WP-Safety

SCD – Smart Currency Detector – Premium Variant for WCFM Security & Risk Analysis

wordpress.org/plugins/scd-smart-currency-detector-variant-for-wcfm

❓ Have you thought about letting your customers buy in your online shop using their own currency and payment method ❓

10 active installs v4.8.0.1 PHP + WP 4.0.0+ Updated Sep 30, 2023
auto-detectconversionconvertercurrencywoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SCD – Smart Currency Detector – Premium Variant for WCFM Safe to Use in 2026?

Generally Safe

Score 85/100

SCD – Smart Currency Detector – Premium Variant for WCFM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin exhibits a mixed security posture. While it demonstrates good practices like a significant number of capability checks and a clean vulnerability history, there are notable areas of concern stemming from its attack surface and data handling. The high number of AJAX handlers (9) without authentication checks presents a significant risk, as these could be leveraged by unauthenticated users. Furthermore, the taint analysis reveals 8 flows with unsanitized paths, 6 of which are considered high severity. This indicates potential vulnerabilities where user-supplied data could be manipulated to execute unintended actions or access sensitive information, especially in conjunction with the unprotected AJAX endpoints. The fact that 48% of SQL queries are not using prepared statements and only 48% of output is properly escaped further exacerbates these risks, suggesting potential for SQL injection and cross-site scripting (XSS) vulnerabilities. The absence of any recorded CVEs is positive, but it does not negate the inherent risks identified in the static and taint analysis. The plugin has strengths in its capability checks and lack of historical vulnerabilities, but the current code analysis reveals critical weaknesses in input validation and access control for its AJAX endpoints.

Key Concerns

  • High number of unprotected AJAX handlers
  • High severity unsanitized taint flows
  • SQL queries without prepared statements
  • Improper output escaping
  • Low number of nonce checks on AJAX
Vulnerabilities
None known

SCD – Smart Currency Detector – Premium Variant for WCFM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SCD – Smart Currency Detector – Premium Variant for WCFM Code Analysis

Dangerous Functions
0
Raw SQL Queries
30
28 prepared
Unescaped Output
57
52 escaped
Nonce Checks
6
Capability Checks
36
File Operations
3
External Requests
6
Bundled Libraries
0

SQL Query Safety

48% prepared58 total queries

Output Escaping

48% escaped109 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
scd_license_activation (index.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

SCD – Smart Currency Detector – Premium Variant for WCFM Attack Surface

Entry Points10
Unprotected9

AJAX Handlers 9

authwp_ajax_puc_v4_debug_check_nowplugin-update-checker\Puc\v4p6\DebugBar\Extension.php:20
authwp_ajax_puc_v4_debug_request_infoplugin-update-checker\Puc\v4p6\DebugBar\PluginExtension.php:11
authwp_ajax_scd_show_user_currencyscd_multivendors_renders.php:72
authwp_ajax_scd_update_user_currencyscd_multivendors_renders.php:143
authwp_ajax_scd_update_user_currency_optionscd_multivendors_renders.php:156
authwp_ajax_scd_wcfmmp_update_shipping_methodscd_wcfm_multivendor.php:697
authwp_ajax_scd_wcfmmp_get_shipping_settingsscd_wcfm_multivendor.php:752
authwp_ajax_scd_wcfm_get_withdrwaw_listscd_wcfm_multivendor.php:1382
authwp_ajax_scd_wcfm_get_withdrwaw_requests_listscd_wcfm_multivendor.php:1567

