Dragon Ecommerce Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/dragon-ecommerce

Every company needs an ecommerce plugin to sell products on the WordPress website. This plugin sells your products to website visitors.

0 active installs v1.0.3 PHP + WP 5.4+ Updated May 16, 2025
ecommercejqueryphppluginwordpress
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Dragon Ecommerce Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

Dragon Ecommerce Plugin for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "dragon-ecommerce" plugin v1.0.3 presents a generally positive security posture based on the static analysis. The plugin demonstrates strong practices by having no identified critical or high severity taint flows, no dangerous functions, no file operations, and no external HTTP requests. The output escaping is also at a respectable 78%, indicating a good effort to prevent cross-site scripting vulnerabilities. The absence of any known CVEs further contributes to this favorable assessment.

However, there are significant areas for concern. The most prominent issue is the presence of SQL queries that are not using prepared statements. This single SQL query represents a direct risk of SQL injection vulnerabilities, as user-supplied data could be manipulated to alter the database's behavior or expose sensitive information. Furthermore, the complete lack of nonce checks and capability checks across all entry points (if any existed) is a critical oversight. While the current attack surface appears to be zero, if any entry points were to be introduced or discovered, they would be entirely unprotected against CSRF and unauthorized access.

In conclusion, while the plugin has avoided historical vulnerabilities and shows good output escaping, the unescaped SQL query and the absence of any security checks on potential entry points represent critical weaknesses. The current score is high due to the limited attack surface and lack of historical issues, but these specific code-level concerns significantly detract from its overall security.

Key Concerns

  • Raw SQL query without prepared statements
  • No nonce checks on potential entry points
  • No capability checks on potential entry points
Vulnerabilities
None known

Dragon Ecommerce Plugin for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Dragon Ecommerce Plugin for WordPress Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0.0.0
Code Analysis
Analyzed Apr 16, 2026

Dragon Ecommerce Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
38
136 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

78% escaped174 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<dragonecommercezyx987_landingpage> (dragonecommercezyx987_landingpage.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Dragon Ecommerce Plugin for WordPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwp_enqueue_scriptsdragonecommercezyx987_landingpage.php:273
Maintenance & Trust

Dragon Ecommerce Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 16, 2025
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Developer Profile

Dragon Ecommerce Plugin for WordPress Developer Profile

v20202020

5 plugins · 20 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dragon Ecommerce Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dragon-ecommerce/assets/css/bootstrap.min.css/wp-content/plugins/dragon-ecommerce/assets/css/bootstrap.rtl.min.css/wp-content/plugins/dragon-ecommerce/assets/css/owl.carousel.min.css/wp-content/plugins/dragon-ecommerce/assets/css/slick.css/wp-content/plugins/dragon-ecommerce/assets/css/slick-theme.css/wp-content/plugins/dragon-ecommerce/assets/css/style.css/wp-content/plugins/dragon-ecommerce/assets/css/responsive.css/wp-content/plugins/dragon-ecommerce/assets/css/animate.min.css+14 more
Script Paths
/wp-content/plugins/dragon-ecommerce/assets/js/jquery-3.6.0.min.js/wp-content/plugins/dragon-ecommerce/assets/js/owl.carousel.min.js/wp-content/plugins/dragon-ecommerce/assets/js/slick.min.js/wp-content/plugins/dragon-ecommerce/assets/js/script.js/wp-content/plugins/dragon-ecommerce/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/dragon-ecommerce/assets/js/wow.min.js+4 more

HTML / DOM Fingerprints

CSS Classes
nohttpsnomysqlidragonecommercezyx987_hiddendragonecommercezyx987_loginuserbysubmitformdragonecommercezyx987_logoutuserbysubmitformdragonecommercezyx987_setcookiebysubmitform
Data Attributes
dragonecommercezyx987_hiddendragonecommercezyx987_loginuserbysubmitformdragonecommercezyx987_logoutuserbysubmitformdragonecommercezyx987_setcookiebysubmitform
FAQ

Frequently Asked Questions about Dragon Ecommerce Plugin for WordPress