[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDFU0327qYTipfDq-uXKEwYfznuyv-HHJpL6voekk-b4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":59,"crawl_stats":36,"alternatives":67,"analysis":155,"fingerprints":431},"wp-user-merger","WP User Merger","1.6.4","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fwp-user-merger\" rel=\"nofollow ugc\">http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fwp-user-merger\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Demo URI: \u003Ca href=\"http:\u002F\u002Fdemo.androidbubble.com\u002Fuser-merger\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.androidbubble.com\u002Fuser-merger\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After activation there will be a settings page under Users menu. User Merger let you merge information of two users. There are two dropdowns on settings page. Select two users you want to merge. For example display name, user ID, login and email etc. It is a user friendly plugin to merge multiple user accounts.\u003Cbr \u002F>\nSee screenshot 1.\u003C\u002Fp>\n\u003Cp>Then press “Merge Users” button. A warning notification will appear for confirmation. Confirm action by pressing the Yes button.\u003Cbr \u002F>\nSee screenshot 2.\u003C\u002Fp>\n\u003Cp>After pressing proceed there will be a successful message which means users has been merged successfully.\u003Cbr \u002F>\nSee screenshot 3.\u003C\u002Fp>\n\u003Cp>If you select same users, the merge action will not be performed. A warning message will appear that same users cannot be selected for merge action.\u003Cbr \u002F>\nSee screenshot 4.\u003C\u002Fp>\n\u003Cp>For detailed selection there is a toggle button that allow you to choose what information the user should include after the merge action. This is a premium feature.\u003Cbr \u002F>\nSee screenshot 5.\u003C\u002Fp>\n\u003Ch4>Tags\u003C\u002Fh4>\n\u003Cp>wordpress, users, merge\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1GyDaARTME8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This WordPress plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This WordPress plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this WordPress plugin. If not, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","WP User Merger is a WordPress plugin that allows you to merge two different users with seletable user fields.",300,9602,100,6,"2026-03-13T11:43:00.000Z","6.9.4","4.4","7.0",[20,21,22],"merge-users","user-merger","woocommerce-memberships","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002Fwp-user-merger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-merger.1.6.4.zip",98,3,0,"2022-11-07 00:00:00","2026-03-15T15:16:48.613Z",[31,47,53],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2022-3848","wp-user-merger-authenticated-admin-sql-injection","WP User Merger \u003C= 1.5.2 - Authenticated (Admin+) SQL Injection","The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'user_id' parameter (in function 'wpus_get_order_ids_by_user') in versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.5.2","1.5.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F55ed6e73-4e9a-4201-91c2-0f7153ec1cb7?source=api-prod",442,{"id":48,"url_slug":49,"title":34,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":51,"days_to_patch":46},"CVE-2022-3849","wp-user-merger-authenticated-admin-sql-injection-2","The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'reassign_user' parameter versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",[52],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faef312be-85d6-45e7-a34f-7f7cc415df3b?source=api-prod",{"id":54,"url_slug":55,"title":34,"description":56,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":57,"days_to_patch":46},"CVE-2022-3865","wp-user-merger-authenticated-admin-sql-injection-3","The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'user_id' parameter (in function 'wpum_admin_init') in versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff2a6f8ec-6a3e-453d-9ef4-794b5791ac2b?source=api-prod",{"slug":60,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},"fahadmahmood",40,32660,96,237,76,"2026-04-04T05:53:52.888Z",[68,82,101,123,143],{"slug":69,"name":70,"version":71,"author":7,"author_profile":8,"description":72,"short_description":73,"active_installs":27,"downloaded":74,"rating":27,"num_ratings":27,"last_updated":75,"tested_up_to":76,"requires_at_least":17,"requires_php":18,"tags":77,"homepage":79,"download_link":80,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":81},"sync-sage-100","Sync Sage 100","1.0.2","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fsync-sage-100\" rel=\"nofollow ugc\">http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fsync-sage-100\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Demo URI: \u003Ca href=\"http:\u002F\u002Fdemo.androidbubble.com\u002Fsync-sage-100\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.androidbubble.com\u002Fsync-sage-100\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After activation there will be a settings page under Users menu. User Merger let you merge information of two users. There are two dropdowns on settings page. Select two users you want to merge. See screenshot 1.