Does EPROLO-Dropshipping have any unpatched vulnerabilities?

No. All known vulnerabilities in EPROLO-Dropshipping have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EPROLO-Dropshipping compatible with WordPress 6.9.4?

According to WordPress.org data, EPROLO-Dropshipping 2.4.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is EPROLO-Dropshipping compatible with PHP 5.6+?

EPROLO-Dropshipping requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EPROLO-Dropshipping updated?

EPROLO-Dropshipping was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is EPROLO-Dropshipping's security score?

EPROLO-Dropshipping has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EPROLO-Dropshipping Security & Risk Analysis

wordpress.org/plugins/eprolo-dropshipping

EPROLO dropshipping allows to import products from Aliexpress or EPROLO to wordpress, woocommerce in one click.

1K active installs v2.4.2 PHP 5.6+ WP 4.4+ Updated Dec 11, 2025

aliexpressdropshippingprint-on-demandproduct-sourcingwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEDec 4, 2025

Plugin page Download

Safety Verdict

Is EPROLO-Dropshipping Safe to Use in 2026?

Generally Safe

Score 98/100

EPROLO-Dropshipping has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 4, 2025Updated 3mo ago

Risk Assessment

The 'eprolo-dropshipping' plugin v2.4.2 presents a mixed security posture. While it demonstrates good practices in output escaping, with 98% of outputs properly escaped, and has no currently unpatched known vulnerabilities, several significant concerns are evident.

The static analysis reveals an attack surface with 7 AJAX handlers, 3 of which lack authentication checks. Furthermore, 1 REST API route is exposed without proper permission callbacks. This exposes the plugin to potential unauthorized actions. The taint analysis shows 6 flows with unsanitized paths, although they are not categorized as critical or high severity, this still indicates potential for injecting malicious data that is not properly handled.

The vulnerability history, while showing no currently unpatched CVEs, indicates a pattern of past issues, specifically two medium-severity vulnerabilities. Notably, 'Missing Authorization' was a common vulnerability type. This historical trend, coupled with the current findings of unprotected entry points, suggests a recurring weakness in authorization controls within the plugin. While the lack of critical vulnerabilities and high-quality output escaping are positive signs, the unprotected entry points and historical authorization issues warrant careful consideration.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
SQL queries without prepared statements
Unsanitized taint flows
Previous medium severity CVEs

Vulnerabilities

EPROLO-Dropshipping Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-12133medium · 4.3Missing Authorization

EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification

Dec 4, 2025 Patched in 2.4.0 (5d)

CVE-2024-33573medium · 4.3Missing Authorization

EPROLO Dropshipping <= 1.7.1 - Missing Authorization

Apr 25, 2024 Patched in 1.7.2 (7d)

Code Analysis

Analyzed Mar 16, 2026

EPROLO-Dropshipping Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

55 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

98% escaped56 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

eprolo_disconnect (Eprolo_AJAX.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

EPROLO-Dropshipping Attack Surface

Entry Points8

Unprotected4

AJAX Handlers 7

authwp_ajax_aftership_get_all_orderseprolo.php:108

authwp_ajax_eprolo_disconnecteprolo.php:109

authwp_ajax_eprolo_connect_keyeprolo.php:110

authwp_ajax_eprolo_reflsheprolo.php:111

authwp_ajax_eprolo_save_tracking_dataEprolo_tracking.php:207

authwp_ajax_eprolo_get_order_infoEprolo_tracking.php:208

authwp_ajax_eprolo_delete_trackingEprolo_tracking.php:209

REST API Routes 1

POST/wp-json/eprolo/v1/ship-order/(?P<id>\d+)Eprolo_tracking_api.php:41

WordPress Hooks 12

actionadmin_noticeseprolo.php:31

actionplugins_loadedieprolo.php:49

actionadmin_initeprolo.php:69

actionadmin_menuEprolo_Plugin.php:23

filtermanage_woocommerce_page_wc-orders_columnsEprolo_tracking.php:200

actionmanage_woocommerce_page_wc-orders_custom_columnEprolo_tracking.php:201

filtermanage_edit-shop_order_columnsEprolo_tracking.php:203

actionmanage_shop_order_posts_custom_columnEprolo_tracking.php:204

actionadd_meta_boxesEprolo_tracking.php:206

actioninitEprolo_tracking_api.php:36

filterwc_order_statusesEprolo_tracking_api.php:38

actionrest_api_initEprolo_tracking_api.php:40

Maintenance & Trust

EPROLO-Dropshipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version5.6

Downloads30K

Community Trust

Rating68/100

Number of ratings12

Active installs1K

Alternatives

EPROLO-Dropshipping Alternatives

Spreadconnect

wc-spod

Ready to add merch to your website? Spreadconnect is a Print on Demand Dropshipping plug-in for WooCommerce that’s trusted by over 100,000 creators an …

800 1 unpatched