Does CommerceBird have any unpatched vulnerabilities?

No. All known vulnerabilities in CommerceBird have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CommerceBird compatible with WordPress 6.9.4?

According to WordPress.org data, CommerceBird 2.7.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CommerceBird compatible with PHP 8.2+?

CommerceBird requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CommerceBird updated?

CommerceBird was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is CommerceBird's security score?

CommerceBird has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CommerceBird Security & Risk Analysis

wordpress.org/plugins/commercebird

Elevate WooCommerce to the next level by turning it into a complete ERP system.

30 active installs v2.7.8 PHP 8.2+ WP 6.5+ Updated Mar 13, 2026

commercee-commerceecommerceshopstore

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CommerceBird Safe to Use in 2026?

Generally Safe

Score 100/100

CommerceBird has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

Commercebird v2.7.8 exhibits a generally strong security posture with excellent practices in output escaping and prepared statement usage for SQL queries. The vast majority of code outputs are properly escaped, and a high percentage of SQL queries utilize prepared statements, significantly reducing the risk of common injection vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a proactive approach to security from the developers or a lack of past significant findings.

However, there are notable areas of concern stemming from the static analysis. The plugin exposes a total of 12 entry points, with 3 of these (AJAX handlers) lacking authentication checks. This is a critical finding as it allows unauthenticated users to potentially interact with sensitive plugin functionalities. Furthermore, the taint analysis revealed 4 flows with unsanitized paths and 2 critical severity flows. While the specific nature of these critical flows is not detailed, unsanitized paths coupled with critical taint issues are strong indicators of potential vulnerabilities, likely exploitable through the identified unprotected entry points.

In conclusion, while Commercebird v2.7.8 has implemented many good security practices, the presence of unprotected AJAX handlers and critical taint analysis findings represent significant risks. The lack of historical vulnerabilities is a positive sign, but it does not negate the current code-level risks identified. Addressing the unprotected AJAX endpoints and investigating the critical taint flows should be the immediate priority to improve the plugin's security.

Key Concerns

Unprotected AJAX handlers
Critical severity taint flows
Flows with unsanitized paths

Vulnerabilities

None known

CommerceBird Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CommerceBird Code Analysis

Dangerous Functions

Raw SQL Queries

82 prepared

Unescaped Output

161 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared100 total queries

Output Escaping

99% escaped163 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

cmbird_zi_sync_column_filterable (includes\woo-functions.php:682)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CommerceBird Attack Surface

Entry Points12

Unprotected3

AJAX Handlers 12

authwp_ajax_zoho_admin_order_syncincludes\classes\class-common.php:20

authwp_ajax_zoho_ajax_call_parent_categoriesincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:34

authwp_ajax_zoho_ajax_call_subcategoriesincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:35

authwp_ajax_zoho_ajax_call_remove_duplicatesincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:36

authwp_ajax_zoho_ajax_call_subcategories_startincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:39

authwp_ajax_zoho_ajax_call_subcategories_batchincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:40

authwp_ajax_zoho_ajax_call_subcategories_statusincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:41

authwp_ajax_zoho_ajax_call_duplicate_removal_batchincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:42

authwp_ajax_zoho_ajax_call_duplicate_removal_statusincludes\classes\zoho-inventory\class-cmbird-categories-zi.php:43

authwp_ajax_zoho_admin_product_syncincludes\woo-functions.php:99

authwp_ajax_zi_product_unmap_hookincludes\woo-functions.php:291

authwp_ajax_zi_customer_unmap_hookincludes\woo-functions.php:342

WordPress Hooks 94

actioncmbird_exact_online_sync_ordersadmin\includes\Actions\Ajax\ExactOnlineAjax.php:118

filterwoocommerce_rest_check_permissionsadmin\includes\Actions\Sync\ExactOnlineSync.php:249

filterwoocommerce_rest_check_permissionsadmin\includes\Actions\Sync\ExactOnlineSync.php:436

filterwoocommerce_rest_check_permissionsadmin\includes\Actions\Sync\ZohoInventorySync.php:81

filterwc_product_has_unique_skuadmin\includes\Actions\Sync\ZohoInventorySync.php:82

