Does MCat WooCommerce Tools have any unpatched vulnerabilities?

No. All known vulnerabilities in MCat WooCommerce Tools have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MCat WooCommerce Tools compatible with WordPress 6.9.4?

According to WordPress.org data, MCat WooCommerce Tools 8.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MCat WooCommerce Tools compatible with PHP 7.4+?

MCat WooCommerce Tools requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MCat WooCommerce Tools updated?

MCat WooCommerce Tools was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is MCat WooCommerce Tools's security score?

MCat WooCommerce Tools has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MCat WooCommerce Tools Security & Risk Analysis

wordpress.org/plugins/marketcat-ecommerce-analytics

Collects customer source information ("Where did you hear about us?"), adds a Free Shipping Bar, Quick Order Emails, and essential Store Man …

10 active installs v8.2 PHP 7.4+ WP 5.8+ Updated Mar 3, 2026

analyticsfree-shipping-barorder-sourcestore-managementwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MCat WooCommerce Tools Safe to Use in 2026?

Generally Safe

Score 100/100

MCat WooCommerce Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "marketcat-ecommerce-analytics" plugin v8.2 exhibits a generally strong security posture, with all identified entry points (AJAX handlers) protected by authentication checks. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and incorporating a reasonable number of nonce and capability checks. The absence of any recorded vulnerabilities in its history further reinforces this positive outlook, suggesting a commitment to secure development and maintenance.

However, there are specific areas that warrant attention. The static analysis revealed that only 60% of output escaping is properly done. This indicates a potential risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently sanitized before being displayed on the frontend. Additionally, the taint analysis flagged one flow with unsanitized paths, which, while not classified as critical or high severity in this report, represents a potential avenue for directory traversal or similar file system manipulation attacks if not addressed. The presence of file operations also necessitates careful scrutiny.

In conclusion, while the plugin has a solid foundation of security practices and a clean vulnerability history, the identified weaknesses in output escaping and the unsanitized path flow in the taint analysis are areas that require immediate attention to mitigate potential risks. Addressing these would further solidify the plugin's security.

Key Concerns

Insufficient output escaping (40% not properly escaped)
Taint flow with unsanitized path

Vulnerabilities

None known

MCat WooCommerce Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MCat WooCommerce Tools Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

60% escaped170 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

mcat_render_ppp_dropdown (Mcat-Source.php:547)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MCat WooCommerce Tools Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_mcat_save_source_from_thankyouMcat-Source.php:417

noprivwp_ajax_mcat_save_source_from_thankyouMcat-Source.php:418

authwp_ajax_mcat_qe_send_emailMcat-Source.php:664

WordPress Hooks 25

actionbefore_woocommerce_initMcat-Source.php:18

actionadmin_menuMcat-Source.php:27

actionadmin_enqueue_scriptsMcat-Source.php:40

actioninitMcat-Source.php:409

actionwoocommerce_review_order_before_paymentMcat-Source.php:413

actionwoocommerce_checkout_create_orderMcat-Source.php:414

actionwoocommerce_thankyouMcat-Source.php:416

actionwp_enqueue_scriptsMcat-Source.php:422

actionwoocommerce_admin_order_data_after_billing_addressMcat-Source.php:467

actionadmin_post_mcat_csv_exportMcat-Source.php:477

filtermanage_edit-shop_order_columnsMcat-Source.php:479

filtermanage_woocommerce_page_wc-orders_columnsMcat-Source.php:479

actionmanage_shop_order_posts_custom_columnMcat-Source.php:479

actionmanage_woocommerce_page_wc-orders_custom_columnMcat-Source.php:479

actionwoocommerce_shop_loop_item_titleMcat-Source.php:484

actionwoocommerce_before_single_variationMcat-Source.php:487

actionwoocommerce_single_product_summaryMcat-Source.php:490

actionwoocommerce_single_product_summaryMcat-Source.php:493

actionwoocommerce_before_cartMcat-Source.php:502

actionwoocommerce_before_checkout_formMcat-Source.php:503

actionwoocommerce_before_shop_loopMcat-Source.php:504

actionwoocommerce_before_shop_loopMcat-Source.php:543

filterloop_shop_per_pageMcat-Source.php:544

actionadd_meta_boxesMcat-Source.php:591

actionwoocommerce_email_after_order_tableMcat-Source.php:711

Maintenance & Trust

MCat WooCommerce Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads208

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MCat WooCommerce Tools Alternatives

Google Analytics for WooCommerce

woocommerce-google-analytics-integration

100

Provides integration between Google Analytics and WooCommerce.

200K No CVEs

Klaviyo

klaviyo

Klaviyo for WooCommerce

100K 2 CVEs

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

GTM Kit – Google Tag Manager & GA4 integration

gtm-kit

Google Tag Manager and GA4 integration. Including WooCommerce data for Google Analytics 4 and support for server side GTM.

30K 1 CVE

Modern Cart – WooCommerce Side Cart & Popup Cart

modern-cart

100

Modern Cart gives your store a side cart and free shipping bar so shoppers stay on the page, spend more to unlock rewards, and check out in seconds.

30K No CVEs

Developer Profile

MCat WooCommerce Tools Developer Profile

marketCAT

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MCat WooCommerce Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/marketcat-ecommerce-analytics/marketcat-ecommerce-analytics.php

HTML / DOM Fingerprints

CSS Classes

mcat-wrapmcat-logomcat-urlmcat-columnsmcat-col-leftmcat-col-rightmcat-info-boxmcat-tag+16 more

Data Attributes

data-mcat-id

JS Globals

mcatExportCsvmcatToggleBox

FAQ