WP-Safety

Wishlist Member AutoProtect Security & Risk Analysis

wordpress.org/plugins/wishlist-auto-protect

This plugin adds option to automatically protect any post or page in WishList Member after a special period of time or on a specific date.

10 active installs v1.1.0 PHP + WP 3.0.1+ Updated Apr 2, 2015
automatic-protectionmembershipwishlist-member
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wishlist Member AutoProtect Safe to Use in 2026?

Generally Safe

Score 85/100

Wishlist Member AutoProtect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "wishlist-auto-protect" plugin v1.1.0 exhibits a mixed security posture. While it has a small attack surface and appears to implement some security measures like capability checks and a nonce check, significant concerns arise from the static analysis. The presence of the dangerous `exec` function, combined with two critical severity taint flows involving unsanitized paths, indicates a high potential for remote code execution vulnerabilities. Furthermore, the fact that 100% of its outputs are not properly escaped presents a risk of cross-site scripting (XSS) attacks. Although the plugin has no recorded vulnerability history, this should not be interpreted as a sign of robust security, especially given the critical findings in the static analysis. The lack of historical vulnerabilities might simply mean it hasn't been thoroughly scrutinized or exploited yet. The plugin's strengths lie in its limited entry points and the inclusion of some protective measures, but these are overshadowed by the critical code signals and taint analysis results.

Key Concerns

  • Critical taint flow found
  • Critical taint flow found
  • Dangerous function detected (exec)
  • Output escaping is missing
  • SQL query not using prepared statements
  • Flow with unsanitized paths
Vulnerabilities
None known

Wishlist Member AutoProtect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Wishlist Member AutoProtect Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
1 prepared
Unescaped Output
25
0 escaped
Nonce Checks
1
Capability Checks
2
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

execexec('wget -q -O - "' . $url . '"', $output, $error);js\anytime\core.php:101

SQL Query Safety

50% prepared2 total queries

Output Escaping

0% escaped25 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
<wishlist-autoprotect> (wishlist-autoprotect.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Wishlist Member AutoProtect Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[time-until-protection] wishlist-autoprotect.php:826
WordPress Hooks 11
actionadmin_noticesjs\anytime\core.php:122
actionwp_footerwishlist-autoprotect.php:666
actionadd_meta_boxeswishlist-autoprotect.php:832
actionsave_postwishlist-autoprotect.php:844
actionadmin_print_scripts-post-new.phpwishlist-autoprotect.php:847
actionadmin_print_scripts-post.phpwishlist-autoprotect.php:848
actionadmin_print_styles-post-new.phpwishlist-autoprotect.php:849
actionadmin_print_styles-post.phpwishlist-autoprotect.php:850
filtercron_scheduleswishlist-autoprotect.php:871
actionatc_process_protect_cronwishlist-autoprotect.php:877
actionadmin_menuwishlist-autoprotect.php:881

Scheduled Events 1

atc_process_protect_cron
Maintenance & Trust

Wishlist Member AutoProtect Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedApr 2, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Wishlist Member AutoProtect Alternatives

Wishlist Member API Testing

Wishlist Member API Testing

wishlist-member-api-testing

A
100

Test Wishlist Member API on your server

10 No CVEs
WishList Member: Show All Levels

WishList Member: Show All Levels

wishlist-member-show-all-levels

A
100

Provides a shortcode that outputs all levels a member is allowed to access.

10 No CVEs
Members – Membership & User Role Editor Plugin

Members – Membership & User Role Editor Plugin

members

A
99

The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.

300K 1 CVE
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B
76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 70 CVEs
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B
76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 41 CVEs
Developer Profile

Wishlist Member AutoProtect Developer Profile

HappyPlugins

6 plugins · 2K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wishlist Member AutoProtect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
id="atc-enable-status"name="atc-enable-status"id="atc-expire-days"name="atc-expire-days"id="atc-expire-option"name="atc-expire-option"+3 more
FAQ

Frequently Asked Questions about Wishlist Member AutoProtect