WP-Safety

Magento 2 WP Integration Security & Risk Analysis

wordpress.org/plugins/m2wp

Combine Magento 2 with the CMS capabilities of WordPress. Seamless user experience for visitors by integrating the design of Magento and WordPress.

100 active installs v1.4.2.1 PHP 7.3+ WP 4.0+ Updated Oct 30, 2025
e-commerceintegrationmagentomagento2shop
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 22, 2025
Download
Safety Verdict

Is Magento 2 WP Integration Safe to Use in 2026?

Mostly Safe

Score 78/100

Magento 2 WP Integration is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 5mo ago
Risk Assessment

The "m2wp" v1.4.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and has a relatively low number of total entry points, significant concerns arise from its handling of user input and authentication. The presence of dangerous functions like `unserialize` and `exec` raises red flags, especially when combined with taint analysis revealing two flows with unsanitized paths classified as high severity. Furthermore, three of the four AJAX handlers lack authentication checks, creating a substantial attack surface susceptible to unauthorized actions. The vulnerability history, while showing only one medium severity CVE, is concerning because it is currently unpatched and relates to Cross-site Scripting, a common and often impactful vulnerability type. The plugin's limited number of proper output escapes further amplifies the risk of XSS. In conclusion, the plugin has some strengths, but the identified vulnerabilities in input sanitization, authentication, and the presence of unpatched security flaws necessitate immediate attention and mitigation.

Key Concerns

  • Unpatched CVE (medium severity)
  • High severity taint flows (unsanitized paths)
  • AJAX handlers without auth checks (3 out of 4)
  • Dangerous functions: unserialize, exec
  • Low percentage of properly escaped output (23%)
  • Bundled library (Select2) potentially outdated
Vulnerabilities
1

Magento 2 WP Integration Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58669medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magento 2 WordPress Integration <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Magento 2 WP Integration Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
1 prepared
Unescaped Output
74
22 escaped
Nonce Checks
3
Capability Checks
2
File Operations
7
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$result = @unserialize( $_COOKIE[$messages_cookie_name] );include\classes\M2I_External.php:552
execexec( "php -l $tmp_file_path", $exec_output, $exec_result_code );magento2-integration.php:314

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

23% escaped96 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
<magento2-integration> (magento2-integration.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Magento 2 WP Integration Attack Surface

Entry Points8
Unprotected3

AJAX Handlers 4

authwp_ajax_m2i_get_shortcodeinclude\classes\M2I_Editor_Button.php:18
authwp_ajax_search_productsinclude\classes\widgets\M2I_Product_Widget.php:19
authwp_ajax_m2i_check_magentomagento2-integration.php:93
authwp_ajax_m2i_noticesmagento2-integration.php:94

