Does Sello ChannelConnector have any unpatched vulnerabilities?

Yes — Sello ChannelConnector currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Sello ChannelConnector compatible with WordPress 5.8.13?

According to WordPress.org data, Sello ChannelConnector 1.6.3 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Sello ChannelConnector compatible with PHP 5.6+?

Sello ChannelConnector requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sello ChannelConnector updated?

Sello ChannelConnector was last updated on Dec 19, 2022. Frequent updates are generally a positive security signal.

What is Sello ChannelConnector's security score?

Sello ChannelConnector has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sello ChannelConnector Security & Risk Analysis

wordpress.org/plugins/sello-channelconnector

Easily send your products to multiple Nordic and European marketplaces like CDON, Fyndiq, Tradera, Wupti and Coolshop.

80 active installs v1.6.3 PHP 5.6+ WP 4.9.6+ Updated Dec 19, 2022

cdonchannelse-commercemarketplaceswoocommerce

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 20, 2025

Plugin page Download

Safety Verdict

Is Sello ChannelConnector Safe to Use in 2026?

Use With Caution

Score 63/100

Sello ChannelConnector has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 20, 2025Updated 3yr ago

Risk Assessment

The "sello-channelconnector" v1.6.3 plugin presents a concerning security posture due to significant weaknesses in its code and a history of vulnerabilities. The static analysis reveals a considerable attack surface with multiple unprotected entry points, specifically AJAX handlers and REST API routes, which are prime targets for attackers. The lack of proper authorization checks on these endpoints is a critical flaw. Furthermore, the taint analysis indicates high severity flows with unsanitized paths, suggesting potential for malicious input to be processed without adequate validation, leading to vulnerabilities. The plugin also demonstrates poor output escaping practices, with only 15% of outputs being properly escaped, increasing the risk of Cross-Site Scripting (XSS) attacks. The vulnerability history, including an unpatched medium severity CVE, further exacerbates these concerns, indicating a pattern of security issues. While the absence of dangerous functions and file operations is a minor positive, the overwhelming presence of critical security flaws makes this plugin a significant risk. Users should exercise extreme caution and consider disabling or seeking an updated, more secure version.

Key Concerns

Unprotected AJAX handler
REST API routes without permission callbacks
High severity taint flows
Low output escaping
No nonce checks
No capability checks
Unpatched medium CVE
Unsanitized paths in taint flows

Vulnerabilities

Sello ChannelConnector Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-52754medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sello ChannelConnector <= 1.6.3 - Reflected Cross-Site Scripting

Aug 20, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Sello ChannelConnector Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

48% prepared29 total queries

Output Escaping

15% escaped61 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

getPackslipAction (src\Settings\Admin.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Sello ChannelConnector Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 1

authwp_ajax_get_categoriessrc\Settings\Product.php:25

REST API Routes 3

GET/wp-json/wc-channelconnector/v1/updatedproductssrc\GetUpdatedProducts.php:12

POST/wp-json/wc-channelconnector/v1/orderssrc\Order.php:131

GET/wp-json/wc-channelconnector/v1/updatedproductssrc\UpdatedProducts.php:12

WordPress Hooks 15

actionplugins_loadedsello-channelconnector.php:71

actionadmin_initsello-channelconnector.php:139

actionrest_api_initsello-channelconnector.php:146

actionadmin_menusello-channelconnector.php:187

actionwoocommerce_admin_order_data_after_order_detailssrc\Order.php:40

filterbulk_actions-edit-shop_ordersrc\Order.php:41

filterhandle_bulk_actions-edit-shop_ordersrc\Order.php:42

actionadmin_noticessrc\Order.php:43

actiontrashed_postsrc\Product.php:19

actionwoocommerce_product_data_tabssrc\Settings\Product.php:19

filterwoocommerce_product_data_panelssrc\Settings\Product.php:20

actionwoocommerce_process_product_meta_simplesrc\Settings\Product.php:21

actionwoocommerce_process_product_meta_variablesrc\Settings\Product.php:22

actionwoocommerce_product_bulk_edit_startsrc\Settings\Product.php:23

actionwoocommerce_product_bulk_edit_savesrc\Settings\Product.php:24

Maintenance & Trust

Sello ChannelConnector Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedDec 19, 2022

PHP min version5.6

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

Sello ChannelConnector Alternatives

Product Filter for WooCommerce by WBW

woo-product-filter

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 6 CVEs

Klarna for WooCommerce

klarna-payments-for-woocommerce

100

Grow your business for increased sales and enhanced shopping experiences at no extra costs.

30K 1 CVE

WCBoost – Wishlist

wcboost-wishlist

100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs

Conversion Tracking for WooCommerce

woocommerce-conversion-tracking

Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce

20K 4 CVEs

Amazon Pay for WooCommerce

woocommerce-gateway-amazon-payments-advanced

100

Install the Amazon Pay plugin for your WooCommerce store and take advantage of a seamless checkout experience

20K 1 CVE

Developer Profile

Sello ChannelConnector Developer Profile

selloio

1 plugin · 80 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sello ChannelConnector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints

wc-channelconnector/v1/updatedproducts

FAQ