Does GoZen Growth have any unpatched vulnerabilities?

No. All known vulnerabilities in GoZen Growth have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GoZen Growth compatible with WordPress 6.3.8?

According to WordPress.org data, GoZen Growth 1.0.7 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is GoZen Growth compatible with PHP 7.0+?

GoZen Growth requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GoZen Growth updated?

GoZen Growth was last updated on Feb 27, 2024. Frequent updates are generally a positive security signal.

What is GoZen Growth's security score?

GoZen Growth has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GoZen Growth Security & Risk Analysis

wordpress.org/plugins/gozen-growth

Gozen is an outcome-driven all-in-one email marketing platform that helps businesses grow better.

10 active installs v1.0.7 PHP 7.0+ WP 4.6.1+ Updated Feb 27, 2024

automationemailpopups

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GoZen Growth Safe to Use in 2026?

Generally Safe

Score 85/100

GoZen Growth has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The gozen-growth plugin v1.0.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, file operations, and ensuring all identified output is properly escaped. The SQL query usage is also reasonably secure, with 75% utilizing prepared statements. Furthermore, the complete absence of known vulnerabilities and a clean vulnerability history suggests a generally well-maintained codebase.

However, significant concerns arise from the attack surface analysis. The plugin exposes 8 REST API routes, with a notable 3 of these lacking explicit permission callbacks. This creates a substantial risk of unauthorized access and potential manipulation of data or functionality. The absence of nonce checks on any of its entry points is another critical oversight, leaving the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks.

In conclusion, while the plugin benefits from a lack of historical vulnerabilities and good output sanitization, the identified vulnerabilities in its REST API and the complete lack of nonce protection present clear and exploitable security risks. The 3 unprotected REST API routes are the most pressing concern, requiring immediate attention.

Key Concerns

REST API routes without permission callbacks
No nonce checks on entry points

Vulnerabilities

None known

GoZen Growth Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GoZen Growth Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared12 total queries

Output Escaping

100% escaped3 total outputs

Attack Surface

3 unprotected

GoZen Growth Attack Surface

Entry Points8

Unprotected3

REST API Routes 8

POST/wp-json/gozen-growth/v1keySecretAPI\api_endpoint\gozen_api.php:36

POST/wp-json/gozen-growth/v1dirto_LogoutAPI\api_endpoint\gozen_api.php:42

POST/wp-json/gozen-growth/v1syncUserAPI\api_endpoint\gozen_api.php:47

GET/wp-json/gozen/v1/webhook/automation\public\class-gozen-growth-automation-public.php:64

GET/wp-json/gozen/v1/webhook/automation\public\class-gozen-growth-automation-public.php:70

GET/wp-json/gozen/v1/webhook/automation\public\class-gozen-growth-automation-public.php:76

GET/wp-json/gozen/v1/webhook/(?P<id>\d+)automation\public\class-gozen-growth-automation-public.php:82

GET/wp-json/gozen/v1/connect/automation\public\class-gozen-growth-automation-public.php:88

WordPress Hooks 9

actionadmin_menuAPI\api_endpoint\gozen_api.php:15

actionrest_api_initAPI\api_endpoint\gozen_api.php:16

actionadmin_noticesAPI\api_endpoint\gozen_api.php:29

actionrest_api_initautomation\includes\class-gozen-growth-automation.php:112

actionwoocommerce_add_to_cartautomation\includes\class-gozen-growth-automation.php:116

actionwoocommerce_cart_item_removedautomation\includes\class-gozen-growth-automation.php:119

actionwoocommerce_checkout_after_customer_detailsautomation\includes\class-gozen-growth-automation.php:123

filterwoocommerce_webhook_topic_hooksautomation\includes\class-gozen-growth-automation.php:127

filterwoocommerce_valid_webhook_eventsautomation\includes\class-gozen-growth-automation.php:130

Maintenance & Trust

GoZen Growth Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedFeb 27, 2024

PHP min version7.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

GoZen Growth Alternatives

WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

decorator-woocommerce-email-customizer

Create and send marketing emails and campaigns. Enable email automations, Popups, spin-a-wheel, sign-up forms, and more. Customize WooCommerce emails.

10K 2 CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs

MailerLite – WooCommerce integration

woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K 4 CVEs

Developer Profile

GoZen Growth Developer Profile

optinlyhq

3 plugins · 930 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

379 days

View full developer profile

Detection Fingerprints

How We Detect GoZen Growth

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gozen-growth/css/gozen.css/wp-content/plugins/gozen-growth/java_script/gozen.js

Script Paths

/wp-content/plugins/gozen-growth/java_script/gozen.js

Version Parameters

gozen-script?ver=gozen-style?ver=

HTML / DOM Fingerprints

Data Attributes

gozen-scriptgozen-style

JS Globals

gozen_test_url

REST Endpoints

gozen-growth/v1/keySecretgozen-growth/v1/dirto_Logoutgozen-growth/v1/syncUser

FAQ