WP-Safety

SCM – Smart Currency Manager Security & Risk Analysis

wordpress.org/plugins/scd-smart-currency-detector

❓ Have you thought about letting your customers buy in your online shop using their own currency and payment method ❓

60 active installs v4.7.10.6 PHP + WP 4.9+ Updated Sep 27, 2023
currency-converter-plugincurrency-switchingdokanwoocommerce-currency-handlingwoocommerce-product-addons
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SCM – Smart Currency Manager Safe to Use in 2026?

Generally Safe

Score 85/100

SCM – Smart Currency Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "scd-smart-currency-detector" plugin v4.7.10.6 exhibits several concerning security practices, despite a clean vulnerability history. The static analysis reveals a substantial attack surface, with 13 AJAX handlers, of which 11 lack any authentication checks. This represents a significant risk, as unauthenticated users could potentially trigger these handlers. Furthermore, the plugin uses raw SQL queries without prepared statements for 2 queries, which can be susceptible to SQL injection attacks. While the taint analysis did not uncover critical or high severity flaws, the presence of a flow with an unsanitized path is a red flag, hinting at potential vulnerabilities if exploited. The low percentage of properly escaped output (33%) also indicates a risk of cross-site scripting (XSS) vulnerabilities. The absence of known CVEs is positive, but it does not negate the inherent risks identified in the code's structure and implementation.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Flow with unsanitized path
  • Limited capability checks on entry points
Vulnerabilities
None known

SCM – Smart Currency Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SCM – Smart Currency Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
109
53 escaped
Nonce Checks
8
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

0% prepared2 total queries

Output Escaping

33% escaped162 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<scd_renders> (scd_renders.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

SCM – Smart Currency Manager Attack Surface

Entry Points17
Unprotected11

AJAX Handlers 13

authwp_ajax_current_user_can_manageindex.php:38
noprivwp_ajax_current_user_can_manageindex.php:39
authwp_ajax_scd_feedbackscd_inofs.php:538
noprivwp_ajax_scd_load_target_currencyscd_renders.php:986
authwp_ajax_scd_load_target_currencyscd_renders.php:987
noprivwp_ajax_scd_load_echange_ratesscd_renders.php:999
authwp_ajax_scd_load_echange_ratesscd_renders.php:1000
noprivwp_ajax_scd_ajax_load_ratesscd_renders.php:1014
noprivwp_ajax_scd_ajax_load_ratesscd_renders.php:1015
authwp_ajax_urna_autocomplete_searchscd_renders.php:2601
noprivwp_ajax_urna_autocomplete_searchscd_renders.php:2602
authwp_ajax_wc_appointments_calculate_costsscd_renders.php:2617
noprivwp_ajax_wc_appointments_calculate_costsscd_renders.php:2618

Shortcodes 4

[scd_widget] index.php:608
[scd_widget] scd_settings.php:426
[scd_vertical_flag] scd_settings.php:437
[scd_price] scd_settings.php:470
WordPress Hooks 54
actioninitindex.php:23
actionplugins_loadedindex.php:35
actionadmin_menuindex.php:497
actionadmin_initindex.php:499
actioncurrent_screenindex.php:500
actionwp_enqueue_scriptsindex.php:504
actionload-post.phpindex.php:505
actionload-post-new.phpindex.php:506
actioninitindex.php:512
actionwpindex.php:529
actionadmin_noticesindex.php:544
filterplugin_row_metaindex.php:547
actionadmin_initscd_for_marketplace_install.php:12
actionadmin_noticesscd_inofs.php:17
actionadmin_enqueue_scriptsscd_inofs.php:536
actionadmin_footerscd_inofs.php:552
actionsave_postscd_renders.php:38
actionwoocommerce_product_options_general_product_datascd_renders.php:39
filterscd_convert_line_totalscd_renders.php:1042
filterscd_convert_subtotalscd_renders.php:1068
filterscd_format_subtotalscd_renders.php:1111
filterscd_get_compare_currencyscd_renders.php:1138
filterwoocommerce_product_get_regular_pricescd_renders.php:1173
filterwoocommerce_product_get_sale_pricescd_renders.php:1174
filterwoocommerce_product_variation_get_regular_pricescd_renders.php:1178
filterwoocommerce_product_variation_get_sale_pricescd_renders.php:1179
filterwoocommerce_product_get_pricescd_renders.php:1185
filterwoocommerce_product_variation_get_pricescd_renders.php:1186
filterwoocommerce_variable_price_htmlscd_renders.php:1190
filterwc_pricescd_renders.php:1248
filterwoocommerce_currency_symbolscd_renders.php:1254
actionwpscd_renders.php:1290
actionwoocommerce_before_shop_loop_itemscd_renders.php:1297
filterwoocommerce_product_get_pricescd_renders.php:1310
actionwoocommerce_checkout_create_orderscd_renders.php:1497
filterwoocommerce_paypal_argsscd_renders.php:1941
filterwoocommerce_paypal_express_checkout_get_detailsscd_renders.php:2055
filterwoocommerce_paypal_express_checkout_allow_guestsscd_renders.php:2195
filterwoocommerce_currencyscd_renders.php:2210
actionwoocommerce_order_status_pending_to_processingscd_renders.php:2248
actionwoocommerce_order_status_pending_to_cancelledscd_renders.php:2249
actionwoocommerce_order_status_pending_to_on-holdscd_renders.php:2250
filterwp_nav_menu_objectsscd_renders.php:2359
filterwoocommerce_currenciesscd_renders.php:2404
filterwoocommerce_currency_symbolscd_renders.php:2411
actionwoocommerce_before_mini_cart_contentsscd_renders.php:2425
actionwoocommerce_order_item_meta_startscd_renders.php:2496
actionwoocommerce_receipt_ipay-ghana-wc-paymentscd_renders.php:2509
actionwoocommerce_product_options_general_product_datascd_renders.php:2570
filterwc_pricescd_renders.php:2605
filterwc_pricescd_renders.php:2620
filterwc_stripe_generate_create_intent_requestscd_renders.php:2682
filterwoocommerce_should_load_paypal_standardscd_renders.php:2705
actionwidgets_initscd_widget.php:113
Maintenance & Trust

