Does Hippoo Mobile App for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Hippoo Mobile App for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hippoo Mobile App for WooCommerce compatible with WordPress 6.7.5?

According to WordPress.org data, Hippoo Mobile App for WooCommerce 1.7.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Hippoo Mobile App for WooCommerce updated?

Hippoo Mobile App for WooCommerce was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is Hippoo Mobile App for WooCommerce's security score?

Hippoo Mobile App for WooCommerce has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hippoo Mobile App for WooCommerce Security & Risk Analysis

wordpress.org/plugins/hippoo

Hippoo helps you manage WooCommerce orders, inventory, and analytics from your mobile. Receive real-time notifications and control your store on the g …

1K active installs v1.7.6 PHP + WP 5.3+ Updated Mar 3, 2026

woocommerce-apphippooorder-notificationsstore-management-appwoocommerce-app-alternative

A · Safe

CVEs total2

Unpatched0

Last CVEDec 11, 2025

Plugin page Download

Safety Verdict

Is Hippoo Mobile App for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

Hippoo Mobile App for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2025Updated 1mo ago

Risk Assessment

The "hippoo" v1.7.6 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL prepared statements (89%) and output escaping (93%), and has no currently unpatched CVEs, several concerns arise from the static analysis and its historical vulnerability record. A significant portion of its attack surface, specifically 12 out of 27 entry points, lacks proper authentication or permission checks, including 12 REST API routes and 0 AJAX handlers without auth checks. The presence of 3 flows with unsanitized paths in taint analysis, although not classified as critical or high, is a notable risk that could lead to path traversal vulnerabilities if not handled meticulously by the developers. This is further corroborated by its vulnerability history, which includes a high-severity vulnerability of "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" and another "Missing Authorization" issue.

Despite the absence of critical issues in the current analysis and a clean slate of unpatched vulnerabilities, the high number of unprotected entry points and the historical pattern of path traversal and authorization flaws suggest a continued need for vigilance. The plugin has a history of significant vulnerabilities, indicating potential recurring weaknesses. The bundled Select2 library, while not explicitly flagged as outdated, should also be monitored for security advisories. Overall, "hippoo" v1.7.6 has some robust security implementations but significant areas of concern related to access control and input sanitization that require attention and ongoing monitoring.

Key Concerns

Unprotected REST API routes
Flows with unsanitized paths
High severity CVE in history (Path Traversal)
Medium severity CVE in history (Missing Authorization)
AJAX handlers without auth checks (0 reported, but 12 unprotected entry points)

Vulnerabilities

Hippoo Mobile App for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-12655medium · 5.3Missing Authorization

Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write

Dec 11, 2025 Patched in 1.7.2 (1d)

CVE-2025-13339high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

Dec 9, 2025 Patched in 1.7.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Hippoo Mobile App for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

355 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

89% prepared18 total queries

Output Escaping

93% escaped380 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

ajax_add_permission_role (app\permissions.php:104)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

Hippoo Mobile App for WooCommerce Attack Surface

Entry Points27

Unprotected12

AJAX Handlers 13

authwp_ajax_hippoo_test_ai_connectionapp\ai.php:16

authwp_ajax_hippoo_get_models_by_providerapp\ai.php:17

authwp_ajax_hippoo_dismiss_reviewapp\app.php:156

noprivwp_ajax_hippoo_dismiss_reviewapp\app.php:157

authwp_ajax_hippoo_retry_api_checkapp\app.php:221

authwp_ajax_hippoo_dismiss_api_errorapp\app.php:228

authwp_ajax_hippoo_get_integrationsapp\integrations.php:15

authwp_ajax_hippoo_install_integrationapp\integrations.php:16

authwp_ajax_hippoo_add_permission_roleapp\permissions.php:10

authwp_ajax_hippoo_save_permission_roleapp\permissions.php:11

authwp_ajax_hippoo_delete_permission_roleapp\permissions.php:12

authwp_ajax_dismiss_admin_noticeinvoice\settings.php:10

noprivwp_ajax_dismiss_admin_noticeinvoice\settings.php:11

REST API Routes 14

GET/wp-json/hippoo/v1wc/token/getapp\web_api.php:40

POST/wp-json/hippoo/v1wc/token/save_callback/(?P<token_id>\w+)app\web_api.php:45

GET/wp-json/hippoo/v1wc/token/show/(?P<token_id>\w+)app\web_api.php:50

GET/wp-json/hippoo/v1wc/token/return/(?P<token_id>\w+)app\web_api.php:55

GET/wp-json/hippoo/v1configapp\web_api.php:60

GET/wp-json/hippoo/v1shop-configapp\web_api.php:65

GET/wp-json/hippoo/v1locations/countriesapp\web_api.php:70

GET/wp-json/hippoo/v1locations/countries/(?P<country_code>[A-Z]{2})app\web_api.php:75