\u003Cbr \u002F>\nThen press “Merge Users” button. A warning notification will appear for confirmation. Confirm action by pressing the Yes button. See screenshot 2.\u003Cbr \u002F>\nAfter pressing proceed there will be a successful message which means users has been merged successfully. See screenshot 3.\u003Cbr \u002F>\nIf you select same users, the merge action will not be performed. A warning message will appear that same users cannot be selected for merge action. See screenshot 4.\u003Cbr \u002F>\nFor detailed selection there is a toggle button that allow you to choose what information the user should include after the merge action. This is a premium feature. See screenshot 5.\u003C\u002Fp>\n\u003Ch4>Tags\u003C\u002Fh4>\n\u003Cp>wordpress, users, merge, sage 100\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This WordPress plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This WordPress plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this WordPress plugin. If not, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","A user friendly plugin to synchronize Sage 100 data into WordPress with API endpoints and manual import.",1597,"","6.6.5",[20,78,21],"sage-100","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002Fsync-sage-100","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-sage-100.1.0.2.zip","2026-03-15T10:48:56.248Z",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":27,"num_ratings":27,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":75,"tags":95,"homepage":98,"download_link":99,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":100},"conditional-logic-for-beaver-builder-and-woo-memberships","Conditional Logic for Beaver Builder and Woo Memberships","1.4","Peter","https:\u002F\u002Fprofiles.wordpress.org\u002Fpetergerard\u002F","\u003Cp>If you use WooCommerce Memberships and Beaver Builder’s Beaver Themer, you will want to use this plugin. It enables you to have blocks that use conditional logic to display different content depending on the visitor’s membership status.\u003C\u002Fp>\n\u003Cp>To use:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Edit a page in Beaver Builder.\u003C\u002Fli>\n\u003Cli>Click on a block. \u003C\u002Fli>\n\u003Cli>Go to the Advanced tab and choose Conditional Logic from the Display menu.\u003C\u002Fli>\n\u003Cli>Click Open Conditional Logic Settings\u003C\u002Fli>\n\u003Cli>Define your rule by selecting “User Membership” and then choose the plan that you are checking.\u003C\u002Fli>\n\u003Cli>If you just want to check if the user is active or inactive, “is set” will be true for any active status and “is not set” will be false for any active status. You can also create rules by comparing to specific Membership statuses by using “equal” or “not equal”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cem>Note: if you do not select a Membership Plan, then it will default to looking for the first of the user’s plans it finds, and if it can’t find any plan, the user will always be considered “inactive”. So if you have more than one plan available, it is not recommended to leave this unselected.\u003C\u002Fem>\u003C\u002Fp>\n","Simple plugin for Beaver Builder's Beaver Themer to enable conditional logic based on WooCommerce Membership status",10,2618,"2025-05-15T15:31:00.000Z","6.8.5","5.0",[96,97,22],"beaver-builder","conditional-logic","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconditional-logic-for-beaver-builder-and-woo-memberships","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconditional-logic-for-beaver-builder-and-woo-memberships.1.4.zip","2026-03-15T14:54:45.397Z",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":90,"downloaded":109,"rating":13,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":122,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"true-mailchimp-sync-for-woo-memberships","MailChimp Sync for WooCommerce Memberships","1.0","Misha Rudrastyh","https:\u002F\u002Fprofiles.wordpress.org\u002Frudrastyh\u002F","\u003Cp>This plugin allows you to sync your website users with MailChimp lists depending on the WooCommerce Membership plan they have.\u003C\u002Fp>\n\u003Cp>You may specify a MailChimp list for any status of any WooCommerce Memberships plan.\u003C\u002Fp>\n\u003Cp>If you already have members on your website you can use Mass Resync feature to add them to the appropriate MailChimp lists.