Does Belco.io for Woocommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Belco.io for Woocommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Belco.io for Woocommerce compatible with WordPress 6.0.11?

According to WordPress.org data, Belco.io for Woocommerce 0.9.4 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Belco.io for Woocommerce compatible with PHP 7.4+?

Belco.io for Woocommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Belco.io for Woocommerce updated?

Belco.io for Woocommerce was last updated on Sep 1, 2022. Frequent updates are generally a positive security signal.

What is Belco.io for Woocommerce's security score?

Belco.io for Woocommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Belco.io for Woocommerce Security & Risk Analysis

wordpress.org/plugins/belcoio

“Make customer service your competitive advantage.”

80 active installs v0.9.4 PHP 7.4+ WP 3.9.1+ Updated Sep 1, 2022

ecommerceemaillive-chattelephonywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Belco.io for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Belco.io for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "belcoio" plugin v0.9.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, performing file operations, and making external HTTP requests without any reported vulnerabilities in its history. The absence of known CVEs and critical taint flows suggests a generally well-developed codebase.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This presents a notable attack surface, as unauthenticated users could potentially trigger these functions. Additionally, while the plugin performs some output escaping, a portion (29%) remains unescaped, which could lead to cross-site scripting vulnerabilities if user-supplied data is involved.

The lack of nonce checks on the AJAX handlers is a critical omission for WordPress security, as nonces are fundamental for preventing CSRF attacks. While there are no historical vulnerabilities, the identified code-level weaknesses could be exploited. The plugin's strengths lie in its SQL handling and lack of historical issues, but the unprotected AJAX endpoints and potential for unescaped output require immediate attention.

Key Concerns

Unprotected AJAX handlers
Unescaped output detected
Missing nonce checks on AJAX

Vulnerabilities

None known

Belco.io for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Belco.io for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

71% escaped7 total outputs

Attack Surface

2 unprotected

Belco.io for Woocommerce Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_belco_config_handlerbelco.php:55

noprivwp_ajax_belco_config_handlerbelco.php:56

WordPress Hooks 14

actioninitbelco.php:50

actionadmin_initbelco.php:51

actionadmin_menubelco.php:52

actionwp_enqueue_scriptsbelco.php:53

actionadmin_enqueue_scriptsbelco.php:54

actionadmin_noticesbelco.php:102

filterpre_update_option_belco_secretbelco.php:113

actionwoocommerce_checkout_order_processedconnectors\woocommerce.php:10

actionwoocommerce_order_status_changedconnectors\woocommerce.php:11

actionprofile_updateconnectors\woocommerce.php:12

actiondeleted_userconnectors\woocommerce.php:13

filterwoocommerce_rest_orders_prepare_object_queryconnectors\woocommerce.php:15

actionprofile_updateconnectors\wordpress.php:7

actiondeleted_userconnectors\wordpress.php:8

Maintenance & Trust

Belco.io for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedSep 1, 2022

PHP min version7.4

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

Belco.io for Woocommerce Alternatives

MailerLite – WooCommerce integration

woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K 4 CVEs