email_enabled_customer_new_accountinc\backend\actions\email-verification.php:38
actionwoocommerce_register_forminc\backend\actions\email-verification.php:557
actionwoocommerce_after_checkout_registration_forminc\backend\actions\email-verification.php:562
actioninitinc\backend\actions\login-otp.php:11
actionwp_enqueue_scriptsinc\backend\actions\login-otp.php:13
actionwp_enqueue_scriptsinc\backend\actions\phone-account-username.php:10
filterwoocommerce_locate_templateinc\backend\actions\phone-account-username.php:12
filterlogin_errorsinc\backend\actions\phone-account-username.php:13
filterwoocommerce_add_errorinc\backend\actions\phone-account-username.php:14
filterwoocommerce_lost_password_messageinc\backend\actions\phone-account-username.php:16
actionwoocommerce_login_form_startinc\backend\actions\phone-account-username.php:19
actionwoocommerce_register_form_startinc\backend\actions\phone-account-username.php:20
actionwoocommerce_after_checkout_billing_forminc\backend\actions\phone-account-username.php:21
actionwoocommerce_checkout_create_orderinc\backend\actions\phone-account-username.php:22
actioninitinc\backend\actions\phone-verification.php:11
filterwp_authenticate_userinc\backend\actions\phone-verification.php:12
actionwp_enqueue_scriptsinc\backend\actions\phone-verification.php:14
actionwoocommerce_register_forminc\backend\actions\phone-verification.php:15
actionwoocommerce_register_postinc\backend\actions\phone-verification.php:22
actionwoocommerce_created_customerinc\backend\actions\phone-verification.php:26
actionwoocommerce_thankyouinc\backend\actions\phone-verification.php:27
actionwpinc\backend\actions\phone-verification.php:28
actionlogin_initinc\backend\actions\redirect-wp-login.php:13
actioninitinc\backend\actions\reset-password.php:11
actionwp_enqueue_scriptsinc\backend\actions\reset-password.php:12
actionwoocommerce_lostpassword_forminc\backend\actions\reset-password.php:13
filterwoocommerce_lost_password_messageinc\backend\actions\reset-password.php:14
actionwp_headinc\backend\actions\reset-password.php:21
filterwoocommerce_login_redirectinc\backend\helpers\login-redirect.php:13
filterlogin_redirectinc\backend\helpers\login-redirect.php:14
actionwoocommerce_admin_field_endpoints_managerinc\backend\settings\endpoints.php:11
actionwoocommerce_update_options_accountinc\backend\settings\endpoints.php:16
actioninitinc\backend\settings\endpoints.php:21
actionadmin_enqueue_scriptsinc\backend\settings\endpoints.php:26
filterwoocommerce_get_settings_advancedinc\backend\settings\endpoints.php:30
actionadmin_initinc\backend\settings\membership-add-remove-user-role.php:14
actionadmin_noticesinc\backend\settings\membership-add-remove-user-role.php:15
actionwoocommerce_admin_field_yoaa_membership_roles_tableinc\backend\settings\membership.php:13
filterwoocommerce_settings_tabs_arrayinc\backend\settings.php:15
filterwoocommerce_get_sections_accountinc\backend\settings.php:16
filterwoocommerce_get_settings_accountinc\backend\settings.php:17
actionadmin_enqueue_scriptsinc\backend\settings.php:20
actionadmin_enqueue_scriptsinc\backend\settings.php:21
actionadmin_headinc\backend\settings.php:23
actionadmin_initinc\backend\settings.php:433
actionadmin_enqueue_scriptsinc\backend\settings.php:446
filtermanage_users_columnsinc\backend\users\users-page.php:10
filtermanage_users_custom_columninc\backend\users\users-page.php:13
actionadmin_menuinc\backend\yoohw-dashboard.php:19
actionadmin_menuinc\backend\yoohw-news.php:25
actionrest_api_initinc\backend\yoohw-news.php:26
actionadmin_noticesinc\backend\yoohw-news.php:27
actionadmin_initinc\backend\yoohw-news.php:28
actionadmin_initinc\backend\yoohw-news.php:29
actionrest_api_initinc\cores\api\sms\update-sms-quota.php:10
actionadmin_enqueue_scriptsinc\cores\backend.php:14
actionadmin_initinc\cores\backend.php:15
filterwoocommerce_get_query_varsinc\cores\frontend.php:11
filterwoocommerce_account_menu_itemsinc\cores\frontend.php:13
actionwp_enqueue_scriptsinc\cores\frontend.php:14
actionadmin_noticesinc\cores\notices.php:10
actionadmin_enqueue_scriptsinc\cores\notices.php:12
Maintenance & Trust

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Alternatives

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

B
82

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 16 CVEs
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 29 CVEs
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

A
96

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs
Restrict User Access – Ultimate Membership & Content Protection

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

A
99

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2member

B
76

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K 12 CVEs
Developer Profile

Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP Developer Profile

YoOhw Studio

7 plugins · 3K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-advanced-accounts/js/email-registration-disabled.js
Script Paths
/wp-content/plugins/wc-advanced-accounts/js/email-registration-disabled.js
Version Parameters
wc-advanced-accounts/js/email-registration-disabled.js?ver=

HTML / DOM Fingerprints

JS Globals
siteData
FAQ

Frequently Asked Questions about Advanced Accounts for WooCommerce – Membership / Customize My Account Page / OTP