\u003C\u002Fp>\n\u003Cp>That’s it! MailChimp Sync for WooCommerce Memberships seamlessly updates member data for you in your subscriber profiles, ensuring MailChimp data is always up-to-date with your latest membership list and statuses.\u003C\u002Fp>\n","Allows to sync users with every status of your WooCommerce Memberships plans with MailChimp lists.",1146,2,"2019-06-25T07:06:00.000Z","5.2.24","3.1","5.2",[116,117,118,119,22],"mailchimp","mailchimp-sync","rudrastyh","woocommerce-membership-sync","https:\u002F\u002Frudrastyh.com\u002Fplugins\u002Fmailchimp-synchronization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrue-mailchimp-sync-for-woo-memberships.1.0.zip",85,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":27,"downloaded":131,"rating":27,"num_ratings":27,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":75,"download_link":141,"security_score":142,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"memberships-frontend-registration","Memberships Frontend Registration","1.0.0","axiomsit142","https:\u002F\u002Fprofiles.wordpress.org\u002Faxiomsit142\u002F","\u003Cp>\u003Cstrong>WooCommerce Memberships Frontend Registration\u003C\u002Fstrong> makes it easy to integrate WooCommerce Membership plan registrations directly on the frontend of your website with the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Frontend Registration Shortcode:\u003C\u002Fstrong> Use a shortcode to display a registration form for WooCommerce Memberships plans.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Settings Validation:\u003C\u002Fstrong> Ensure all required products for a membership plan are purchased before completing the membership.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resume Membership Purchase:\u003C\u002Fstrong> Show notifications on the member dashboard, allowing customers to complete any incomplete memberships after registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cart Management:\u003C\u002Fstrong> Automatically add required products or subscriptions to the cart when a customer registers for a membership plan.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin simplifies the user journey and ensures a seamless experience for both administrators and customers.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Frontend Membership Registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the \u003Ccode>[msfr_custom_register]\u003C\u002Fcode> shortcode to display a custom membership registration page.\u003C\u002Fli>\n\u003Cli>Includes validation to ensure all required products are linked to the selected membership plan.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Settings:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Verify that all required products for membership plans are configured properly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Notification System:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show a dashboard notification prompting customers to complete their membership purchase process if they stopped after registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto-Add Products to Cart:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically add required products or subscription products to the cart when a customer registers for a membership plan.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Shortcode-Driven Flexibility:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Place the registration form anywhere on your site using the \u003Ccode>[msfr_custom_register]\u003C\u002Fcode> shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>This plugin requires WooCommerce and WooCommerce Memberships to function correctly.\u003C\u002Fp>\n","Allows users to register for WooCommerce Membership plans from frontend, manage required product, and streamline the membership registration process.",609,"2025-01-17T22:36:00.000Z","6.7.5","5.6","7.4",[137,138,139,140,22],"membership-plans","registration","shortcode","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmemberships-frontend-registration.1.0.0.zip",92,{"slug":144,"name":145,"version":146,"author":86,"author_profile":87,"description":147,"short_description":148,"active_installs":27,"downloaded":149,"rating":27,"num_ratings":27,"last_updated":150,"tested_up_to":93,"requires_at_least":94,"requires_php":75,"tags":151,"homepage":75,"download_link":154,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"pg-sync-for-klaviyo-and-woo-memberships-and-subscriptions","PG Sync for Klaviyo and Woo Memberships and Subscriptions","0.6","\u003Cp>If you use WooCommerce Memberships and Klaviyo, you will want to use this plugin. It enables you to synch membership status changes to Klaviyo. If you also use WooCommerce Subscriptions, it will also synch subscription info and renewal events.