Does Nmedia WordPress Member Conversation have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Nmedia WordPress Member Conversation compatible with WordPress 6.4.8?

According to WordPress.org data, Nmedia WordPress Member Conversation 2.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Nmedia WordPress Member Conversation updated?

Nmedia WordPress Member Conversation was last updated on Dec 8, 2023. Frequent updates are generally a positive security signal.

What is Nmedia WordPress Member Conversation's security score?

Nmedia WordPress Member Conversation has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nmedia WordPress Member Conversation Security & Risk Analysis

wordpress.org/plugins/wordpress-member-private-conversation

Simple Member Messaging System for WordPress Site.

10 active installs v2.1 PHP + WP 3.5+ Updated Dec 8, 2023

conversationmember-private-messagingprivate-conversationwp-conversationwp-internal-messages-system

B · Generally Safe

CVEs total1

Unpatched0

Last CVEJun 5, 2012

Plugin page Download

Safety Verdict

Is Nmedia WordPress Member Conversation Safe to Use in 2026?

Mostly Safe

Score 83/100

Nmedia WordPress Member Conversation is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVELast CVE: Jun 5, 2012Updated 2yr ago

Risk Assessment

The "wordpress-member-private-conversation" plugin v2.1 presents a mixed security posture. While it has no currently unpatched critical vulnerabilities and a low number of identified CVEs overall, the static analysis reveals significant areas of concern. The presence of 7 AJAX handlers, with 4 lacking authentication checks, represents a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the use of dangerous functions like `move_uploaded_file` without apparent robust validation, combined with 100% of SQL queries being executed without prepared statements, indicates potential for critical vulnerabilities such as arbitrary file uploads and SQL injection. The taint analysis showing flows with unsanitized paths, even if not classified as critical or high severity, reinforces these concerns. The plugin's vulnerability history, particularly the past critical CVE related to unrestricted file uploads, suggests a recurring weakness that requires diligent attention. In conclusion, while the plugin has a history of being patched, the current code analysis highlights a high risk due to unprotected entry points, insecure database interactions, and potentially unsafe file handling, necessitating immediate remediation.

Key Concerns

4 AJAX handlers without auth checks
1 flow with unsanitized paths
100% of SQL queries without prepared statements
Dangerous function: move_uploaded_file
Dangerous function: set_time_limit
71% output escaping (some unescaped)
Bundled library: DataTables (potential outdatedness)
Total known CVEs: 1 critical

Vulnerabilities

1 published

Nmedia WordPress Member Conversation Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2012-3577critical · 9.8Unrestricted Upload of File with Dangerous Type

Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload

Jun 5, 2012 Patched in 1.4 (4249d)

Version History

Nmedia WordPress Member Conversation Release Timeline

v2.1Current

v2.0

v1.7

v1.6

v1.5

v1.4

v1.31 CVE

CVE-2012-3577

v1.21 CVE

CVE-2012-3577

v1.01 CVE

CVE-2012-3577

Code Analysis

Analyzed Apr 16, 2026

Nmedia WordPress Member Conversation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

112 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

move_uploaded_filemove_uploaded_file($tempFile,$targetFile);classes/class.convo.php:419

set_time_limit@set_time_limit ( 5 * 60 );classes/class.convo.php:842

Bundled Libraries

DataTables

SQL Query Safety

0% prepared8 total queries

Output Escaping

71% escaped157 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

nmconvo_save_settings (inc/admin.php:92)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Nmedia WordPress Member Conversation Attack Surface

Entry Points9

Unprotected4

AJAX Handlers 7

authwp_ajax_load_convo_detailclasses/class.convo.php:75

authwp_ajax_nmconvo_upload_fileclasses/class.convo.php:76

authwp_ajax_nmconvo_new_convoclasses/class.convo.php:78

authwp_ajax_nmconvo_reply_convoclasses/class.convo.php:79

authwp_ajax_nmconvo_delete_convoclasses/class.convo.php:80

noprivwp_ajax_convo_filenm-wp-member-convo.php:34

authwp_ajax_convo_filenm-wp-member-convo.php:35

Shortcodes 2

[nmconvo] classes/class.convo.php:69

[nm-convo-alertbox] classes/class.convo.php:71

WordPress Hooks 9

filterwidget_textclasses/class.convo.php:65

actioninitclasses/class.convo.php:68

actionnmconvo_before_new_convoclasses/class.convo.php:83

actionnmconvo_before_reply_convoclasses/class.convo.php:84

actionnmconvo_after_convo_message_sentclasses/class.convo.php:85

actionwp_footerclasses/class.convo.php:152

actionplugins_loadedclasses/class.convo.php:1184

actionadmin_menuinc/admin.php:8

actionadmin_post_nmconvo_save_settingsinc/admin.php:91

Maintenance & Trust

Nmedia WordPress Member Conversation Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedDec 8, 2023

