WP-Safety

Order Sync with Zendesk for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mwb-zendesk-woo-order-sync

Manage New Tickets and Orders with Zendesk Woo Order Sync

40 active installs v2.2.1 PHP 7.4+ WP 5.5.0+ Updated Aug 26, 2025
customer-supporthelp-deskintegration-zendeskorder-sync-zendeskzendesk
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Order Sync with Zendesk for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Order Sync with Zendesk for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "mwb-zendesk-woo-order-sync" v2.2.1 plugin exhibits a generally good security posture, with several strengths noted in the static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and a high percentage of properly escaped output are positive indicators. The plugin also appears to handle nonces correctly and has a history free of known vulnerabilities, suggesting a commitment to secure development practices. However, there are a few areas for concern that warrant attention.

The primary concern lies in the attack surface, specifically the presence of one REST API route that lacks a permission callback. This could potentially expose sensitive functionality to unauthenticated users. While the taint analysis did not reveal any unsanitized paths or critical/high severity flows, the lack of a permission check on a REST API endpoint is a significant oversight that bypasses WordPress's robust access control mechanisms.

Overall, the plugin is well-developed from a security perspective, with no critical or high-risk issues identified through taint analysis or its vulnerability history. The strengths in code hygiene and SQL security are commendable. Nevertheless, the unprotected REST API route is a notable weakness that should be addressed to ensure complete security. Addressing this single unprotected entry point would significantly enhance the plugin's security profile.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

Order Sync with Zendesk for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Order Sync with Zendesk for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
179 escaped
Nonce Checks
9
Capability Checks
0
File Operations
0
External Requests
12
Bundled Libraries
0

Output Escaping

95% escaped189 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
update_user_ticket (Library\class-mwb-zendesk-global-functions.php:28)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Order Sync with Zendesk for WooCommerce Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 6

authwp_ajax_mwb_zndsk_suggest_acceptclass-mwb-zendesk-connect-api.php:72
authwp_ajax_mwb_zndsk_suggest_laterclass-mwb-zendesk-connect-api.php:73
authwp_ajax_mwb_zndsk_ticketclass-mwb-zendesk-connect-api.php:74
authwp_ajax_mwb_zndsk_tickt_emailclass-mwb-zendesk-connect-api.php:75
authwp_ajax_mwb_zndsk_chat_historyclass-mwb-zendesk-connect-api.php:76
authwp_ajax_mwb_zndsk_save_order_config_optionsLibrary\class-mwb-zendesk-settings.php:53

REST API Routes 1

GET/wp-json/zndskwoo/order_detailsLibrary\class-mwb-zendesk-manager.php:324

Shortcodes 1

[mwb-ticket-history] Library\class-mwb-zendesk-manager.php:181
WordPress Hooks 23
actionadmin_footerLibrary\class-mwb-zendesk-global-functions.php:1011
actioninitLibrary\class-mwb-zendesk-manager.php:63
actionadmin_initLibrary\class-mwb-zendesk-manager.php:64
actionwoocommerce_account_ticket-history_endpointLibrary\class-mwb-zendesk-manager.php:67
filterwoocommerce_account_menu_itemsLibrary\class-mwb-zendesk-manager.php:68
filtermanage_users_columnsLibrary\class-mwb-zendesk-manager.php:69
actionmanage_users_custom_columnLibrary\class-mwb-zendesk-manager.php:70
actionwoocommerce_order_status_changedLibrary\class-mwb-zendesk-manager.php:72
actionwoocommerce_created_customerLibrary\class-mwb-zendesk-manager.php:73
actioninitLibrary\class-mwb-zendesk-manager.php:75
actioninitLibrary\class-mwb-zendesk-manager.php:76
filterwoocommerce_email_classesLibrary\class-mwb-zendesk-manager.php:78
actionadmin_menuLibrary\class-mwb-zendesk-settings.php:51
actionadd_meta_boxesLibrary\class-mwb-zendesk-settings.php:52
actionwp_loadedmwb-zendesk-woo-order-sync.php:77
filterplugin_row_metamwb-zendesk-woo-order-sync.php:98
actionbefore_woocommerce_initmwb-zendesk-woo-order-sync.php:109
actionrest_api_initmwb-zendesk-woo-order-sync.php:147
actionplugins_loadedmwb-zendesk-woo-order-sync.php:150
actionadmin_enqueue_scriptsmwb-zendesk-woo-order-sync.php:189
actionwp_enqueue_scriptsmwb-zendesk-woo-order-sync.php:190
actionadmin_initmwb-zendesk-woo-order-sync.php:265
actionadmin_noticesmwb-zendesk-woo-order-sync.php:274
Maintenance & Trust

Order Sync with Zendesk for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 26, 2025
PHP min version7.4
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Order Sync with Zendesk for WooCommerce Alternatives

Zendesk Support for WordPress

Zendesk Support for WordPress

zendesk

A
85

Bring the helpdesk into your blog

2K 1 CVE
Live Chat with Messenger Customer Chat

Live Chat with Messenger Customer Chat

fb-messenger-live-chat

A
99

Support your customers via Facebook Messenger Live Chat conveniently from your own website.

3K 1 CVE
Re:amaze Helpdesk & Live Chat

Re:amaze Helpdesk & Live Chat

reamaze

A
92

Boost sales conversions, loyalty, and engagement. Manage your social, email, sms, live chat, FAQ for your WordPress or WooCommerce store.

400 1 CVE
ChipBot – Video, Live Chat, & AI Help Desk

ChipBot – Video, Live Chat, & AI Help Desk

chipbot

A
100

ChipBot turns your website into a face-to-face story experience powered by AI, video, and chat.

100 No CVEs
Guest Support

Guest Support

guest-support

A
98

Complete WordPress support ticket system. No login needed for users or agents. Includes spam protection, file uploads, and secure replies.

40 2 CVEs
Developer Profile

Order Sync with Zendesk for WooCommerce Developer Profile

WP Swings

13 plugins · 43K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Order Sync with Zendesk for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-admin.css/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-admin.js/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-admin-global.js/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-global.css/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-ticket.js/wp-content/plugins/mwb-zendesk-woo-order-sync/assets/zndsk-public-ticket.css
Script Paths
//js.hsforms.net/forms/shell.js
Version Parameters
mwb-zendesk-woo-order-sync/assets/zndsk-admin.css?ver=mwb-zendesk-woo-order-sync/assets/zndsk-admin.js?ver=mwb-zendesk-woo-order-sync/assets/zndsk-admin-global.js?ver=mwb-zendesk-woo-order-sync/assets/zndsk-global.css?ver=mwb-zendesk-woo-order-sync/assets/zndsk-ticket.js?ver=mwb-zendesk-woo-order-sync/assets/zndsk-public-ticket.css?ver=

HTML / DOM Fingerprints

JS Globals
zndsk_ajax_object
REST Endpoints
/wp-json/mwb-zendesk-connect-api
FAQ

Frequently Asked Questions about Order Sync with Zendesk for WooCommerce