Does ShopMetrics for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in ShopMetrics for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ShopMetrics for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, ShopMetrics for WooCommerce 1.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ShopMetrics for WooCommerce compatible with PHP 7.2+?

ShopMetrics for WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ShopMetrics for WooCommerce updated?

ShopMetrics for WooCommerce was last updated on Aug 10, 2025. Frequent updates are generally a positive security signal.

What is ShopMetrics for WooCommerce's security score?

ShopMetrics for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShopMetrics for WooCommerce Security & Risk Analysis

wordpress.org/plugins/shopmetrics

Easy and Smart Analytics Dashboard with Automatic Cart Recovery for WooCommerce stores.

0 active installs v1.0.10 PHP 7.2+ WP 5.2+ Updated Aug 10, 2025

abandoned-cartanalyticscart-recoveryecommercewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ShopMetrics for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

ShopMetrics for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The 'shopmetrics' v1.0.10 plugin exhibits a mixed security posture. On the positive side, the plugin has a clean vulnerability history with no recorded CVEs, which is a strong indicator of good development practices and diligence in addressing security issues. The taint analysis also shows no critical or high severity flows with unsanitized paths, suggesting that common injection vulnerabilities are likely mitigated. However, the static analysis reveals significant areas for concern. The presence of 33 AJAX handlers, with one entirely lacking authentication checks, presents a direct and exploitable attack vector. Furthermore, the static analysis indicates that 100% of SQL queries are executed without prepared statements, a critical deficiency that makes the plugin highly susceptible to SQL injection attacks. While the plugin has a good history and no critical taint flows, these two static analysis findings introduce substantial risks that cannot be overlooked.

Key Concerns

Unprotected AJAX handler found
100% of SQL queries lack prepared statements

Vulnerabilities

None known

ShopMetrics for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ShopMetrics for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

285 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

79% escaped359 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

ajax_initiate_connection (includes\class-shopmetrics-admin.php:1419)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

ShopMetrics for WooCommerce Attack Surface

Entry Points33

Unprotected1

AJAX Handlers 33

authwp_ajax_shopmetrics_save_credentialsincludes\class-shopmetrics-admin.php:87

authwp_ajax_shopmetrics_save_settingsincludes\class-shopmetrics-admin.php:88

authwp_ajax_shopmetrics_test_api_connectionincludes\class-shopmetrics-admin.php:89

authwp_ajax_shopmetrics_disconnect_siteincludes\class-shopmetrics-admin.php:90

authwp_ajax_shopmetrics_sync_dataincludes\class-shopmetrics-admin.php:91

authwp_ajax_shopmetrics_clear_cacheincludes\class-shopmetrics-admin.php:92

authwp_ajax_shopmetrics_test_recovery_emailincludes\class-shopmetrics-admin.php:93

authwp_ajax_shopmetrics_manual_snapshotincludes\class-shopmetrics-admin.php:94

authwp_ajax_shopmetrics_fix_snapshot_scheduleincludes\class-shopmetrics-admin.php:95

authwp_ajax_shopmetrics_clear_logsincludes\class-shopmetrics-admin.php:96

authwp_ajax_shopmetrics_download_logsincludes\class-shopmetrics-admin.php:97

authwp_ajax_shopmetrics_test_order_syncincludes\class-shopmetrics-admin.php:98

authwp_ajax_shopmetrics_check_order_syncincludes\class-shopmetrics-admin.php:99

authwp_ajax_shopmetrics_get_all_meta_keysincludes\class-shopmetrics-admin.php:100

authwp_ajax_shopmetrics_auto_detect_cogs_keyincludes\class-shopmetrics-admin.php:101

authwp_ajax_shopmetrics_save_settingincludes\class-shopmetrics-admin.php:102

authwp_ajax_shopmetrics_start_syncincludes\class-shopmetrics-admin.php:103

authwp_ajax_shopmetrics_get_billing_historyincludes\class-shopmetrics-admin.php:104