PHP min version

Downloads5K

Community Trust

Rating92/100

Number of ratings9

Active installs10

Alternatives

Nmedia WordPress Member Conversation Alternatives

LIQUID SPEECH BALLOON

liquid-speech-balloon

Create a talk style (吹き出し) design in the block editor.

10K 2 CVEs

CallTrackingMetrics

call-tracking-metrics

100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs

Quill Forms | Conversational Multi Step Forms, Surveys & quizzes

quillforms

Quill Forms - Conversational WordPress Form Builder

3K 3 CVEs

FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More

formgent

AI-powered form builder that’s built for performance, simplicity, and feels like a part of WordPress, not a separate platform.

1K 1 unpatched

Formality

formality

Forms made simple (and cute). Designless, multistep, conversational, secure, all-in-one WordPress forms plugin.

200 3 CVEs

Developer Profile

Nmedia WordPress Member Conversation Developer Profile

N-Media

29 plugins · 5K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

665 days

View full developer profile

Detection Fingerprints

How We Detect Nmedia WordPress Member Conversation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wordpress-member-private-conversation/css/nmconvo.css/wp-content/plugins/wordpress-member-private-conversation/css/bootstrap/bootstrap.min.css/wp-content/plugins/wordpress-member-private-conversation/js/fileapi/dist/FileAPI.min.js/wp-content/plugins/wordpress-member-private-conversation/js/nmconvo-upload.js/wp-content/plugins/wordpress-member-private-conversation/js/dataTable/jquery.dataTables.min.js/wp-content/plugins/wordpress-member-private-conversation/js/nmconvo.js/wp-content/plugins/wordpress-member-private-conversation/templates/default/css/styles.css

Script Paths

/wp-content/plugins/wordpress-member-private-conversation/js/nmconvo.js/wp-content/plugins/wordpress-member-private-conversation/js/nmconvo-upload.js/wp-content/plugins/wordpress-member-private-conversation/js/dataTable/jquery.dataTables.min.js/wp-content/plugins/wordpress-member-private-conversation/js/fileapi/dist/FileAPI.min.js/wp-content/plugins/wordpress-member-private-conversation/css/bootstrap/bootstrap.min.js

Version Parameters

wordpress-member-private-conversation/css/nmconvo.css?ver=wordpress-member-private-conversation/css/bootstrap/bootstrap.min.css?ver=wordpress-member-private-conversation/js/fileapi/dist/FileAPI.min.js?ver=wordpress-member-private-conversation/js/nmconvo-upload.js?ver=wordpress-member-private-conversation/js/dataTable/jquery.dataTables.min.js?ver=wordpress-member-private-conversation/js/nmconvo.js?ver=wordpress-member-private-conversation/templates/default/css/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

nmconvonm-convo-alert

Data Attributes

data-convo-iddata-convo-type

JS Globals

convo_varsnmMemberConvo

REST Endpoints

/wp-json/nmconvo/

Shortcode Output

[nmconvo][nm-convo-alertbox]

FAQ

Nmedia WordPress Member Conversation Security & Risk Analysis

Is Nmedia WordPress Member Conversation Safe to Use in 2026?

Mostly Safe

Key Concerns

Nmedia WordPress Member Conversation Security Vulnerabilities

CVEs by Year

Severity Breakdown

Nmedia WordPress Member Conversation Release Timeline

Nmedia WordPress Member Conversation Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Nmedia WordPress Member Conversation Attack Surface

AJAX Handlers 7

Shortcodes 2

Nmedia WordPress Member Conversation Maintenance & Trust

Maintenance Signals

Community Trust

Nmedia WordPress Member Conversation Alternatives

LIQUID SPEECH BALLOON

CallTrackingMetrics

Quill Forms | Conversational Multi Step Forms, Surveys & quizzes

FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More

Formality

Nmedia WordPress Member Conversation Developer Profile

How We Detect Nmedia WordPress Member Conversation

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Nmedia WordPress Member Conversation