Does GearGag Toolkit have any unpatched vulnerabilities?

No. All known vulnerabilities in GearGag Toolkit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GearGag Toolkit compatible with WordPress 5.3.21?

According to WordPress.org data, GearGag Toolkit 2.5.0 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is GearGag Toolkit compatible with PHP 5.6+?

GearGag Toolkit requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GearGag Toolkit updated?

GearGag Toolkit was last updated on Nov 19, 2020. Frequent updates are generally a positive security signal.

What is GearGag Toolkit's security score?

GearGag Toolkit has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GearGag Toolkit Security & Risk Analysis

wordpress.org/plugins/geargag-toolkit

This plugin is the bridge between the GearGag platform and your WooCommerce website.

10 active installs v2.5.0 PHP 5.6+ WP 5.0+ Updated Nov 19, 2020

geargagwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is GearGag Toolkit Safe to Use in 2026?

Generally Safe

Score 85/100

GearGag Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "geargag-toolkit" v2.5.0 plugin exhibits a mixed security posture. While it has no recorded historical vulnerabilities and appears to use nonces and capability checks for some interactions, the static analysis reveals significant security concerns. The most alarming finding is the presence of 6 REST API routes that lack permission callbacks, creating a substantial unprotected attack surface. This means any user, regardless of their role or permissions, could potentially interact with these endpoints and trigger unintended actions or expose sensitive information.

Furthermore, the plugin's SQL query practices are not entirely robust, with 62% of queries not using prepared statements. While not as critical as the unprotected REST API routes, this could expose the plugin to SQL injection vulnerabilities under certain conditions, especially if user-supplied data is not properly sanitized before being used in these queries. The absence of any taint analysis results, while potentially indicating no critical flows were detected, could also reflect limitations in the analysis itself rather than a complete absence of risks. Overall, the plugin has potential weaknesses that require immediate attention, primarily the unprotected REST API endpoints.

Key Concerns

REST API routes without permission callbacks
SQL queries without prepared statements

Vulnerabilities

None known

GearGag Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

GearGag Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

38% prepared24 total queries

Output Escaping

61% escaped36 total outputs

Attack Surface

6 unprotected

GearGag Toolkit Attack Surface

Entry Points6

Unprotected6

REST API Routes 6

GET/wp-json/geargag/v1/export-productsWoo.php:46

GET/wp-json/geargag/v1/updated-productsWoo.php:51

GET/wp-json/geargag/v1/deleted-productsWoo.php:56

DELETE/wp-json/geargag/v1/deleted-productsWoo.php:61

POST/wp-json/geargag/v1/import-productsWoo.php:66

POST/wp-json/geargag/v1/batch-insert-productsWoo.php:70

WordPress Hooks 22

actionadmin_menuBatch_Delete_Products.php:17

actionplugin_loadedindex.php:63

filterwp_kses_allowed_htmltools\KSES.php:432

actionadmin_enqueue_scriptstools\Register_Assets.php:23

actionadmin_enqueue_scriptstools\Register_Assets.php:24

actionenqueue_block_assetstools\Register_Assets.php:26

actionenqueue_block_assetstools\Register_Assets.php:27

actionenqueue_block_editor_assetstools\Register_Assets.php:29

actionenqueue_block_editor_assetstools\Register_Assets.php:30

actionwp_enqueue_scriptstools\Register_Assets.php:32

actionwp_enqueue_scriptstools\Register_Assets.php:33

actionadmin_inittools\Register_Settings.php:28

filterwoocommerce_product_is_in_stockWoo.php:12

actionsave_post_productWoo.php:13

actiondelete_postWoo.php:14

actionrest_api_initWoo.php:15

filterwoocommerce_available_variationWoo_Gallery.php:9

filterwoocommerce_single_product_image_thumbnail_htmlWoo_Gallery.php:10

filterwoocommerce_product_get_imageWoo_Gallery.php:11

filtermanage_edit-product_columnsWoo_Gallery.php:12

filtermanage_product_posts_custom_columnWoo_Gallery.php:13

actionadmin_enqueue_scriptsWoo_Gallery.php:14

Maintenance & Trust

GearGag Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedNov 19, 2020

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

GearGag Toolkit Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Developer Profile

GearGag Toolkit Developer Profile

GearGag Team

3 plugins · 10 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GearGag Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/geargag-toolkit/assets/css/frontend.css/wp-content/plugins/geargag-toolkit/assets/js/frontend.js/wp-content/plugins/geargag-toolkit/assets/css/backend.css/wp-content/plugins/geargag-toolkit/assets/js/backend.js/wp-content/plugins/geargag-toolkit/assets/js/woo-gallery.js/wp-content/plugins/geargag-toolkit/assets/css/woo-gallery.css

Script Paths

/wp-content/plugins/geargag-toolkit/assets/js/frontend.js/wp-content/plugins/geargag-toolkit/assets/js/backend.js/wp-content/plugins/geargag-toolkit/assets/js/woo-gallery.js

Version Parameters

geargag-toolkit/assets/css/frontend.css?ver=geargag-toolkit/assets/js/frontend.js?ver=geargag-toolkit/assets/css/backend.css?ver=geargag-toolkit/assets/js/backend.js?ver=geargag-toolkit/assets/js/woo-gallery.js?ver=geargag-toolkit/assets/css/woo-gallery.css?ver=

HTML / DOM Fingerprints

CSS Classes

geargag-woo-gallery

Data Attributes

data-geargag-gallery

REST Endpoints

/geargag/v1/export-products/geargag/v1/updated-products/geargag/v1/deleted-products/geargag/v1/import-products/geargag/v1/batch-insert-products

FAQ