Does Appy Pie Connect for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Appy Pie Connect for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Appy Pie Connect for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Appy Pie Connect for WooCommerce 1.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Appy Pie Connect for WooCommerce compatible with PHP 7.4+?

Appy Pie Connect for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Appy Pie Connect for WooCommerce updated?

Appy Pie Connect for WooCommerce was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is Appy Pie Connect for WooCommerce's security score?

Appy Pie Connect for WooCommerce has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Appy Pie Connect for WooCommerce Security & Risk Analysis

wordpress.org/plugins/appy-pie-connect-for-woocommerce

Short Description: This plugin provides awesome functionality to your WordPress site.

10 active installs v1.1.4 PHP 7.4+ WP 4.8+ Updated Dec 4, 2025

A · Safe

CVEs total1

Unpatched0

Last CVEOct 2, 2025

Plugin page Download

Safety Verdict

Is Appy Pie Connect for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Appy Pie Connect for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 2, 2025Updated 4mo ago

Risk Assessment

The "appy-pie-connect-for-woocommerce" plugin version 1.1.4 exhibits a mixed security posture. While it demonstrates good practices in preventing SQL injection through the exclusive use of prepared statements and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and vulnerability history. The presence of 3 REST API routes without permission callbacks represents a direct entry point for potential unauthorized access or data manipulation. Furthermore, the plugin's history includes a past critical vulnerability related to unverified password changes, indicating a potential for severe security flaws, even though it is currently patched. The complete absence of nonce checks on AJAX handlers, combined with the unprotected REST API endpoints, raises a red flag for potential cross-site request forgery or unauthorized action execution.

Key Concerns

Unprotected REST API routes
No nonce checks on AJAX handlers
Past critical vulnerability (Unverified Password Change)

Vulnerabilities

Appy Pie Connect for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2025-9286critical · 9.8Unverified Password Change

Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password

Oct 2, 2025 Patched in 1.1.3 (28d)

Code Analysis

Analyzed Mar 17, 2026

Appy Pie Connect for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

132 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

99% escaped134 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_product_list (product-api.php:431)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Appy Pie Connect for WooCommerce Attack Surface

Entry Points42

Unprotected3

REST API Routes 42

GET/wp-json/wc/v3/customer/listconnect-woocommerce-rest-api.php:93

POST/wp-json/wc/v3/customer/createconnect-woocommerce-rest-api.php:109

POST/wp-json/wc/v3/customer/loginconnect-woocommerce-rest-api.php:125

DELETE/wp-json/wc/v3/customer/delete/(?P<user_id>[\d]+)connect-woocommerce-rest-api.php:141

POST/wp-json/wc/v3/customer/updateconnect-woocommerce-rest-api.php:157

GET/wp-json/wc/v3/customer/detail/(?P<user_id>[\d]+)connect-woocommerce-rest-api.php:173

