Does Laposta WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Laposta WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Laposta WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Laposta WooCommerce 1.10.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Laposta WooCommerce compatible with PHP 7.1+?

Laposta WooCommerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Laposta WooCommerce updated?

Laposta WooCommerce was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is Laposta WooCommerce's security score?

Laposta WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Laposta WooCommerce Security & Risk Analysis

wordpress.org/plugins/laposta-woocommerce

This plugin can be used to add an optin checkbox to receive newsletters, using Laposta newsletter software (https://laposta.nl).

500 active installs v1.10.1 PHP 7.1+ WP 3.0+ Updated Mar 3, 2026

aanmeldenlapostanieuwsbrieven

A · Safe

CVEs total1

Unpatched0

Last CVEAug 17, 2025

Plugin page Download

Safety Verdict

Is Laposta WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Laposta WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 17, 2025Updated 1mo ago

Risk Assessment

The static analysis of the laposta-woocommerce plugin v1.10.1 indicates a generally good security posture in terms of immediate attack vectors. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without authorization, suggesting a limited attack surface. The code also appears to avoid dangerous functions and file operations, and all SQL queries are properly prepared. However, a concerning aspect is the output escaping, where only 67% of outputs are properly escaped, leaving potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining 33% of outputs. The taint analysis shows no identified unsanitized flows, which is a positive sign.

Key Concerns

Improper output escaping
No nonce checks
No capability checks

Vulnerabilities

Laposta WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49434medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Laposta WooCommerce <= 1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 17, 2025 Patched in 1.9.2 (10d)

Code Analysis

Analyzed Mar 16, 2026

Laposta WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped15 total outputs

Attack Surface

Laposta WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_initlaposta.php:46

actionadmin_menulaposta.php:47

filterwoocommerce_checkout_fieldslaposta.php:135

actionwoocommerce_checkout_update_order_metalaposta.php:136

filterwoocommerce_email_order_meta_keyslaposta.php:137

actionadmin_noticeslaposta.php:255

actionadmin_initlaposta.php:258

Maintenance & Trust

Laposta WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.1

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs500

Alternatives

Laposta WooCommerce Alternatives

Laposta Signup Embed

laposta-signup-embed

Laposta is a Dutch email marketing solution. This plugin can be used to load any of your Laposta embedded registration forms.

1K 2 CVEs

Laposta Signup Basic

laposta-signup-basic

Laposta is a Dutch email marketing tool. Load your Laposta lists and render fields in a HTML form with custom styling.

2K 2 CVEs

Miix Laposta Campaigns Lite

miix-laposta-campaigns-lite

100

Display your Laposta email campaigns within WordPress with shortcode functionality.

0 No CVEs

Developer Profile

Laposta WooCommerce Developer Profile

stijnvanderree

3 plugins · 4K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

114 days

View full developer profile

Detection Fingerprints

How We Detect Laposta WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/laposta-woocommerce/assets/css/laposta-admin.css/wp-content/plugins/laposta-woocommerce/assets/js/laposta-admin.js

Script Paths

/wp-content/plugins/laposta-woocommerce/assets/js/laposta-admin.js

Version Parameters

laposta-woocommerce/assets/css/laposta-admin.css?ver=laposta-woocommerce/assets/js/laposta-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

laposta-woocommerce-continued-support-notice

FAQ