WP-Safety

Doliconnect Security & Risk Analysis

wordpress.org/plugins/doliconnect

This plugin will interface your Dolibarr within a customer interface in WordPress

60 active installs v10.0.33 PHP 8.2+ WP 6.0+ Updated Mar 4, 2026
crmdolibarrecommerceerpgdpr
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Doliconnect Safe to Use in 2026?

Generally Safe

Score 98/100

Doliconnect has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 22, 2025Updated 1mo ago
Risk Assessment

The doliconnect plugin v10.0.33 presents a mixed security posture. While it shows strengths in output escaping (86%) and a substantial number of nonce and capability checks (42 and 10 respectively), significant concerns arise from its attack surface and handling of potentially dangerous functions. The presence of 23 AJAX handlers, with two lacking authentication checks, creates a direct entry point for unauthenticated actions, which is a notable risk. Furthermore, the use of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution if processing untrusted input. Taint analysis, while reporting no critical or high severity flows, did indicate a high number of flows with unsanitized paths (43 out of 45), suggesting a potential for vulnerabilities that might not have been fully captured by this specific analysis or require further manual inspection.

The vulnerability history shows two past medium-severity CVEs, both related to Cross-Site Request Forgery and Cross-site Scripting. The fact that these are unpatched in the past but currently have 0 unpatched CVEs is a positive sign. However, the pattern of CSRF and XSS vulnerabilities suggests that input sanitization and CSRF protection might be areas requiring ongoing attention. The plugin's strengths lie in its proper output escaping and use of security checks. The weaknesses are primarily the unprotected AJAX endpoints and the dangerous use of `unserialize`, coupled with the high rate of unsanitized taint flows.

Key Concerns

  • Unprotected AJAX handlers detected
  • Use of dangerous unserialize function
  • High percentage of unsanitized taint flows
  • SQL queries with low prepared statement usage
  • Past medium vulnerabilities (CSRF, XSS)
Vulnerabilities
2

Doliconnect Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58690medium · 4.3Cross-Site Request Forgery (CSRF)

Doliconnect <= 9.5.7 - Cross-Site Request Forgery

Sep 22, 2025 Patched in 9.6.2 (11d)
CVE-2025-53574medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Doliconnect <= 9.3.2 - Reflected Cross-Site Scripting

Aug 23, 2025 Patched in 9.4.2 (81d)
Code Analysis
Analyzed Mar 16, 2026

Doliconnect Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
1 prepared
Unescaped Output
113
675 escaped
Nonce Checks
42
Capability Checks
10
File Operations
17
External Requests
7
Bundled Libraries
2

Dangerous Functions Found

unserialize$value = unserialize($value['lateObject']);includes\hybridauth\src\Storage\Session.php:63

Bundled Libraries

GuzzlejQuery3.7.1

SQL Query Safety

14% prepared7 total queries

Output Escaping

86% escaped788 total outputs
Data Flows
43 unsanitized

Data Flow Analysis

25 flows43 with unsanitized paths
doliconnect_membership_block (blocks\membership\block.php:27)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Doliconnect Attack Surface