\u003C\u002Fp>\n\u003Cp>This plugin should probably be used in conjunction with Klaviyo’s official WooCommerce integration since this plugin is only synching status changes from WooCommerce Memberships and Susbcriptions. It does not build full profiles nor synch orders (which the official plugin does just fine).\u003C\u002Fp>\n\u003Cp>To use:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to your Klaviyo.com dashboard and click on your account name (bottom left), then Settings, then API Keys. Then click “Create Private API Key”.\u003C\u002Fli>\n\u003Cli>Give the key a name like “WooCommerce Memberships Synch”\u003C\u002Fli>\n\u003Cli>Leave the Access Level on “Custom” and select “Read\u002FWrite” for Events, Metrics and Profiles. You can leave everything else on “No Access”.\u003C\u002Fli>\n\u003Cli>Click “Create”\u003C\u002Fli>\n\u003Cli>On the next screen, copy the API Key, then head over to your WP Admin Dashboard and click Settings -> Klaviyo Memberships Sync.\u003C\u002Fli>\n\u003Cli>Paste in the API Key and click “Save Changes”.\u003C\u002Fli>\n\u003Cli>You can batch synch all your existing members by entering the Membership Plan ID and starting a batch to run in the background.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>From now on, whenever a Membership status changes, it will be synchronized to Klaviyo. If the Membership is related to a Product, the Product Name will also be synched. In Klaviyo, you will see the current status on a user’s profile properties, and you will see a list of events for every status change.\u003C\u002Fp>\n\u003Cp>Subscription renewal events are also synched – both failures and successful renewal payments.\u003C\u002Fp>\n\u003Cp>Note: The API updates are delayed by 5 minutes to avoid multiple status change updates in a short succession (which would happen if you are using WooCommerce Subscriptions since it pauses and reactivates Memberships during the renewal process).\u003C\u002Fp>\n\u003Ch4>Current Limitations\u003C\u002Fh4>\n\u003Cp>If you use multiple Membership Plans, you’ll only see the one with the most recent change on the user’s Profile in Klaviyo.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Klaviyo API to send data about memberships and subscriptions.\u003C\u002Fp>\n\u003Cp>It sends basic identifying information (e.g. name and email address) about users who have memberships and subscriptions, as well as the membership and\u002For subscription status, name, dates, and other details.\u003C\u002Fp>\n\u003Cp>Since you are using your own API Key, data is sent directly from your WordPress install to Klaviyo, and the author of this plugin is completely out of the loop. The plugin uses Action Scheduler to process API requests in the background and reduce risk of hitting rate limits, but you are responsible for your own rate limit.\u003C\u002Fp>\n\u003Cp>The API used is provided by Klaviyo using your own key: \u003Ca href=\"https:\u002F\u002Fwww.klaviyo.com\u002Flegal\u002Fapi-terms\" rel=\"nofollow ugc\">API Terms\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.klaviyo.com\u002Flegal\" rel=\"nofollow ugc\">General Terms and Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","This is a very lightweight plugin that synchs WooCommerce Memberships (and optionally Subscriptions) to Klaviyo.",242,"2025-09-04T20:59:00.000Z",[152,22,153],"klaviyo","woocommerce-subscriptions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpg-sync-for-klaviyo-and-woo-memberships-and-subscriptions.0.6.zip",{"attackSurface":156,"codeSignals":197,"taintFlows":336,"riskAssessment":418,"analyzedAt":430},{"hooks":157,"ajaxHandlers":182,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":26,"unprotectedCount":27},[158,164,168,172,177],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","admin_enqueue_scripts","wpus_enqueue_scripts","inc\\functions.php",61,{"type":159,"name":165,"callback":166,"file":162,"line":167},"admin_init","wpum_admin_init",532,{"type":159,"name":169,"callback":170,"priority":90,"file":162,"line":171},"wpus_before_delete_user","wpus_before_delete_user_callback",697,{"type":159,"name":173,"callback":174,"file":175,"line":176},"delete_user","wpus_delete_user","inc\\wpus_settings.php",63,{"type":159,"name":178,"callback":179,"file":180,"line":181},"admin_menu","wpus_admin_menu","index.php",57,[183,188,191],{"action":184,"nopriv":185,"callback":184,"hasNonce":186,"hasCapCheck":185,"file":162,"line":187},"wpsu_update_options",false,true,313,{"action":189,"nopriv":185,"callback":189,"hasNonce":186,"hasCapCheck":185,"file":162,"line":190},"wpsu_get_users_list",343,{"action":192,"nopriv":185,"callback":192,"hasNonce":186,"hasCapCheck":185,"file":162,"line":193},"wpsu_get_user_assets",455,[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":27,"externalRequests":27,"nonceChecks":334,"capabilityChecks":110,"bundledLibraries":335},[],{"prepared":90,"raw":27,"locations":200},[],{"escaped":202,"rawEcho":203,"locations":204},29,71,[205,208,209,210,212,214,216,217,219,221,223,225,227,229,230,231,232,233,235,237,238,239,240,242,243,245,247,249,251,253,255,257,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,323,325,326,328,330,332],{"file":175,"line":206,"context":207},172,"raw