POST/wp-json/wc/v3customer/forget_passwordconnect-woocommerce-rest-api.php:189

POST/wp-json/wc/v3customer/reset_passwordconnect-woocommerce-rest-api.php:206

GET/wp-json/wc/v3/product/listproduct-api.php:101

GET/wp-json/wc/v3/variation/listproduct-api.php:117

GET/wp-json/wc/v3/product/updatelistproduct-api.php:132

GET/wp-json/wc/v3/product/list/(?P<id>[\d]+)product-api.php:147

GET/wp-json/wc/v3/product/updatelist/(?P<id>[\d]+)product-api.php:162

POST/wp-json/wc/v3/product/createvariationproduct-api.php:178

POST/wp-json/wc/v3/product/updatevariationproduct-api.php:194

GET/wp-json/wc/v3/product/author/(?P<id>[\d]+)product-api.php:209

GET/wp-json/wc/v3/product/categoriesproduct-api.php:225

POST/wp-json/wc/v3/product/create-categoryproduct-api.php:240

POST/wp-json/wc/v3/product/update-categoryproduct-api.php:255

POST/wp-json/wc/v3/product/delete-category/(?P<id>\d+)product-api.php:270

GET/wp-json/wc/v3/product/categoryproduct-api.php:286

GET/wp-json/wc/v3/product/filtercategoryproduct-api.php:302

POST/wp-json/wc/v3product/createproduct-api.php:318

POST/wp-json/wc/v3product/delete/(?P<product_id>[\d]+)product-api.php:330

POST/wp-json/wc/v3product/updateproduct-api.php:342

GET/wp-json/wc/v3/coupons/listwc-coupons-api.php:41

GET/wp-json/wc/v3/coupons/list/(?P<id>[\d]+)wc-coupons-api.php:57

POST/wp-json/wc/v3/coupons/createwc-coupons-api.php:73

POST/wp-json/wc/v3/coupons/delete/(?P<id>[\d]+)wc-coupons-api.php:89

POST/wp-json/wc/v3/coupons/updatewc-coupons-api.php:105

GET/wp-json/wc/v3/invoice/listwc-invoice-api.php:25

POST/wp-json/wc/v3invoice/listwc-invoice-api.php:42

GET/wp-json/wc/v3/order/listwc-order-api.php:51

GET/wp-json/wc/v3order/list/(?P<order_id>[\d]+)wc-order-api.php:68

DELETE/wp-json/wc/v3order/delete/(?P<order_id>[\d]+)wc-order-api.php:85

GET/wp-json/wc/v3user/order/list/(?P<customer_id>[\d]+)wc-order-api.php:102

POST/wp-json/wc/v3/order/updatewc-order-api.php:118

POST/wp-json/wc/v3/order/createwc-order-api.php:135

GET/wp-json/wc/v3order/received/(?P<order_id>[\d]+)wc-order-api.php:151

POST/wp-json/wp/v3insert_webhookwc-webhook-api.php:9

POST/wp-json/wp/v3update_webhook/(?P<id>\d+)wc-webhook-api.php:15

DELETE/wp-json/wp/v3delete_webhook/(?P<id>\d+)wc-webhook-api.php:21

WordPress Hooks 44

actionrest_api_initconnect-woocommerce-rest-api.php:34

actionrest_api_initconnect-woocommerce-rest-api.php:39

actionrest_api_initconnect-woocommerce-rest-api.php:44

actionrest_api_initconnect-woocommerce-rest-api.php:49

actionrest_api_initconnect-woocommerce-rest-api.php:54

actionrest_api_initconnect-woocommerce-rest-api.php:59

actionrest_api_initconnect-woocommerce-rest-api.php:64

actionrest_api_initconnect-woocommerce-rest-api.php:69

actionrest_api_initproduct-api.php:12

actionrest_api_initproduct-api.php:17

actionrest_api_initproduct-api.php:22

actionrest_api_initproduct-api.php:28

actionrest_api_initproduct-api.php:33

actionrest_api_initproduct-api.php:38

actionrest_api_initproduct-api.php:43

actionrest_api_initproduct-api.php:48

actionrest_api_initproduct-api.php:53

actionrest_api_initproduct-api.php:58

actionrest_api_initproduct-api.php:63

actionrest_api_initproduct-api.php:68

actionrest_api_initproduct-api.php:73

actionrest_api_initproduct-api.php:78

actionrest_api_initproduct-api.php:83

actionrest_api_initproduct-api.php:88

actionrest_api_initproduct-api.php:93

actionwoocommerce_product_after_variable_attributesproduct-api.php:2011

actionrest_api_initwc-coupons-api.php:13

actionrest_api_initwc-coupons-api.php:18

actionrest_api_initwc-coupons-api.php:22

actionrest_api_initwc-coupons-api.php:27

actionrest_api_initwc-coupons-api.php:32

filterwoocommerce_webhook_topicswc-custom-webhook.php:16

actionwoocommerce_order_status_completedwc-custom-webhook.php:17

filterwoocommerce_webhook_payloadwc-custom-webhook.php:18

actionrest_api_initwc-invoice-api.php:13

actionrest_api_initwc-invoice-api.php:17

actionrest_api_initwc-order-api.php:13

actionrest_api_initwc-order-api.php:18

actionrest_api_initwc-order-api.php:23

actionrest_api_initwc-order-api.php:28

actionrest_api_initwc-order-api.php:33

actionrest_api_initwc-order-api.php:38

actionrest_api_initwc-order-api.php:43

actionrest_api_initwc-webhook-api.php:8

Maintenance & Trust

Appy Pie Connect for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Appy Pie Connect for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

Appy Pie Connect for WooCommerce Developer Profile

Appy Pie

4 plugins · 60 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect Appy Pie Connect for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/appy-pie-connect-for-woocommerce/product-api.php/wp-content/plugins/appy-pie-connect-for-woocommerce/wc-order-api.php/wp-content/plugins/appy-pie-connect-for-woocommerce/wc-invoice-api.php/wp-content/plugins/appy-pie-connect-for-woocommerce/wc-coupons-api.php/wp-content/plugins/appy-pie-connect-for-woocommerce/wc-custom-webhook.php/wp-content/plugins/appy-pie-connect-for-woocommerce/wc-webhook-api.php

HTML / DOM Fingerprints

REST Endpoints

/wp-json/wc/v3/customer/list/wp-json/wc/v3/customer/create/wp-json/wc/v3/customer/login/wp-json/wc/v3/customer/delete/(?P<user_id>[\d]+)/wp-json/wc/v3/customer/update/wp-json/wc/v3/customer/detail/(?P<user_id>[\d]+)/wp-json/wc/v3/customer/forget_password/wp-json/wc/v3/customer/reset_password

FAQ