Entry Points23
Unprotected2

AJAX Handlers 23

authwp_ajax_doli_gdrf_data_requestfunctions\data-request.php:6
noprivwp_ajax_doli_gdrf_data_requestfunctions\data-request.php:7
authwp_ajax_doliselectform_requestfunctions\data-request.php:59
noprivwp_ajax_doliselectform_requestfunctions\data-request.php:60
authwp_ajax_doliuserinfos_requestfunctions\data-request.php:77
noprivwp_ajax_doliuserinfos_requestfunctions\data-request.php:78
authwp_ajax_dolicontactinfos_requestfunctions\data-request.php:261
authwp_ajax_doliticket_requestfunctions\data-request.php:346
noprivwp_ajax_doliticket_requestfunctions\data-request.php:347
authwp_ajax_dolicontact_requestfunctions\data-request.php:422
noprivwp_ajax_dolicontact_requestfunctions\data-request.php:423
authwp_ajax_dolisettings_requestfunctions\data-request.php:522
authwp_ajax_dolifpw_requestfunctions\data-request.php:550
noprivwp_ajax_dolifpw_requestfunctions\data-request.php:551
authwp_ajax_dolirpw_requestfunctions\data-request.php:635
noprivwp_ajax_dolirpw_requestfunctions\data-request.php:636
authwp_ajax_dolipaymentmethod_requestfunctions\data-request.php:727
authwp_ajax_dolicart_requestfunctions\data-request.php:784
authwp_ajax_dolisignup_requestfunctions\data-request.php:1030
noprivwp_ajax_dolisignup_requestfunctions\data-request.php:1031
authwp_ajax_dolimember_requestfunctions\data-request.php:1058
authwp_ajax_dolimodal_requestfunctions\data-request.php:1088
noprivwp_ajax_dolimodal_requestfunctions\data-request.php:1089
WordPress Hooks 119
actionadmin_noticesadmin\admin.php:16
actionnetwork_admin_noticesadmin\admin.php:17
actionnetwork_admin_menuadmin\admin.php:41
actionadmin_menuadmin\admin.php:42
actionadmin_menuadmin\admin.php:43
actionadmin_menuadmin\admin.php:46
actionadmin_menuadmin\admin.php:47
actioninitblocks\admin\block.php:96
actioninitblocks\agenda\block.php:65
actioninitblocks\gdpr\block.php:36
actionadmin_enqueue_scriptsblocks\index.php:12
actioninitblocks\membership\block.php:84
actioninitblocks\product\block.php:44
actioninitblocks\product\blockdiscount.php:53
actioninitblocks\product\blocknew.php:57
actioninitblocks\profile\product.php:78
filteruser_doliconnect_menudashboard\dashboard.php:13
filteruser_doliconnect_informationsdashboard\dashboard.php:43
filteruser_doliconnect_menudashboard\dashboard.php:53
filteruser_doliconnect_passworddashboard\dashboard.php:64
filterwp_handle_upload_prefilterdashboard\dashboard.php:122
filterupload_dirdashboard\dashboard.php:137
filteruser_doliconnect_avatarsdashboard\dashboard.php:251
filteruser_doliconnect_menudashboard\dashboard.php:262
filteruser_doliconnect_contactsdashboard\dashboard.php:285
filteruser_doliconnect_menudashboard\dashboard.php:298
filteruser_doliconnect_notificationsdashboard\dashboard.php:334
filteruser_doliconnect_menudashboard\dashboard.php:350
filteruser_doliconnect_paymentmethodsdashboard\dashboard.php:407
filtercustomer_doliconnect_menudashboard\dashboard.php:419
filtercustomer_doliconnect_proposalsdashboard\dashboard.php:498
filtercustomer_doliconnect_menudashboard\dashboard.php:512
filtercustomer_doliconnect_ordersdashboard\dashboard.php:763
actioncustomer_doliconnect_invoicesdashboard\dashboard.php:770
filtercustomer_doliconnect_menudashboard\dashboard.php:778
filtercustomer_doliconnect_invoicesdashboard\dashboard.php:999
filtercustomer_doliconnect_menudashboard\dashboard.php:1013
filtercustomer_doliconnect_contractsdashboard\dashboard.php:1093
filtercustomer_doliconnect_menudashboard\dashboard.php:1107
filtercustomer_doliconnect_projectsdashboard\dashboard.php:1185
filtercustomer_doliconnect_menudashboard\dashboard.php:1199
filtercustomer_doliconnect_donationsdashboard\dashboard.php:1283
filtergrh_doliconnect_menudashboard\dashboard.php:1296
filtergrh_doliconnect_recruitmentdashboard\dashboard.php:1360
filtergrh_doliconnect_menudashboard\dashboard.php:1373
filtergrh_doliconnect_expensereportdashboard\dashboard.php:1445
filtermember_doliconnect_menudashboard\dashboard.php:1458
filtermember_doliconnect_membersdashboard\dashboard.php:1633
filtersettings_doliconnect_menudashboard\dashboard.php:1644
filtersettings_doliconnect_representativesdashboard\dashboard.php:1668
filtersettings_doliconnect_menudashboard\dashboard.php:1680
filtersettings_doliconnect_ticketsdashboard\dashboard.php:1894
filtersettings_doliconnect_menudashboard\dashboard.php:1905
filtersettings_doliconnect_settingsdashboard\dashboard.php:2036
filtersettings_doliconnect_menudashboard\dashboard.php:2046
filtersettings_doliconnect_gdprdashboard\dashboard.php:2061
filterthe_contentdashboard\templates.php:512
filterthe_contentdashboard\templates.php:561
filterthe_contentdashboard\templates.php:639
filterthe_contentdashboard\templates.php:764
filterthe_contentdashboard\templates.php:935
filterthe_contentdashboard\templates.php:1026
filterthe_contentdashboard\templates.php:1523
filterthe_contentdashboard\templates.php:1616
actionplugins_loadeddoliconnect.php:25
filterplugin_row_metadoliconnect.php:95
actioninitdoliconnect.php:133
actionadmin_initdoliconnect.php:146
actionwp_headdoliconnect.php:168
filterdetermine_current_userdoliconnect.php:199
filterdetermine_current_userdoliconnect.php:207
filterrest_authentication_errorsdoliconnect.php:216
actionadmin_initdoliconnect.php:237
actioninitdoliconnect.php:322
actioninitdoliconnect.php:385
filterpll_custom_flagdoliconnect.php:394
filterget_avatardoliconnect.php:402
actionwp_dolibarr_syncdoliconnect.php:471
filtertemplate_includedoliconnect.php:491
filtercron_schedulesdoliconnect.php:512
filterlogin_headerurldoliconnect.php:559
filterlogin_headertextdoliconnect.php:564
filtergenerate_post_authordoliconnect.php:567
filterregister_urldoliconnect.php:576
filterlostpassword_urldoliconnect.php:583
filterlogout_urldoliconnect.php:615
filterasgarosforum_filter_profile_linkdoliconnect.php:630
actionwp_login_faileddoliconnect.php:635
actiondoliconnect_cron_hookfunctions\cron.php:3
actionwp_enqueue_scriptsfunctions\enqueues.php:3
actionwp_enqueue_scriptsfunctions\enqueues.php:14
actionwp_enqueue_scriptsfunctions\enqueues.php:24
actioninitfunctions\product.php:57
filteruse_block_editor_for_postfunctions\product.php:60
actioninitfunctions\product.php:67
actiondoliproduct_category_edit_form_fieldsfunctions\product.php:103
actiondoliproduct_category_add_form_fieldsfunctions\product.php:104
actionedited_doliproduct_categoryfunctions\product.php:111
actionadd_meta_boxesfunctions\product.php:124
actionsave_postfunctions\product.php:145
filterthe_contentfunctions\product.php:160
filtertemplate_includefunctions\product.php:162
filtersingle_templatefunctions\product.php:175
actionpre_get_postsfunctions\product.php:204
filterdoliproductlistfunctions\product.php:1172
filterdoliproductcardfunctions\product.php:1294
actionadmin_initfunctions\tools.php:150
actionadd_meta_boxesfunctions\tools.php:162
actionadd_meta_boxesfunctions\tools.php:173
actionsave_postfunctions\tools.php:197
filterthe_contentfunctions\tools.php:209
actionadmin_initfunctions\tools.php:320
actionwp_loginfunctions\tools.php:1576
actionwp_footerfunctions\tools.php:3450
actionwidgets_initfunctions\widgets.php:98
actionwidgets_initfunctions\widgets.php:188
actionwidgets_initfunctions\widgets.php:273
actionwidgets_initfunctions\widgets.php:510
actionwidgets_initfunctions\widgets.php:523

