Does Shopkeeper Extender have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Shopkeeper Extender compatible with WordPress 6.9.4?

According to WordPress.org data, Shopkeeper Extender 7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Shopkeeper Extender compatible with PHP 7.4.1+?

Shopkeeper Extender requires PHP 7.4.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shopkeeper Extender updated?

Shopkeeper Extender was last updated on Mar 26, 2026. Frequent updates are generally a positive security signal.

What is Shopkeeper Extender's security score?

Shopkeeper Extender has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shopkeeper Extender Security & Risk Analysis

wordpress.org/plugins/shopkeeper-extender

Extends the functionality of the Shopkeeper Theme by adding theme specific features.

5K active installs v7.3 PHP 7.4.1+ WP 6.0+ Updated Mar 26, 2026

shopkeeperthemewoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVENov 13, 2025

Plugin page Download

Safety Verdict

Is Shopkeeper Extender Safe to Use in 2026?

Generally Safe

Score 98/100

Shopkeeper Extender has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Nov 13, 2025Updated 1mo ago

Risk Assessment

The shopkeeper-extender plugin exhibits a mixed security posture. While it demonstrates good practices in areas like prepared SQL statements and a high percentage of properly escaped output, there are notable concerns regarding its attack surface and past vulnerability history. The presence of 6 AJAX handlers without authentication checks represents a significant potential entry point for attackers to exploit. Although the taint analysis did not reveal critical or high severity unsanitized flows, the 2 identified flows with unsanitized paths warrant attention as they could lead to vulnerabilities if not handled properly. The plugin's history of 2 medium severity Cross-site Scripting (XSS) vulnerabilities, even though currently patched, indicates a recurring weakness that needs to be actively monitored. The lack of recent vulnerabilities (last one in 2025) is positive, but past patterns suggest a need for continued vigilance.

Key Concerns

Unprotected AJAX handlers
Taint flows with unsanitized paths
Medium severity CVEs in history

Vulnerabilities

2 published

Shopkeeper Extender Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-67544medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shopkeeper Extender < 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 13, 2025 Patched in 7.0 (28d)

CVE-2024-2801medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shopkeeper Extender <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 11, 2024 Patched in 3.7 (113d)

Version History

Shopkeeper Extender Release Timeline

v7.3Current

v7.2

v7.1

v7.0

v6.9.11 CVE

v6.91 CVE

v6.81 CVE

v6.71 CVE

v6.61 CVE

v6.51 CVE

v6.41 CVE

v6.31 CVE

v6.21 CVE

v6.1.11 CVE

v6.11 CVE

v5.91 CVE

v5.71 CVE

v5.61 CVE

v5.51 CVE

v5.41 CVE

Code Analysis

Analyzed Mar 16, 2026

Shopkeeper Extender Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

725 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

95% escaped764 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

start_el (includes\custom-menu\class\class-sk-ext-navwalker-image.php:130)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Shopkeeper Extender Attack Surface

Entry Points18

Unprotected6

AJAX Handlers 12

authwp_ajax_gbt_dismiss_notificationdashboard\inc\classes\class-gbt-notification-handler.php:23

authwp_ajax_dismiss_license_notificationdashboard\inc\classes\class-license-subscription-checker.php:90

authwp_ajax_dismiss_update_notificationdashboard\inc\classes\class-theme-updates.php:173

authwp_ajax_gbt_refresh_licensedashboard\inc\pages\content\license-ajax-refresh.php:214

authwp_ajax_puc_v5_debug_check_nowdashboard\inc\puc\Puc\v5p6\DebugBar\Extension.php:29

authwp_ajax_puc_v5_debug_request_infodashboard\inc\puc\Puc\v5p6\DebugBar\PluginExtension.php:16