Shortcodes 4

[m2i_cms_block] include\shortcodes.php:8
[m2i_category_slider] include\shortcodes.php:88
[m2i_product_block] include\shortcodes.php:180
[m2i_cart] include\shortcodes.php:233
WordPress Hooks 47
actionwp_headinclude\classes\M2I_Content.php:27
actionwp_footerinclude\classes\M2I_Content.php:29
actiontemplate_includeinclude\classes\M2I_Content.php:32
actionload-post-new.phpinclude\classes\M2I_Editor_Button.php:15
actionload-post.phpinclude\classes\M2I_Editor_Button.php:16
actionmedia_buttonsinclude\classes\M2I_Editor_Button.php:17
actionadmin_noticesinclude\classes\M2I_External.php:532
actionadmin_menuinclude\classes\M2I_Settings.php:81
actioncurrent_screeninclude\classes\M2I_Settings.php:82
filterm2i_text_will_be_constant_mage_dirinclude\classes\M2I_Settings.php:392
filterm2i_flag_value_mage_runs_from_rootinclude\classes\M2I_Settings.php:393
filterm2i_select_checked_value_mage_store_codeinclude\classes\M2I_Settings.php:394
filterm2i_select_values_mage_store_codeinclude\classes\M2I_Settings.php:397
filterm2i_flag_value_mage_auto_addinginclude\classes\M2I_Settings.php:400
filterm2i_flag_value_use_mage_layout_namesinclude\classes\M2I_Settings.php:401
filterm2i_select_checked_value_mage_header_block_nameinclude\classes\M2I_Settings.php:402
filterm2i_select_checked_value_mage_footer_block_nameinclude\classes\M2I_Settings.php:405
filterm2i_select_values_mage_header_block_nameinclude\classes\M2I_Settings.php:408
filterm2i_select_values_mage_footer_block_nameinclude\classes\M2I_Settings.php:409
filterm2i_text_value_mage_dirinclude\classes\M2I_Settings.php:410
filterm2i_text_value_mage_header_css_selectorinclude\classes\M2I_Settings.php:411
filterm2i_text_value_mage_footer_css_selectorinclude\classes\M2I_Settings.php:412
filterm2i_use_native_dom_documentinclude\classes\M2I_Settings.php:414
filterm2i_flag_value_mage_header_flaginclude\classes\M2I_Settings.php:417
filterm2i_flag_value_mage_footer_flaginclude\classes\M2I_Settings.php:418
filterm2i_flag_value_mage_scripts_head_flaginclude\classes\M2I_Settings.php:419
filterm2i_flag_value_mage_scripts_body_flaginclude\classes\M2I_Settings.php:420
filterm2i_flag_value_mage_styles_flaginclude\classes\M2I_Settings.php:421
filterm2i_flag_value_mage_js_flaginclude\classes\M2I_Settings.php:422
actioncurrent_screeninclude\classes\M2I_Widgets.php:27
actionwidgets_initinclude\classes\M2I_Widgets.php:28
actionwp_enqueue_scriptsinclude\classes\M2I_Widgets.php:29
actionsetup_thememagento2-integration.php:43
actionadmin_noticesmagento2-integration.php:49
actionadmin_noticesmagento2-integration.php:57
actionm2i_before_initmagento2-integration.php:81
actioninitmagento2-integration.php:90
actionadmin_enqueue_scriptsmagento2-integration.php:92
actionm2i_after_initmagento2-integration.php:99
actionm2i_after_initmagento2-integration.php:111
actionm2i_after_initmagento2-integration.php:112
actionm2i_after_initmagento2-integration.php:113
actioninitmagento2-integration.php:493
actiongenesis_headersamples\genesis-child-m2i\functions.php:24
actioninitsamples\genesis-child-m2i\functions.php:34
actiongenesis_footersamples\genesis-child-m2i\functions.php:41
actionwp_enqueue_scriptssamples\twentyseventeen-child-m2i\functions.php:15
Maintenance & Trust

Magento 2 WP Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 30, 2025
PHP min version7.3
Downloads11K

Community Trust

Rating88/100
Number of ratings7
Active installs100
Alternatives

Magento 2 WP Integration Alternatives

Products Display Lite for Magento

Products Display Lite for Magento

products-display-lite-for-magento

A
92

A lightweight WordPress plugin to display Magento product information via shortcode.

0 No CVEs
Product Filter for WooCommerce by WBW

Product Filter for WooCommerce by WBW

woo-product-filter

A
88

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 7 CVEs
Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
Welcart e-Commerce

Welcart e-Commerce

usc-e-shop

D
40

Welcart is a free e-commerce plugin for Wordpress with top market share in Japan.

20K 1 unpatched
Omnibus — show the lowest price

Omnibus — show the lowest price

omnibus

A
100

The plugin adds price compatibility with the EU Omnibus Directive.

10K No CVEs
Developer Profile

Magento 2 WP Integration Developer Profile

Modern Minds

1 plugin · 100 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Magento 2 WP Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/m2wp/css/admin_settings.css/wp-content/plugins/m2wp/css/select2.min.css/wp-content/plugins/m2wp/js/ajaxsearch.js/wp-content/plugins/m2wp/js/notices.js/wp-content/plugins/m2wp/js/select2.full.min.js/wp-content/plugins/m2wp/js/tooltip.js/wp-content/plugins/m2wp/js/admin_settings.js
Script Paths
/wp-content/plugins/m2wp/js/notices.js/wp-content/plugins/m2wp/js/select2.full.min.js/wp-content/plugins/m2wp/js/ajaxsearch.js/wp-content/plugins/m2wp/js/admin_settings.js/wp-content/plugins/m2wp/js/tooltip.js
Version Parameters
m2wp/css/admin_settings.css?ver=m2wp/css/select2.min.css?ver=m2wp/js/ajaxsearch.js?ver=m2wp/js/notices.js?ver=m2wp/js/select2.full.min.js?ver=m2wp/js/admin_settings.js?ver=m2wp/js/tooltip.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-m2i-url
JS Globals
m2i_urlsm2i_optionstooltips
FAQ

Frequently Asked Questions about Magento 2 WP Integration