SCM – Smart Currency Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedSep 27, 2023
PHP min version
Downloads17K

Community Trust

Rating92/100
Number of ratings11
Active installs60
Alternatives

SCM – Smart Currency Manager Alternatives

Advanced Product Fields (Product Addons) for WooCommerce

Advanced Product Fields (Product Addons) for WooCommerce

advanced-product-fields-for-woocommerce

A
98

Add options (addons) to your WooCommerce products so your customers can personalize their products. Product forms for everyone!

50K 2 CVEs
Product Addons for Woocommerce – Product Options with Custom Fields

Product Addons for Woocommerce – Product Options with Custom Fields

woo-custom-product-addons

A
97

WooCommerce Product Addons Add custom fields to your WooCommerce product page. With an easy-to-use Custom Form Builder.

30K 1 CVE
Extra Product Options For WooCommerce | Custom Product Addons and Fields

Extra Product Options For WooCommerce | Custom Product Addons and Fields

woo-extra-product-options

A
100

WooCommerce Extra Product Options plugin lets you add product addons (custom products field) of 20 different field types to your product page.

30K No CVEs
PPOM – Product Addons & Custom Fields for WooCommerce

PPOM – Product Addons & Custom Fields for WooCommerce

woocommerce-product-addon

B
80

Easily add a range of custom fields to WooCommerce products, from text boxes to date selectors, allowing customers to personalize their orders.

20K 11 CVEs
YITH WooCommerce Product Add-Ons

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

A
96

Increase average order value by letting your customers purchase additional options on your products.

20K 7 CVEs
Developer Profile

SCM – Smart Currency Manager Developer Profile

scd2021

4 plugins · 80 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SCM – Smart Currency Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scd-smart-currency-detector/css/scd_style.css/wp-content/plugins/scd-smart-currency-detector/css/jquery.scd_admin.css/wp-content/plugins/scd-smart-currency-detector/css/jquery.scd.css/wp-content/plugins/scd-smart-currency-detector/css/chosen.min.css/wp-content/plugins/scd-smart-currency-detector/js/scd_maps.js/wp-content/plugins/scd-smart-currency-detector/js/chosen.jquery.min.js/wp-content/plugins/scd-smart-currency-detector/js/scd_adminready.js/wp-content/plugins/scd-smart-currency-detector/css/country_select.css+5 more
Script Paths
scd_maps.jschosen.jquery.min.jsscd_adminready.jscountry_select.jsdefaultdata.jsscd_fetchdata.js+2 more
Version Parameters
scd-smart-currency-detector/css/scd_style.css?ver=scd-smart-currency-detector/css/jquery.scd_admin.css?ver=scd-smart-currency-detector/css/jquery.scd.css?ver=scd-smart-currency-detector/css/chosen.min.css?ver=scd-smart-currency-detector/js/scd_maps.js?ver=5.5.3scd-smart-currency-detector/js/chosen.jquery.min.js?ver=5.5.3scd-smart-currency-detector/js/scd_adminready.js?ver=5.5.3scd-smart-currency-detector/css/country_select.css?ver=scd-smart-currency-detector/js/country_select.js?ver=5.5.3scd-smart-currency-detector/js/defaultdata.js?ver=5.5.3scd-smart-currency-detector/js/scd_fetchdata.js?ver=5.5.3scd-smart-currency-detector/js/scd_postready.js?ver=5.5.3scd-smart-currency-detector/js/scd_widget.js?ver=5.5.3

HTML / DOM Fingerprints

CSS Classes
ch_scd_woo
Data Attributes
data-currency-iso3data-currency-symbol
JS Globals
settingsscd_ajax
REST Endpoints
/wp-json/scd/v1/currency
FAQ

Frequently Asked Questions about SCM – Smart Currency Manager