Does eBook WooSell have any unpatched vulnerabilities?

No. All known vulnerabilities in eBook WooSell have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is eBook WooSell compatible with WordPress 6.3.8?

According to WordPress.org data, eBook WooSell 4.1.9 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is eBook WooSell updated?

eBook WooSell was last updated on Sep 13, 2023. Frequent updates are generally a positive security signal.

What is eBook WooSell's security score?

eBook WooSell has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

eBook WooSell Security & Risk Analysis

wordpress.org/plugins/ebook-woohook

EBooks distribution plugin for woocommerce. Enable you to sell epub3 ebooks directly to EpubSystems cloud and E-reading Apps.

40 active installs v4.1.9 PHP + WP 4.7+ Updated Sep 13, 2023

digital-booksepubepub3ereadingpublishing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is eBook WooSell Safe to Use in 2026?

Generally Safe

Score 85/100

eBook WooSell has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "ebook-woohook" plugin v4.1.9 presents a mixed security posture. On the positive side, the plugin does not appear to have any known vulnerabilities (CVEs) or critical taint analysis findings. All SQL queries are also properly prepared, which is a significant strength. However, there are notable concerns regarding its attack surface and output sanitization.

The primary risk stems from a single AJAX handler that lacks authentication checks. This creates a direct entry point for potential attacks without proper authorization, which is a critical oversight. Furthermore, the static analysis reveals that a significant portion of the plugin's output is not properly escaped (24% escaped means 76% unescaped). This can lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization.

The absence of any recorded vulnerability history is generally a good sign, suggesting the plugin has been relatively secure in the past or has not been a target. However, this does not negate the immediate risks identified in the current static analysis. The combination of an unprotected AJAX endpoint and widespread unescaped output indicates a need for immediate attention to mitigate potential security breaches.

Key Concerns

AJAX handler without authentication
Significant percentage of unescaped output
Lack of nonce checks on AJAX
Lack of capability checks

Vulnerabilities

None known

eBook WooSell Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

eBook WooSell Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

24% escaped51 total outputs

Attack Surface

1 unprotected

eBook WooSell Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_es_woo_sell_ajax_endpointincludes\class-epubsystems_woo.php:195

WordPress Hooks 25

actionplugins_loadedincludes\class-epubsystems_woo.php:142

actionadmin_initincludes\class-epubsystems_woo.php:158

actionadmin_menuincludes\class-epubsystems_woo.php:160

actionadmin_enqueue_scriptsincludes\class-epubsystems_woo.php:163

actionadmin_enqueue_scriptsincludes\class-epubsystems_woo.php:164

actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-epubsystems_woo.php:168

actionwoocommerce_process_shop_order_metaincludes\class-epubsystems_woo.php:171

filtermanage_edit-shop_order_columnsincludes\class-epubsystems_woo.php:174

actionmanage_shop_order_posts_custom_columnincludes\class-epubsystems_woo.php:175

actionwoocommerce_webhook_deliveryincludes\class-epubsystems_woo.php:178

filterproduct_type_optionsincludes\class-epubsystems_woo.php:183

actionwoocommerce_admin_process_product_objectincludes\class-epubsystems_woo.php:184

actionwoocommerce_product_options_general_product_dataincludes\class-epubsystems_woo.php:186

actionwoocommerce_variation_optionsincludes\class-epubsystems_woo.php:189

actionwoocommerce_variation_optionsincludes\class-epubsystems_woo.php:191

actionwoocommerce_save_product_variationincludes\class-epubsystems_woo.php:192

actionadmin_action_modal_convert_to_ebookincludes\class-epubsystems_woo.php:196

actionadmin_action_modal_copy_sku_to_ebook_codeincludes\class-epubsystems_woo.php:197

actionwp_enqueue_scriptsincludes\class-epubsystems_woo.php:217

actionwp_enqueue_scriptsincludes\class-epubsystems_woo.php:218

actionwoocommerce_checkout_update_order_metaincludes\class-epubsystems_woo.php:221

actionwoocommerce_checkout_create_order_line_itemincludes\class-epubsystems_woo.php:223

actionwoocommerce_order_item_get_formatted_meta_dataincludes\class-epubsystems_woo.php:227

actionwoocommerce_after_order_notesincludes\class-epubsystems_woo.php:230

actionwoocommerce_checkout_processincludes\class-epubsystems_woo.php:232

Maintenance & Trust

eBook WooSell Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 13, 2023

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

eBook WooSell Alternatives

RevivePress – Keep your Old Content Evergreen

wp-auto-republish

RevivePress, the all-in-one tool for republishing & cloning old posts and pages which push old posts to your front page, the top of archive pages, …

6K 1 CVE

Republish Old Posts

republish-old-posts

100

Republish old posts automatically by resetting the date to the current date. Promote old posts to users that haven't seen them.

3K 1 CVE

eesy_ID2WP – Publish InDesign HTML5

eesy-id2wp-publish-indesign-html5

100

Publish interactive HTML5 documents from InDesign directly to WordPress. No additional InDesign plugin, no coding required.

80 No CVEs

Update Posts Date

update-posts-date

Update posts date automatically by setting the date to the current date.

40 No CVEs

PrePublish Checks by Kgaurav

prepublish-checks-by-kgaurav

100

A plugin that checks to ensure variety of conditions are being met before any new post can be published.Eg-Minimum Title length,Featured Image,etc.

0 No CVEs

Developer Profile

eBook WooSell Developer Profile

looknear

2 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect eBook WooSell

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/epubsystems_woo/admin/css/epubsystems_woo-admin.css/wp-content/plugins/epubsystems_woo/admin/js/epubsystems_woo-admin.js

Script Paths

/wp-content/plugins/epubsystems_woo/admin/js/epubsystems_woo-admin.js

Version Parameters

epubsystems_woo/admin/css/epubsystems_woo-admin.css?ver=epubsystems_woo/admin/js/epubsystems_woo-admin.js?ver=

HTML / DOM Fingerprints

FAQ