WP-Safety

HoneyBadger.IT Security & Risk Analysis

wordpress.org/plugins/honeybadger-it

WC Order Management System including custom order statuses, emails, attachments, split orders, combine orders, variant image gallery, PDF Invoices, ma …

0 active installs v1.0.0 PHP 5.4+ WP 5.4+ Updated Dec 13, 2023
wc-emailswc-order-statuseswc-supplierswc-variable-product-imageswoocommerce-order-management
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is HoneyBadger.IT Safe to Use in 2026?

Generally Safe

Score 85/100

HoneyBadger.IT has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The honeybadger-it v1.0.0 plugin exhibits a generally strong security posture, with a significant emphasis on secure coding practices. The plugin demonstrates excellent utilization of prepared statements for SQL queries and proper output escaping, indicating a developer who is aware of common web application vulnerabilities. The presence of numerous nonce and capability checks across its entry points further reinforces this, suggesting robust protection against unauthorized access and data manipulation. The absence of any recorded vulnerabilities or CVEs in its history is a positive indicator of its current stability and security.

However, a closer examination reveals a few areas of concern that warrant attention. The presence of the `unserialize` function twice within the code represents a potential risk. If user-supplied data is unserialized without strict validation, it can lead to object injection vulnerabilities. While the taint analysis did not reveal critical or high severity unsanitized paths, the inherent danger of `unserialize` should not be underestimated, especially in complex applications. Additionally, although the attack surface appears protected by authentication and permission checks, the sheer number of entry points, coupled with the use of potentially dangerous functions, means that any oversight in implementing these checks could have significant consequences.

In conclusion, honeybadger-it v1.0.0 is built on a solid foundation of secure coding. The developer has implemented many best practices, and the clean vulnerability history is encouraging. The primary risk lies in the potential for object injection through the use of `unserialize` if not handled with extreme care and robust input validation. Addressing this specific function's usage with more stringent sanitization or exploring alternative serialization methods would significantly enhance the plugin's overall security.

Key Concerns

  • Dangerous function unserialize used
Vulnerabilities
None known

HoneyBadger.IT Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

HoneyBadger.IT Code Analysis

Dangerous Functions
2
Raw SQL Queries
4
624 prepared
Unescaped Output
11
804 escaped
Nonce Checks
14
Capability Checks
239
File Operations
96
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$order_items_orig=unserialize(serialize($order_items));includes\honeybadger-api.php:3741
unserialize$children = unserialize($result->meta_value);includes\honeybadger-products-api.php:959

SQL Query Safety

99% prepared628 total queries

Output Escaping

99% escaped815 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
<get_attachment> (get_attachment.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

HoneyBadger.IT Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 3

authwp_ajax_honeybadger_it_create_user_rolehoneybadger-it.php:796
authwp_ajax_create_honeybadger_connectionhoneybadger-it.php:803
authwp_ajax_refresh_honeybadger_connectionhoneybadger-it.php:811

