Does Side Cart Woocommerce | Woocommerce Cart have any unpatched vulnerabilities?

No. All known vulnerabilities in Side Cart Woocommerce | Woocommerce Cart have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Side Cart Woocommerce | Woocommerce Cart compatible with WordPress 6.9.4?

According to WordPress.org data, Side Cart Woocommerce | Woocommerce Cart 2.7.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Side Cart Woocommerce | Woocommerce Cart updated?

Side Cart Woocommerce | Woocommerce Cart was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is Side Cart Woocommerce | Woocommerce Cart's security score?

Side Cart Woocommerce | Woocommerce Cart has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Side Cart Woocommerce | Woocommerce Cart Security & Risk Analysis

wordpress.org/plugins/side-cart-woocommerce

Manage your cart from just a click away with an interactive design

80K active installs v2.7.2 PHP + WP 3.0.1+ Updated Dec 14, 2025

cart-popupfloating-cartrewardssliderwoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEJun 28, 2023

Plugin page Download

Safety Verdict

Is Side Cart Woocommerce | Woocommerce Cart Safe to Use in 2026?

Generally Safe

Score 98/100

Side Cart Woocommerce | Woocommerce Cart has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 28, 2023Updated 3mo ago

Risk Assessment

The "side-cart-woocommerce" plugin v2.7.2 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and implementing nonce and capability checks on most entry points, there are significant areas of concern. The presence of an unprotected AJAX handler is a critical vulnerability, as it represents a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionality. Additionally, a low percentage of properly escaped output suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the plugin's history of such issues.

The vulnerability history reveals a pattern of past security flaws, including High and Medium severity Cross-Site Scripting and Cross-Site Request Forgery (CSRF) vulnerabilities. Although there are currently no unpatched CVEs, the recurring nature of these vulnerability types indicates a potential weakness in the plugin's input validation and output encoding practices. The taint analysis did not reveal any critical or high-severity issues, which is a positive sign, but it only analyzed a small number of flows.

In conclusion, the "side-cart-woocommerce" plugin has some robust security implementations, particularly in its database interactions. However, the unprotected AJAX handler and the low output escaping rate, coupled with its past vulnerability trends, necessitate caution. Users should be aware of the potential for XSS and CSRF attacks and ensure the plugin is updated to the latest version as soon as possible to mitigate any newly discovered or existing, albeit currently unpatched, vulnerabilities. The plugin's overall security can be improved by addressing the unprotected AJAX handler and enhancing output sanitization.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
History of high severity vulnerabilities (1 high CVE)
History of medium severity vulnerabilities (2 medium CVEs)

Vulnerabilities

Side Cart Woocommerce | Woocommerce Cart Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-28415medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting

Jun 28, 2023 Patched in 2.3 (209d)

CVE-2022-45376medium · 5.4Cross-Site Request Forgery (CSRF)

Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery

Feb 2, 2023 Patched in 2.1 (355d)

CVE-2022-0215high · 8.8Cross-Site Request Forgery (CSRF)

Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update

Jan 13, 2022 Patched in 2.1 (740d)

Code Analysis

Analyzed Mar 16, 2026

Side Cart Woocommerce | Woocommerce Cart Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

278

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped348 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

handle_usage_click_response (includes\xoo-framework\admin\class-xoo-admin-settings.php:115)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Side Cart Woocommerce | Woocommerce Cart Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 6

authwp_ajax_xoo_wsc_el_installadmin\class-xoo-wsc-admin-settings.php:55

authwp_ajax_xoo_wsc_el_request_just_to_init_save_settingsadmin\class-xoo-wsc-admin-settings.php:56

authwp_ajax_xoo_wsc_product_search_fill_defaultsadmin\class-xoo-wsc-admin-settings.php:60

authwp_ajax_xoo_admin_settings_saveincludes\xoo-framework\admin\class-xoo-admin-settings.php:51

authwp_ajax_xoo_admin_settings_exportincludes\xoo-framework\admin\class-xoo-admin-settings.php:52

authwp_ajax_xoo_admin_settings_importincludes\xoo-framework\admin\class-xoo-admin-settings.php:53

Shortcodes 1

[xoo_wsc_cart] includes\class-xoo-wsc-frontend.php:44

WordPress Hooks 43

actioninitadmin\class-xoo-wsc-admin-settings.php:23

actionadmin_menuadmin\class-xoo-wsc-admin-settings.php:24

actionxoo_as_enqueue_scriptsadmin\class-xoo-wsc-admin-settings.php:26

actionxoo_tab_page_endadmin\class-xoo-wsc-admin-settings.php:27

actionadmin_footeradmin\class-xoo-wsc-admin-settings.php:35

actionxoo_tab_page_startadmin\class-xoo-wsc-admin-settings.php:37

actionxoo_tab_page_endadmin\class-xoo-wsc-admin-settings.php:41

filteradmin_body_classadmin\class-xoo-wsc-admin-settings.php:42

actionxoo_tab_page_startadmin\class-xoo-wsc-admin-settings.php:45

actionadmin_footeradmin\class-xoo-wsc-admin-settings.php:46

actionxoo_admin_settings_side-cart-woocommerce_savedadmin\class-xoo-wsc-admin-settings.php:51

actionxoo_admin_setting_field_callback_htmladmin\class-xoo-wsc-admin-settings.php:58

