Carrot quest Security & Risk Analysis
wordpress.org/plugins/carrot-questCarrot quest совмещает в себе все инструменты для автоматизации маркетинга, продаж и коммуникации с пользователями. Поддерживает WooCommerce 5.x, 6.
Is Carrot quest Safe to Use in 2026?
Generally Safe
Score 85/100Carrot quest has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "carrot-quest" plugin v2.1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of identified CVEs and unpatched vulnerabilities in its history, coupled with excellent practices like 100% prepared SQL statements and 93% properly escaped output, suggest a commitment to secure coding. The limited attack surface, with zero identified entry points that are unprotected, is also a positive indicator.
However, there are a few areas of concern. A single flow with an unsanitized path identified during taint analysis, while not classified as critical or high severity, warrants attention as it represents a potential avenue for exploitation if an attacker can manipulate the path. The presence of file operations and external HTTP requests, while not inherently insecure, increases the plugin's potential for interaction with the environment and external services, which can sometimes introduce vulnerabilities. The lack of capability checks on any identified entry points is a significant weakness, as it means any user, regardless of their role, could potentially trigger these functions if an entry point were to be discovered.
Overall, the plugin benefits from a clean vulnerability history and good general coding practices. The primary risks lie in the identified unsanitized path and the absence of capability checks, which could be exploited if further vulnerabilities are discovered or if the attack surface is expanded. Addressing the unsanitized path and implementing capability checks where appropriate would significantly improve its security.
Key Concerns
- Flow with unsanitized path
- No capability checks on entry points
- File operations present
- External HTTP requests present
- Some output not properly escaped
Carrot quest Security Vulnerabilities
Carrot quest Code Analysis
Output Escaping
Data Flow Analysis
Carrot quest Attack Surface
WordPress Hooks 14
Maintenance & Trust
Carrot quest Maintenance & Trust
Maintenance Signals
Community Trust
Carrot quest Alternatives
Convead
convead-for-woocommerce
Convead - Аnalytics and Actions Combined. Convead makes it easy to retain and return customers for eCommerce. Supports WooCommerce 2.x.
Markeaze for WooCommerce
markeaze
Live chat by Markeaze is an all-in-one communication solution designed specifically for the needs of online stores.
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite
Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.
Exclusive Addons for Elementor
exclusive-addons-for-elementor
Exclusive Addons is one of the Best Elementor Addons With 90+ Elementor Free & Pro Widgets with all the customizations options you ever imagined.
Product Filter for WooCommerce by WBW
woo-product-filter
Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter
Carrot quest Developer Profile
1 plugin · 100 total installs
How We Detect Carrot quest
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/carrot-quest/css/style.css/wp-content/plugins/carrot-quest/js/script.js//cdn.carrotquest.app/api.min.jscarrot-quest/style.css?ver=carrot-quest/js/script.js?ver=HTML / DOM Fingerprints
<!-- Carrot quest BEGIN --><!-- Carrot quest END -->carrotquestcarrotquestasynccarrotquest.settings