Does CoCart – Headless REST API for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in CoCart – Headless REST API for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CoCart – Headless REST API for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, CoCart – Headless REST API for WooCommerce 4.8.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CoCart – Headless REST API for WooCommerce compatible with PHP 7.4+?

CoCart – Headless REST API for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CoCart – Headless REST API for WooCommerce updated?

CoCart – Headless REST API for WooCommerce was last updated on Jan 26, 2026. Frequent updates are generally a positive security signal.

What is CoCart – Headless REST API for WooCommerce's security score?

CoCart – Headless REST API for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CoCart – Headless REST API for WooCommerce Security & Risk Analysis

wordpress.org/plugins/cart-rest-api-for-woocommerce

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K active installs v4.8.3 PHP 7.4+ WP 6.3+ Updated Jan 26, 2026

cartdecoupledheadlessrest-apiwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVENov 7, 2023

Plugin page Download

Safety Verdict

Is CoCart – Headless REST API for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

CoCart – Headless REST API for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 7, 2023Updated 2mo ago

Risk Assessment

The security posture of cart-rest-api-for-woocommerce v4.8.3 presents a mixed bag, with several positive indicators but also areas warranting attention. The plugin demonstrates good practices in output escaping, with 92% of outputs properly handled, and a reasonable percentage of SQL queries using prepared statements (73%). The absence of any immediately exploitable attack surface through AJAX, REST API, or shortcodes, and the presence of nonces and capability checks on entry points, are strengths. However, the taint analysis reveals a significant concern: 3 out of 4 analyzed flows have unsanitized paths, with 3 classified as high severity. This suggests a potential for path traversal or similar vulnerabilities where user-controlled input could manipulate file operations or other sensitive actions. While there are no currently unpatched CVEs, the plugin has a history of one medium severity vulnerability related to missing authorization, which aligns with the potential risks identified in the taint analysis. This pattern indicates a recurring need for rigorous authorization checks. Overall, the plugin has implemented several security best practices, but the high-severity unsanitized path flows and past authorization issues highlight areas that require immediate scrutiny and potential patching.

Key Concerns

High severity unsanitized path flows
One medium severity CVE historically
2 Cron events, potential for unexpected execution
2 External HTTP requests, potential for SSRF

Vulnerabilities

CoCart – Headless REST API for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-47241medium · 5.3Missing Authorization

CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization

Nov 7, 2023 Patched in 3.12.0 (143d)

Code Analysis

Analyzed Mar 16, 2026

CoCart – Headless REST API for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

45 prepared

Unescaped Output

323 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

73% prepared62 total queries

Output Escaping

92% escaped350 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

<class-cocart-admin-notices> (includes\classes\admin\class-cocart-admin-notices.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CoCart – Headless REST API for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 128

filterwp_plugin_dependencies_slugincludes\class-cocart.php:122

filterwoocommerce_session_handlerincludes\class-cocart.php:125

actionwoocommerce_loadedincludes\class-cocart.php:128

actionwoocommerce_loadedincludes\class-cocart.php:129

actionwoocommerce_loadedincludes\class-cocart.php:130

actioninitincludes\class-cocart.php:133

actionrest_api_initincludes\class-cocart.php:136

actionadmin_menuincludes\classes\admin\abstract\abstract-class-submenu-page.php:115

filterplugin_row_metaincludes\classes\admin\class-cocart-admin-action-links.php:41

actionadmin_enqueue_scriptsincludes\classes\admin\class-cocart-admin-assets.php:28

filteradmin_body_classincludes\classes\admin\class-cocart-admin-assets.php:31

filteradmin_footer_textincludes\classes\admin\class-cocart-admin-footer.php:26

filterupdate_footerincludes\classes\admin\class-cocart-admin-footer.php:27

actioncurrent_screenincludes\classes\admin\class-cocart-admin-help-tab.php:27

actionadmin_menuincludes\classes\admin\class-cocart-admin-menus.php:36

actionadmin_menuincludes\classes\admin\class-cocart-admin-menus.php:37

actionadmin_menuincludes\classes\admin\class-cocart-admin-menus.php:40

actionswitch_themeincludes\classes\admin\class-cocart-admin-notices.php:94

actioncocart_installedincludes\classes\admin\class-cocart-admin-notices.php:95

actionwp_loadedincludes\classes\admin\class-cocart-admin-notices.php:96

actionwp_loadedincludes\classes\admin\class-cocart-admin-notices.php:97

actionshutdownincludes\classes\admin\class-cocart-admin-notices.php:99

actionadmin_print_stylesincludes\classes\admin\class-cocart-admin-notices.php:103

