WP-Safety

CodesWholesale.com for WooCommerce Security & Risk Analysis

wordpress.org/plugins/codeswholesale-for-woocommerce

CodesWholesale.com integration plugin for WooCommerce.

10 active installs v2.6.6 PHP + WP 4.4.0+ Updated Unknown
apicodeswholesale-apidigital-gamesdigital-games-to-sellwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CodesWholesale.com for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

CodesWholesale.com for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "codeswholesale-for-woocommerce" v2.6.6 exhibits several significant security concerns, primarily stemming from its attack surface and lack of robust security checks. While it demonstrates good practice with a high percentage of SQL queries using prepared statements, this is overshadowed by the presence of unprotected AJAX handlers and the use of dangerous functions like 'exec' and 'popen'. The taint analysis, while not revealing critical or high severity flows, still indicates unsanitized paths, which is concerning when combined with the lack of proper output escaping. The absence of vulnerability history for this plugin is a positive sign, suggesting it hasn't been publicly exploited in the past. However, this does not negate the inherent risks present in the code itself. The plugin's current security posture is weak due to its exposed entry points and the potential for remote code execution or privilege escalation via the unprotected AJAX handlers and dangerous functions. A balanced conclusion would highlight the positive aspects of SQL handling but emphasize the critical need to address the unprotected attack surface and the use of dangerous functions to mitigate significant security risks.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous functions (exec, popen)
  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

CodesWholesale.com for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CodesWholesale.com for WooCommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
1
9 prepared
Unescaped Output
111
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
7
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

execexec('php -i', $out);includes\exec\wp-exec-manager.php:21
execexec($cmd . ' 2>&1', $output);includes\exec\wp-exec-manager.php:43
popenpclose(popen("start /B ". $cmd, "r"));includes\exec\wp-exec-manager.php:53
execexec($cmd . " > /dev/null &");includes\exec\wp-exec-manager.php:56

Bundled Libraries

Guzzle

SQL Query Safety

90% prepared10 total queries

Output Escaping

8% escaped121 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
get_calculated_price (includes\admin\class-cw-admin-product.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

CodesWholesale.com for WooCommerce Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_get_calculated_priceincludes\admin\class-cw-admin-product.php:25
authwp_ajax_get_invoice_asyncincludes\admin\controllers\controller-check-orders.php:26
authwp_ajax_get_codes_by_order_asyncincludes\admin\controllers\controller-check-orders.php:27
authwp_ajax_get_currency_rateincludes\admin\controllers\controller-settings.php:190
WordPress Hooks 25
actionadmin_enqueue_scriptsincludes\admin\class-cw-admin-assets.php:16
actionadmin_menuincludes\admin\class-cw-admin-menus.php:29
actionwoocommerce_product_options_general_product_dataincludes\admin\class-cw-admin-product.php:21
actionwoocommerce_process_product_metaincludes\admin\class-cw-admin-product.php:22
actioninitincludes\admin\class-cw-admin.php:16
actionadmin_initincludes\admin\controllers\controller-settings.php:187
actionupdate_option_cw_optionsincludes\admin\controllers\controller-settings.php:238
actionwoocommerce_emailincludes\class-cw-install.php:29
actionadmin_post_codeswholesale_notificationsincludes\class-cw-install.php:31
actionadmin_post_nopriv_codeswholesale_notificationsincludes\class-cw-install.php:32
actioncodeswholesale_send_keys_emailincludes\emails\class\class-cw-email-customer-completed-order.php:41
actioncodeswholesale_import_finishedincludes\emails\class\class-cw-email-notify-import-finished.php:33
actioncodeswholesale_balance_to_lowincludes\emails\class\class-cw-email-notify-low-balance.php:33
actioncodeswholesale_preordered_codesincludes\emails\class\class-cw-email-notify-preorder.php:36
actioncodeswholesale_order_errorincludes\emails\class\class-cw-email-order-error.php:30
actioninitincludes\emails\prepare\class-wp-emaila-custom-post.php:10
actionadd_meta_boxesincludes\emails\prepare\class-wp-radio-taxonomy.php:38
actioncodeswholesale_buy_keys_completedincludes\process\class-cw-balance-checker.php:12
actionwoocommerce_order_status_completedincludes\process\class-cw-buy-keys.php:19
actioncodeswholesale_buy_keys_completedincludes\process\class-cw-send-keys.php:14
actionwoocommerce_checkout_order_processedincludes\woocommerce\class-cw-checkout.php:20
filterwoocommerce_payment_complete_order_statusincludes\woocommerce\class-cw-checkout.php:21
actionwoocommerce_order_actionsincludes\woocommerce\class-cw-woocommerce-order.php:18
actionwoocommerce_order_action_wc_get_cw_invoice_order_actionincludes\woocommerce\class-cw-woocommerce-order.php:20
actionwoocommerce_order_action_wc_get_cw_codes_order_actionincludes\woocommerce\class-cw-woocommerce-order.php:21
Maintenance & Trust

CodesWholesale.com for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedUnknown
PHP min version
Downloads12K

Community Trust

Rating96/100
Number of ratings4
Active installs10
Alternatives

CodesWholesale.com for WooCommerce Alternatives

WooCommerce Legacy REST API

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

A
92

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs
Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
CoCart – Headless REST API for WooCommerce

CoCart – Headless REST API for WooCommerce

cart-rest-api-for-woocommerce

A
100

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K 1 CVE
Send Notifications from Woocommerce, Form Plugins and More!

Send Notifications from Woocommerce, Form Plugins and More!

notifier

B
74

WhatsApp API integration to send WhatsApp notifications from Woocommerce, Contact Form 7, Gravity Forms, WPForms & more.

1K 1 unpatched
WCFM – Multivendor Marketplace REST API for WooCommerce

WCFM – Multivendor Marketplace REST API for WooCommerce

wcfm-marketplace-rest-api

A
99

REST API for the most featured and powerful multi vendor plugin for your WooCommerce Multi-vendor Marketplace.

1K 2 CVEs
Developer Profile

CodesWholesale.com for WooCommerce Developer Profile

devteamcodeswholesale

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CodesWholesale.com for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codeswholesale-for-woocommerce/assets/css/general.css/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/bundle.js/wp-content/plugins/codeswholesale-for-woocommerce/assets/css/modal.css/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/modal.js/wp-content/plugins/codeswholesale-for-woocommerce/assets/css/styles.css/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/vue.js
Script Paths
/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/bundle.js/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/modal.js/wp-content/plugins/codeswholesale-for-woocommerce/assets/js/vue.js
Version Parameters
codeswholesale-for-woocommerce/assets/css/general.css?ver=codeswholesale-for-woocommerce/assets/js/bundle.js?ver=codeswholesale-for-woocommerce/assets/css/modal.css?ver=codeswholesale-for-woocommerce/assets/js/modal.js?ver=codeswholesale-for-woocommerce/assets/css/styles.css?ver=codeswholesale-for-woocommerce/assets/js/vue.js?ver=

HTML / DOM Fingerprints

CSS Classes
cw_option_field
Data Attributes
data-modaldata-cw-modal-id
JS Globals
codesWholesaleModalCW_DATA
REST Endpoints
/wp-json/codeswholesale/v1/products/wp-json/codeswholesale/v1/order/wp-json/codeswholesale/v1/sync/wp-json/codeswholesale/v1/callback
FAQ

Frequently Asked Questions about CodesWholesale.com for WooCommerce