authwp_ajax_install_theme_ajaxdashboard\index.php:63

authwp_ajax_activate_theme_ajaxdashboard\index.php:64

authwp_ajax_dismiss_gbt_dashboard_notificationdashboard\index.php:182

authwp_ajax_gbt_enable_auto_updatesdashboard\index.php:183

authwp_ajax_install_theme_ajaxdashboard\index.php:184

authwp_ajax_activate_theme_ajaxdashboard\index.php:185

Shortcodes 6

[product_categories_grid] includes\shortcodes\wc\categories-grid.php:135

[banner] includes\shortcodes\wp\banner.php:76

[from_the_blog] includes\shortcodes\wp\posts-slider.php:114

[slider] includes\shortcodes\wp\slider.php:60

[image_slide] includes\shortcodes\wp\slider.php:158

[social-media] includes\social-media\class-social-media.php:462

WordPress Hooks 99

actionadmin_enqueue_scriptsdashboard\inc\classes\class-gbt-notification-handler.php:24

actionupgrader_process_completedashboard\inc\classes\class-gbt-notification-handler.php:27

actionadmin_initdashboard\inc\classes\class-license-manager.php:32

filterparent_filedashboard\inc\classes\class-license-menu-badge.php:19

actionadmin_initdashboard\inc\classes\class-license-menu-badge.php:157

actioninitdashboard\inc\classes\class-license-server-connector.php:36

actiongetbowtied_license_verifieddashboard\inc\classes\class-license-server-connector.php:50

actiongetbowtied_license_deactivateddashboard\inc\classes\class-license-server-connector.php:53

actionadmin_noticesdashboard\inc\classes\class-license-subscription-checker.php:87

actionadmin_enqueue_scriptsdashboard\inc\classes\class-license-subscription-checker.php:93

actionadmin_initdashboard\inc\classes\class-license-subscription-checker.php:396

actionadmin_initdashboard\inc\classes\class-special-license-manager.php:31

actionadmin_initdashboard\inc\classes\class-theme-li.php:111

actionadmin_initdashboard\inc\classes\class-theme-li.php:112

actioninitdashboard\inc\classes\class-theme-updates.php:103

actioninitdashboard\inc\classes\class-theme-updates.php:104

filtersite_transient_update_themesdashboard\inc\classes\class-theme-updates.php:170

filterupgrader_pre_downloaddashboard\inc\classes\class-theme-updates.php:171

actionadmin_noticesdashboard\inc\classes\class-theme-updates.php:172

actionadmin_enqueue_scriptsdashboard\inc\classes\class-theme-updates.php:174

actionupgrader_process_completedashboard\inc\classes\class-theme-updates.php:175

actioninitdashboard\inc\classes\class-theme-updates.php:690

filterwp_kses_allowed_htmldashboard\inc\pages\content\template-parts\license-status-banner.php:147

filterscreen_options_show_screendashboard\inc\pages\includes.php:27

actionadmin_enqueue_scriptsdashboard\inc\pages\includes.php:147

actionadmin_menudashboard\inc\pages\pages-order.php:47

actionadmin_menudashboard\inc\pages\pages.php:104

actionin_admin_footerdashboard\inc\pointers\pointers.php:98

actionadmin_initdashboard\inc\pointers\pointers.php:113

actionafter_switch_themedashboard\inc\pointers\pointers.php:121

filterdebug_bar_panelsdashboard\inc\puc\Puc\v5p6\DebugBar\Extension.php:26

actiondebug_bar_enqueue_scriptsdashboard\inc\puc\Puc\v5p6\DebugBar\Extension.php:27

filterupgrader_post_installdashboard\inc\puc\Puc\v5p6\Plugin\Package.php:37

actiondelete_site_transient_update_pluginsdashboard\inc\puc\Puc\v5p6\Plugin\Package.php:38

