Caddy – Smart Side Cart for WooCommerce Security & Risk Analysis

wordpress.org/plugins/caddy

A high performance WooCommerce side cart that boosts conversions with product recommendations, a free shipping meter, and save for later.

4K active installs v3.0.2 PHP 7.4+ WP 6.5+ Updated Mar 25, 2026
ajax-cartcart-drawerfloating-cartside-cartsliding-cart
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 7, 2023
Safety Verdict

Is Caddy – Smart Side Cart for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Caddy – Smart Side Cart for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 7, 2023Updated 3mo ago
Risk Assessment

The "caddy" v3.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped output. The absence of dangerous functions, file operations, and bundled libraries further contributes to a generally clean codebase. However, significant concerns arise from its attack surface. With 11 total entry points, 4 of which are unprotected (3 AJAX handlers and 1 REST API route without permission callbacks), there's a substantial risk of unauthorized access or manipulation.

Key Concerns

  • Unprotected AJAX handlers
  • REST API route without permission callback
  • Known medium severity vulnerability
  • Taint analysis shows unsanitized paths
Vulnerabilities
1 published

Caddy – Smart Side Cart for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-49854medium · 4.3Cross-Site Request Forgery (CSRF)

Caddy <= 1.9.7 - Cross-Site Request Forgery

Dec 7, 2023 Patched in 1.9.8 (47d)
Version History

Caddy – Smart Side Cart for WooCommerce Release Timeline

v3.0.2Current
v3.0.1
v3.0.0
v2.1.2
v2.1.1
v2.1.0
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0
v1.9.8
v1.9.61 CVE
v1.9.51 CVE
v1.9.41 CVE
Code Analysis
Analyzed Mar 16, 2026

Caddy – Smart Side Cart for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
92
735 escaped
Nonce Checks
16
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

89% escaped827 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
process_general_settings (admin\class-caddy-admin.php:599)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Caddy – Smart Side Cart for WooCommerce Attack Surface

Entry Points11
Unprotected4

AJAX Handlers 4

authwp_ajax_caddy_subscribe_emailincludes\class-caddy-notices.php:75
authwp_ajax_dismiss_welcome_noticeincludes\class-caddy.php:194
authwp_ajax_dismiss_optin_noticeincludes\class-caddy.php:197
authwp_ajax_cc_submit_deactivation_form_dataincludes\class-caddy.php:206

REST API Routes 5

POST/wp-json/caddy/v1/saved-items/addincludes\class-caddy-interactivity.php:486
POST/wp-json/caddy/v1/saved-items/removeincludes\class-caddy-interactivity.php:502
POST/wp-json/caddy/v1/saved-items/move-to-cartincludes\class-caddy-interactivity.php:518
GET/wp-json/caddy/v1/saved-itemsincludes\class-caddy-interactivity.php:534
GET/wp-json/caddy/v1/recommendations/(?P<product_id>\d+)includes\class-caddy-interactivity.php:542

