Does Api2Cart Bridge Connector have any unpatched vulnerabilities?

No. All known vulnerabilities in Api2Cart Bridge Connector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Api2Cart Bridge Connector compatible with WordPress 6.8.5?

According to WordPress.org data, Api2Cart Bridge Connector 3.0.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Api2Cart Bridge Connector updated?

Api2Cart Bridge Connector was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Api2Cart Bridge Connector's security score?

Api2Cart Bridge Connector has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Api2Cart Bridge Connector Security & Risk Analysis

wordpress.org/plugins/api2cart-bridge-connector

Establish the connection between a B2B system and WooCommerce or WP-eCommerce stores. Use the ready connection to make synchronization of such client …

50 active installs v3.0.11 PHP + WP 4.5+ Updated Mar 5, 2026

api2cartapi2cart-bridge-downloadbridge-connectorwoocommercewoocommerce-b2b-connector

A · Safe

CVEs total2

Unpatched0

Last CVEOct 28, 2022

Download

Safety Verdict

Is Api2Cart Bridge Connector Safe to Use in 2026?

Generally Safe

Score 96/100

Api2Cart Bridge Connector has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 28, 2022Updated 1mo ago

Risk Assessment

The api2cart-bridge-connector plugin, at version 3.0.11, presents a mixed security posture. While it demonstrates good practices in SQL query handling, with 100% prepared statements, and robust output escaping at 96%, significant concerns remain. The plugin has a limited attack surface of only one entry point, an AJAX handler, but alarmingly, this handler lacks authentication checks, making it a direct vulnerability. The presence of the `unserialize` function, a known vector for remote code execution if not handled with extreme care, is also a notable risk, especially given the absence of taint analysis data.

The plugin's vulnerability history is a major red flag. With two known critical CVEs, both related to Unrestricted Upload of File with Dangerous Type and Code Injection, and the last vulnerability dating back to October 2022, it suggests a history of severe security flaws. Although no CVEs are currently unpatched, the recurring nature of critical vulnerabilities indicates a pattern of insecure coding practices within the plugin. This history, combined with the unprotected AJAX endpoint and the use of `unserialize`, paints a picture of a plugin that, despite some positive coding habits, carries a substantial risk due to past critical issues and immediately exploitable entry points.

Key Concerns

AJAX handler without authentication
Dangerous function: unserialize
Two critical CVEs in history
No capability checks

Vulnerabilities

Api2Cart Bridge Connector Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Critical

2 total CVEs

CVE-2022-42698critical · 9.8Unrestricted Upload of File with Dangerous Type

Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload

Oct 28, 2022 Patched in 1.2.0 (452d)

CVE-2022-42497critical · 9.8Improper Control of Generation of Code ('Code Injection')

Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution

Oct 28, 2022 Patched in 1.2.0 (452d)

Code Analysis

Analyzed Mar 16, 2026

Api2Cart Bridge Connector Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cartPluginsNetwork = unserialize( $cartPluginsNetwork );bridge2cart\bridge.php:809

unserialize$activePlugin = $getActivePlugin( unserialize( $cartPlugins ) );bridge2cart\bridge.php:826

unserialize$activePlugin = $getActivePlugin( unserialize( $cartPlugins ) );bridge2cart\bridge.php:843

unserialize$data = unserialize( $a2cData['metaData'], ['allowed_classes' => ['stdClass']] );bridge2cart\bridge.php:1342

unserialize$data = unserialize( $item['metaData'], [ 'allowed_classes' => [ 'stdClass' ] ] );bridge2cart\bridge.php:1482

SQL Query Safety

100% prepared26 total queries

Output Escaping

96% escaped52 total outputs

Attack Surface

1 unprotected

Api2Cart Bridge Connector Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_A2CBCbridge_actionapi2cart-bridge-connector.php:62

WordPress Hooks 9

actionadmin_noticesapi2cart-bridge-connector.php:43

actionrest_api_initapi2cart-bridge-connector.php:161

actionadmin_menuapi2cart-bridge-connector.php:262

filterwoocommerce_email_enabled_customer_completed_orderbridge2cart\bridge.php:1984

filterwoocommerce_email_enabled_customer_invoicebridge2cart\bridge.php:1985

filterwoocommerce_email_enabled_customer_notebridge2cart\bridge.php:1986

filterwoocommerce_email_enabled_customer_on_hold_orderbridge2cart\bridge.php:1987

filterwoocommerce_email_enabled_customer_processing_orderbridge2cart\bridge.php:1988

filterwoocommerce_email_enabled_customer_refunded_orderbridge2cart\bridge.php:1989

Maintenance & Trust

Api2Cart Bridge Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 5, 2026

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Api2Cart Bridge Connector Alternatives

Webhook Helper

api2cart-webhook-helper

100

Enhance Your WooCommerce Integration with Extended Webhook Support

40 No CVEs

API2Cart Live Shipping 4 Woocommerce

api2cart-live-shipping-4-woocommerce

100

This plugin allows to use of real-time shipping rates provided by third-party shipping services.

30 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

Developer Profile

Api2Cart Bridge Connector Developer Profile

Developer

3 plugins · 120 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

452 days

View full developer profile

Detection Fingerprints

How We Detect Api2Cart Bridge Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/api2cart-bridge-connector/css/style.css/wp-content/plugins/api2cart-bridge-connector/js/scripts.js

Script Paths

/wp-content/plugins/api2cart-bridge-connector/js/scripts.js

Version Parameters

api2cart-bridge-connector/css/style.css?ver=api2cart-bridge-connector/js/scripts.js?ver=

HTML / DOM Fingerprints

JS Globals

A2CAjax

REST Endpoints

/wp-json/a2c_rest_api_v1/connection/

FAQ