actionadmin_initdashboard\inc\puc\Puc\v5p6\Plugin\Ui.php:19

filterplugin_row_metadashboard\inc\puc\Puc\v5p6\Plugin\Ui.php:26

filterplugin_row_metadashboard\inc\puc\Puc\v5p6\Plugin\Ui.php:27

actionall_admin_noticesdashboard\inc\puc\Puc\v5p6\Plugin\Ui.php:28

filterplugins_apidashboard\inc\puc\Puc\v5p6\Plugin\UpdateChecker.php:101

filtercron_schedulesdashboard\inc\puc\Puc\v5p6\Scheduler.php:53

actionadmin_initdashboard\inc\puc\Puc\v5p6\Scheduler.php:78

actionload-update-core.phpdashboard\inc\puc\Puc\v5p6\Scheduler.php:82

actionupgrader_process_completedashboard\inc\puc\Puc\v5p6\Scheduler.php:90

actionupgrader_process_completedashboard\inc\puc\Puc\v5p6\Scheduler.php:91

actioninitdashboard\inc\puc\Puc\v5p6\UpdateChecker.php:120

filterupgrader_source_selectiondashboard\inc\puc\Puc\v5p6\UpdateChecker.php:168

filterhttp_request_host_is_externaldashboard\inc\puc\Puc\v5p6\UpdateChecker.php:172

filterhttp_request_argsdashboard\inc\puc\Puc\v5p6\UpdateChecker.php:176

actionplugins_loadeddashboard\inc\puc\Puc\v5p6\UpdateChecker.php:182

actionpuc_api_errordashboard\inc\puc\Puc\v5p6\UpdateChecker.php:362

filterupgrader_pre_installdashboard\inc\puc\Puc\v5p6\UpgraderStatus.php:19

filterupgrader_package_optionsdashboard\inc\puc\Puc\v5p6\UpgraderStatus.php:20

filterupgrader_post_installdashboard\inc\puc\Puc\v5p6\UpgraderStatus.php:21

actionupgrader_process_completedashboard\inc\puc\Puc\v5p6\UpgraderStatus.php:22

filterupgrader_pre_downloaddashboard\inc\puc\Puc\v5p6\Vcs\GitHubApi.php:355

filterhttp_request_argsdashboard\inc\puc\Puc\v5p6\Vcs\GitHubApi.php:404

actionrequests-requests.before_redirectdashboard\inc\puc\Puc\v5p6\Vcs\GitHubApi.php:405

actioninitdashboard\inc\third\includes\elementor.php:20

actionadmin_initdashboard\inc\third\includes\elementor.php:21

actionadmin_initdashboard\inc\third\includes\elementor.php:22

actionadmin_enqueue_scriptsdashboard\inc\third\includes\elementor.php:23

actionelementor/editor/after_enqueue_scriptsdashboard\inc\third\includes\elementor.php:24

actionadmin_headdashboard\inc\third\includes\elementor.php:28

actionadmin_initdashboard\inc\third\includes\elementor.php:36

actionadmin_enqueue_scriptsdashboard\inc\third\includes\yith.php:13

actionadmin_noticesdashboard\index.php:61

actionadmin_enqueue_scriptsdashboard\index.php:62

actionupgrader_process_completedashboard\index.php:178

actionadmin_initdashboard\index.php:179

actionadmin_noticesdashboard\index.php:180

actionproduct_cat_add_form_fieldsincludes\addons\class-wc-category-header-image.php:28

actionproduct_cat_edit_form_fieldsincludes\addons\class-wc-category-header-image.php:29

actioncreated_termincludes\addons\class-wc-category-header-image.php:30

actionedit_termincludes\addons\class-wc-category-header-image.php:31

filtermanage_edit-product_cat_columnsincludes\addons\class-wc-category-header-image.php:32

filtermanage_product_cat_custom_columnincludes\addons\class-wc-category-header-image.php:33

actionwoocommerce_archive_descriptionincludes\addons\class-wc-category-header-image.php:34

actionadmin_headincludes\addons\class-wc-category-header-image.php:35

filtergetbowtied_get_category_header_imageincludes\addons\class-wc-category-header-image.php:37

filterwp_setup_nav_menu_itemincludes\custom-menu\class\class-sk-ext-navwalker-image.php:7

actionwp_update_nav_menu_itemincludes\custom-menu\class\class-sk-ext-navwalker-image.php:10

filterwp_edit_nav_menu_walkerincludes\custom-menu\class\class-sk-ext-navwalker-image.php:13

actionwp_nav_menu_item_custom_fieldsincludes\custom-menu\class\class-sk-ext-navwalker-image.php:15