output",{"file":175,"line":206,"context":207},{"file":175,"line":206,"context":207},{"file":175,"line":211,"context":207},174,{"file":175,"line":213,"context":207},180,{"file":175,"line":215,"context":207},181,{"file":175,"line":215,"context":207},{"file":175,"line":218,"context":207},182,{"file":175,"line":220,"context":207},183,{"file":175,"line":222,"context":207},185,{"file":175,"line":224,"context":207},256,{"file":175,"line":226,"context":207},267,{"file":175,"line":228,"context":207},295,{"file":175,"line":11,"context":207},{"file":175,"line":11,"context":207},{"file":175,"line":11,"context":207},{"file":175,"line":11,"context":207},{"file":175,"line":234,"context":207},333,{"file":175,"line":236,"context":207},338,{"file":175,"line":236,"context":207},{"file":175,"line":236,"context":207},{"file":175,"line":236,"context":207},{"file":175,"line":241,"context":207},390,{"file":175,"line":241,"context":207},{"file":175,"line":244,"context":207},413,{"file":175,"line":246,"context":207},415,{"file":175,"line":248,"context":207},424,{"file":175,"line":250,"context":207},425,{"file":175,"line":252,"context":207},427,{"file":175,"line":254,"context":207},433,{"file":175,"line":256,"context":207},435,{"file":175,"line":46,"context":207},{"file":175,"line":259,"context":207},444,{"file":175,"line":261,"context":207},451,{"file":175,"line":263,"context":207},453,{"file":175,"line":265,"context":207},460,{"file":175,"line":267,"context":207},462,{"file":175,"line":269,"context":207},469,{"file":175,"line":271,"context":207},471,{"file":175,"line":273,"context":207},478,{"file":175,"line":275,"context":207},480,{"file":175,"line":277,"context":207},490,{"file":175,"line":279,"context":207},496,{"file":175,"line":281,"context":207},505,{"file":175,"line":283,"context":207},542,{"file":175,"line":285,"context":207},544,{"file":175,"line":287,"context":207},552,{"file":175,"line":289,"context":207},553,{"file":175,"line":291,"context":207},555,{"file":175,"line":293,"context":207},562,{"file":175,"line":295,"context":207},564,{"file":175,"line":297,"context":207},571,{"file":175,"line":299,"context":207},573,{"file":175,"line":301,"context":207},580,{"file":175,"line":303,"context":207},582,{"file":175,"line":305,"context":207},589,{"file":175,"line":307,"context":207},591,{"file":175,"line":309,"context":207},598,{"file":175,"line":311,"context":207},600,{"file":175,"line":313,"context":207},619,{"file":175,"line":315,"context":207},625,{"file":175,"line":317,"context":207},634,{"file":175,"line":319,"context":207},699,{"file":175,"line":321,"context":207},708,{"file":175,"line":321,"context":207},{"file":175,"line":324,"context":207},710,{"file":175,"line":324,"context":207},{"file":175,"line":327,"context":207},740,{"file":175,"line":329,"context":207},743,{"file":175,"line":331,"context":207},767,{"file":175,"line":333,"context":207},788,5,[],[337,355,364,379,388],{"entryPoint":338,"graph":339,"unsanitizedCount":27,"severity":354},"wpsu_get_users_list (inc\\functions.php:346)",{"nodes":340,"edges":352},[341,346],{"id":342,"type":343,"label":344,"file":162,"line":345},"n0","source","$_POST (x2)",361,{"id":347,"type":348,"label":349,"file":162,"line":350,"wp_function":351},"n1","sink","get_results() [SQLi]",382,"get_results",[353],{"from":342,"to":347,"sanitized":186},"low",{"entryPoint":356,"graph":357,"unsanitizedCount":27,"severity":354},"wpsu_get_user_assets (inc\\functions.php:458)",{"nodes":358,"edges":362},[359,360],{"id":342,"type":343,"label":344,"file":162,"line":271},{"id":347,"type":348,"label":349,"file":162,"line":361,"wp_function":351},492,[363],{"from":342,"to":347,"sanitized":186},{"entryPoint":365,"graph":366,"unsanitizedCount":27,"severity":354},"\u003Cfunctions> (inc\\functions.php:0)",{"nodes":367,"edges":376},[368,370,371,374],{"id":342,"type":343,"label":369,"file":162,"line":345},"$_POST (x4)",{"id":347,"type":348,"label":349,"file":162,"line":350,"wp_function":351},{"id":372,"type":343,"label":373,"file":162,"line":283},"n2","$_GET",{"id":375,"type":348,"label":349,"file":162,"line":299,"wp_function":351},"n3",[377,378],{"from":342,"to":347,"sanitized":186},{"from":372,"to":375,"sanitized":186},{"entryPoint":380,"graph":381,"unsanitizedCount":387,"severity":39},"wpum_admin_init (inc\\functions.php:535)",{"nodes":382,"edges":385},[383,384],{"id":342,"type":343,"label":373,"file":162,"line":283},{"id":347,"type":348,"label":349,"file":162,"line":299,"wp_function":351},[386],{"from":342,"to":347,"sanitized":185},1,{"entryPoint":389,"graph":390,"unsanitizedCount":387,"severity":39},"\u003Cwpus_settings> (inc\\wpus_settings.php:0)",{"nodes":391,"edges":413},[392,395,398,400,401,404,408],{"id":342,"type":343,"label":393,"file":175,"line":394},"$_POST (x46)",150,{"id":347,"type":348,"label":396,"file":175,"line":226,"wp_function":397},"echo() [XSS]","echo",{"id":372,"type":343,"label":373,"file":175,"line":399},786,{"id":375,"type":348,"label":396,"file":175,"line":333,"wp_function":397},{"id":402,"type":343,"label":403,"file":175,"line":25},"n4","$_POST",{"id":405,"type":406,"label":407,"file":175,"line":25},"n5","transform","→ wpus_reassign_shop_orders()",{"id":409,"type":348,"label":410,"file":162,"line":411,"wp_function":412},"n6","query() [SQLi]",218,"query",[414,415,416,417],{"from":342,"to":347,"sanitized":186},{"from":372,"to":375,"sanitized":186},{"from":402,"to":405,"sanitized":185},{"from":405,"to":409,"sanitized":185},{"summary":419,"deductions":420},"The wp-user-merger plugin, version 1.6.4, presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, avoiding dangerous functions, and having no file operations or external HTTP requests. The presence of nonce and capability checks on its entry points is also a positive indicator of security awareness. However, a significant concern arises from the taint analysis, which reveals two flows with unsanitized paths, both flagged as high severity. This suggests potential for attackers to inject malicious input that is not properly handled, which could lead to security vulnerabilities despite the use of prepared statements for SQL.\n\nThe plugin's vulnerability history is a notable red flag. It has a history of three high-severity CVEs, all of which are currently patched. The common vulnerability type being SQL Injection indicates a recurring weakness in how user input was handled in the past. While all historical vulnerabilities are patched, the recurrence of SQL Injection suggests that the codebase may have inherent challenges in sanitizing input, which is further corroborated by the current taint analysis findings. \n\nIn conclusion, while the plugin has adopted some strong security measures, the presence of high-severity unsanitized flows and a history of SQL Injection vulnerabilities warrant careful consideration. The 29% proper output escaping also indicates room for improvement to prevent potential cross-site scripting (XSS) vulnerabilities.",[421,424,427],{"reason":422,"points":423},"High severity unsanitized taint flows (2)",14,{"reason":425,"points":426},"Low output escaping percentage (29%)",7,{"reason":428,"points":429},"History of 3 High severity CVEs",18,"2026-03-16T19:54:23.382Z",{"wat":432,"direct":464},{"assetPaths":433,"generatorPatterns":443,"scriptPaths":444,"versionParams":454},[434,435,436,437,438,439,440,441,442],"\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fcss\u002Ffontawesome.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fcss\u002Fslimselect.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fjs\u002Fslimselect.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fjs\u002Fjquery.magnific-popup.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fcss\u002Fmagnific-popup.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fjs\u002Fadmin-scripts.js","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-user-merger\u002Fcss\u002Fadmin-style.css",[],[445,446,447,448,449,450,451,452,453],"js\u002Ffontawesome.min.css","js\u002Fslimselect.min.css","js\u002Fslimselect.min.js","js\u002Fjquery.magnific-popup.min.js","js\u002Fmagnific-popup.css","js\u002Fadmin-scripts.js","js\u002Fbootstrap.min.js","js\u002Fbootstrap.min.css","css\u002Fadmin-style.css",[455,456,457,458,459,460,461,462,463],"wp-user-merger\u002Fcss\u002Ffontawesome.min.css?ver=","wp-user-merger\u002Fcss\u002Fslimselect.min.css?ver=","wp-user-merger\u002Fjs\u002Fslimselect.min.js?ver=","wp-user-merger\u002Fjs\u002Fjquery.magnific-popup.min.js?ver=","wp-user-merger\u002Fcss\u002Fmagnific-popup.css?ver=","wp-user-merger\u002Fjs\u002Fadmin-scripts.js?ver=","wp-user-merger\u002Fjs\u002Fbootstrap.min.js?ver=","wp-user-merger\u002Fcss\u002Fbootstrap.min.css?ver=","wp-user-merger\u002Fcss\u002Fadmin-style.css?ver=",{"cssClasses":465,"htmlComments":471,"htmlAttributes":472,"restEndpoints":475,"jsGlobals":476,"shortcodeOutput":478},[466,467,468,469,470],"wpus-merger-settings-form","wpus-merger-user-field","wpus-merger-button","wpus-merge-users-btn","wpus-delete-users-btn",[],[473,474],"data-wpus-nonce","data-wpsu-user-searchable",[],[477],"wpsu_obj",[]]