Dolibarr REST API Security & Risk Analysis
wordpress.org/plugins/dolibarr-rest-apiPlugin helper to connect to the Dolibarr (free ERP) REST API.
Is Dolibarr REST API Safe to Use in 2026?
Generally Safe
Score 85/100Dolibarr REST API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The Dolibarr REST API plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of known CVEs and a clean vulnerability history suggest a degree of past security diligence or limited exposure. However, several significant concerns emerge from the static analysis. The presence of the `unserialize` function is a major red flag, as it can lead to Remote Code Execution if an attacker can control the serialized data passed to it. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for data injection or manipulation through untrusted input. The complete lack of nonce and capability checks on its entry points (AJAX handlers, REST API routes, etc.) is a critical oversight, leaving these functionalities vulnerable to unauthorized access and exploitation. This suggests that the plugin's attack surface, though currently small and not directly exposed through common WordPress entry points like shortcodes or cron events, is entirely unprotected.
Key Concerns
- Dangerous function unserialize found
- High severity taint flow found (2)
- No nonce checks
- No capability checks
- Taint flow with unsanitized paths (4)
- Limited output escaping (87%)
Dolibarr REST API Security Vulnerabilities
Dolibarr REST API Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Dolibarr REST API Attack Surface
WordPress Hooks 6
Maintenance & Trust
Dolibarr REST API Maintenance & Trust
Maintenance Signals
Community Trust
Dolibarr REST API Alternatives
Starter Templates – AI-Powered Templates for Elementor & Gutenberg
astra-sites
The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite
Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.
Ultimate Addons for Elementor
header-footer-elementor
Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …
Premium Addons for Elementor – Powerful Elementor Templates & Widgets
premium-addons-for-elementor
Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.
Dolibarr REST API Developer Profile
5 plugins · 150 total installs
How We Detect Dolibarr REST API
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/dolibarr-rest-api/assets/css/style.css/wp-content/plugins/dolibarr-rest-api/assets/js/settings.js/wp-content/plugins/dolibarr-rest-api/assets/js/settings.jsdolibarr-rest-api/assets/js/settings.js?ver=1.0.0HTML / DOM Fingerprints
data-parent-filevar _dolibarr_rest_api_settings