Does Easy Cart have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Cart have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Cart compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Cart 1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Easy Cart compatible with PHP 5.6+?

Easy Cart requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Easy Cart updated?

Easy Cart was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Easy Cart's security score?

Easy Cart has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Cart Security & Risk Analysis

wordpress.org/plugins/easy-cart

A simple shopping cart using shortcodes. You designate a page with slug /cart and add [easy_cart/] shortcode

0 active installs v1.8 PHP 5.6+ WP 5.3+ Updated Dec 1, 2025

sessionsshopping-cartshortcodetransient-storage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Easy Cart Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Cart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the 'easy-cart' v1.8 plugin appears to have a generally good security posture. The code analysis reveals a clean state with no dangerous functions, no raw SQL queries, and excellent output escaping. The absence of file operations, external HTTP requests, and critical taint flows further strengthens this assessment. The plugin also reports no known CVEs, indicating a history of responsible security practices.

However, a notable concern is the complete absence of nonce checks and capability checks. While the attack surface of AJAX handlers and REST API routes is zero, the presence of three shortcodes as entry points without any authentication or permission checks represents a potential weakness. If these shortcodes handle any user-supplied data or perform actions that could be exploited, the lack of proper checks could lead to unauthorized actions or privilege escalation. The plugin's strengths lie in its clean code and lack of historical vulnerabilities, but the oversight in nonce and capability checks on shortcodes is a significant area for improvement.

Key Concerns

No nonce checks on shortcodes
No capability checks on shortcodes

Vulnerabilities

None known

Easy Cart Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Easy Cart Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped26 total outputs

Attack Surface

Easy Cart Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[easy_cart] plugin.php:75

[add_to_cart] plugin.php:77

[empty_cart] plugin.php:79

WordPress Hooks 4

actioninitplugin.php:18

actioninitplugin.php:20

actioninitplugin.php:22

actioninitplugin.php:24

Maintenance & Trust

Easy Cart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Easy Cart Alternatives

Easy Digital Downloads – Additional Shortcodes

edd-additional-shortcodes

Add powerful conditional page content support to WordPress based on Easy Digital Downloads conditions.

400 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A comprehensive collection of visual components for your site

400K 35 CVEs

MW WP Form

mw-wp-form

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …

200K 6 CVEs

Shortcoder — Create Shortcodes for Anything

shortcoder

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

100K 2 CVEs

Developer Profile

Easy Cart Developer Profile

zeshanb

3 plugins · 10 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Cart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

set_transientget_transient key is $recent_sessionid concatenate '_easy_cart_rows'1 * HOUR_IN_SECONDS - transient variable expiressend to display+4 more

Data Attributes

itemidproduct_nameproduct_descproduct_qtyprice

Shortcode Output

<table><tr><td>Item</td><td>Qty</td><td>Price</td></tr><tr><td>Item ID:<br />Name: <br />Description:

FAQ