Kledo Security & Risk Analysis

wordpress.org/plugins/kledo

Integrates WooCommerce with Kledo Accounting Software.

10 active installs v1.4.1 PHP + WP 4.4+ Updated Feb 2, 2026
accountingkledowoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Kledo Safe to Use in 2026?

Generally Safe

Score 100/100

Kledo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'kledo' v1.4.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities and the robust handling of SQL queries with prepared statements are significant strengths. Furthermore, the plugin demonstrates good practices regarding output escaping and utilizes nonce and capability checks, indicating an awareness of common WordPress security pitfalls.

However, a notable concern arises from the presence of two AJAX handlers that lack authentication checks. This creates a direct attack vector where unauthenticated users could potentially interact with these handlers, leading to unintended actions or information disclosure. While taint analysis shows no immediate critical or high-severity issues, the unprotected AJAX endpoints represent a significant risk that could be exploited if malicious input is passed through them.

The plugin's history of zero known vulnerabilities is a positive indicator, suggesting a commitment to security by the developers. However, it's crucial to remember that this is based on past data. The primary immediate risk lies in the unprotected AJAX entry points, which require immediate attention to mitigate potential security breaches. Overall, while the plugin has many good security practices, the unprotected AJAX handlers present a clear and actionable security weakness.

Key Concerns

  • Unprotected AJAX handlers identified
Vulnerabilities
None known

Kledo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Kledo Release Timeline

v1.4.1Current
v1.4.0
v1.3.1
v1.3.0
v1.2.1
v1.2.0
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Kledo Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
91 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

94% escaped97 total outputs
Attack Surface
2 unprotected

Kledo Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wc_kledo_payment_accountincludes/class-wc-kledo-ajax.php:15
authwp_ajax_wc_kledo_warehouseincludes/class-wc-kledo-ajax.php:18
WordPress Hooks 29
actionadmin_enqueue_scriptsincludes/admin/class-wc-kledo-admin.php:60
actionadmin_enqueue_scriptsincludes/admin/class-wc-kledo-admin.php:61
actionadmin_menuincludes/admin/class-wc-kledo-admin.php:62
actionwp_loadedincludes/admin/class-wc-kledo-admin.php:63
actionload-woocommerce_page_wc-kledoincludes/admin/screen/class-wc-kledo-configure.php:48
actionwoocommerce_admin_field_wc_kledo_configure_titleincludes/admin/screen/class-wc-kledo-configure.php:63
actionload-woocommerce_page_wc-kledoincludes/admin/screen/class-wc-kledo-invoice.php:73
actionwoocommerce_admin_field_payment_accountincludes/admin/screen/class-wc-kledo-invoice.php:78
actionwoocommerce_admin_field_invoice_warehouseincludes/admin/screen/class-wc-kledo-invoice.php:79
actionwoocommerce_admin_field_invoice_tagsincludes/admin/screen/class-wc-kledo-invoice.php:80
actionload-woocommerce_page_wc-kledoincludes/admin/screen/class-wc-kledo-order.php:56
actionwoocommerce_admin_field_order_warehouseincludes/admin/screen/class-wc-kledo-order.php:61
actionwoocommerce_admin_field_order_tagsincludes/admin/screen/class-wc-kledo-order.php:62
actionload-woocommerce_page_wc-kledoincludes/admin/screen/class-wc-kledo-support.php:24
filterwp_redirectincludes/class-wc-kledo-admin-message-handler.php:79
actionadmin_noticesincludes/class-wc-kledo-admin-notice-handler.php:51
actionadmin_footerincludes/class-wc-kledo-admin-notice-handler.php:52
actionadmin_footerincludes/class-wc-kledo-admin-notice-handler.php:53
actionwp_loadedincludes/class-wc-kledo-connection.php:30
actioninitincludes/class-wc-kledo-translation.php:14
actionwoocommerce_order_status_processingincludes/class-wc-kledo-woocommerce.php:32
actionwoocommerce_order_status_completedincludes/class-wc-kledo-woocommerce.php:33
actionadmin_noticesincludes/class-wc-kledo.php:162
filterhttps_ssl_verifyincludes/class-wc-kledo.php:165
actionbefore_woocommerce_initincludes/class-wc-kledo.php:168
actionadmin_noticeskledo.php:127
actionadmin_initkledo.php:157
actionadmin_initkledo.php:158
actionplugins_loadedkledo.php:162
Maintenance & Trust

Kledo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Kledo Developer Profile

oggix

2 plugins · 2K total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Kledo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kledo/assets/css/styles.css/wp-content/plugins/kledo/assets/js/scripts.js
Script Paths
/wp-content/plugins/kledo/assets/js/scripts.js
Version Parameters
kledo/assets/css/styles.css?ver=kledo/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Kledo