Scheduled Events 2

doliconnect_cron_hook
doliconnect_cron_hook
Maintenance & Trust

Doliconnect Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 4, 2026
PHP min version8.2
Downloads42K

Community Trust

Rating100/100
Number of ratings4
Active installs60
Alternatives

Doliconnect Alternatives

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

A
100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

500 No CVEs
Cloodo WP Workplace – CRM & Project Management for Services Business

Cloodo WP Workplace – CRM & Project Management for Services Business

cloodo-worksuite

A
100

Turn your WordPress site into a complete Digital Workplace — manage CRM, ERP, Projects, Helpdesk, Services, and Client Portal in one connected system &hellip;

200 No CVEs
Splash Sync

Splash Sync

splash-connector

A
99

Splash Sync, the synchronization system of innovative companies! Synchronize your website with all your business applications.

100 1 CVE
Unify

Unify

unify

A
95

A CRM payment plugin which enables connectivity with Sticky.io (Formally Limelight)/Konnektive CRM and many more.

100 3 CVEs
CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce

crm-erp-business-solution

B
70

CRM ERP BUSINESS SOLUTION for WordPress and WooCommerce for freelancers and SME to Import your Transactions, Products, Customers, Vendors, Appointment &hellip;

80 1 unpatched
Developer Profile

Doliconnect Developer Profile

ptibogxiv

1 plugin · 60 total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
46 days
View full developer profile
Detection Fingerprints

How We Detect Doliconnect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/doliconnect/assets/css/animate.min.css/wp-content/plugins/doliconnect/assets/css/bootstrap-icons.css/wp-content/plugins/doliconnect/assets/css/doliconnect.css/wp-content/plugins/doliconnect/assets/css/fontawsome.css/wp-content/plugins/doliconnect/assets/css/owl.carousel.min.css/wp-content/plugins/doliconnect/assets/css/responsive.css/wp-content/plugins/doliconnect/assets/css/slick.css/wp-content/plugins/doliconnect/assets/css/style.css+5 more
Script Paths
/wp-content/plugins/doliconnect/assets/js/main.js/wp-content/plugins/doliconnect/assets/js/script.js
Version Parameters
/wp-content/plugins/doliconnect/assets/css/doliconnect.css?ver=/wp-content/plugins/doliconnect/assets/css/style.css?ver=/wp-content/plugins/doliconnect/assets/js/main.js?ver=/wp-content/plugins/doliconnect/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
doliconnectdoliconnect-productsdoliconnect-products-griddoliconnect-carddoliconnect-btn-outline-darkdoliconnect-btn-lg
HTML Comments
<!-- START DOLI CONNECT WIDGET --><!-- END DOLI CONNECT WIDGET --><!-- START DOLI CONNECT PRODUCTS WIDGET --><!-- END DOLI CONNECT PRODUCTS WIDGET -->+10 more
Data Attributes
data-doli-iddata-doli-qtydata-doli-pricedata-doli-link
JS Globals
doliconnect_ajax_object
REST Endpoints
/wp-json/doliconnect/v1/products/wp-json/doliconnect/v1/product//wp-json/doliconnect/v1/agendaevents
Shortcode Output
[doliconnect_products[doliconnect_products_grid[doliconnect_product_detail[doliconnect_calendar
FAQ

Frequently Asked Questions about Doliconnect