GET/wp-json/woohouse/v1configapp\web_api.php:82

POST/wp-json/wc/v3productsimg/(?P<id>\d+)/imgsapp\web_api.php:377

GET/wp-json/wc/v3productsimg/(?P<id>\d+)/dlmg/(?P<cnt>\d+)app\web_api.php:383

GET/wp-json/wc/v3productsimg/image-sizesapp\web_api.php:389

GET/wp-json/wc/store/v1settingsapp\web_api.php:570

GET/wp-json/wc/store/v1cart/countapp\web_api.php:576

WordPress Hooks 97

filterhippoo_settings_tabsapp\ai.php:12

filterhippoo_settings_tab_contentsapp\ai.php:13

actionadmin_initapp\ai.php:14

actionrest_api_initapp\ai.php:19

filterwoocommerce_rest_is_request_to_rest_apiapp\ai.php:20

actionplugins_loadedapp\app.php:10

actionadmin_enqueue_scriptsapp\app.php:28

actioninitapp\app.php:41

filterplugin_action_links_hippoo/hippoo.phpapp\app.php:87

actionwp_dashboard_setupapp\app.php:98

actionadmin_noticesapp\app.php:149

actionadmin_noticesapp\app.php:207

actionhippoo_before_settings_pageapp\app.php:264

actioninitapp\bugsnag.php:17

actionadmin_initapp\bugsnag.php:18

actionupdate_option_hippoo_settingsapp\bugsnag.php:19

actionwp_dashboard_setupapp\dashboard_widget.php:5

filterhippoo_settings_tabsapp\integrations.php:12

filterhippoo_settings_tab_contentsapp\integrations.php:13

actionrest_api_initapp\integrations.php:18

filterwoocommerce_rest_is_request_to_rest_apiapp\integrations.php:19

filterhippoo_settings_tabsapp\permissions.php:7

filterhippoo_settings_tab_contentsapp\permissions.php:8

actionrest_api_initapp\permissions.php:14

filterwoocommerce_rest_check_permissionsapp\permissions.php:19

filterwoocommerce_rest_shop_order_object_queryapp\permissions.php:22

filterwoocommerce_rest_prepare_shop_order_objectapp\permissions.php:23

filterrest_request_after_callbacksapp\permissions.php:24

filterrest_request_after_callbacksapp\permissions.php:25

filterrest_pre_dispatchapp\permissions.php:26

filterrest_pre_dispatchapp\permissions.php:27

filterwoocommerce_rest_product_object_queryapp\permissions.php:30

filterwoocommerce_rest_prepare_product_objectapp\permissions.php:31

filterrest_request_after_callbacksapp\permissions.php:32

filterwoocommerce_rest_customer_queryapp\permissions.php:35

filterwoocommerce_rest_prepare_customerapp\permissions.php:36

filterwoocommerce_rest_product_review_queryapp\permissions.php:39

filterwoocommerce_rest_prepare_product_reviewapp\permissions.php:40

filterrest_request_after_callbacksapp\permissions.php:43

filterwoocommerce_rest_shop_coupon_object_queryapp\permissions.php:46

filterrest_request_after_callbacksapp\permissions.php:49

filterhippoo_system_info_extensionsapp\permissions.php:52

filterwoocommerce_order_query_argsapp\permissions.php:205

actioninitapp\pwa.php:7

filterquery_varsapp\pwa.php:8

actiontemplate_redirectapp\pwa.php:9

actionadmin_initapp\pwa.php:10

actionupdate_option_hippoo_settingsapp\pwa.php:11

actionadmin_menuapp\settings.php:7

actionadmin_initapp\settings.php:8

filterhippoo_settings_tabsapp\settings.php:10

filterhippoo_settings_tab_contentsapp\settings.php:11

actionrest_api_initapp\web_api.php:3

actionrest_api_initapp\web_api.php:31

actionrest_api_initapp\web_api.php:39

actionrest_api_initapp\web_api.php:375

actionrest_api_initapp\web_api.php:568

actionplugins_loadedapp\web_api.php:612

actionrest_api_initapp\web_api.php:621

actioninitapp\web_api.php:631

actionwoocommerce_no_stock_notificationapp\web_api.php:685

filterwoocommerce_new_order_note_dataapp\web_api.php:727

filterwoocommerce_rest_prepare_order_noteapp\web_api.php:739

filterwoocommerce_rest_prepare_shop_order_objectapp\web_api.php:766

filterrest_request_after_callbacksapp\web_api.php:832

actionrest_api_initinvoice\api.php:2

actionplugins_loadedinvoice\main.php:10

actionadmin_enqueue_scriptsinvoice\main.php:14

actionadmin_headinvoice\main.php:19

actionwoocommerce_initinvoice\main.php:29

filterquery_varsinvoice\main.php:43

filterinitinvoice\main.php:51

actionadmin_menuinvoice\settings.php:7