Shortcodes 1

[scd_widget1] index.php:343
WordPress Hooks 80
actionwcfm_after_dashboard_stats_boxincludes\admin\scd-wcfm-admin-dashboard.php:2
actionwcfm_wcfmmarketplace_report_sales_by_date_afterincludes\admin\scd-wcfm-admin-report-by-date.php:5
actionafter_wcfm_dashboard_right_colincludes\admin\scd-wcfm-admin-report-by-date.php:27
filterwoocommerce_admin_report_dataincludes\admin\scd-wcfm-admin-report-by-date.php:64
filterwcfm_vendors_gross_sales_dataincludes\admin\scd-wcfm-admin-store-vendors.php:11
filterwcfm_vendors_earned_commission_dataincludes\admin\scd-wcfm-admin-store-vendors.php:66
filterwcfm_vendors_received_commission_dataincludes\admin\scd-wcfm-admin-store-vendors.php:114
actionwoocommerce_thankyouincludes\scd-wcfm-rate-saver.php:28
actioninitindex.php:23
actionplugins_loadedindex.php:34
actioncurrent_screenindex.php:46
actionwp_enqueue_scriptsindex.php:57
filterscd-admin-tab-listindex.php:59
filterscd-pro-unactivatedindex.php:70
filterscd_noticeindex.php:79
filterscd_license_manager_tabindex.php:95
actionscd_activate_license_formindex.php:100
actionadmin_noticesindex.php:318
filterdebug_bar_panelsplugin-update-checker\Puc\v4p6\DebugBar\Extension.php:17
actiondebug_bar_enqueue_scriptsplugin-update-checker\Puc\v4p6\DebugBar\Extension.php:18
filterupgrader_post_installplugin-update-checker\Puc\v4p6\Plugin\Package.php:32
actiondelete_site_transient_update_pluginsplugin-update-checker\Puc\v4p6\Plugin\Package.php:33
actionadmin_initplugin-update-checker\Puc\v4p6\Plugin\Ui.php:17
filterplugin_row_metaplugin-update-checker\Puc\v4p6\Plugin\Ui.php:24
filterplugin_row_metaplugin-update-checker\Puc\v4p6\Plugin\Ui.php:25
actionall_admin_noticesplugin-update-checker\Puc\v4p6\Plugin\Ui.php:26
filterplugins_apiplugin-update-checker\Puc\v4p6\Plugin\UpdateChecker.php:94
filtercron_schedulesplugin-update-checker\Puc\v4p6\Scheduler.php:50
actionadmin_initplugin-update-checker\Puc\v4p6\Scheduler.php:60
actionload-update-core.phpplugin-update-checker\Puc\v4p6\Scheduler.php:64
actionupgrader_process_completeplugin-update-checker\Puc\v4p6\Scheduler.php:71
actioninitplugin-update-checker\Puc\v4p6\UpdateChecker.php:88
filterupgrader_source_selectionplugin-update-checker\Puc\v4p6\UpdateChecker.php:132
filterhttp_request_host_is_externalplugin-update-checker\Puc\v4p6\UpdateChecker.php:136
actionplugins_loadedplugin-update-checker\Puc\v4p6\UpdateChecker.php:142
actionpuc_api_errorplugin-update-checker\Puc\v4p6\UpdateChecker.php:244
filterupgrader_pre_installplugin-update-checker\Puc\v4p6\UpgraderStatus.php:17
filterupgrader_package_optionsplugin-update-checker\Puc\v4p6\UpgraderStatus.php:18
filterupgrader_post_installplugin-update-checker\Puc\v4p6\UpgraderStatus.php:19
actionupgrader_process_completeplugin-update-checker\Puc\v4p6\UpgraderStatus.php:20
filterupgrader_pre_downloadplugin-update-checker\Puc\v4p6\Vcs\GitHubApi.php:362
filterhttp_request_argsplugin-update-checker\Puc\v4p6\Vcs\GitHubApi.php:387
actionadmin_initscd_free_install.php:16
filterscd_multivendors_activatescd_multivendors_renders.php:5
filterwoocommerce_product_export_column_namesscd_multivendors_renders.php:182
filterwoocommerce_product_export_product_default_columnsscd_multivendors_renders.php:183
filterwoocommerce_product_export_product_column_scd_other_optionsscd_multivendors_renders.php:200
filterwoocommerce_product_importer_parsed_datascd_multivendors_renders.php:203
filteris_scd_multivendorscd_multivendors_renders.php:215
filterscd_disable_sidebar_currenciesscd_multivendors_renders.php:221
actionwcfm_product_quick_edit_endscd_multivendors_renders.php:230
actionbefore_wcfm_paymentsscd_multivendors_renders.php:309
filterscd-settings-groupsscd_multivendors_settings.php:25
filterscd-options-fieldsscd_multivendors_settings.php:32
filterscd_init_currency_optionsscd_multivendors_settings.php:45
filterscd_list_currenciesscd_pro_currencies.php:3
actioninitscd_wcfm_multivendor.php:13
actionafter_wcfm_ajax_controllerscd_wcfm_multivendor.php:22
actionafter_wcfm_ajax_controllerscd_wcfm_multivendor.php:173
actionwcfm_product_quick_edit_savescd_wcfm_multivendor.php:203
filterwcfm_formeted_menusscd_wcfm_multivendor.php:280
filterwcfm_product_manage_fields_pricingscd_wcfm_multivendor.php:292
filterwcfm_product_manage_fields_variationsscd_wcfm_multivendor.php:446
filterwcfm_variation_edit_datascd_wcfm_multivendor.php:482
filterwcfm_product_variation_data_factoryscd_wcfm_multivendor.php:505
filterwcfmmp_settings_fields_shipping_by_countryscd_wcfm_multivendor.php:555
filterwcfmmp_settings_fields_shipping_rates_by_countryscd_wcfm_multivendor.php:584
filterwcfmmp_settings_fields_shipping_rates_by_weightscd_wcfm_multivendor.php:642
actionwcfm_vendor_settings_updatescd_wcfm_multivendor.php:774
actionafter_wcfm_products_manage_meta_savescd_wcfm_multivendor.php:896
filtercoupon_manager_fields_generalscd_wcfm_multivendor.php:902
filtercoupon_manager_fields_restrictionscd_wcfm_multivendor.php:918
filterwcfm_coupon_data_factoryscd_wcfm_multivendor.php:935
filterwoocommerce_reports_get_order_report_datascd_wcfm_multivendor.php:967
filterwoocommerce_reports_get_order_report_data_argsscd_wcfm_multivendor.php:1107
filterwcfm_vendor_pending_withdrawalscd_wcfm_multivendor.php:1269
actionafter_wcfm_withdrawalscd_wcfm_multivendor.php:1321
actionafter_wcfm_paymentsscd_wcfm_multivendor.php:1453
actionafter_wcfm_withdrawal_requestsscd_wcfm_multivendor.php:1511
filterwoocommerce_get_price_htmlscd_wcfm_multivendor.php:1676
Maintenance & Trust

