Does Dotix have any unpatched vulnerabilities?

No. All known vulnerabilities in Dotix have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dotix compatible with WordPress 6.0.11?

According to WordPress.org data, Dotix 1.5 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Dotix updated?

Dotix was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Dotix's security score?

Dotix has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dotix Security & Risk Analysis

wordpress.org/plugins/dotix

Connect your app with WooCommerce credits. Append additional credits for each product in WooCommerce.

0 active installs v1.5 PHP + WP 4.0+ Updated Unknown

credit-point-system-for-woocommerceticket-system-for-woocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Dotix Safe to Use in 2026?

Generally Safe

Score 100/100

Dotix has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "dotix" v1.5 plugin exhibits a concerning security posture primarily due to a significant number of unprotected entry points into its REST API. While the absence of dangerous functions, bundled libraries, and a clean vulnerability history are positive indicators, the identified vulnerabilities in the static analysis are critical. Specifically, all three REST API routes lack permission callbacks, meaning any authenticated user could potentially interact with these endpoints without proper authorization, leading to potential unauthorized actions. Furthermore, the extremely low percentage of properly escaped output (4%) presents a high risk of Cross-Site Scripting (XSS) vulnerabilities across the plugin's functionality. The single unsanitized path flow identified in the taint analysis, although not classified as critical or high, warrants further investigation as it represents a potential avenue for exploitation.

Key Concerns

REST API routes without permission callbacks
Low percentage of properly escaped output
Unsanitized path flow in taint analysis

Vulnerabilities

None known

Dotix Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Dotix Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

4% escaped52 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<tix_shortpage.tpl> (tpl\tix_shortpage.tpl.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Dotix Attack Surface

Entry Points3

Unprotected3

REST API Routes 3

GET/wp-json/dotix/v1/vendor/(?P<id>\d+)/(?P<hash>\w+)src\rest.cls.php:35

GET/wp-json/dotix/v1/order/(?P<hash>\w+)src\rest.cls.php:41

POST/wp-json/dotix/v1/order/(?P<hash>\w+)src\rest.cls.php:47

WordPress Hooks 30

actionadmin_menusrc\admin.cls.php:23

filterplugin_action_links_dotix/dotix.phpsrc\admin.cls.php:24

actionadmin_initsrc\admin.cls.php:25

filtermanage_edit-shop_order_columnssrc\order.cls.php:21

actionmanage_shop_order_posts_custom_columnsrc\order.cls.php:23

actionwoocommerce_order_item_meta_startsrc\order.cls.php:26

actionwoocommerce_order_details_after_order_tablesrc\order.cls.php:28

actionwoocommerce_thankyousrc\order.cls.php:31

actionwoocommerce_checkout_create_ordersrc\order.cls.php:34

actionwoocommerce_product_options_general_product_datasrc\product.cls.php:21

actionwoocommerce_process_product_metasrc\product.cls.php:23

filtermanage_edit-product_columnssrc\product.cls.php:25

actionmanage_product_posts_custom_columnsrc\product.cls.php:27

actionwoocommerce_product_meta_startsrc\product.cls.php:30

actionrest_api_initsrc\rest.cls.php:21

filterauto_update_pluginsrc\util.cls.php:24

actionwoocommerce_order_details_after_order_tablesrc\vendor.cls.php:21

actionadd_meta_boxes_shop_ordersrc\vendor.cls.php:23

actioninitsrc\vendor.cls.php:25

actioninitsrc\vendor.cls.php:28

actionadd_meta_boxes_vendorsrc\vendor.cls.php:30

actionsave_post_vendorsrc\vendor.cls.php:32

actioninitsrc\vendor.cls.php:35

actionvendor_dotix_add_form_fieldssrc\vendor.cls.php:38

actioncreated_vendor_dotixsrc\vendor.cls.php:40

actionvendor_dotix_edit_form_fieldssrc\vendor.cls.php:42

actionedited_vendor_dotixsrc\vendor.cls.php:44

filtermanage_edit-vendor_dotix_columnssrc\vendor.cls.php:46

filtermanage_vendor_dotix_custom_columnsrc\vendor.cls.php:48

filtermanage_edit-vendor_dotix_sortable_columnssrc\vendor.cls.php:50

Maintenance & Trust

Dotix Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Dotix Alternatives

No alternatives data available yet.

Developer Profile

Dotix Developer Profile

WPDO

6 plugins · 8K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

146 days

View full developer profile

Detection Fingerprints

How We Detect Dotix

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dotix/dist/css/style.css/wp-content/plugins/dotix/dist/js/dotix.js

Script Paths

/wp-content/plugins/dotix/dist/js/dotix.js

Version Parameters

dotix/dist/css/style.css?ver=dotix/dist/js/dotix.js?ver=

HTML / DOM Fingerprints

CSS Classes

dotixdotix-containingdotix-order-remaining_titledotix-remaining_num

Data Attributes

data-dotix-field

JS Globals

dotix_credit_title

REST Endpoints

/wp-json/dotix/v1/vendor//wp-json/dotix/v1/order/

FAQ