Does CS Shop have any unpatched vulnerabilities?

No. All known vulnerabilities in CS Shop have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CS Shop compatible with WordPress 4.9.29?

According to WordPress.org data, CS Shop 1.2.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is CS Shop updated?

CS Shop was last updated on Mar 28, 2018. Frequent updates are generally a positive security signal.

What is CS Shop's security score?

CS Shop has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CS Shop Security & Risk Analysis

wordpress.org/plugins/cs-shop

Easy to create a affiliate products page of affiliate services in Japan.

400 active installs v1.2.2 PHP + WP 3.0+ Updated Mar 28, 2018

adadsadvertisingaffiliateshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CS Shop Safe to Use in 2026?

Generally Safe

Score 85/100

CS Shop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "cs-shop" plugin version 1.2.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and includes a nonce check for its single entry point, the shortcode. The absence of known CVEs and past vulnerabilities, as well as zero critical or high severity taint flows, suggests a historically stable and relatively secure codebase.

However, several areas raise concerns. The presence of four instances of the `unserialize` function is a significant risk, as it can lead to remote code execution if processing untrusted data. While the static analysis indicates no unsanitized paths in the limited taint flows analyzed, the potential for `unserialize` to be exploited remains high. Additionally, a concerning 54% of outputs are not properly escaped. This can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.

While the plugin has a clean vulnerability history, this does not negate the risks identified in the code analysis. The lack of capability checks on any of its entry points is another weakness, meaning that actions within the shortcode might be accessible to users who should not have permission. In conclusion, "cs-shop" v1.2.2 has strengths in its SQL handling and nonce usage, but the risks associated with `unserialize`, insufficient output escaping, and the absence of capability checks warrant careful consideration and potential mitigation.

Key Concerns

Dangerous function: unserialize used
Output escaping is not properly handled (54%)
No capability checks on entry points

Vulnerabilities

None known

CS Shop Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CS Shop Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$array = unserialize($data);Cache\Lite\Function.php:118

unserializereturn unserialize($this->_memoryCachingArray[$this->_file]);Cache\Lite.php:337

unserialize$data = unserialize($data);Cache\Lite.php:358

unserialize$array = unserialize($data);Cache\Lite.php:516

Output Escaping

54% escaped24 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

csshop_options (cs-shop-admin.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CS Shop Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[csshop] cs-shop.php:252

WordPress Hooks 2

actionadmin_menucs-shop-admin.php:14

actionwp_headcs-shop.php:255

Maintenance & Trust

CS Shop Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 28, 2018

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

CS Shop Alternatives

Meks Easy Ads Widget

meks-easy-ads-widget

Display unlimited number of ads inside your WordPress widget.

10K 1 CVE

Super Cool Ad Inserter Plugin

super-cool-ad-inserter

100

This plugin enables the insertion of widget areas in your post's content via programmatic insertion at display time, via a shortcode, or via bloc …

600 No CVEs

Listdom Ads Addon – Display Ads on Listing Pages

listdom-ads

100

Easily monetize your Listdom directory by displaying ads (Google AdSense, affiliate banners, HTML content, shortcodes) on listing detail pages.

50 No CVEs

Really Simple Ad Injection

really-simple-ad-injection

Really Simple Ad Injection plugin will help you automatically inject any kind of ad code inside your post content.

30 No CVEs

Ads Management

ads-management

Ads Management plugin helps you to save your advertisement script and to use on post and page using shortcode.

10 No CVEs

Developer Profile

CS Shop Developer Profile

cottonspace

1 plugin · 400 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CS Shop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cs-shop/cs-shop.css

HTML / DOM Fingerprints

CSS Classes

cs-shop-search-formcs-shop-search-keywordcs-shop-search-buttoncs-shop-item-listcs-shop-itemcs-shop-item-imagecs-shop-item-titlecs-shop-item-price+5 more

Data Attributes

data-service

Shortcode Output

<p>検索条件に該当する商品はありませんでした。</p>

FAQ