Does Identity Verification for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Identity Verification for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Identity Verification for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Identity Verification for WooCommerce 1.33.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Identity Verification for WooCommerce compatible with PHP 7.4+?

Identity Verification for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Identity Verification for WooCommerce updated?

Identity Verification for WooCommerce was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Identity Verification for WooCommerce's security score?

Identity Verification for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Identity Verification for WooCommerce Security & Risk Analysis

wordpress.org/plugins/identity-verification-for-woocommerce

Eliminate fraud & verify customer age with real ID checks

100 active installs v1.33.1 PHP 7.4+ WP 4.8+ Updated Feb 16, 2026

age-verificationfraudid-checkid-verificationwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Identity Verification for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Identity Verification for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "identity-verification-for-woocommerce" plugin version 1.33.1 exhibits a generally strong security posture, largely due to the absence of known vulnerabilities and good development practices in critical areas. The static analysis indicates a well-protected attack surface, with all identified entry points (AJAX handlers, shortcodes) appearing to have appropriate authorization checks. SQL queries are exclusively using prepared statements, which is excellent for preventing SQL injection vulnerabilities. The plugin also demonstrates a good number of capability checks, suggesting an effort to enforce user roles and permissions. The absence of any recorded CVEs and the lack of critical or high-severity issues in taint analysis further bolster this positive assessment.

However, there are areas that warrant attention and suggest room for improvement. The most significant concern lies in the output escaping, where only 59% of outputs are properly escaped. This leaves a substantial portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks if user-controlled data is not sufficiently sanitized before being displayed. While the taint analysis found no issues, this could be due to the limited scope of the analysis or the absence of specific malicious input during the testing. The presence of external HTTP requests, while not inherently a vulnerability, does introduce a potential attack vector if the external endpoints are compromised or if the data sent to them is not properly validated.

In conclusion, this plugin is currently in a good state regarding known vulnerabilities and fundamental security practices like prepared statements. Its strengths lie in its protected entry points and robust SQL handling. Nevertheless, the significant percentage of unescaped output presents a notable risk that should be addressed to achieve a more secure state. The absence of historical vulnerabilities is positive, but ongoing vigilance and code review, particularly around output handling, are crucial for maintaining this security.

Key Concerns

Unescaped output detected
Bundled library (Guzzle) may be outdated

Vulnerabilities

None known

Identity Verification for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Identity Verification for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared2 total queries

Output Escaping

59% escaped32 total outputs

Attack Surface

Identity Verification for WooCommerce Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 1

authwp_ajax_real_id_dismiss_localhost_noticerealid.php:66

Shortcodes 3

[real_id_user_verification_status] realid.php:71

[real_id_current_user_verification_status] realid.php:72

[real_id_check] realid.php:73

WordPress Hooks 32

actionreal_id_trigger_checkincludes\helpers.php:869

actionwoocommerce_after_checkout_validationincludes\Hooks\Checkout.php:11

actionuser_registerincludes\Hooks\Customers.php:10

actionwoocommerce_thankyouincludes\Hooks\Orders.php:21

actionwoocommerce_thankyouincludes\Hooks\Orders.php:22

actionwoocommerce_new_orderincludes\Hooks\Orders.php:27

actionwoocommerce_order_status_changedincludes\Hooks\Orders.php:30

actionadd_meta_boxesincludes\Hooks\Orders.php:41

filterwoocommerce_shop_order_list_table_columnsincludes\Hooks\Orders.php:47

actionwoocommerce_shop_order_list_table_custom_columnincludes\Hooks\Orders.php:48

filtermanage_edit-shop_order_columnsincludes\Hooks\Orders.php:51

actionmanage_shop_order_posts_custom_columnincludes\Hooks\Orders.php:52

actionadmin_menuincludes\WCRealID.php:25

actionbefore_woocommerce_initrealid.php:53

actionplugins_loadedrealid.php:59

filterplugin_action_linksrealid.php:60

actionadmin_enqueue_scriptsrealid.php:61

actionwp_enqueue_scriptsrealid.php:62

actionwp_enqueue_scriptsrealid.php:63

actionadmin_noticesrealid.php:65

actionrest_api_initrealid.php:68

actioninitrealid.php:69

filterscript_loader_tagrealid.php:70

filtermanage_users_columnsrealid.php:75

filtermanage_users_custom_columnrealid.php:76

filterallowed_http_originsrealid.php:77

filterrobots_txtrealid.php:78

filtersgo_javascript_combine_excluderealid.php:86

filtersgo_javascript_combine_excluded_external_pathsrealid.php:87

filtersgo_js_async_excluderealid.php:88

filterhttp_request_timeoutrealid.php:91

filterwoocommerce_integrationsrealid.php:187

Maintenance & Trust

Identity Verification for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 16, 2026

PHP min version7.4

Downloads36K

Community Trust

Rating100/100

Number of ratings12

Active installs100

Alternatives

Identity Verification for WooCommerce Alternatives

Trust Swiftly — Identity Verification for WooCommerce

trust-swiftly-verification

100

The trusted flexible, secure, and accurate identity verification platform for WooCommerce.

10 No CVEs

Didit Verify

didit-verify

100

Add identity verification to any WordPress page or WooCommerce checkout using Didit.

10 No CVEs

Fraud Prevention For WooCommerce and EDD

woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

It will Prevent fake orders and Blacklist fraud customers of your store.

5K 3 CVEs

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

wc-blacklist-manager

100

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K No CVEs

FraudLabs Pro for WooCommerce

fraudlabs-pro-for-woocommerce

Fraud prevention plugin for WooCommerce to minimize payment fraud and avoid chargebacks. With the FraudLabs Pro Micro Plan, you can get 500 free fraud …

1K 2 CVEs

Developer Profile

Identity Verification for WooCommerce Developer Profile

Verdict

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Identity Verification for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/identity-verification-for-woocommerce/build/admin-bundle.js/wp-content/plugins/identity-verification-for-woocommerce/build/idv-flow.js/wp-content/plugins/identity-verification-for-woocommerce/build/shop.js/wp-content/plugins/identity-verification-for-woocommerce/build/styles.css

Script Paths

build/admin-bundle.jsbuild/idv-flow.jsbuild/shop.js

Version Parameters

identity-verification-for-woocommerce/build/admin-bundle.js?ver=identity-verification-for-woocommerce/build/idv-flow.js?ver=identity-verification-for-woocommerce/build/shop.js?ver=identity-verification-for-woocommerce/build/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

real-id-notice

HTML Comments

Data Attributes

data-notice="real-id-localhost"

JS Globals

window.RealIDAppwindow.realIDAdminAppwindow.realIDAppConfig

REST Endpoints

/wp-json/real-id/v1/api//wp-json/real-id/v1/webhooks/

Shortcode Output

[real_id_user_verification_status][real_id_current_user_verification_status][real_id_check]

FAQ