WP-Safety

FireStorm Shopping Cart eCommerce Plugin Security & Risk Analysis

wordpress.org/plugins/fs-shopping-cart

This professional eCommerce plugin gives you the ability to run an advanced online store with an easy to use shopping cart.

10 active installs v2.07.02 PHP + WP 3.0+ Updated Dec 1, 2013
carte-commerceecommerceshoppingshopping-cart
63
C · Use Caution
CVEs total1
Unpatched1
Last CVENov 10, 2016
Plugin page Download
Safety Verdict

Is FireStorm Shopping Cart eCommerce Plugin Safe to Use in 2026?

Use With Caution

Score 63/100

FireStorm Shopping Cart eCommerce Plugin has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 10, 2016Updated 12yr ago
Risk Assessment

The "fs-shopping-cart" v2.07.02 plugin exhibits a concerningly weak security posture, primarily due to significant code quality issues and a lack of fundamental security checks. The static analysis reveals a substantial attack surface with a single AJAX handler lacking any authentication or capability checks, presenting a direct entry point for potential abuse. Furthermore, the reliance on the dangerous `create_function` function and the complete absence of prepared statements for SQL queries are alarming, indicating a high likelihood of SQL injection vulnerabilities. The extensive use of file operations without apparent sanitization and the low percentage of properly escaped output further exacerbate these risks.

The vulnerability history, while showing only one known high-severity CVE, is particularly worrying given the plugin's static analysis findings. The fact that this vulnerability remains unpatched and is related to SQL injection strongly suggests that the underlying coding practices have not improved, and the plugin is likely susceptible to similar attacks. The overwhelming number of taint flows with unsanitized paths, all rated as high severity, directly correlate with these static analysis concerns and highlight a critical deficiency in input validation and sanitization. While the plugin does not bundle external libraries, which could be a positive, this is overshadowed by the critical flaws in its core implementation.

In conclusion, "fs-shopping-cart" v2.07.02 is a high-risk plugin. The combination of an exposed attack surface, widespread use of insecure coding practices like raw SQL queries and `create_function`, and a history of unpatched SQL injection vulnerabilities paints a grim picture. Users should consider this plugin a significant security liability and strongly consider alternative solutions that prioritize secure coding principles and regular maintenance.

Key Concerns

  • Unpatched CVE
  • High severity taint flows
  • AJAX handler without auth check
  • Raw SQL queries (0% prepared)
  • Missing nonce checks on AJAX
  • Missing capability checks
  • Dangerous functions (create_function)
  • Low output escaping percentage
  • Flows with unsanitized paths
Vulnerabilities
1

FireStorm Shopping Cart eCommerce Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2016 · unpatched
2016
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2016-10951high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FireStorm Shopping Cart eCommerce Plugin <= 2.07.02 - SQL Injection

Nov 10, 2016Unpatched
Code Analysis
Analyzed Mar 17, 2026

FireStorm Shopping Cart eCommerce Plugin Code Analysis

Dangerous Functions
5
Raw SQL Queries
713
3 prepared
Unescaped Output
304
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
62
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'register_widget("FSSC_Brand_Widget");'));widget_brands.php:67
create_functionadd_action('widgets_init', create_function('', 'register_widget("FSSC_Categories_Widget");'));widget_categories.php:101
create_functionadd_action('widgets_init', create_function('', 'register_widget("FSSC_ProductSearch_Widget");'));widget_prodsearch.php:45
create_functionadd_action('widgets_init', create_function('', 'register_widget("FSSC_Product_Widget");'));widget_product.php:61
create_functionadd_action( 'widgets_init', create_function( '', 'register_widget("FSSC_ViewCart_Widget");' ) );widget_viewcart.php:103

SQL Query Safety

0% prepared716 total queries

Output Escaping

3% escaped314 total outputs
Data Flows
53 unsanitized

Data Flow Analysis

25 flows53 with unsanitized paths
fssc_digital_download (common_functions.php:642)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

