Does HDCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in HDCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HDCommerce compatible with WordPress 5.3.21?

According to WordPress.org data, HDCommerce 0.8 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is HDCommerce compatible with PHP 7.0+?

HDCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HDCommerce updated?

HDCommerce was last updated on Mar 21, 2020. Frequent updates are generally a positive security signal.

What is HDCommerce's security score?

HDCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HDCommerce Security & Risk Analysis

wordpress.org/plugins/hdcommerce

HDCommerce, the ultimate eCommerce experience. *In beta.

10 active installs v0.8 PHP 7.0+ WP 4.8.0+ Updated Mar 21, 2020

e-commerceecommercehdcommerceshopstore

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HDCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

HDCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The hdcommerce plugin version 0.8 exhibits a mixed security posture. On one hand, it demonstrates good practices such as using prepared statements for all SQL queries and a significant number of nonce and capability checks. The absence of known CVEs and common vulnerability types in its history suggests a generally stable track record. However, the static analysis reveals significant areas of concern. The plugin has a substantial attack surface, with 15 AJAX handlers, 6 of which lack authentication checks. This is a critical vulnerability that could allow unauthenticated users to trigger plugin functionality. Furthermore, the taint analysis identified one flow with unsanitized paths, which, while not classified as critical or high severity in this analysis, still represents a potential risk for data manipulation or unauthorized access if exploited. The moderate percentage of properly escaped output (52%) also indicates a risk of cross-site scripting (XSS) vulnerabilities. In conclusion, while hdcommerce has a clean vulnerability history and some strong security implementations, the presence of unauthenticated AJAX handlers and unsanitized data flows presents a clear and present danger that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low percentage of properly escaped output
Use of dangerous function (passthru)

Vulnerabilities

None known

HDCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HDCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

HDCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

324

350 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

passthrupassthru('composer install', $returnStatus);includes\payment-gateways\stripe\6\build.php:16

passthrupassthru(includes\payment-gateways\stripe\6\build.php:23

passthrupassthru("./vendor/bin/phpunit -c $config", $returnStatus);includes\payment-gateways\stripe\6\build.php:33

Output Escaping

52% escaped674 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths

hdc_add_new_product (includes\functions\save_edit_product.php:7)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

HDCommerce Attack Surface

Entry Points15

Unprotected6

AJAX Handlers 15

noprivwp_ajax_hdc_update_cart_cookie_quantityincludes\functions\cart.php:88

authwp_ajax_hdc_update_cart_cookie_quantityincludes\functions\cart.php:89

noprivwp_ajax_hdc_remove_product_cartincludes\functions\cart.php:116

authwp_ajax_hdc_remove_product_cartincludes\functions\cart.php:117

authwp_ajax_hdc_add_new_productincludes\functions\save_edit_product.php:65

authwp_ajax_hdc_add_new_categoryincludes\functions\save_edit_product.php:193

noprivwp_ajax_get_hdc_shipping_methodsincludes\functions\shipping.php:100

authwp_ajax_get_hdc_shipping_methodsincludes\functions\shipping.php:101

authwp_ajax_hdc_export_ordersincludes\functions.php:318

noprivwp_ajax_hdc_submit_orderincludes\functions.php:374

authwp_ajax_hdc_submit_orderincludes\functions.php:375

noprivwp_ajax_hdc_submit_reviewincludes\functions.php:537

authwp_ajax_hdc_submit_reviewincludes\functions.php:538

noprivwp_ajax_hdc_check_couponincludes\functions.php:725

authwp_ajax_hdc_check_couponincludes\functions.php:726

WordPress Hooks 38

filtersingle_templatehdcommerce.php:94

filterarchive_templatehdcommerce.php:113

filterpage_templatehdcommerce.php:153

actionplugins_loadedhdcommerce.php:231

actionadmin_menuincludes\functions\admin.php:25

filterscreen_layout_columnsincludes\functions\admin.php:37

filterget_user_option_screen_layout_hdc_productincludes\functions\admin.php:44

filterget_user_option_screen_layout_hdc_ordersincludes\functions\admin.php:45

actionadmin_menuincludes\functions\admin.php:63

filterdisplay_post_statesincludes\functions\admin.php:82

filtermanage_hdc_orders_posts_columnsincludes\functions\admin.php:103

actionmanage_hdc_orders_posts_custom_columnincludes\functions\admin.php:126

actionwp_dashboard_setupincludes\functions\admin.php:146

actionadmin_head-edit.phpincludes\functions\admin.php:250

actionhdc_product_saved_afterincludes\functions\admin.php:264

actionhdc_settings_saved_afterincludes\functions\admin.php:265

actionhdc_settings_fieldsincludes\functions\payment_gateway.php:95

actionhdc_settings_fieldsincludes\functions\payment_gateway.php:136

actionhdc_settings_fieldsincludes\functions\shipping.php:162

actionhdc_settings_fieldsincludes\functions\shipping.php:172

actionhdc_settings_fieldsincludes\functions\shipping.php:182

actionhdc_before_payment_confirmedincludes\functions.php:432

actionadd_meta_boxesincludes\meta.php:14

actionload-post.phpincludes\meta.php:16

actionload-post-new.phpincludes\meta.php:17

actionadd_meta_boxesincludes\meta.php:62

actionload-post.phpincludes\meta.php:64

actionload-post-new.phpincludes\meta.php:65

actionadd_meta_boxesincludes\meta.php:87

actionsave_postincludes\meta.php:88

actionload-post.phpincludes\meta.php:90

actionload-post-new.phpincludes\meta.php:91

actioninitincludes\post_type.php:70

actioninitincludes\post_type.php:115

actioninitincludes\post_type.php:175

actioninitincludes\post_type.php:232

filterenter_title_hereincludes\post_type.php:245

filterhdc_payment_form_locationincludes\templates\header.php:148

Maintenance & Trust

HDCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedMar 21, 2020

PHP min version7.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

HDCommerce Alternatives

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

Shopping Cart & eCommerce Store

wp-easycart

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs

Shopify Importer

shopify

Import products from a Shopify.com online store into your blog.

100 No CVEs

Shift4Shop Online Store

3dcart-wp-online-store

Shift4Shop Online Store provides a streamlined way to sell any number of products from your Shift4Shop store directly on your WordPress blog.

40 No CVEs

sleekStore lite

sleekstore

sleekStore - instant way to start sales and launch online store powered by WordPress. Functional, convenient, hyper-flexlible.

20 No CVEs

Developer Profile

HDCommerce Developer Profile

Harmonic Design

6 plugins · 8K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

205 days

View full developer profile

Detection Fingerprints

How We Detect HDCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hdcommerce/includes/assets/css/hdcommerce.css/wp-content/plugins/hdcommerce/includes/assets/js/hdcommerce.js

Script Paths

/wp-content/plugins/hdcommerce/includes/assets/js/hdcommerce.js

Version Parameters

hdcommerce/includes/assets/css/hdcommerce.css?ver=hdcommerce/includes/assets/js/hdcommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes

hdc-product-listing

HTML Comments

+4 more

Data Attributes

data-plugin-name="hdcommerce"

JS Globals

window.HDC = {};var HDC = {};

Shortcode Output

[hdcommerce_products][hdcommerce_product]

FAQ