actionadmin_noticesincludes\classes\admin\class-cocart-admin-notices.php:107

actionadmin_noticesincludes\classes\admin\class-cocart-admin-notices.php:398

actionadmin_noticesincludes\classes\admin\class-cocart-admin-notices.php:400

filtercocart_register_submenu_pageincludes\classes\admin\class-cocart-admin-setup-wizard.php:48

filteradmin_body_classincludes\classes\admin\class-cocart-admin-setup-wizard.php:50

actionadmin_enqueue_scriptsincludes\classes\admin\class-cocart-admin-setup-wizard.php:52

actioncocart_run_transfer_sessionsincludes\classes\admin\class-cocart-admin-setup-wizard.php:55

actioninitincludes\classes\admin\class-cocart-admin.php:27

filterextra_theme_headersincludes\classes\admin\class-cocart-admin.php:30

filterextra_plugin_headersincludes\classes\admin\class-cocart-admin.php:31

filterauto_update_pluginincludes\classes\admin\class-cocart-admin.php:32

actioncurrent_screenincludes\classes\admin\class-cocart-admin.php:35

actionadmin_initincludes\classes\admin\class-cocart-admin.php:36

filtercocart_register_submenu_pageincludes\classes\admin\pages\class-cocart-admin-pages-support.php:24

actioncurrent_screenincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:36

actionadmin_initincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:37

actionadmin_enqueue_scriptsincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:50

filterplugins_api_resultincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:51

filterplugin_install_action_linksincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:52

filterplugins_api_resultincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:56

filterinstall_plugins_tabsincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:58

filterinstall_plugins_table_api_args_cocartincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:59

actioninstall_plugins_cocartincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-search.php:60

actionadmin_initincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-suggestions.php:31

actioncocart_update_plugin_suggestionsincludes\classes\admin\plugin-suggestions\class-cocart-admin-plugin-suggestions.php:42

actionadd_site_option_auto_update_pluginsincludes\classes\admin\plugin-updates\class-cocart-admin-addon-update-watcher.php:59

actionupdate_site_option_auto_update_pluginsincludes\classes\admin\plugin-updates\class-cocart-admin-addon-update-watcher.php:60

filterplugin_auto_update_setting_htmlincludes\classes\admin\plugin-updates\class-cocart-admin-addon-update-watcher.php:61

actionactivated_pluginincludes\classes\admin\plugin-updates\class-cocart-admin-addon-update-watcher.php:62

actionadmin_print_footer_scriptsincludes\classes\admin\plugin-updates\class-cocart-admin-plugin-screen-update.php:73

actionadmin_print_footer_scriptsincludes\classes\admin\plugin-updates\class-cocart-admin-updates-screen-updates.php:28

actionadmin_initincludes\classes\admin\woocommerce\class-cocart-wc-admin-notices.php:30

filterwoocommerce_system_status_reportincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:30

filterwoocommerce_rest_prepare_system_statusincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:34

filterwoocommerce_debug_toolsincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:37

filterwoocommerce_rest_insert_system_status_toolincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:40

filterwoocommerce_rest_insert_system_status_toolincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:41

filterwoocommerce_debug_toolsincludes\classes\admin\woocommerce\class-cocart-wc-admin-system-status.php:44

actioncocart_after_item_added_to_cartincludes\classes\class-cocart-cart-cache.php:41

actioncocart_after_items_added_to_cartincludes\classes\class-cocart-cart-cache.php:42

