Does AdRoll for WooCommerce Stores have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is AdRoll for WooCommerce Stores compatible with WordPress 6.6.5?

According to WordPress.org data, AdRoll for WooCommerce Stores 2.3.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is AdRoll for WooCommerce Stores compatible with PHP 5.6.20+?

AdRoll for WooCommerce Stores requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AdRoll for WooCommerce Stores updated?

AdRoll for WooCommerce Stores was last updated on Aug 26, 2024. Frequent updates are generally a positive security signal.

What is AdRoll for WooCommerce Stores's security score?

AdRoll for WooCommerce Stores has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AdRoll for WooCommerce Stores Security & Risk Analysis

wordpress.org/plugins/adroll-for-woocommerce-stores-dev

Connect your WooCommerce store to AdRoll and run display, social media, and email campaigns — all on one platform.

600 active installs v2.3.1 PHP 5.6.20+ WP 4.4+ Updated Aug 26, 2024

adsadvertisingmarketingretargetingsocial-media

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AdRoll for WooCommerce Stores Safe to Use in 2026?

Generally Safe

Score 92/100

AdRoll for WooCommerce Stores has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "adroll-for-woocommerce-stores-dev" plugin v2.3.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and there is no known vulnerability history, which is a strong indicator of ongoing security diligence. The absence of dangerous functions and file operations also contributes to a generally stable foundation. However, significant concerns arise from the static analysis. The plugin has a single REST API route that lacks permission callbacks, creating an unprotected entry point. Furthermore, a concerning 75% of output escaping is not properly handled, presenting a risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized path taint flows. While no critical or high severity taint issues were identified, the presence of unsanitized paths is a red flag that warrants attention. The complete absence of nonce and capability checks on this unprotected entry point amplifies the risk associated with the unescaped outputs.

Key Concerns

Unprotected REST API route
Significant unescaped output
Unsanitized path taint flows
Missing capability checks
Missing nonce checks

Vulnerabilities

None known

AdRoll for WooCommerce Stores Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

AdRoll for WooCommerce Stores Release Timeline

v2.3.1Current

v2.3.0

v2.2.25

v2.2.24

v2.2.23

v2.2.22

v2.2.21

v2.2.20

v2.2.19

v2.2.18

v2.2.17

v2.2.16

v2.2.15

v2.2.14

v2.2.13

v2.2.12

v2.2.11

v2.2.10

v2.2.9

v2.2.8

Code Analysis

Analyzed Mar 16, 2026

AdRoll for WooCommerce Stores Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped20 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

adroll_adv_eid_callback (adroll-for-woocommerce.php:157)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

AdRoll for WooCommerce Stores Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/adroll/v1/configureadroll-for-woocommerce.php:35

WordPress Hooks 14

actioncheckout_startedadroll-for-woocommerce.php:23

actionadmin_menuadroll-for-woocommerce.php:24

actionadmin_initadroll-for-woocommerce.php:25

actionadmin_noticesadroll-for-woocommerce.php:26

actionwp_footeradroll-for-woocommerce.php:27

actionwoocommerce_after_checkout_formadroll-for-woocommerce.php:28

actionwoocommerce_checkout_order_processedadroll-for-woocommerce.php:29

actionwoocommerce_thankyouadroll-for-woocommerce.php:30

actionpre_get_postsadroll-for-woocommerce.php:31

actionactivated_pluginadroll-for-woocommerce.php:32

actiondeactivated_pluginadroll-for-woocommerce.php:33

actionrest_api_initadroll-for-woocommerce.php:34

filterthe_postsadroll-for-woocommerce.php:42

filterwoocommerce_add_to_cartadroll-for-woocommerce.php:43

Maintenance & Trust

AdRoll for WooCommerce Stores Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 26, 2024

PHP min version5.6.20

Downloads49K

Community Trust

Rating50/100

Number of ratings10

Active installs600

Alternatives

AdRoll for WooCommerce Stores Alternatives

Rontar Blog Retargeting

rontar-blog-retargeting

Convert your one-time visitors into subscribers. Rontar blog feed and retargeting pixel easy integration.

10 No CVEs

Rontar Dynamic Retargeting for WooCommerce

rontar-dynamic-retargeting-for-woocommerce

Turn visitors into customers. Rontar product feed and retargeting pixel easy integration.

10 No CVEs

CallTrackingMetrics

call-tracking-metrics

100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs

Dynamic Remarketing for Google Ads and WooCommerce

woocommerce-google-dynamic-retargeting-tag

100

This plugin integrates the Google Ads Dynamic Remarketing Tracking pixel with customized ecommerce variables in a WooCommerce shop.

2K No CVEs

LexonAds: Free Ad Network – Boost Traffic & Get More Visitors

martins-free-and-easy-ad-network-get-more-visitors

The 100% free alternative to Google Ads and Facebook Ads. Join our global ad exchange network to get more website visitors and boost your visibility a …

100 1 unpatched

Developer Profile

AdRoll for WooCommerce Stores Developer Profile

AdRoll

1 plugin · 600 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AdRoll for WooCommerce Stores

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/adroll-for-woocommerce-stores-dev/pixel.js/wp-content/plugins/adroll-for-woocommerce-stores-dev/admin.js/wp-content/plugins/adroll-for-woocommerce-stores-dev/notice.js/wp-content/plugins/adroll-for-woocommerce-stores-dev/style.css/wp-content/plugins/adroll-for-woocommerce-stores-dev/admin.css

Script Paths

https://app.adroll.com/js/adroll_conversion_pixel_init.min.js

Version Parameters

adroll-for-woocommerce-stores-dev/style.css?ver=adroll-for-woocommerce-stores-dev/admin.js?ver=adroll-for-woocommerce-stores-dev/pixel.js?ver=adroll-for-woocommerce-stores-dev/notice.js?ver=adroll-for-woocommerce-stores-dev/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

adroll-notice-dismissadroll-settings-admin-page

HTML Comments

+2 more

Data Attributes

data-adroll-account-iddata-adroll-pixel-id

JS Globals

adroll_pixel_dataadroll_conversion_pixeladroll_conversion_pixel_init

REST Endpoints

/wp-json/adroll/v1/configure

FAQ