Does Safe.Shop have any unpatched vulnerabilities?

No. All known vulnerabilities in Safe.Shop have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Safe.Shop compatible with WordPress 5.2.24?

According to WordPress.org data, Safe.Shop 1.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Safe.Shop updated?

Safe.Shop was last updated on Nov 6, 2019. Frequent updates are generally a positive security signal.

What is Safe.Shop's security score?

Safe.Shop has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Safe.Shop Security & Risk Analysis

wordpress.org/plugins/safeshop

Safe.Shop allows you to shop online with confidence around the world. We certify online shops according to the Global Code of Conduct which means that …

10 active installs v1.0 PHP + WP 4.0+ Updated Nov 6, 2019

consumer-trustreduce-costssafe-shoptrust-sealtrustmark

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Safe.Shop Safe to Use in 2026?

Generally Safe

Score 85/100

Safe.Shop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The Safeshop plugin v1.0 exhibits a generally strong security posture based on the static analysis. The absence of identified vulnerabilities in its history is a positive indicator. The code signals show a commendable adherence to secure coding practices, with all SQL queries utilizing prepared statements and a high percentage of output properly escaped. The lack of file operations and external HTTP requests also reduces potential attack vectors.

However, a few areas warrant attention. The presence of one external HTTP request, while not inherently malicious, represents a potential entry point for man-in-the-middle attacks or if the external service is compromised. The single nonce check indicates that while some security measures are in place, there's room for broader implementation across all potential entry points. The lack of capability checks, combined with zero unprotected entry points and zero unprotected AJAX handlers, suggests that authentication and authorization are likely handled at a broader WordPress level, but the plugin itself doesn't enforce granular permissions, which could be a concern depending on its functionality.

Overall, Safeshop v1.0 appears to be a relatively secure plugin, with no critical or high-severity issues identified in its code or history. The developer seems to be following good practices for SQL and output handling. The primary areas for improvement would be to ensure all external requests are secured (e.g., via SSL and verification) and to consider implementing capability checks if the plugin handles sensitive data or actions.

Key Concerns

One external HTTP request detected
Only one nonce check implemented
Zero capability checks found
71% of outputs properly escaped

Vulnerabilities

None known

Safe.Shop Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Safe.Shop Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped7 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

safeshop_update_status (safeshop.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Safe.Shop Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_initsafeshop.php:17

actionadmin_initsafeshop.php:102

actionadmin_menusafeshop.php:108

actionwp_enqueue_scriptssafeshop.php:127

actionadmin_enqueue_scriptssafeshop.php:136

actionwoocommerce_thankyousafeshop.php:138

Maintenance & Trust

Safe.Shop Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedNov 6, 2019

PHP min version

Downloads1K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

Safe.Shop Alternatives

TrustedSite

trustedsite

100

Trust badges to increase sales.

20K No CVEs

Authorized Store Seal

authorized-store-seal

Authorized Store is a retailer/brand vetting service. The Seal and Certificate identify your e-store as “ Authorized” for all brands carried.

10 No CVEs

Truly Legit | TrulyBadge

trulylegit-trulybadge

100

Build an instant assurance of trust with Truly Legit’s trust badges & turn distrusting online consumers into loyal converting customers.

10 No CVEs

Developer Profile

Safe.Shop Developer Profile

ecommercefoundation

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Safe.Shop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/safeshop/assets/css/admincss.css/wp-content/plugins/safeshop/assets/js/adminjs.js

Script Paths

https://merchant.safe.shop/widget.js

HTML / DOM Fingerprints

CSS Classes

safeshop-form

Data Attributes

name="safeshop_status"name="safeshop_client_id"name="safeshop_client_secret"

FAQ