SCD – Smart Currency Detector – Premium Variant for WCFM Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedSep 30, 2023
PHP min version
Downloads5K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

SCD – Smart Currency Detector – Premium Variant for WCFM Alternatives

SCM – Smart Currency Manager – Premium Variant for Dokan

SCM – Smart Currency Manager – Premium Variant for Dokan

scd-smart-currency-detector-variant-for-dokan

A
85

❓ Have you thought about letting your customers buy in your online shop using their own currency and payment method ❓

10 No CVEs
SCM – Smart Currency Manager – Premium Variant for WcVendor

SCM – Smart Currency Manager – Premium Variant for WcVendor

scd-smart-currency-detector-premium-variant-for-wcvendor

A
100

ALL-IN-ONE solution for buyers, sellers, single/multi vendors sites, market places. Best currency plugin for WC Vendor Marketplace for currency conver …

0 No CVEs
FOX – Currency Switcher Professional for WooCommerce

FOX – Currency Switcher Professional for WooCommerce

woocommerce-currency-switcher

A
93

FOX - Currency Switcher Professional for WooCommerce (former name is WOOCS) is currency plugin for woocommerce and multi currency shop, switch & pay

50K 12 CVEs
YayCurrency – WooCommerce Multi-Currency Switcher

YayCurrency – WooCommerce Multi-Currency Switcher

yaycurrency

A
96

WooCommerce Multi-Currency made easy, powerful, and flexible.

8K 2 CVEs
Currency Switcher for WooCommerce by WBW

Currency Switcher for WooCommerce by WBW

woo-currency

A
100

WBW Currency Switcher for WooCommerce allows customers to switch products prices to any currencies. Get rates converted in the real-time with dynamic …

4K 1 CVE
Developer Profile

SCD – Smart Currency Detector – Premium Variant for WCFM Developer Profile

scd2021

4 plugins · 80 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SCD – Smart Currency Detector – Premium Variant for WCFM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_lic_form.js/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_pro_postready.js/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_wcfm_multivendor.js
Script Paths
/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_lic_form.js/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_pro_postready.js/wp-content/plugins/scd-smart-currency-detector-variant-for-wcfm/js/scd_wcfm_multivendor.js

HTML / DOM Fingerprints

CSS Classes
scd-notice
JS Globals
scd_ajax
FAQ

Frequently Asked Questions about SCD – Smart Currency Detector – Premium Variant for WCFM