Does CoCart JWT Authentication have any unpatched vulnerabilities?

No. All known vulnerabilities in CoCart JWT Authentication have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CoCart JWT Authentication compatible with WordPress 6.9.4?

According to WordPress.org data, CoCart JWT Authentication 3.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CoCart JWT Authentication compatible with PHP 7.4+?

CoCart JWT Authentication requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CoCart JWT Authentication updated?

CoCart JWT Authentication was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is CoCart JWT Authentication's security score?

CoCart JWT Authentication has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CoCart JWT Authentication Security & Risk Analysis

wordpress.org/plugins/cocart-jwt-authentication

JWT Authentication for CoCart API.

200 active installs v3.0.1 PHP 7.4+ WP 6.0+ Updated Dec 3, 2025

decoupledheadlessjwtrest-apiwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CoCart JWT Authentication Safe to Use in 2026?

Generally Safe

Score 100/100

CoCart JWT Authentication has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The cocart-jwt-authentication v3.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and properly escaping all outputs. The absence of file operations, external HTTP requests, and known past vulnerabilities suggests a generally well-maintained codebase. However, significant concerns arise from the static analysis. The presence of two dangerous `exec` functions is a critical red flag, as these can be exploited to execute arbitrary code on the server if user input is not rigorously sanitized. Furthermore, one of the two REST API routes lacks permission callbacks, creating an unprotected entry point that could be leveraged for unauthorized actions or information disclosure. The lack of nonce checks on AJAX handlers, although there are no AJAX handlers to check, is a potential weakness if the plugin were to introduce them in the future without proper security measures. The vulnerability history being clean is a positive indicator, but it doesn't negate the inherent risks identified in the current code.

Key Concerns

REST API route without permission callbacks
Dangerous function 'exec' found

Vulnerabilities

None known

CoCart JWT Authentication Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CoCart JWT Authentication Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec( 'mode con 2>nul', $output, $return_var );includes\class-table-formatter.php:110

execexec( 'tput cols 2>/dev/null', $output, $return_var );includes\class-table-formatter.php:127

SQL Query Safety

100% prepared3 total queries

Output Escaping

100% escaped44 total outputs

Attack Surface

1 unprotected

CoCart JWT Authentication Attack Surface

Entry Points2

Unprotected1

REST API Routes 2

POST/wp-json/cocart/jwt/refresh-tokenincludes\class-rest.php:44

POST/wp-json/cocart/jwt/validate-tokenincludes\class-rest.php:53

WordPress Hooks 24

actionadmin_noticesincludes\admin\class-admin-notices.php:30

filterplugin_row_metaincludes\admin\class-admin-plugin-action-links.php:42

filterwoocommerce_rest_prepare_system_statusincludes\admin\class-cocart-jwt-wc-admin-system-status.php:33

filtercocart_system_status_dataincludes\admin\class-cocart-jwt-wc-admin-system-status.php:36

filterwoocommerce_debug_toolsincludes\admin\class-cocart-jwt-wc-admin-system-status.php:39

filtercocart_register_submenu_pageincludes\admin\class-jwt-setup.php:38

filtercocart_admin_screensincludes\admin\class-jwt-setup.php:41

actionadmin_enqueue_scriptsincludes\admin\class-jwt-setup.php:51

actioninitincludes\class-cocart-jwt-authentication.php:105

actioninitincludes\class-cocart-jwt-authentication.php:108

actionplugins_loadedincludes\class-cocart-jwt-authentication.php:111

actioncocart_jwt_cleanup_cronincludes\class-cocart-jwt-authentication.php:114

actioncocart_jwt_cleanup_legacy_cronincludes\class-cocart-jwt-authentication.php:115

actionadmin_initincludes\class-cocart-jwt-authentication.php:137

actionwp_logoutincludes\class-destroy-tokens.php:30

actionafter_password_resetincludes\class-destroy-tokens.php:33

actionprofile_updateincludes\class-destroy-tokens.php:34

actiondelete_userincludes\class-destroy-tokens.php:35

actionrest_api_initincludes\class-rest.php:43

actionrest_api_initincludes\class-rest.php:52

filtercocart_authenticateincludes\class-rest.php:65

actioncocart_jwt_auth_authenticatedincludes\class-rest.php:68

filtercocart_login_extrasincludes\class-rest.php:71

filtercocart_api_rate_limit_optionsincludes\class-rest.php:74

Scheduled Events 2

cocart_jwt_cleanup_cron

cocart_jwt_cleanup_legacy_cron

Maintenance & Trust

CoCart JWT Authentication Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version7.4

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

CoCart JWT Authentication Alternatives

CoCart – Headless REST API for WooCommerce

cart-rest-api-for-woocommerce

100

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K 1 CVE

CoCart CORS Support

cocart-cors

Enables support for CORS to allow CoCart to work across multiple domains.

400 No CVEs

CoCart – Cart API Enhanced

cocart-get-cart-enhanced

Enhances CoCart's cart REST API response.

200 No CVEs

CoCart – Rate Limiting

cocart-rate-limiting

100

Enables the rate limiting feature for CoCart.

10 No CVEs

Hippoo Auth

hippoo-auth

100

Extend your WooCommerce Store API with secure authentication endpoints for social and manual login. Ideal for custom apps, headless themes, or fronten …

0 No CVEs

Developer Profile

CoCart JWT Authentication Developer Profile

CoCart Headless

5 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect CoCart JWT Authentication

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cocart-jwt-authentication/assets/js/jwt-setup.js

Script Paths