WP-Safety

Next-Cart Store to WooCommerce Migration Security & Risk Analysis

wordpress.org/plugins/nextcart-woocommerce-migration

Migrate products, customers, orders, blog posts, and other data from 80+ eCommerce platforms to WooCommerce and WordPress in a few clicks.

200 active installs v3.9.8 PHP + WP 3.0+ Updated Jan 22, 2026
import-to-woocommercemigrate-to-woocommercemigrate-to-wordpresswoocommerce-migrationwordpress-migration
98
A · Safe
CVEs total2
Unpatched0
Last CVEMar 31, 2025
Download
Safety Verdict

Is Next-Cart Store to WooCommerce Migration Safe to Use in 2026?

Generally Safe

Score 98/100

Next-Cart Store to WooCommerce Migration has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 31, 2025Updated 2mo ago
Risk Assessment

The "nextcart-woocommerce-migration" plugin v3.9.8 exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation (92% prepared) and output escaping (80%), significant concerns arise from its attack surface and lack of proper security checks. All identified entry points, including AJAX handlers and REST API routes, lack authentication and permission checks, creating a direct path for unauthorized actions. The presence of dangerous functions like `unserialize` and `exec` further amplifies risk, especially when combined with unsanitized input flows. The taint analysis reveals a high number of flows with unsanitized paths, with 10 identified as high severity, indicating a substantial risk of data manipulation or execution vulnerabilities.

The plugin's vulnerability history, including two known CVEs related to SQL Injection and Cross-site Scripting, even though currently unpatched, suggests a pattern of past security weaknesses. The presence of a high severity vulnerability in its history reinforces the concerns identified in the static analysis. While the plugin benefits from generally good SQL and output handling, the combination of unprotected entry points, potentially dangerous functions, numerous unsanitized input flows, and a history of significant vulnerabilities paints a concerning picture. A thorough review and remediation of these identified weaknesses are crucial to improve its overall security.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • 10 High severity taint flows
  • Use of unserialize function
  • Use of exec function
  • No nonce checks on AJAX
  • Limited capability checks (3)
  • Vulnerability history (2 CVEs)
  • High severity vulnerability in history
  • 11 Flows with unsanitized paths
Vulnerabilities
2

Next-Cart Store to WooCommerce Migration Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-30807high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Next-Cart Store to WooCommerce Migration <= 3.9.4 - Unauthenticated SQL Injection

Mar 31, 2025 Patched in 3.9.5 (11d)
CVE-2024-11687medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting

Dec 5, 2024 Patched in 3.9.4 (1d)
Code Analysis
Analyzed Mar 16, 2026

Next-Cart Store to WooCommerce Migration Code Analysis

Dangerous Functions
15
Raw SQL Queries
3
33 prepared
Unescaped Output
9
35 escaped
Nonce Checks
0
Capability Checks
3
File Operations
122
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserialize$queries = @unserialize(base64_decode($cart_query));includes\carts\kitconnect-api.php:115
unserialize$files = unserialize(base64_decode($cart_files));includes\carts\kitconnect-api.php:153
unserialize$clearcaches = unserialize(base64_decode($cart_clearcaches));includes\carts\kitconnect-api.php:621
unserialize$queries = @unserialize(base64_decode($_REQUEST['query']));kitconnect.php:126
unserialize$files = unserialize(base64_decode($_REQUEST['files']));kitconnect.php:163
unserialize$active_plugins = $active_plugin ? unserialize($active_plugin) : array();kitconnect.php:972
unserialize$clearcaches = unserialize(base64_decode($_REQUEST['clearcaches']));kitconnect.php:2600
exec@exec("($indexer $imagesResize $clearCache $rmCache) &>/dev/null &");kitconnect.php:2632
exec@exec("nohup $phpExecutable shell/indexer.php --reindexall > /dev/null 2>/dev/null & echo $!");kitconnect.php:2634
unserialize$queries = @unserialize(base64_decode($_REQUEST['query']));kitconnect.sample.php:126
unserialize$files = unserialize(base64_decode($_REQUEST['files']));kitconnect.sample.php:163
unserialize$active_plugins = $active_plugin ? unserialize($active_plugin) : array();kitconnect.sample.php:869
unserialize$clearcaches = unserialize(base64_decode($_REQUEST['clearcaches']));kitconnect.sample.php:1977
exec@exec("($indexer $imagesResize $clearCache $rmCache) &>/dev/null &");kitconnect.sample.php:2009
exec@exec("nohup $phpExecutable shell/indexer.php --reindexall > /dev/null 2>/dev/null & echo $!");kitconnect.sample.php:2011