authwp_ajax_shopmetrics_create_checkoutincludes\class-shopmetrics-admin.php:105

authwp_ajax_shopmetrics_debug_auth_statusincludes\class-shopmetrics-admin.php:106

authwp_ajax_shopmetrics_get_sync_progressincludes\class-shopmetrics-admin.php:107

authwp_ajax_shopmetrics_reset_sync_progressincludes\class-shopmetrics-admin.php:108

authwp_ajax_shopmetrics_cancel_subscriptionincludes\class-shopmetrics-admin.php:109

authwp_ajax_shopmetrics_reactivate_subscriptionincludes\class-shopmetrics-admin.php:110

authwp_ajax_shopmetrics_auto_detect_order_blocksincludes\class-shopmetrics-admin.php:111

authwp_ajax_shopmetrics_rotate_logsincludes\class-shopmetrics-admin.php:112

authwp_ajax_shopmetrics_save_analytics_consentincludes\class-shopmetrics-admin.php:113

authwp_ajax_shopmetrics_reset_onboardingincludes\class-shopmetrics-admin.php:114

authwp_ajax_shopmetrics_get_settingsincludes\class-shopmetrics-admin.php:115

authwp_ajax_shopmetrics_initiate_connectionincludes\class-shopmetrics-admin.php:116

authwp_ajax_shopmetrics_track_visitincludes\class-shopmetrics-admin.php:117

noprivwp_ajax_shopmetrics_track_visitincludes\class-shopmetrics-admin.php:118

authwp_ajax_shopmetrics_check_credentialsincludes\class-shopmetrics-admin.php:119

WordPress Hooks 48

actionadmin_initincludes\class-shopmetrics-admin.php:75

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:77

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:78

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:79

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:80

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:81

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:82

actionadmin_menuincludes\class-shopmetrics-admin.php:84

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:312

actionadmin_noticesincludes\class-shopmetrics-admin.php:376

actionadmin_noticesincludes\class-shopmetrics-admin.php:634

actionadmin_enqueue_scriptsincludes\class-shopmetrics-admin.php:3059

actionadmin_initincludes\class-shopmetrics-admin.php:4667

actionadmin_initincludes\class-shopmetrics-analytics.php:117

actionadmin_enqueue_scriptsincludes\class-shopmetrics-analytics.php:120

filtershopmetrics_analytics_api_timeoutincludes\class-shopmetrics-api-client.php:153

actioninitincludes\class-shopmetrics-cart-recovery.php:62

actionadmin_initincludes\class-shopmetrics-cart-recovery.php:65

actionwoocommerce_cart_updatedincludes\class-shopmetrics-cart-tracker.php:50

actionwoocommerce_cart_item_removedincludes\class-shopmetrics-cart-tracker.php:51

actionwoocommerce_cart_item_restoredincludes\class-shopmetrics-cart-tracker.php:52

actionwoocommerce_after_cart_item_quantity_updateincludes\class-shopmetrics-cart-tracker.php:53

actionwoocommerce_add_to_cartincludes\class-shopmetrics-cart-tracker.php:54

actionwoocommerce_before_cartincludes\class-shopmetrics-cart-tracker.php:57

actiontemplate_redirectincludes\class-shopmetrics-cart-tracker.php:61

actionwoocommerce_before_checkout_formincludes\class-shopmetrics-cart-tracker.php:65

actionwoocommerce_checkout_initincludes\class-shopmetrics-cart-tracker.php:66

actionshopmetrics_analytics_do_historical_syncincludes\class-shopmetrics-data-collector.php:53

actionwoocommerce_rest_insert_shop_order_objectincludes\class-shopmetrics-order-sync-manager.php:53

actionwoocommerce_rest_update_shop_order_objectincludes\class-shopmetrics-order-sync-manager.php:54

actionwoocommerce_order_status_changedincludes\class-shopmetrics-orders-tracker.php:43