actionrest_api_initadmin\includes\Cmbird_Acf.php:20

filteracf/load_field/name=costunitadmin\includes\Cmbird_Acf.php:21

filteracf/load_field/name=costcenteradmin\includes\Cmbird_Acf.php:22

filteracf/load_field/name=glaccountadmin\includes\Cmbird_Acf.php:23

actionadmin_menuadmin\includes\Template.php:20

actionadmin_enqueue_scriptsadmin\includes\Template.php:21

actionadmin_noticesadmin\includes\Template.php:22

actionadmin_headadmin\includes\Template.php:23

filterscript_loader_tagadmin\includes\Template.php:45

actionwoocommerce_initcommercebird.php:88

actioninitcommercebird.php:89

actionbefore_woocommerce_initcommercebird.php:101

actionplugins_loadedcommercebird.php:116

actionimport_group_items_croncommercebird.php:147

actionimport_simple_items_croncommercebird.php:148

actionimport_variable_product_croncommercebird.php:149

actionsync_zi_product_croncommercebird.php:150

actionsync_zi_pricelistcommercebird.php:151

actionsync_zi_ordercommercebird.php:152

actionsync_zi_import_contactscommercebird.php:153

actioncmbird_commoncommercebird.php:155

actionsync_zcrm_ordercommercebird.php:157

actionsync_zcrm_contactcommercebird.php:158

actioncmbird_sync_eocommercebird.php:160

actioncmbird_exact_online_sync_orderscommercebird.php:161

actioncmbird_payment_statuscommercebird.php:162

actioncmbird_eo_get_payment_statusescommercebird.php:163

actioncmbird_process_product_chunkcommercebird.php:165

actioncmbird_process_customer_chunkcommercebird.php:184

actioninitcommercebird.php:204

actionzi_execute_import_synccommercebird.php:206

actionrest_api_initcommercebird.php:209

actionsave_postcommercebird.php:223

actionupgrader_process_completecommercebird.php:241

actioncmbird_process_webhook_queueincludes\classes\apis\class-api-for-product-webhook.php:60

actionwp_scheduled_deleteincludes\classes\apis\class-api-for-product-webhook.php:63

filterupload_dirincludes\classes\apis\class-commercebird-media-api-controller.php:144

actionwoocommerce_thankyouincludes\classes\class-common.php:17

actionwoocommerce_rest_insert_shop_order_objectincludes\classes\class-common.php:18

filterwcs_renewal_order_createdincludes\classes\class-common.php:19

actionadmin_initincludes\classes\class-plugin.php:39

actionrest_api_initincludes\classes\class-wc-api.php:21

actionadmin_menuincludes\classes\purchase-orders\class-cmbird-purchase-admin.php:27

actioncmbird_purchase_order_autoincludes\classes\purchase-orders\class-cmbird-purchase-automation.php:15

actioncmbird_trigger_purchase_order_emailincludes\classes\purchase-orders\class-cmbird-purchase-order-email.php:26

actioninitincludes\classes\purchase-orders\class-cmbird-purchase-order.php:140

filterwoocommerce_order_classincludes\classes\purchase-orders\class-cmbird-purchase-order.php:169

filterwc_order_statusesincludes\classes\purchase-orders\class-cmbird-purchase-order.php:218

filterwoocommerce_register_shop_order_post_statusesincludes\classes\purchase-orders\class-cmbird-purchase-order.php:227

filterbulk_actions-edit-shop_purchaseincludes\classes\purchase-orders\class-cmbird-purchase-order.php:242

filterbulk_actions-woocommerce_page_wc-orders--shop_purchaseincludes\classes\purchase-orders\class-cmbird-purchase-order.php:244

actionwoocommerce_order_status_changedincludes\classes\purchase-orders\class-cmbird-purchase-order.php:299

actionsave_post_shop_purchaseincludes\classes\purchase-orders\class-cmbird-purchase-order.php:359

filterwoocommerce_general_settingsincludes\classes\purchase-orders\class-cmbird-purchase-order.php:362

actionwoocommerce_rest_insert_customerincludes\classes\purchase-orders\class-cmbird-purchase-order.php:439

actionwoocommerce_email_classesincludes\classes\purchase-orders\class-cmbird-purchase-order.php:451

filterwoocommerce_order_numberincludes\classes\purchase-orders\class-cmbird-purchase-order.php:459

filterwoocommerce_email_recipient_new_orderincludes\classes\purchase-orders\class-cmbird-purchase-order.php:476