filterxoo_wsc_admin_settingsadmin\class-xoo-wsc-admin-settings.php:62

actionwc_ajax_xoo_wsc_update_item_quantityincludes\class-xoo-wsc-cart.php:33

actionwc_ajax_xoo_wsc_refresh_fragmentsincludes\class-xoo-wsc-cart.php:35

filterwoocommerce_add_to_cart_fragmentsincludes\class-xoo-wsc-cart.php:37

filterwoocommerce_update_order_review_fragmentsincludes\class-xoo-wsc-cart.php:39

actionwc_ajax_xoo_wsc_add_to_cartincludes\class-xoo-wsc-cart.php:42

actionwoocommerce_add_to_cartincludes\class-xoo-wsc-cart.php:44

filterpre_option_woocommerce_cart_redirect_after_addincludes\class-xoo-wsc-cart.php:46

actionwp_enqueue_scriptsincludes\class-xoo-wsc-frontend.php:36

actionwp_enqueue_scriptsincludes\class-xoo-wsc-frontend.php:37

actionwp_enqueue_scriptsincludes\class-xoo-wsc-frontend.php:38

actionwp_footerincludes\class-xoo-wsc-frontend.php:40

actionwpincludes\class-xoo-wsc-frontend.php:42

actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:57

actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:58

actionadmin_enqueue_scriptsincludes\xoo-framework\admin\class-xoo-admin-settings.php:62

actionwp_loadedincludes\xoo-framework\admin\class-xoo-admin-settings.php:64

actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:65

actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:66

actionadmin_noticesincludes\xoo-framework\admin\class-xoo-admin-settings.php:72

actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:73

actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:74

actioninitincludes\xoo-framework\class-xoo-helper.php:41

actionadmin_initincludes\xoo-framework\class-xoo-helper.php:42

actionwp_headincludes\xoo-wsc-functions.php:21

actionwp_headincludes\xoo-wsc-functions.php:25

actionwp_enqueue_scriptsincludes\xoo-wsc-functions.php:29

actionwoocommerce_before_add_to_cart_formincludes\xoo-wsc-functions.php:43

filterxoo_wsc_is_sidecart_pageincludes\xoo-wsc-functions.php:92

actioninitincludes\xoo-wsc-functions.php:101

actionplugins_loadedxoo-wsc-main.php:43

Maintenance & Trust

Side Cart Woocommerce | Woocommerce Cart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version

Downloads1.6M

Community Trust

Rating98/100

Number of ratings447

Active installs80K

Alternatives

Side Cart Woocommerce | Woocommerce Cart Alternatives

Ajax Side Cart Button for WooCommerce eshop

custom-woo-cart-button

Add a custom cart button for WooCommerce eshop to boost you sales and help your customers speedup checkout process

10 No CVEs

Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

cart-for-woocommerce

100

FunnelKit Cart adds a beautiful sliding cart to your WooCommerce store. Let the buyers add items, edit quantity and add upsells on the side cart.

30K No CVEs

Modern Cart – WooCommerce Side Cart & Popup Cart

modern-cart

100

Modern Cart gives your store a side cart and free shipping bar so shoppers stay on the page, spend more to unlock rewards, and check out in seconds.

30K No CVEs

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs

Product Gallery Slider, Additional Variation Images for WooCommerce

woo-product-gallery-slider

Enhance your customers' shopping experience and boost sales instantly with this WooCommerce Product Gallery Slider! 🚀

20K 2 CVEs

Developer Profile

Side Cart Woocommerce | Woocommerce Cart Developer Profile

xootix

6 plugins · 136K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

320 days

View full developer profile

Detection Fingerprints

How We Detect Side Cart Woocommerce | Woocommerce Cart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/side-cart-woocommerce/library/fontawesome5/css/all.min.css/wp-content/plugins/side-cart-woocommerce/library/fontawesome-iconpicker/dist/css/fontawesome-iconpicker.min.css/wp-content/plugins/side-cart-woocommerce/library/fontawesome-iconpicker/dist/js/fontawesome-iconpicker.js/wp-content/plugins/side-cart-woocommerce/library/magic/dist/magic.min.css/wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-fonts.css/wp-content/plugins/side-cart-woocommerce/admin/assets/xoo-wsc-admin-style.css/wp-content/plugins/side-cart-woocommerce/admin/assets/xoo-wsc-admin-js.js/wp-content/plugins/side-cart-woocommerce/admin/assets/xoo-wsc-serializejson.js

Script Paths

https://unpkg.com/masonry-layout@4.2.2/dist/masonry.pkgd.min.js

Version Parameters

side-cart-woocommerce/assets/css/xoo-wsc-fonts.css?ver=side-cart-woocommerce/admin/assets/xoo-wsc-admin-style.css?ver=side-cart-woocommerce/admin/assets/xoo-wsc-admin-js.js?ver=

HTML / DOM Fingerprints

CSS Classes

xoo-as-preview-infoxoo-wsc-rewards-options

HTML Comments

Data Attributes

data-xoo-wsc-tab-id

JS Globals

xoo_wsc_admin_params

REST Endpoints

/wp-json/xoo-wsc/v1/settings/wp-json/xoo-wsc/v1/cart/wp-json/xoo-wsc/v1/wishlist

FAQ