REST API Routes 3

GET/wp-json/honeybadger-it/v1/ping/(?P<id>\d+)honeybadger-it.php:241
GET/wp-json/honeybadger-it/v1/oauth/honeybadger-it.php:820
GET/wp-json/honeybadger-it/v1/manage_downloads/honeybadger-it.php:867
WordPress Hooks 50
actionwpmu_new_bloghoneybadger-it.php:79
filterwpmu_drop_tableshoneybadger-it.php:87
actionplugins_loadedhoneybadger-it.php:96
actionadmin_menuhoneybadger-it.php:121
filterdetermine_current_userhoneybadger-it.php:135
actioninithoneybadger-it.php:137
filterplugin_action_linkshoneybadger-it.php:139
actioninithoneybadger-it.php:223
actionrest_api_inithoneybadger-it.php:240
actionrest_api_inithoneybadger-it.php:262
actioninithoneybadger-it.php:263
filterwc_order_statuseshoneybadger-it.php:286
actionadmin_footerhoneybadger-it.php:343
filterwc_get_templatehoneybadger-it.php:360
filterwoocommerce_email_subject_new_orderhoneybadger-it.php:402
filterwoocommerce_email_subject_customer_processing_orderhoneybadger-it.php:403
filterwoocommerce_email_subject_customer_completed_orderhoneybadger-it.php:404
filterwoocommerce_email_subject_customer_invoicehoneybadger-it.php:405
filterwoocommerce_email_subject_customer_notehoneybadger-it.php:406
filterwoocommerce_email_subject_customer_new_accounthoneybadger-it.php:407
filterwoocommerce_email_subject_cancelled_orderhoneybadger-it.php:408
filterwoocommerce_email_subject_failed_orderhoneybadger-it.php:409
filterwoocommerce_email_subject_customer_on_hold_orderhoneybadger-it.php:410
filterwoocommerce_email_subject_customer_refunded_orderhoneybadger-it.php:411
filterwoocommerce_email_subject_customer_reset_passwordhoneybadger-it.php:412
filterwoocommerce_email_subject_customer_invoice_paidhoneybadger-it.php:413
actionwoocommerce_order_status_changedhoneybadger-it.php:414
filterwoocommerce_email_attachmentshoneybadger-it.php:449
filterwoocommerce_email_attachmentshoneybadger-it.php:453
filterwoocommerce_email_classeshoneybadger-it.php:478
actionwoocommerce_emailhoneybadger-it.php:508
filterwoocommerce_email_headershoneybadger-it.php:542
filtercron_scheduleshoneybadger-it.php:557
actionhoneybadger_it_plugin_clean_db_tmphoneybadger-it.php:565
filterwoocommerce_email_order_items_argshoneybadger-it.php:620
filterwoocommerce_order_item_namehoneybadger-it.php:627
filterwoocommerce_available_variationhoneybadger-it.php:636
actionwoocommerce_reduce_order_stockhoneybadger-it.php:687
actionwoocommerce_restore_order_stockhoneybadger-it.php:688
filterrest_authentication_errorshoneybadger-it.php:771
actionadmin_enqueue_scriptshoneybadger-it.php:773
actionrest_api_inithoneybadger-it.php:819
actionrest_api_inithoneybadger-it.php:866
actionplugins_loadedincludes\class-honeybadger-it.php:121
actionadmin_enqueue_scriptsincludes\class-honeybadger-it.php:136
actionadmin_enqueue_scriptsincludes\class-honeybadger-it.php:137
actionwp_enqueue_scriptsincludes\class-honeybadger-it.php:152
actionwp_enqueue_scriptsincludes\class-honeybadger-it.php:153
filterwoocommerce_new_order_email_allows_resendincludes\honeybadger-api.php:1440
filterwoocommerce_new_order_email_allows_resendincludes\honeybadger-products-api.php:656

Scheduled Events 1

honeybadger_it_plugin_clean_db_tmp
Maintenance & Trust

HoneyBadger.IT Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 13, 2023
PHP min version5.4
Downloads830

Community Trust

Rating100/100
Number of ratings2
Active installs0
Alternatives

HoneyBadger.IT Alternatives

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

A
94

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 4 CVEs
Flexible Refund and Return Order for WooCommerce

Flexible Refund and Return Order for WooCommerce

flexible-refund-and-return-order-for-woocommerce

A
98

WooCommerce refund and returns process made simple. Let your customers request a refund and return products directly from the My Account page.

1K 2 CVEs
Order Tags or Order Label for WooCommerce

Order Tags or Order Label for WooCommerce

auto-assign-order-tags-for-woocommerce

A
100

This plugin automatically tags WooCommerce orders based on custom rules to improve order management and efficiently manage order processing.

80 No CVEs
PureDevs Customer History for WooCommerce

PureDevs Customer History for WooCommerce

puredevs-customer-history-for-woocommerce

A
100

Track your WooCommerce customers' order history, spending, and behaviour from a clean admin dashboard.

10 No CVEs
Developer Profile

HoneyBadger.IT Developer Profile

honeybadgerit

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HoneyBadger.IT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/honeybadger-it/admin/css/honeybadger-it-admin.css/wp-content/plugins/honeybadger-it/admin/js/honeybadger-it-admin.js/wp-content/plugins/honeybadger-it/assets/css/honeybadger-it-public.css/wp-content/plugins/honeybadger-it/assets/js/honeybadger-it-public.js
Script Paths
/wp-content/plugins/honeybadger-it/admin/js/honeybadger-it-admin.js/wp-content/plugins/honeybadger-it/assets/js/honeybadger-it-public.js
Version Parameters
honeybadger-it/admin/css/honeybadger-it-admin.css?ver=honeybadger-it/admin/js/honeybadger-it-admin.js?ver=honeybadger-it/assets/css/honeybadger-it-public.css?ver=honeybadger-it/assets/js/honeybadger-it-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
honeybadger-it-admin-wrap
HTML Comments
<!-- Currently plugin version. --><!-- If this file is called directly, abort. --><!-- The plugin bootstrap file -->
Data Attributes
data-page-titledata-page-slug
JS Globals
honeybadger_it_admin_object
REST Endpoints
/wp-json/honeybadger-it
FAQ

Frequently Asked Questions about HoneyBadger.IT