filterwoocommerce_email_subject_new_orderincludes\classes\purchase-orders\class-cmbird-purchase-order.php:489

filterwoocommerce_email_heading_new_orderincludes\classes\purchase-orders\class-cmbird-purchase-order.php:497

filterwoocommerce_get_order_item_totalsincludes\classes\purchase-orders\class-cmbird-purchase-order.php:510

actionwoocommerce_update_orderincludes\classes\zoho-inventory\class-order-sync.php:95

actionadmin_enqueue_scriptsincludes\sync\order-backend.php:33

actionadd_meta_boxesincludes\sync\order-backend.php:54

filterbulk_actions-woocommerce_page_wc-ordersincludes\sync\order-backend.php:94

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\sync\order-backend.php:100

actionadmin_noticesincludes\sync\order-backend.php:127

filterwoocommerce_webhook_payloadincludes\sync\order-backend.php:149

filterwoocommerce_rest_check_permissionsincludes\sync\order-backend.php:151

filterwoocommerce_webhook_should_deliverincludes\sync\order-backend.php:252

actionwoocommerce_update_orderincludes\sync\order-backend.php:321

actionwoocommerce_rest_insert_product_objectincludes\woo-functions.php:54

actionprofile_updateincludes\woo-functions.php:97

filterbulk_actions-edit-productincludes\woo-functions.php:223

filterhandle_bulk_actions-edit-productincludes\woo-functions.php:225

actionadmin_noticesincludes\woo-functions.php:269

actionadd_meta_boxesincludes\woo-functions.php:520

actionwoocommerce_product_options_pricingincludes\woo-functions.php:528

actionwoocommerce_variation_options_pricingincludes\woo-functions.php:529

filtermanage_woocommerce_page_wc-orders_columnsincludes\woo-functions.php:596

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\woo-functions.php:630

actionmanage_product_posts_custom_columnincludes\woo-functions.php:651

filtermanage_edit-product_columnsincludes\woo-functions.php:677

actionrestrict_manage_postsincludes\woo-functions.php:736

actionpre_get_postsincludes\woo-functions.php:776

filteraction_scheduler_retention_periodincludes\woo-functions.php:786

filteraction_scheduler_default_cleaner_statusesincludes\woo-functions.php:788

actioninitincludes\woo-functions.php:827

filterwc_order_statusesincludes\woo-functions.php:839

Scheduled Events 10

cmbird_exact_online_sync_orders

cmbird_eo_get_payment_statuses

zcrm_refresh_token

zoho_contact_sync

cmbird_purchase_order_auto

cmbird_process_webhook_queue

zi_execute_import_sync

cmbird_common

Maintenance & Trust

CommerceBird Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version8.2

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

CommerceBird Alternatives

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

Shopping Cart & eCommerce Store

wp-easycart

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs

Shopify Importer

shopify

Import products from a Shopify.com online store into your blog.

100 No CVEs

Shift4Shop Online Store

3dcart-wp-online-store

100

Shift4Shop Online Store provides a streamlined way to sell any number of products from your Shift4Shop store directly on your WordPress blog.

40 No CVEs

sleekStore lite

sleekstore

sleekStore - instant way to start sales and launch online store powered by WordPress. Functional, convenient, hyper-flexlible.

20 No CVEs

Developer Profile

CommerceBird Developer Profile

CommerceBird

1 plugin · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CommerceBird

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/commercebird/assets/js/commercebird.js/wp-content/plugins/commercebird/assets/css/commercebird.css

Script Paths

/wp-content/plugins/commercebird/assets/js/commercebird.js

Version Parameters

commercebird/assets/js/commercebird.js?ver=commercebird/assets/css/commercebird.css?ver=

HTML / DOM Fingerprints

CSS Classes

commercebird-dashboardcb-dashboard-wrapper

HTML Comments

Data Attributes

data-commercebird-actiondata-commercebird-id

JS Globals

commercebird_ajax_object

REST Endpoints

/wp-json/commercebird/v1/webhooks/product/wp-json/commercebird/v1/webhooks/shipping/wp-json/commercebird/v1/webhooks/order/wp-json/commercebird/v1/zoho/wp-json/commercebird/v1/exact/wp-json/commercebird/v1/purchase_order

FAQ