SQL Query Safety

92% prepared36 total queries

Output Escaping

80% escaped44 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

13 flows11 with unsanitized paths
process_delete_redirect (includes\display.php:170)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Next-Cart Store to WooCommerce Migration Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 1

authwp_ajax_ncwm_migrationincludes\main.php:36

REST API Routes 1

GET/wp-json/next_cart/v1/migrationincludes\main.php:40
WordPress Hooks 7
actionadmin_initincludes\main.php:33
actionadmin_menuincludes\main.php:34
actionadmin_enqueue_scriptsincludes\main.php:37
actionadmin_enqueue_scriptsincludes\main.php:38
actionrest_api_initincludes\main.php:39
filtertemplate_redirectincludes\main.php:56
actionbefore_woocommerce_initnextcart-woocommerce-migration.php:36
Maintenance & Trust

Next-Cart Store to WooCommerce Migration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version
Downloads21K

Community Trust

Rating100/100
Number of ratings7
Active installs200
Alternatives

Next-Cart Store to WooCommerce Migration Alternatives

Cart2Cart Universal Migration App

Cart2Cart Universal Migration App

cart2cart-universal-store-migration-app

A
100

Enjoy an effortless database migration to WooCommerce with high security and no tech skills required. Free Demo and 24/7 support included!

300 No CVEs
Backup, Restore and Migrate your sites with XCloner

Backup, Restore and Migrate your sites with XCloner

xcloner-backup-and-restore

B
76

XCloner is a backup plugin that allows you to safely back up and restore your WordPress sites. You can send site backups to SFTP, Dropbox, Amazon, Goo &hellip;

10K 16 CVEs
WebToffee WP Backup and Migration

WebToffee WP Backup and Migration

wp-migration-duplicator

A
97

Easily backup, restore, or migrate. Supports one-click backup and scheduled backup. Backup selected content to Amazon S3, Google Drive, FTP/SFTP, etc.

6K 7 CVEs
Transferito: WP Migration

Transferito: WP Migration

transferito

A
100

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 No CVEs
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

B
71

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

400 1 unpatched
Developer Profile

Next-Cart Store to WooCommerce Migration Developer Profile

Martin Nguyen

1 plugin · 200 total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Next-Cart Store to WooCommerce Migration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nextcart-woocommerce-migration/assets/css/style.css/wp-content/plugins/nextcart-woocommerce-migration/assets/js/script.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/settings.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/migration.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/seo-url.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/how-it-works.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/extra-services.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/unlimited-migration.js
Script Paths
/wp-content/plugins/nextcart-woocommerce-migration/assets/js/script.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/settings.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/migration.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/seo-url.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/how-it-works.js/wp-content/plugins/nextcart-woocommerce-migration/assets/js/extra-services.js+1 more
Version Parameters
nextcart-woocommerce-migration/assets/css/style.css?ver=nextcart-woocommerce-migration/assets/js/script.js?ver=nextcart-woocommerce-migration/assets/js/settings.js?ver=nextcart-woocommerce-migration/assets/js/migration.js?ver=nextcart-woocommerce-migration/assets/js/seo-url.js?ver=nextcart-woocommerce-migration/assets/js/how-it-works.js?ver=nextcart-woocommerce-migration/assets/js/extra-services.js?ver=nextcart-woocommerce-migration/assets/js/unlimited-migration.js?ver=

HTML / DOM Fingerprints

CSS Classes
ncwm-main-contentncwm-migration-wrapncwm-migration-main-contentncwm-migrate-sectionncwm-migration-toolsncwm-migrate-progressncwm-progress-bar-containerncwm-settings-form+8 more
HTML Comments
<!-- NCWM_BEGIN_ADMIN_PAGE --><!-- NCWM_END_ADMIN_PAGE -->
Data Attributes
data-nextcart-migration-noncedata-ncwm-migration-url
JS Globals
NCWM_MainNCWM_DisplayNCWM_Kitconnect
REST Endpoints
/wp-json/next_cart/v1/migration
FAQ

Frequently Asked Questions about Next-Cart Store to WooCommerce Migration