actionwoocommerce_order_refundedincludes\class-shopmetrics-orders-tracker.php:45

actionshopmetrics_analytics_send_order_dataincludes\class-shopmetrics-orders-tracker.php:55

actionshopmetrics_analytics_send_status_updateincludes\class-shopmetrics-orders-tracker.php:57

actionshopmetrics_analytics_send_refund_dataincludes\class-shopmetrics-orders-tracker.php:59

actionshopmetrics_analytics_sync_historical_ordersincludes\class-shopmetrics-orders-tracker.php:61

actioninitincludes\class-shopmetrics-orders-tracker.php:1204

actionrest_api_initincludes\class-shopmetrics-rest-api.php:32

actionplugins_loadedincludes\class-shopmetrics-snapshotter.php:19

actionbefore_woocommerce_initincludes\class-shopmetrics.php:242

actionwp_enqueue_scriptsincludes\class-shopmetrics.php:245

actionadmin_noticesshopmetrics.php:62

filterplugin_row_metashopmetrics.php:138

actionadmin_initshopmetrics.php:227

actionparse_requestshopmetrics.php:282

actionplugins_loadedshopmetrics.php:308

filtercron_schedulesshopmetrics.php:331

actionbefore_woocommerce_initshopmetrics.php:352

Maintenance & Trust

ShopMetrics for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 10, 2025

PHP min version7.2

Downloads419

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ShopMetrics for WooCommerce Alternatives

Cart Rescue – Abandoned Cart Recovery for WooCommerce

cart-rescue-abandoned-cart-recovery

100

A complete abandoned cart recovery solution to grow your business. Features a premium UI, email templates, and detailed reports.

0 No CVEs

CartResQ – Recover Abandoned Carts for WooCommerce

cartresq

100

Abandoned cart tracking for WooCommerce. Monitor, analyze, and recover lost sales with real-time detection and analytics.

0 No CVEs

ShopNotify – Personalized Cart Recovery for WooCommerce

shopnotify

100

Track abandoned carts for logged-in and guest users in WooCommerce, send automated WhatsApp reminders, and gain insights into cart recovery and abando …

0 No CVEs

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

100

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 1 CVE

Developer Profile

ShopMetrics for WooCommerce Developer Profile

FinanciarMe

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ShopMetrics for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shopmetrics/assets/css/backend.css/wp-content/plugins/shopmetrics/assets/css/frontend.css/wp-content/plugins/shopmetrics/assets/js/backend.js/wp-content/plugins/shopmetrics/assets/js/frontend.js

Version Parameters

shopmetrics/assets/css/backend.css?ver=shopmetrics/assets/css/frontend.css?ver=shopmetrics/assets/js/backend.js?ver=shopmetrics/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

shopmetrics-widgetshopmetrics-dashboardshopmetrics-settings-pageshopmetrics-notice

HTML Comments

Data Attributes

data-shopmetrics-iddata-shopmetrics-widget-typedata-shopmetrics-api-key

JS Globals

shopmetrics_ajax_objectshopmetrics_paramsShopMetrics

REST Endpoints

/wp-json/shopmetrics/v1/data/wp-json/shopmetrics/v1/settings

Shortcode Output

[shopmetrics_dashboard][shopmetrics_widget]

FAQ

ShopMetrics for WooCommerce Security & Risk Analysis

Is ShopMetrics for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

ShopMetrics for WooCommerce Security Vulnerabilities

ShopMetrics for WooCommerce Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

ShopMetrics for WooCommerce Attack Surface

AJAX Handlers 33

ShopMetrics for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

ShopMetrics for WooCommerce Alternatives

Cart Rescue – Abandoned Cart Recovery for WooCommerce

CartResQ – Recover Abandoned Carts for WooCommerce

ShopNotify – Personalized Cart Recovery for WooCommerce

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Abandoned Cart Recovery for WooCommerce

ShopMetrics for WooCommerce Developer Profile

How We Detect ShopMetrics for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ShopMetrics for WooCommerce