actionadmin_initinvoice\settings.php:8

actionadmin_enqueue_scriptsinvoice\settings.php:24

actionwp_enqueue_scriptsinvoice\woocommerce\my-account.php:5

filterwoocommerce_email_attachmentsinvoice\woocommerce\my-account.php:6

filterwoocommerce_account_orders_columnsinvoice\woocommerce\my-account.php:7

actionwoocommerce_my_account_my_orders_column_factorinvoice\woocommerce\my-account.php:8

filtermanage_woocommerce_page_wc-orders_columnsinvoice\woocommerce\order copy.php:3

actionmanage_woocommerce_page_wc-orders_custom_columninvoice\woocommerce\order copy.php:19

actionwoocommerce_admin_order_item_headersinvoice\woocommerce\order copy.php:41

actionwoocommerce_admin_order_item_valuesinvoice\woocommerce\order copy.php:42

actionadd_meta_boxesinvoice\woocommerce\order copy.php:151

filtermanage_woocommerce_page_wc-orders_columnsinvoice\woocommerce\order-copy.php:3

actionmanage_woocommerce_page_wc-orders_custom_columninvoice\woocommerce\order-copy.php:19

actionwoocommerce_admin_order_item_headersinvoice\woocommerce\order-copy.php:41

actionwoocommerce_admin_order_item_valuesinvoice\woocommerce\order-copy.php:42

actionadd_meta_boxesinvoice\woocommerce\order-copy.php:151

actionadd_meta_boxesinvoice\woocommerce\order-test.php:35

actionwoocommerce_admin_order_item_headersinvoice\woocommerce\order.php:67

actionwoocommerce_admin_order_item_valuesinvoice\woocommerce\order.php:68

actionadd_meta_boxesinvoice\woocommerce\order.php:198

filtermanage_edit-product_columnsinvoice\woocommerce\product.php:5

filtermanage_edit-product_columnsinvoice\woocommerce\product.php:6

actionmanage_posts_custom_columninvoice\woocommerce\product.php:7

actionadd_meta_boxesinvoice\woocommerce\product.php:8

Maintenance & Trust

Hippoo Mobile App for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 3, 2026

PHP min version

Downloads16K

Community Trust

Rating96/100

Number of ratings6

Active installs1K

Alternatives

Hippoo Mobile App for WooCommerce Alternatives

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring

wemanage-app-worker

Woocommerce Mobile App - manage your woocommerce products, get order notifications, and manage orders and leads from your mobile phone.

1K 1 CVE

MStore API – Create Native Android & iOS Apps On The Cloud

mstore-api

Take your WordPress store mobile with MStore API! This plugin bridges the gap between your WordPress website and the powerful FluxBuilder app builder.

3K 28 CVEs

miniOrange OTP Verification and SMS Notification for WooCommerce

miniorange-sms-order-notification-otp-verification

OTP Verification via SMS, Email,or WhatsApp, and SMS Order Notifications, Vendor Notifications for WooCommerce.OTP Login and registration with Phone →

100 1 CVE

Hippoo Notification

hippoo-notification

Introducing Hippoo Notification – the ultimate solution for shop owners seeking a seamless way to deliver push notifications and promotions to their c …

60 No CVEs

SMS for WooCommerce

wc-sms

Order SMS Notifications for Woocommerce

50 1 CVE

Developer Profile

Hippoo Mobile App for WooCommerce Developer Profile

hippooo

5 plugins · 1K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Hippoo Mobile App for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hippoo/assets/css/style.css/wp-content/plugins/hippoo/assets/css/admin-style.css/wp-content/plugins/hippoo/assets/js/admin-script.js/wp-content/plugins/hippoo/assets/css/select2.min.css/wp-content/plugins/hippoo/assets/js/select2.min.js

Script Paths

/wp-content/plugins/hippoo/assets/js/select2.min.js/wp-content/plugins/hippoo/assets/js/admin-script.js

Version Parameters

hippoo/assets/css/style.css?ver=hippoo/assets/css/admin-style.css?ver=hippoo/assets/js/admin-script.js?ver=hippoo/assets/css/select2.min.css?ver=hippoo/assets/js/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

hippoo-review-banner

Data Attributes

hippoo_nonce

JS Globals

hippoo

FAQ