Shortcodes 2

[cc_saved_items] includes\class-caddy.php:275
[cc_cart_items] includes\class-caddy.php:278
WordPress Hooks 52
actionadmin_initadmin\class-caddy-admin.php:51
actionadmin_noticescaddy.php:47
actionadmin_noticescaddy.php:74
actionbefore_woocommerce_initcaddy.php:178
actionadmin_initcaddy.php:185
actioninitincludes\class-caddy-block.php:19
actioninitincludes\class-caddy-block.php:20
actionwp_enqueue_scriptsincludes\class-caddy-block.php:21
actionenqueue_block_editor_assetsincludes\class-caddy-block.php:22
actionwp_headincludes\class-caddy-block.php:188
actionwidgets_initincludes\class-caddy-cart-widget.php:131
actionwp_enqueue_scriptsincludes\class-caddy-interactivity.php:22
actionrest_api_initincludes\class-caddy-interactivity.php:25
filtercaddy_cart_template_contextincludes\class-caddy-interactivity.php:28
actionwoocommerce_update_productincludes\class-caddy-interactivity.php:31
actionwoocommerce_delete_productincludes\class-caddy-interactivity.php:32
actionadmin_noticesincludes\class-caddy-notices.php:66
actionadmin_noticesincludes\class-caddy-notices.php:68
actionadmin_noticesincludes\class-caddy-notices.php:70
actionadmin_noticesincludes\class-caddy-notices.php:72
actionupgrader_process_completeincludes\class-caddy-notices.php:78
actionwidgets_initincludes\class-caddy-saved-items-widget.php:110
actionplugins_loadedincludes\class-caddy.php:163
actionadmin_enqueue_scriptsincludes\class-caddy.php:181
actionadmin_enqueue_scriptsincludes\class-caddy.php:182
actionadmin_menuincludes\class-caddy.php:185
actionadmin_footerincludes\class-caddy.php:188
actioncaddy_admin_tab_screenincludes\class-caddy.php:191
actioncc_addons_htmlincludes\class-caddy.php:200
actioncaddy_header_linksincludes\class-caddy.php:203
actioncaddy_admin_headerincludes\class-caddy.php:209
actionwoocommerce_product_options_relatedincludes\class-caddy.php:212
actionwoocommerce_process_product_metaincludes\class-caddy.php:215
filterwoocommerce_cart_redirect_after_addincludes\class-caddy.php:254
actionwoocommerce_add_to_cartincludes\class-caddy.php:255
filterwoocommerce_add_to_cart_validationincludes\class-caddy.php:256
actionwp_enqueue_scriptsincludes\class-caddy.php:259
actionwp_enqueue_scriptsincludes\class-caddy.php:260
actionwp_footerincludes\class-caddy.php:263
actionwp_footerincludes\class-caddy.php:264
actionwp_headincludes\class-caddy.php:267
filterrocket_cache_reject_uriincludes\class-caddy.php:271
actioncaddy_cart_bubble_iconincludes\class-caddy.php:281
actioncaddy_free_shipping_title_textincludes\class-caddy.php:284
actioncaddy_compass_iconincludes\class-caddy.php:287
actioncaddy_product_upsells_sliderincludes\class-caddy.php:290
actioncaddy_fs_congrats_textincludes\class-caddy.php:293
actioncaddy_fs_spend_textincludes\class-caddy.php:296
actionwoocommerce_after_add_to_cart_buttonincludes\class-caddy.php:299
filterwp_nav_menu_itemsincludes\class-caddy.php:302
filterwp_nav_menu_itemsincludes\class-caddy.php:305
actioninitpublic\class-caddy-public.php:44
Maintenance & Trust

Caddy – Smart Side Cart for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 25, 2026
PHP min version7.4
Downloads88K

Community Trust

Rating80/100
Number of ratings19
Active installs4K
Developer Profile

Caddy – Smart Side Cart for WooCommerce Developer Profile

Tribe Interactive

1 plugin · 4K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect Caddy – Smart Side Cart for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/caddy/assets/css/caddy-admin.css/wp-content/plugins/caddy/assets/css/caddy-admin-notices.css/wp-content/plugins/caddy/assets/css/caddy-deactivation-popup.css/wp-content/plugins/caddy/assets/css/caddy-frontend.css/wp-content/plugins/caddy/assets/css/caddy-frontend-style.css/wp-content/plugins/caddy/assets/js/caddy-frontend.js/wp-content/plugins/caddy/assets/js/caddy-frontend-vue.js/wp-content/plugins/caddy/assets/js/caddy-scripts.js
Script Paths
caddy-admin.jscaddy-frontend.jscaddy-frontend-vue.jscaddy-scripts.js
Version Parameters
caddy-admin.css?ver=caddy-admin-notices.css?ver=caddy-deactivation-popup.css?ver=caddy-frontend.css?ver=caddy-frontend-style.css?ver=caddy-frontend.js?ver=caddy-frontend-vue.js?ver=caddy-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
caddy-cartcaddy-frontendcaddy-minicartcaddy-saved-items
Data Attributes
data-caddy-cart-wrapperdata-caddy-mini-cart-wrapperdata-caddy-product-variant-iddata-caddy-product-iddata-caddy-product-quantitydata-caddy-product-id-to-remove
JS Globals
CaddyFrontendcaddyFrontendVueAppcaddyVue
FAQ

Frequently Asked Questions about Caddy – Smart Side Cart for WooCommerce