Store Check-Up and Fix-Up for WP-eCommerce Security & Risk Analysis
wordpress.org/plugins/site-check-up-for-wp-ecommerceProvides details on your WP-eCommerce and WordPress installation state, issues and performance.
Is Store Check-Up and Fix-Up for WP-eCommerce Safe to Use in 2026?
Generally Safe
Score 85/100Store Check-Up and Fix-Up for WP-eCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "site-check-up-for-wp-ecommerce" plugin v4.0 presents a concerning security posture, primarily due to a lack of robust access control mechanisms. The static analysis reveals three AJAX handlers, all of which are entirely unprotected, posing a significant risk. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.
While the plugin does not exhibit critical or high-severity issues in taint analysis and has no recorded vulnerability history, the absence of nonces and capability checks on its entry points is a major weakness. The SQL query usage is also a mixed bag, with a substantial portion not utilizing prepared statements, which could open the door to SQL injection if not handled carefully in the unsanitized query parts. The low percentage of properly escaped output further compounds the risk, making cross-site scripting (XSS) a potential threat.
Despite the absence of past CVEs, which might suggest a history of careful development, the current version's static analysis findings are alarming. The combination of unprotected AJAX endpoints and insufficient output escaping creates a fertile ground for common web vulnerabilities. Developers should prioritize implementing proper authentication and authorization checks for all AJAX actions and ensure all output is thoroughly escaped to mitigate these risks.
Key Concerns
- 3 AJAX handlers without auth checks
- 0 Nonce checks on AJAX handlers
- 0 Capability checks on entry points
- SQL queries: 58% not using prepared statements
- Output escaping: 64% not properly escaped
- Taint analysis: 3 flows with unsanitized paths
Store Check-Up and Fix-Up for WP-eCommerce Security Vulnerabilities
Store Check-Up and Fix-Up for WP-eCommerce Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Store Check-Up and Fix-Up for WP-eCommerce Attack Surface
AJAX Handlers 3
WordPress Hooks 2
Maintenance & Trust
Store Check-Up and Fix-Up for WP-eCommerce Maintenance & Trust
Maintenance Signals
Community Trust
Store Check-Up and Fix-Up for WP-eCommerce Alternatives
Product Generator for WooCommerce
woocommerce-product-generator
A sample product generator for WooCommerce.
Fast Woo Order Lookup
fast-woo-order-lookup
Searches for orders faster on WooCommerce stores with many orders.
Benchmark Email for WooCommerce
woo-benchmark-email
Connects WooCommerce with Benchmark Email - syncing customers and abandoned carts.
Easy Actions Scheduler Cleaner
easy-actions-scheduler-cleaner-ayudawp
Clean up your Actions Scheduler database with manual or scheduled cleanup. Remove old actions and logs automatically.
NHR Advanced Options Table Manager & Autoload Optimizer
nhrrob-options-table-manager
Optimize WordPress with Advanced Option History, Autoload Health Checks, and Automated Cleanup. Boost performance by reducing database bloat.
Store Check-Up and Fix-Up for WP-eCommerce Developer Profile
4 plugins · 1K total installs
How We Detect Store Check-Up and Fix-Up for WP-eCommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/site-check-up-for-wp-ecommerce/style.css/wp-content/plugins/site-check-up-for-wp-ecommerce/snappy.js/wp-content/plugins/site-check-up-for-wp-ecommerce/ajax.php/wp-content/plugins/site-check-up-for-wp-ecommerce/snappy.jssite-check-up-for-wp-ecommerce/style.css?ver=site-check-up-for-wp-ecommerce/snappy.js?ver=HTML / DOM Fingerprints
snappy_tabssnappy_tabid="snappy_tabs"id="timing"id="debug"id="query"id="other"class="snappy_tab"snappy