actioncocart_item_removedincludes\classes\class-cocart-cart-cache.php:43

actioncocart_before_cart_emptiedincludes\classes\class-cocart-cart-cache.php:44

actionwoocommerce_cart_item_removedincludes\classes\class-cocart-cart-cache.php:45

actionwoocommerce_before_calculate_totalsincludes\classes\class-cocart-cart-cache.php:46

filtercocart_cart_item_priceincludes\classes\class-cocart-cart-cache.php:47

actioninitincludes\classes\class-cocart-install.php:50

actioninitincludes\classes\class-cocart-install.php:51

actioncocart_run_update_callbackincludes\classes\class-cocart-install.php:52

actioncocart_update_db_to_current_versionincludes\classes\class-cocart-install.php:53

actionadmin_initincludes\classes\class-cocart-install.php:54

actioncocart_run_transfer_sessionsincludes\classes\class-cocart-install.php:57

filterwpmu_drop_tablesincludes\classes\class-cocart-install.php:60

actionshutdownincludes\classes\class-cocart-session-handler.php:96

actionwp_logoutincludes\classes\class-cocart-session-handler.php:97

actionwoocommerce_load_cart_from_sessionincludes\classes\class-cocart-session.php:33

actionwoocommerce_get_checkout_urlincludes\classes\class-cocart-session.php:36

filterwoocommerce_stock_amountincludes\classes\class-cocart-woocommerce.php:39

filterwoocommerce_rest_is_request_to_rest_apiincludes\classes\class-cocart-woocommerce.php:42

actionwoocommerce_load_cart_from_sessionincludes\classes\class-cocart-woocommerce.php:45

actiondelete_userincludes\classes\class-cocart-woocommerce.php:48

filterdetermine_current_userincludes\classes\rest-api\class-cocart-authentication.php:93

filterrest_authentication_errorsincludes\classes\rest-api\class-cocart-authentication.php:94

filterrest_authentication_errorsincludes\classes\rest-api\class-cocart-authentication.php:97

filterrest_pre_dispatchincludes\classes\rest-api\class-cocart-authentication.php:100

filterrest_pre_serve_requestincludes\classes\rest-api\class-cocart-authentication.php:106

filterrest_allowed_cors_headersincludes\classes\rest-api\class-cocart-authentication.php:107

filterrest_exposed_cors_headersincludes\classes\rest-api\class-cocart-authentication.php:108

actioncocart_register_extension_callbackincludes\classes\rest-api\class-cocart-cart-callbacks.php:30

actioncocart_register_extension_callbackincludes\classes\rest-api\class-cocart-cart-callbacks.php:31

filtercocart_cartincludes\classes\rest-api\class-cocart-cart-formatting.php:32

filtercocart_cartincludes\classes\rest-api\class-cocart-cart-formatting.php:33

filtercocart_empty_cartincludes\classes\rest-api\class-cocart-cart-formatting.php:34

filtercocart_cart_item_dataincludes\classes\rest-api\class-cocart-cart-formatting.php:37

filtercocart_before_get_cartincludes\classes\rest-api\class-cocart-cart-validation.php:31

filtercocart_before_get_cartincludes\classes\rest-api\class-cocart-cart-validation.php:32

filtercocart_before_get_cartincludes\classes\rest-api\class-cocart-cart-validation.php:33

filtercocart_add_to_cart_handler_externalincludes\classes\rest-api\class-cocart-product-validation.php:38

filtercocart_add_to_cart_handler_groupedincludes\classes\rest-api\class-cocart-product-validation.php:39

filtercocart_add_to_cart_validationincludes\classes\rest-api\class-cocart-product-validation.php:42

filtercocart_add_to_cart_validationincludes\classes\rest-api\class-cocart-product-validation.php:49

filtercocart_product_nameincludes\classes\rest-api\class-cocart-product-validation.php:52

filtercocart_item_added_product_nameincludes\classes\rest-api\class-cocart-product-validation.php:53

filterrest_cache_skipincludes\classes\rest-api\class-cocart-rest-api.php:68

filterrest_pre_serve_requestincludes\classes\rest-api\class-cocart-rest-api.php:71

