Kitgenix Plugin Score

wp-members

Slug: wp-members · · 0+

Not updated in last 3 months

Overall Score

Scan this plugin to generate a full score report

--
Not Yet Scanned

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

  • Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
  • Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
  • Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
  • High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
No scan has been completed yet. Vulnerability and issue data will appear after the first scan.
  • Wordfence: June 10, 2026 4:46 am (13 minutes ago)

Actions

View on WordPress.org Download Plugin
After the first scan, this plugin will be automatically re-scanned every 30 days.
Export report: CSV JSON

Score Breakdown

Shield
Security
--
Pending Scan
W
WP.org Readiness
--
Pending Scan
Speed
Performance
--
Pending Scan
Code
Code Quality
--
Pending Scan
A11y
Accessibility
--
Pending Scan
Bug
Vulnerability Status
--
Pending Scan

Plugin Details

Scan Summary

  • Errors: 0
  • Warnings: 0
  • Notices: 0
  • Last Scanned: N/A
No scan results yet. Start the first scan to populate this summary.

Detected Issues

No issues to display yet. Run the first scan to generate findings.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability CVE Severity Status Affected Versions Patched Version Updated Source
WP-Members < 3.1.8 - Cross-Site Scripting N/A LOW Closed [*, 3.1.8) 3.1.8 2017-06-13 00:00:00 Wordfence
WP-Members <= 3.5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-3.5.4.2 3.5.4.3 2025-09-22 00:00:00 Wordfence
WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting N/A LOW Closed *-3.4.9.2 3.4.9.3 2024-04-01 00:00:00 Wordfence
WP-Members <= 3.2.7 - Cross-Site Request Forgery N/A LOW Closed *-3.2.7 3.2.8.1 2019-06-13 00:00:00 Wordfence
WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute N/A LOW Closed *-3.5.5.1 3.5.6 2026-03-03 18:17:29 Wordfence
WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting N/A LOW Closed *-3.4.9.5 3.4.9.6 2024-10-21 20:55:04 Wordfence
WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting N/A LOW Closed [*, 2.8.10) 2.8.10 2014-01-07 00:00:00 Wordfence
WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode N/A LOW Closed *-3.5.2 3.5.3 2025-05-16 21:04:33 Wordfence
WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files N/A LOW Closed *-3.4.9.3 3.4.9.4 2024-04-25 00:00:00 Wordfence
WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure N/A LOW Closed *-3.4.8 3.4.9 2024-01-03 00:00:00 Wordfence
WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update N/A LOW Closed *-3.4.7.3 3.4.8 2023-06-22 00:00:00 Wordfence
WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode N/A LOW Closed *-3.4.9.5 3.4.9.6 2024-10-24 23:18:08 Wordfence
WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode N/A LOW Closed *-3.4.9.1 3.4.9.2 2024-03-07 00:00:00 Wordfence
WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields N/A LOW Closed *-3.5.4.3 3.5.4.4 2026-01-14 17:16:18 Wordfence
WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-3.5.4.1 3.5.4.2 2025-07-21 00:00:00 Wordfence
WP-Members <= 3.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-3.5.4 3.5.4.1 2025-06-19 00:00:00 Wordfence
WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files N/A LOW Closed *-3.5.4.4 3.5.4.5 2026-01-06 14:17:16 Wordfence
WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names N/A LOW Closed *-3.5.4.2 3.5.4.3 2025-09-08 16:23:22 Wordfence
WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update N/A LOW Closed *-3.4.7.3 3.4.8 2023-06-08 00:00:00 Wordfence