Does Holded integration have any unpatched vulnerabilities?

No. All known vulnerabilities in Holded integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Holded integration compatible with WordPress 6.8.5?

According to WordPress.org data, Holded integration 3.5.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Holded integration compatible with PHP 7.4+?

Holded integration requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Holded integration updated?

Holded integration was last updated on Oct 10, 2025. Frequent updates are generally a positive security signal.

What is Holded integration's security score?

Holded integration has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Holded integration Security & Risk Analysis

wordpress.org/plugins/holded-integration

Holded service integration with WooCommerce

2K active installs v3.5.2 PHP 7.4+ WP 4.9+ Updated Oct 10, 2025

erpholdedwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Holded integration Safe to Use in 2026?

Generally Safe

Score 100/100

Holded integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The holded-integration v3.5.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history are significant strengths. However, the plugin has a notable concern with its attack surface, featuring two AJAX handlers, one of which lacks authentication checks. This presents a direct entry point for unauthorized access or manipulation.

The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, are still a cause for concern. These could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses or if the severity classification does not capture the full impact. The presence of file operations without specific details on their sanitization or purpose adds another layer of potential risk.

In conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the unprotected AJAX handler and unsanitized path flows represent clear security weaknesses. The plugin's strengths lie in its database security and output escaping, but the attack surface and taint issues warrant careful attention and potential remediation to achieve a more robust security profile.

Key Concerns

AJAX handler without authentication
Flows with unsanitized paths
File operations without explicit sanitization details

Vulnerabilities

None known

Holded integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Holded integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped74 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

validate_holded_api_url_field (src\Views\ConfigPanel.php:361)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Holded integration Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_holdedwc_sync_orderssrc\Views\ConfigPanel.php:53

authwp_ajax_holdedwc_syncButtonProductsrc\Views\ConfigPanel.php:54

WordPress Hooks 22

actionbefore_woocommerce_initholded-integration.php:83

actionrest_api_initsrc\Endpoints\DeactivateEndpoint.php:13

actionrest_api_initsrc\Endpoints\ExportProductsEndpoint.php:15

actionrest_api_initsrc\Endpoints\HealthEndpoint.php:11

actionrest_api_initsrc\Endpoints\PaymentMethodsEndpoint.php:13

actionrest_api_initsrc\Endpoints\UpdateStockEndpoint.php:13

actionwoocommerce_order_status_completedsrc\Hooks\OrderCompleted.php:13

actionwoocommerce_order_status_pendingsrc\Hooks\OrderCompleted.php:14

actionwoocommerce_order_status_failedsrc\Hooks\OrderCompleted.php:15

actionwoocommerce_order_status_processingsrc\Hooks\OrderCompleted.php:16

actionwoocommerce_order_status_refundedsrc\Hooks\OrderCompleted.php:17

actionwoocommerce_order_status_cancelledsrc\Hooks\OrderCompleted.php:18

actionwoocommerce_order_status_on-holdsrc\Hooks\OrderCompleted.php:19

actionwoocommerce_variation_set_stocksrc\Hooks\ProductStockUpdated.php:13

actionwoocommerce_product_set_stocksrc\Hooks\ProductStockUpdated.php:14

actionwoocommerce_update_productsrc\Hooks\ProductUpdated.php:13

actionwoocommerce_refund_createdsrc\Hooks\RefundedCreated.php:11

actionplugins_loadedsrc\Services\Admin.php:17

filterwoocommerce_integrationssrc\Services\Admin.php:27

actionadmin_noticessrc\Services\Admin.php:29

actionadmin_enqueue_scriptssrc\Views\ConfigPanel.php:49

actionadmin_noticessrc\Views\ConfigPanel.php:50

Maintenance & Trust

Holded integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 10, 2025

PHP min version7.4

Downloads23K

Community Trust

Rating40/100

Number of ratings3

Active installs2K

Alternatives

Holded integration Alternatives

Afterpay Gateway for WooCommerce

afterpay-gateway-for-woocommerce

Provide Afterpay as a payment option for WooCommerce orders.

10K 2 CVEs

Contabilium Oficial para WooCommerce

contabilium-oficial-para-woo

100

Contabilium es un sistema de gestión online que te permite administrar todos tus ingresos y gastos de una forma sencilla y rápida en cualquier momento …

300 No CVEs

Riverty Payments for Woocommerce

afterpay-payment-gateway-for-woocommerce

100

Riverty is the most consumer-friendly BNPL payment method in Germany, Austria, Switzerland, the Nordics, Netherlands and Belgium.

100 No CVEs

Linet ERP Integration For Woocommerce

linet-erp-woocommerce-integration

After installing this plugin you can sync woocommerce with Linet ERP.

100 2 CVEs

Splash Sync

splash-connector

Splash Sync, the synchronization system of innovative companies! Synchronize your website with all your business applications.

100 1 CVE

Developer Profile

Holded integration Developer Profile

holded

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Holded integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/holded-integration/public/js/holdedWC-WCConfigPanel-ajaxsync.js/wp-content/plugins/holded-integration/public/css/holdedWC-WCConfigPanel.css

Script Paths

public/js/holdedWC-WCConfigPanel-ajaxsync.js

Version Parameters

holded-integration/public/css/holdedWC-WCConfigPanel.css?ver=holded-integration/public/js/holdedWC-WCConfigPanel-ajaxsync.js?ver=

HTML / DOM Fingerprints

HTML Comments

Holded integration is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
any later version.

Holded integration is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Holded integration. If not, see <http://www.gnu.org/licenses/>.

Data Attributes

data-id="holdedwc-configpanel"

JS Globals

holdedWC_ajax_object

Shortcode Output

Holded

Holded invoicing integration with WooCommerce. If you do not have a Holded account try it <a href="https://app.holded.com/signup" target="_blank">here</a>.

FAQ