Does Engage for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Engage for WooCommerce compatible with WordPress 6.1.10?

According to WordPress.org data, Engage for WooCommerce 2023.9.2 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Engage for WooCommerce updated?

Engage for WooCommerce was last updated on Sep 25, 2023. Frequent updates are generally a positive security signal.

What is Engage for WooCommerce's security score?

Engage for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Engage for WooCommerce Security & Risk Analysis

wordpress.org/plugins/engage-by-zubi

Engage is a Growth Platform for E-commerce. Using Engage, an e-commerce store get all the tools required to drastically enhance the results of everyth …

10 active installs v2023.9.2 PHP + WP 4.9.10+ Updated Sep 25, 2023

cross-sellecommerce-optimizationincrease-salesproduct-recommendationupsell

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Engage for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Engage for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "engage-by-zubi" v2023.9.2 plugin exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and having no known historical CVEs, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers lack proper authentication checks, presenting a broad entry point for potential attackers to exploit. The taint analysis, although not revealing critical or high-severity issues, did identify flows with unsanitized paths, indicating a potential for issues if data is not handled with extreme care at these points. The limited number of capability checks and only one nonce check on the entire plugin further exacerbates the risk associated with the unprotected AJAX endpoints. The low percentage of properly escaped output is also a notable weakness, increasing the likelihood of cross-site scripting (XSS) vulnerabilities being present, especially when combined with unprotected input sources.

Key Concerns

High number of unprotected AJAX handlers
Flows with unsanitized paths identified
Low percentage of properly escaped output
Limited nonce checks
Limited capability checks

Vulnerabilities

None known

Engage for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Engage for WooCommerce Release Timeline

v2023.9.2Current

v2023.9.1

v2023.5.1

v2023.5.0

v2023.4.0

v2022.10.0

v2021.11.0

v2021.10.1

v2021.10.0

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.0.17

v1.0.16

v1.0.15

v1.0.14

v1.0.13

v1.0.12

v1.0.10

Code Analysis

Analyzed Apr 16, 2026

Engage for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

165

95 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

37% escaped260 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

zl_ajax_get_product (ebz.php:1946)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Engage for WooCommerce Attack Surface

Entry Points11

Unprotected8

AJAX Handlers 8

noprivwp_ajax_zl_get_cartebz.php:83

authwp_ajax_zl_get_cartebz.php:88

noprivwp_ajax_zl_ajax_productebz.php:152

authwp_ajax_zl_ajax_productebz.php:156

authwp_ajax_engage_connectionebz.php:198

authwp_ajax_engage_dashboardebz.php:199

authwp_ajax_engage_product_rec_submitebz.php:200

authwp_ajax_engage_update_legacy_recebz.php:201

Shortcodes 3

[zlt_rec] ebz.php:121

[zlt] ebz.php:125

[zlt_default] ebz.php:129

WordPress Hooks 8

actionadmin_initebz.php:78

actionwoocommerce_before_checkout_formebz.php:96

actionadmin_menuebz.php:101

actionadmin_noticesebz.php:105

actionwp_enqueue_scriptsebz.php:136

actionwoocommerce_before_single_productebz.php:143

actionwoocommerce_thankyouebz.php:148

actionwoocommerce_after_shop_loop_itemebz.php:160

Maintenance & Trust

Engage for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedSep 25, 2023

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs10

Alternatives

Engage for WooCommerce Alternatives

Nudgio Technologies

nudgio-technologies

100

AI-powered product recommendations for WooCommerce — bestsellers, cross-sell, upsell, and similar products.

0 No CVEs

PiWeb Products Frequently Bought Together for WooCommerce

products-frequently-bought-together-for-woocommerce

100

Product frequently bought together plugin for WooCommerce helps you to increase your sales by showing frequently bought together products.

0 No CVEs

UpSellSmart – Product Recommendations

upsellsmart-product-recommendations

100

Local, data-driven UpSellSmart – Product Recommendations with multiple engines and comprehensive admin controls.

0 No CVEs

One Click Upsell Funnel for Woocommerce

woo-one-click-upsell-funnel

Create WooCommerce Upsells in One Click, Increase Sales with Related Products, Post Purchase Upsell, Cross Sell, Order Bump and Frequently Bought.

1K 1 CVE

Beeketing for WooCommerce – Marketing Automation to Boost Sales

beeketing-for-woocommerce

Help WooCommerce stores convert traffic into sales, upsell & cross-sell, recover abandoned carts with 10+ powerful marketing & sales features.

700 No CVEs

Developer Profile

Engage for WooCommerce Developer Profile

zubiai

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Engage for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/engage-by-zubi/assets/css/main.css/wp-content/plugins/engage-by-zubi/assets/js/app.js

Script Paths

/wp-content/plugins/engage-by-zubi/includes/shortcode.php

Version Parameters

/wp-content/plugins/engage-by-zubi/assets/css/main.css?ver=/wp-content/plugins/engage-by-zubi/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

engage-by-zubi-container

HTML Comments

Data Attributes

data-engage-product-iddata-engage-widget-id

JS Globals

window.engage_zubi_configvar engage_zubi_api_url

REST Endpoints

/wp-json/engage-by-zubi/v1/products/wp-json/engage-by-zubi/v1/recommendations

Shortcode Output

[zlt_rec][zlt][zlt_default]

FAQ

Engage for WooCommerce Security & Risk Analysis

Is Engage for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Engage for WooCommerce Security Vulnerabilities

Engage for WooCommerce Release Timeline

Engage for WooCommerce Code Analysis

Output Escaping

Data Flow Analysis

Engage for WooCommerce Attack Surface

AJAX Handlers 8

Shortcodes 3

Engage for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Engage for WooCommerce Alternatives

Nudgio Technologies

PiWeb Products Frequently Bought Together for WooCommerce

UpSellSmart – Product Recommendations

One Click Upsell Funnel for Woocommerce

Beeketing for WooCommerce – Marketing Automation to Boost Sales

Engage for WooCommerce Developer Profile

How We Detect Engage for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Engage for WooCommerce