actionwp_enqueue_scriptsincludes\custom-menu\index.php:7

actionadmin_enqueue_scriptsincludes\helpers\helpers.php:45

actionadmin_enqueue_scriptsincludes\helpers\helpers.php:52

actionwp_enqueue_scriptsincludes\shortcodes\index.php:11

actionwp_enqueue_scriptsincludes\shortcodes\index.php:19

actioninitincludes\shortcodes\index.php:27

actionfooter_socialsincludes\social-media\class-social-media.php:55

actionheader_socialsincludes\social-media\class-social-media.php:61

actionwp_enqueue_scriptsincludes\social-media\class-social-media.php:89

actioncustomize_registerincludes\social-media\class-social-media.php:352

filtergetbowtied_woocommerce_before_single_product_summary_data_tabsincludes\social-sharing\class-social-sharing.php:35

actionwp_headincludes\social-sharing\class-social-sharing.php:42

actionwp_enqueue_scriptsincludes\social-sharing\class-social-sharing.php:89

actioncustomize_registerincludes\social-sharing\class-social-sharing.php:112

actionwidgets_initincludes\widgets\social-media.php:84

actionafter_setup_themeshopkeeper-extender.php:126

Maintenance & Trust

Shopkeeper Extender Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 26, 2026

PHP min version7.4.1

Downloads166K

Community Trust

Rating100/100

Number of ratings1

Active installs5K

Alternatives

Shopkeeper Extender Alternatives

YITH WooCommerce Catalog Mode

yith-woocommerce-catalog-mode

YITH WooCommerce Catalog Mode, a plugin for disabling sales in your e-commerce and turn it into an e-commerce into an online catalogue.

60K 1 CVE

Envo Extra

envo-extra

Extra addon for EnvoThemes Themes

20K 8 CVEs

HookMeUp for WooCommerce

hookmeup

100

Additional content and Customization for WooCommerce Templates.

10K No CVEs

Dashify: WooCommerce admin dashboard theme

dashify

100

A modern design and UI for the WooCommerce admin. Manage, search, and navigate orders faster. Make the WordPress admin dashboard ecommerce-focused.

1K No CVEs

Ajaxified Cart

ajaxified-cart-woocommerce

100

AJAX add-to-cart for WooCommerce: simple & variable products on archives/blocks via accessible modal and instant cart refresh.

400 No CVEs

Developer Profile

Shopkeeper Extender Developer Profile

Get Bowtied

4 plugins · 24K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect Shopkeeper Extender

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shopkeeper-extender/dashboard/js/gbt-notification-handler.js/wp-content/plugins/shopkeeper-extender/includes/vendor/enqueue.php/wp-content/plugins/shopkeeper-extender/includes/customizer/repeater/class-sk-ext-repeater-control.php/wp-content/plugins/shopkeeper-extender/includes/shortcodes/index.php/wp-content/plugins/shopkeeper-extender/includes/social-media/class-social-media.php/wp-content/plugins/shopkeeper-extender/includes/widgets/social-media.php/wp-content/plugins/shopkeeper-extender/includes/custom-menu/index.php/wp-content/plugins/shopkeeper-extender/includes/social-sharing/class-social-sharing.php+2 more

Script Paths

https://raw.githubusercontent.com/getbowtied/shopkeeper-extender/master/core/updater/assets/plugin.json

Version Parameters

shopkeeper-extender/style.css?ver=shopkeeper-extender/script.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-gbt-dashboard-theme-slug

JS Globals

gbtNotificationHandler

FAQ

Shopkeeper Extender Security & Risk Analysis

Is Shopkeeper Extender Safe to Use in 2026?

Generally Safe

Key Concerns

Shopkeeper Extender Security Vulnerabilities

CVEs by Year

Severity Breakdown

Shopkeeper Extender Release Timeline

Shopkeeper Extender Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Shopkeeper Extender Attack Surface

AJAX Handlers 12

Shortcodes 6

Shopkeeper Extender Maintenance & Trust

Maintenance Signals

Community Trust

Shopkeeper Extender Alternatives

YITH WooCommerce Catalog Mode

Envo Extra

HookMeUp for WooCommerce

Dashify: WooCommerce admin dashboard theme

Ajaxified Cart

Shopkeeper Extender Developer Profile

How We Detect Shopkeeper Extender

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Shopkeeper Extender