filterrest_pre_serve_requestincludes\classes\rest-api\class-cocart-rest-api.php:74

filterwoocommerce_cart_session_initializeincludes\classes\rest-api\class-cocart-rest-api.php:194

actionwoocommerce_cart_emptiedincludes\classes\rest-api\class-cocart-rest-api.php:196

actionwoocommerce_after_calculate_totalsincludes\classes\rest-api\class-cocart-rest-api.php:199

actionwoocommerce_cart_loaded_from_sessionincludes\classes\rest-api\class-cocart-rest-api.php:201

actionwoocommerce_removed_couponincludes\classes\rest-api\class-cocart-rest-api.php:203

actionwoocommerce_add_to_cartincludes\classes\rest-api\class-cocart-rest-api.php:207

actionwoocommerce_cart_item_removedincludes\classes\rest-api\class-cocart-rest-api.php:208

actionwoocommerce_cart_item_restoredincludes\classes\rest-api\class-cocart-rest-api.php:209

actionwoocommerce_cart_item_set_quantityincludes\classes\rest-api\class-cocart-rest-api.php:210

actionshutdownincludes\classes\rest-api\class-cocart-rest-api.php:298

filterrest_indexincludes\classes\rest-api\class-cocart-security.php:33

filtercocart_products_ignore_private_meta_keysincludes\classes\rest-api\class-cocart-security.php:35

actionwoocommerce_add_to_cartincludes\classes\rest-api\controllers\v2\cart\class-cocart-add-items-controller.php:263

filterupload_dirincludes\cocart-rest-functions.php:104

filterupload_dirincludes\cocart-rest-functions.php:168

actioncocart_cleanup_cartsincludes\cocart-task-functions.php:36

filtercocart_shipping_package_nameincludes\compatibility\modules\class-cocart-advanced-shipping-packages.php:31

filtercocart_update_cart_validationincludes\compatibility\modules\class-cocart-free-gift-coupons.php:34

filtercocart_cart_item_priceincludes\compatibility\modules\class-cocart-free-gift-coupons.php:37

filtercocart_cart_item_subtotalincludes\compatibility\modules\class-cocart-free-gift-coupons.php:38

Scheduled Events 2

cocart_cleanup_carts

woocommerce_cleanup_sessions

Maintenance & Trust

CoCart – Headless REST API for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 26, 2026

PHP min version7.4

Downloads95K

Community Trust

Rating98/100

Number of ratings21

Active installs1K

Alternatives

CoCart – Headless REST API for WooCommerce Alternatives

CoCart – Cart API Enhanced

cocart-get-cart-enhanced

Enhances CoCart's cart REST API response.

200 No CVEs

CoCart CORS Support

cocart-cors

Enables support for CORS to allow CoCart to work across multiple domains.

400 No CVEs

CoCart JWT Authentication

cocart-jwt-authentication

100

JWT Authentication for CoCart API.

200 No CVEs

CoCart – Rate Limiting

cocart-rate-limiting

100

Enables the rate limiting feature for CoCart.

10 No CVEs

WPGraphQL

wp-graphql

WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.

30K 6 CVEs

Developer Profile

CoCart – Headless REST API for WooCommerce Developer Profile

CoCart Headless

5 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect CoCart – Headless REST API for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cart-rest-api-for-woocommerce/assets/css/admin/cocart.css/wp-content/plugins/cart-rest-api-for-woocommerce/assets/css/admin/cocart-setup.css

Version Parameters

/wp-content/plugins/cart-rest-api-for-woocommerce/assets/css/admin/cocart.css?ver=/wp-content/plugins/cart-rest-api-for-woocommerce/assets/css/admin/cocart-setup.css?ver=

HTML / DOM Fingerprints

CSS Classes

cocart-plugin-installcocartcocart-pagestylescocart-setup-wizard

Data Attributes

data-page_titledata-menu_titledata-capabilitydata-menu_slug

JS Globals

COCART_URL_PATHCOCART_ABSPATHCOCART_SLUG

FAQ