WP-Safety

Fast ThriveCart Security & Risk Analysis

wordpress.org/plugins/fast-thrivecart

Integrate ThriveCart with your FastMember site

20 active installs v1.0.4 PHP 7.3+ WP 4.0+ Updated Sep 5, 2022
fast-memberfastflowmarketingsales-funnelsthrivecart
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Fast ThriveCart Safe to Use in 2026?

Generally Safe

Score 85/100

Fast ThriveCart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "fast-thrivecart" plugin version 1.0.4 exhibits a mixed security posture. On the positive side, it demonstrates no known CVEs, a clean taint analysis with no unsanitized paths, and a significant majority of its SQL queries utilize prepared statements. Furthermore, the plugin has a very small attack surface with no reported AJAX handlers, REST API routes, shortcodes, or cron events. However, several critical concerns are present. The use of the `unserialize` function without proper sanitization or capability checks is a significant risk, as it can lead to Remote Code Execution if an attacker can control the serialized data. The absence of any nonce checks for potential entry points is also concerning, as it leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks. The low percentage of properly escaped output further exacerbates the risk of Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

  • Dangerous function unserialize used
  • No nonce checks implemented
  • Low percentage of properly escaped output
  • No capability checks found
Vulnerabilities
None known

Fast ThriveCart Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Fast ThriveCart Code Analysis

Dangerous Functions
2
Raw SQL Queries
7
19 prepared
Unescaped Output
6
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$thrivecart_options = empty( $thrivecart_db->settings_data ) ? array() : unserialize( $thrivecart_dbincludes\class.thrivecart-core.php:24
unserialize$prodoptions = unserialize($prodsq->prodoptions);includes\class.thrivecart-core.php:326

SQL Query Safety

73% prepared26 total queries

Output Escaping

54% escaped13 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
fast_thrivecart_third_party_int_html (includes\class.thrivecart-core.php:88)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Fast ThriveCart Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_noticesincludes\class.thrivecart-core.php:15
filterff_settingsincludes\class.thrivecart-core.php:16
filterff_settings_dataincludes\class.thrivecart-core.php:17
filterfm_prod_third_party_intincludes\class.thrivecart-core.php:18
actioninitincludes\class.thrivecart-core.php:19
Maintenance & Trust

Fast ThriveCart Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedSep 5, 2022
PHP min version7.3
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Fast ThriveCart Alternatives

WP Funnel Manager

WP Funnel Manager

wp-funnel-manager

B
76

Organises content into multi-step funnels.

10 1 unpatched
Hostinger Reach – AI-Powered Email Marketing for WordPress

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

A
100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

A
91

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Developer Profile

Fast ThriveCart Developer Profile

fastflow

14 plugins · 940 total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
432 days
View full developer profile
Detection Fingerprints

How We Detect Fast ThriveCart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fast-thrivecart/css/fast-thrivecart.css/wp-content/plugins/fast-thrivecart/js/fast-thrivecart.js
Script Paths
/wp-content/plugins/fast-thrivecart/js/fast-thrivecart.js
Version Parameters
fast-thrivecart/css/fast-thrivecart.css?ver=fast-thrivecart/js/fast-thrivecart.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="fast_thrivecart_apikey"id="ftcprodid"
REST Endpoints
/wp-json/fast-thrivecart
Shortcode Output
ThriveCart Integration
FAQ

Frequently Asked Questions about Fast ThriveCart