FireStorm Shopping Cart eCommerce Plugin Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_fssc_locations_actionfilters.php:251
WordPress Hooks 19
actionadmin_initcommon_functions.php:3
actionadmin_headcommon_functions.php:4
actionadmin_noticesdefine.php:60
actionadmin_noticesdefine.php:69
filterthe_contentfilters.php:9
filterwp_titlefilters.php:11
filterwp_headfilters.php:23
filterwp_headfilters.php:35
filterwp_titlefilters.php:197
actionwp_headfilters.php:211
actionadmin_menuhooks.php:3
actionadmin_bar_menuhooks.php:26
actionwp_headhooks.php:170
actiongenerate_rewrite_rulesmain.php:59
actionwidgets_initwidget_brands.php:67
actionwidgets_initwidget_categories.php:101
actionwidgets_initwidget_prodsearch.php:45
actionwidgets_initwidget_product.php:61
actionwidgets_initwidget_viewcart.php:103
Maintenance & Trust

FireStorm Shopping Cart eCommerce Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedDec 1, 2013
PHP min version
Downloads6K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

FireStorm Shopping Cart eCommerce Plugin Alternatives

Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
Shopping Cart & eCommerce Store

Shopping Cart & eCommerce Store

wp-easycart

A
88

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o &hellip;

4K 21 CVEs
Shopify Importer

Shopify Importer

shopify

A
85

Import products from a Shopify.com online store into your blog.

100 No CVEs
Shift4Shop Online Store

Shift4Shop Online Store

3dcart-wp-online-store

A
100

Shift4Shop Online Store provides a streamlined way to sell any number of products from your Shift4Shop store directly on your WordPress blog.

40 No CVEs
Cart32 Shopping Cart

Cart32 Shopping Cart

cart32-shopping-cart

A
85

Allows you to easily and quickly connect your Cart32 Shopping Cart to Wordpress.

10 No CVEs
Developer Profile

FireStorm Shopping Cart eCommerce Plugin Developer Profile

FireStorm Plugins

2 plugins · 20 total installs

55
trust score
Avg Security Score
66/100
Avg Patch Time
4107 days
View full developer profile
Detection Fingerprints

How We Detect FireStorm Shopping Cart eCommerce Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fs-shopping-cart/includes/fssc-admin.css/wp-content/plugins/fs-shopping-cart/includes/fssc-admin-style.css/wp-content/plugins/fs-shopping-cart/css/fssc-style.css/wp-content/plugins/fs-shopping-cart/css/fssc-themes.css/wp-content/plugins/fs-shopping-cart/css/fssc-images.css/wp-content/plugins/fs-shopping-cart/includes/fssc-admin.js/wp-content/plugins/fs-shopping-cart/includes/fssc-admin-script.js/wp-content/plugins/fs-shopping-cart/js/fssc-cart.js+1 more
Script Paths
fssc-admin.jsfssc-admin-script.jsfssc-cart.jsfssc-script.js
Version Parameters
fs-shopping-cart/includes/fssc-admin.css?ver=fs-shopping-cart/includes/fssc-admin-style.css?ver=fs-shopping-cart/css/fssc-style.css?ver=fs-shopping-cart/css/fssc-themes.css?ver=fs-shopping-cart/css/fssc-images.css?ver=fs-shopping-cart/includes/fssc-admin.js?ver=fs-shopping-cart/includes/fssc-admin-script.js?ver=fs-shopping-cart/js/fssc-cart.js?ver=fs-shopping-cart/js/fssc-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
fsrep_inputfsrep_input_label
HTML Comments
<!-- FS-SCART CONFIGURATION OPTIONS --><!-- FS-SCART ORDER OPTIONS --><!-- FS-SCART PRODUCT OPTIONS --><!-- FS-SCART CUSTOMER OPTIONS -->+17 more
Data Attributes
data-productiddata-productnamedata-productpricedata-productqtydata-productvariationdata-cartid+5 more
JS Globals
fssc_ajax_url
Shortcode Output
[fssc_products][fssc_product][fssc_categories][fssc_cart]
FAQ

Frequently Asked Questions about FireStorm Shopping Cart eCommerce Plugin