Does iThemes Exchange – Store Exporter have any unpatched vulnerabilities?

No. All known vulnerabilities in iThemes Exchange – Store Exporter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is iThemes Exchange – Store Exporter compatible with WordPress 5.0.25?

According to WordPress.org data, iThemes Exchange – Store Exporter 1.3.8 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is iThemes Exchange – Store Exporter updated?

iThemes Exchange – Store Exporter was last updated on Dec 9, 2018. Frequent updates are generally a positive security signal.

What is iThemes Exchange – Store Exporter's security score?

iThemes Exchange – Store Exporter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iThemes Exchange – Store Exporter Security & Risk Analysis

wordpress.org/plugins/exchange-addon-exporter

Export store details out of iThemes Exchange into simple formatted files (e.g. CSV, XML, TXT, etc.).

10 active installs v1.3.8 PHP + WP 2.9.2+ Updated Dec 9, 2018

carte-commerceithemesithemes-exchangeshop

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iThemes Exchange – Store Exporter Safe to Use in 2026?

Generally Safe

Score 85/100

iThemes Exchange – Store Exporter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "exchange-addon-exporter" v1.3.8 plugin exhibits a generally good security posture, with no known vulnerabilities or CVEs in its history and a strong emphasis on prepared statements for its single SQL query. The absence of AJAX handlers, REST API routes, shortcodes, or cron events with exposed entry points significantly limits its attack surface. However, the static analysis reveals areas of concern, particularly the 5 analyzed taint flows, one of which is flagged as high severity, and the fact that all 5 flows involve unsanitized paths. Furthermore, the output escaping is only 60% proper, indicating a potential for cross-site scripting (XSS) vulnerabilities if sensitive data is not consistently sanitized before being displayed to users. While the plugin demonstrates good practices in areas like nonce and capability checks, the identified taint analysis issues and the moderate output escaping rate present a tangible risk that warrants attention.

Key Concerns

High severity taint flow with unsanitized path
All taint flows involve unsanitized paths
Moderate output escaping (60% proper)

Vulnerabilities

None known

iThemes Exchange – Store Exporter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

iThemes Exchange – Store Exporter Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

111 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

60% escaped185 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

<admin> (includes\admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

iThemes Exchange – Store Exporter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 27

actionit_exchange_register_addonsexporter.php:30

actionplugins_loadedexporter.php:78

actionadmin_noticesincludes\admin.php:19

filterplugin_action_linksincludes\admin.php:92

actioncurrent_screenincludes\admin.php:99

actionadmin_menuincludes\admin.php:102

actionit_exchange_exporter_export_optionsincludes\admin.php:201

actionit_exchange_exporter_export_product_options_after_tableincludes\admin.php:205

actionit_exchange_exporter_export_after_formincludes\admin.php:206

actionit_exchange_exporter_export_category_options_after_tableincludes\admin.php:211

actionit_exchange_exporter_export_tag_options_after_tableincludes\admin.php:216

actionit_exchange_exporter_export_order_options_after_tableincludes\admin.php:219

actionit_exchange_exporter_export_optionsincludes\admin.php:220

actionit_exchange_exporter_export_user_options_after_tableincludes\admin.php:225

actionit_exchange_exporter_export_coupon_options_before_tableincludes\admin.php:228

actionit_exchange_exporter_settings_topincludes\admin.php:269

actionit_exchange_exporter_settings_generalincludes\admin.php:270

actionit_exchange_exporter_settings_afterincludes\admin.php:271

filterit_exchange_exporter_category_fieldsincludes\category.php:146

actionwp_dashboard_setupincludes\common-dashboard_widgets.php:19

actionedit_form_after_editorincludes\functions.php:177

filterupload_mimesincludes\functions.php:617

filterpost_mime_typesincludes\functions.php:632

filterit_exchange_exporter_product_fieldsincludes\product.php:486

filterit_exchange_exporter_product_fieldsincludes\product.php:500

filterit_exchange_exporter_tag_fieldsincludes\tag.php:133

actionadmin_initinit.php:336

Maintenance & Trust

iThemes Exchange – Store Exporter Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedDec 9, 2018

PHP min version

Downloads3K

Community Trust

Rating86/100

Number of ratings3

Active installs10

Alternatives

iThemes Exchange – Store Exporter Alternatives

iThemes Exchange – Add Product SKU

exchange-addon-add-product-sku

This addon for iThemes Exchange adds SKU support to all Product Types.

10 No CVEs

iThemes Exchange – Product Importer

exchange-addon-product-importer

Import new Products into your iThemes Exchange store from simple formatted files (e.g. CSV, TXT, etc.).

10 No CVEs

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

Welcart e-Commerce

usc-e-shop

Welcart is a free e-commerce plugin for Wordpress with top market share in Japan.

20K 1 unpatched

Shopping Cart & eCommerce Store

wp-easycart

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs

Developer Profile

iThemes Exchange – Store Exporter Developer Profile

Tom de Visser

7 plugins · 160 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

2899 days

View full developer profile

Detection Fingerprints

How We Detect iThemes Exchange – Store Exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/exchange-addon-exporter/templates/admin/export.css/wp-content/plugins/exchange-addon-exporter/templates/admin/export.js/wp-content/plugins/exchange-addon-exporter/templates/admin/jquery-csvtable.css/wp-content/plugins/exchange-addon-exporter/js/jquery.csvToTable.js/wp-content/plugins/exchange-addon-exporter/templates/admin/exchange-admin_dashboard_vm-plugins.css

Script Paths

/wp-content/plugins/exchange-addon-exporter/templates/admin/export.js/wp-content/plugins/exchange-addon-exporter/js/jquery.csvToTable.js

Version Parameters

exchange-addon-exporter/templates/admin/export.css?ver=exchange-addon-exporter/templates/admin/export.js?ver=exchange-addon-exporter/templates/admin/jquery-csvtable.css?ver=exchange-addon-exporter/js/jquery.csvToTable.js?ver=exchange-addon-exporter/templates/admin/exchange-admin_dashboard_vm-plugins.css?ver=

HTML / DOM Fingerprints

CSS Classes

it-exchange-exporter

Data Attributes

id="it-exchange-exporter"

FAQ