Does Shop Information System have any unpatched vulnerabilities?

No. All known vulnerabilities in Shop Information System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shop Information System compatible with WordPress 6.9.4?

According to WordPress.org data, Shop Information System 1.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Shop Information System compatible with PHP 7.0+?

Shop Information System requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shop Information System updated?

Shop Information System was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is Shop Information System's security score?

Shop Information System has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shop Information System Security & Risk Analysis

wordpress.org/plugins/shop-information-system

An intuitive way of measuring and controlling your declines in sales due to external factors like COVID-19 situation.

0 active installs v1.1.4 PHP 7.0+ WP 3.5+ Updated Mar 4, 2026

orders-comparisonproducts-graphsrevenues-profitssales-discountswoocommerce-helpful

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Shop Information System Safe to Use in 2026?

Generally Safe

Score 100/100

Shop Information System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "shop-information-system" plugin v1.1.5 presents a mixed security posture. While it demonstrates good practices like using prepared statements for a majority of its SQL queries and implementing nonce checks for all identified entry points, several significant concerns remain. The most prominent issue is the presence of two AJAX handlers that lack authentication checks, creating a direct attack vector for unauthenticated users. Furthermore, a low percentage of properly escaped output (33%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the file operations. The absence of any recorded vulnerability history, while seemingly positive, could also indicate a lack of rigorous security auditing or that potential vulnerabilities have gone undiscovered. In conclusion, while the plugin has some solid security foundations, the unprotected AJAX endpoints and insufficient output escaping significantly elevate its risk profile, requiring immediate attention.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
File operations present

Vulnerabilities

None known

Shop Information System Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Shop Information System Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

105

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

65% prepared17 total queries

Output Escaping

33% escaped156 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

wpsis_version_type_update (inc\common.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Shop Information System Attack Surface

Entry Points16

Unprotected2

AJAX Handlers 15

authwp_ajax_wpsis_get_paginated_tableinc\classes\WPSIS.php:29

authwp_ajax_wpsis_update_product_price_bulkinc\classes\WPSIS.php:31

authwp_ajax_wpsis_load_productsinc\functions-inner.php:2

authwp_ajax_wpsis_analyze_priorityinc\functions-inner.php:46

authwp_ajax_wpsis_generate_sitemapinc\functions-inner.php:170

authwp_ajax_wpsis_update_optioninc\functions.php:441

authwp_ajax_wpsis_get_update_order_statesinc\functions.php:1467

authwp_ajax_wpsis_update_trafficinc\functions.php:2203

authwp_ajax_wpsis_update_monitoringinc\functions.php:2281

authwp_ajax_wpsis_record_order_browserinc\functions.php:2345

authwp_ajax_wpsis_update_not_foundinc\functions.php:2401

authwp_ajax_wpsis_load_yoast_keywordsinc\functions.php:2739

authwp_ajax_wpsis_get_woo_productsinc\functions.php:2879

authwp_ajax_wpsis_get_variationsinc\functions.php:2962

authwp_ajax_wpsis_save_image_idinc\functions.php:3009

Shortcodes 1

[WPSIS_ORDER_INFO] inc\functions.php:1589

WordPress Hooks 15

actionadmin_initinc\classes\WPSIS.php:27

actionadmin_initinc\common.php:4

actionadmin_enqueue_scriptsinc\functions.php:373

actionwp_enqueue_scriptsinc\functions.php:377

actionadmin_menuinc\functions.php:397

filterwoocommerce_product_data_store_cpt_get_products_queryinc\functions.php:575

actionwoocommerce_update_product_variationinc\functions.php:581

actionwoocommerce_update_productinc\functions.php:583

actionadmin_headinc\functions.php:1123

actionadmin_bar_menuinc\functions.php:1761

actionwoocommerce_checkout_create_orderinc\functions.php:1935

filtermanage_edit-shop_order_columnsinc\functions.php:1949

filtermanage_shop_order_posts_custom_columninc\functions.php:1971

actionwpinc\functions.php:2161

actionwoocommerce_checkout_create_orderinc\functions.php:2683

Maintenance & Trust

Shop Information System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Shop Information System Alternatives

No alternatives data available yet.

Developer Profile

Shop Information System Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

237 days

View full developer profile

Detection Fingerprints

How We Detect Shop Information System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shop-information-system/css/fontawesome.min.css/wp-content/plugins/shop-information-system/js/fontawesome.min.js/wp-content/plugins/shop-information-system/js/collect.min.js/wp-content/plugins/shop-information-system/js/moment.js/wp-content/plugins/shop-information-system/js/chart.min.js/wp-content/plugins/shop-information-system/js/bootstrap.min.js

Script Paths

/wp-content/plugins/shop-information-system/js/fontawesome.min.js/wp-content/plugins/shop-information-system/js/collect.min.js/wp-content/plugins/shop-information-system/js/moment.js/wp-content/plugins/shop-information-system/js/chart.min.js/wp-content/plugins/shop-information-system/js/bootstrap.min.js

Version Parameters

shop-information-system/css/fontawesome.min.css?ver=shop-information-system/js/fontawesome.min.js?ver=shop-information-system/js/collect.min.js?ver=shop-information-system/js/moment.js?ver=shop-information-system/js/chart.min.js?ver=shop-information-system/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpsis-bootstrap

HTML Comments

<!-- 

Plugin Name: Shop Information System

Plugin URI: http://androidbubble.com/blog/shop-information-system

Description: An intuitive way of measuring and controlling your declines in sales due to external factors like COVID-19 situation.

Author: Fahad Mahmood

Version: 1.1.5

Text Domain: si-system

Domain Path: /languages

Author URI: https://profiles.wordpress.org/fahadmahmood/

License: GPL2
	

This WordPress Plugin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This free software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this software. If not, see http://www.gnu.org/licenses/gpl-2.0.html.	
-->

Data Attributes

wpsis_nonceajax_urlis_wc_admin

JS Globals

wpsis_short_script_objwpsis_nonceajax_urlis_wc_adminwp_sis_prowp_sis_options

FAQ