Does Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System have any unpatched vulnerabilities?

No. All known vulnerabilities in Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System compatible with WordPress 6.9.4?

According to WordPress.org data, Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System 1.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Security & Risk Analysis

wordpress.org/plugins/gyta-buyback

Transform WooCommerce into a full-featured trade-in and buyback platform. Reverse payments, auto-generate shipping labels, and manage your entire reco …

10 active installs v1.5.0 PHP 8.0+ WP 5.0+ Updated Mar 4, 2026

buybackeasyposttrade-intradeinwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Safe to Use in 2026?

Generally Safe

Score 100/100

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'gyta-buyback' plugin v1.5.0 presents a generally good security posture, with several positive indicators. The absence of known CVEs and a clean vulnerability history suggests a history of secure development or diligent patching. The code analysis reveals a strong emphasis on secure coding practices, with 100% of SQL queries using prepared statements and a high rate of output escaping (93%). The plugin also incorporates nonce and capability checks, which are crucial for protecting against common web attacks. However, there is one significant concern: one of the plugin's entry points, specifically a REST API route, lacks permission callbacks. This means it could potentially be accessed and exploited by unauthenticated users, representing an unprotected attack surface. While taint analysis shows no critical or high severity issues, this single unprotected REST API route poses a notable risk that should be addressed promptly to improve the plugin's overall security.

Key Concerns

REST API route without permission callback

Vulnerabilities

None known

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

177 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0Guzzle

Output Escaping

93% escaped191 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

wcpti_content_thankyou (includes\cart_to_order_conversion.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_wcpti_dismiss_noticeincludes\class-wcpti-admin-notices.php:22

REST API Routes 1

POST/wp-json/wcpti/v1/easypost-webhookincludes\class-wcpti-easypost-webhooks.php:30

WordPress Hooks 39

actionadmin_post_wcpti_batch_create_labelsgyta-buyback.php:50

actionplugins_loadedgyta-buyback.php:117

actionadmin_enqueue_scriptsgyta-buyback.php:121

actionbefore_woocommerce_initgyta-buyback.php:172

actionadmin_initgyta-buyback.php:179

actionadmin_menugyta-buyback.php:181

actioninitgyta-buyback.php:246

actionwpgyta-buyback.php:302

filterwc_order_statusesgyta-buyback.php:345

filterwoocommerce_locate_templategyta-buyback.php:385

actionafter_uninstallgyta-buyback.php:393

actionwoocommerce_admin_order_data_after_order_detailsincludes\admin_order_modifications.php:11

actionwoocommerce_admin_order_data_after_billing_addressincludes\admin_order_modifications.php:17

actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin_order_modifications.php:23

actionwoocommerce_order_actionsincludes\admin_order_modifications.php:110

actionwoocommerce_order_action_resend_order_processing_emailincludes\admin_order_modifications.php:126

actionwoocommerce_order_action_resend_order_created_emailincludes\admin_order_modifications.php:127

actionwoocommerce_order_action_resend_order_completed_emailincludes\admin_order_modifications.php:128

actionwoocommerce_order_action_resend_order_pending_review_approval_emailincludes\admin_order_modifications.php:129

actionwoocommerce_order_action_wcpti_refund_shipping_labelincludes\admin_order_modifications.php:165

actionwoocommerce_thankyouincludes\cart_to_order_conversion.php:7

actionwoocommerce_view_orderincludes\cart_to_order_conversion.php:13

actionwoocommerce_checkout_update_order_metaincludes\cart_to_order_conversion.php:118

actionwoocommerce_checkout_processincludes\cart_to_order_conversion.php:132

actionadmin_noticesincludes\class-wcpti-admin-notices.php:21

filterbulk_actions-edit-shop_orderincludes\class-wcpti-batch-shipping.php:19

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-wcpti-batch-shipping.php:20

filterhandle_bulk_actions-edit-shop_orderincludes\class-wcpti-batch-shipping.php:21

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-wcpti-batch-shipping.php:27

actionwoocommerce_blocks_loadedincludes\class-wcpti-blocks-support.php:19

actionwoocommerce_blocks_payment_method_type_registrationincludes\class-wcpti-blocks-support.php:31

actionbefore_woocommerce_initincludes\class-wcpti-blocks-support.php:54

actionrest_api_initincludes\class-wcpti-easypost-webhooks.php:22

actionwoocommerce_email_after_order_tableincludes\email-shipping-info.php:95

filtergettextincludes\label_changes.php:28

filterwoocommerce_checkout_fieldsincludes\label_changes.php:57

filtergettextincludes\label_changes.php:68

actionplugins_loadedincludes\payment_methods.php:14

filterwoocommerce_payment_gatewaysincludes\payment_methods.php:311

Maintenance & Trust

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version8.0

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Alternatives

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce

wc-easypost-shipping

100

EasyPost Shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages.

400 No CVEs

EasyShipper – EasyPost Integration for WooCommerce

easyshipper

Easyshipper for WooCommerce allows your users to interface with the fantastic EasyPost Shipping API.

10 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

Developer Profile

Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System Developer Profile

Brandon Ernst

7 plugins · 11K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Gyta BuyBack | WooCommerce Product Trade-In and Buy Back System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gyta-buyback/assets/css/admin.css

Version Parameters

gyta-buyback/assets/css/admin.css?ver=1.5.0

HTML / DOM Fingerprints

Data Attributes

wcpti_settings_company_namewcpti_settings_shipping_namewcpti_settings_address_1wcpti_settings_address_2wcpti_settings_citywcpti_settings_state+29 more

JS Globals

WCPTI_VERSIONwcpti_fs

REST Endpoints

/wp-json/wcpti-easypost-webhooks/v1/webhook

FAQ