WP-Safety

sleekStore lite Security & Risk Analysis

wordpress.org/plugins/sleekstore

sleekStore - instant way to start sales and launch online store powered by WordPress. Functional, convenient, hyper-flexlible.

20 active installs v2.3 PHP + WP 3.0+ Updated Jan 23, 2013
e-commerceecommercepaypalshopstore
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is sleekStore lite Safe to Use in 2026?

Generally Safe

Score 85/100

sleekStore lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The sleekstore v2.3 plugin exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with all identified entry points (shortcodes) appearing to have some form of authentication or capability checks, and there are no known historical vulnerabilities. This suggests a degree of attention to common security pitfalls.

However, significant concerns arise from the static analysis. The presence of dangerous functions like `create_function` and `unserialize` is a major red flag, as these can be exploited for remote code execution or deserialization vulnerabilities if user-supplied data is not rigorously sanitized. Furthermore, the extremely low percentage of properly escaped output (1%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where untrusted data displayed to users could be manipulated to execute malicious scripts. While taint analysis shows no critical or high-severity unsanitized flows, the overall lack of output escaping creates a strong potential for such issues.

In conclusion, while the plugin benefits from a clean vulnerability history and protected entry points, the use of dangerous functions and the severe lack of output escaping present substantial security risks that require immediate attention. These code-level weaknesses outweigh the strengths, suggesting a plugin that requires careful review and remediation before deployment in a production environment.

Key Concerns

  • Dangerous function: unserialize detected
  • Dangerous function: create_function detected
  • Output escaping: 1% properly escaped (very low)
  • SQL queries: 19% not using prepared statements
  • Taint analysis: 3 flows with unsanitized paths
Vulnerabilities
None known

sleekStore lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

sleekStore lite Code Analysis

Dangerous Functions
3
Raw SQL Queries
7
30 prepared
Unescaped Output
464
4 escaped
Nonce Checks
8
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function( '', 'register_widget( "w9ssCartWidget" );' ) );w9ss.php:52
unserialize$this->cartitems = unserialize($_SESSION["w9ss.cart.items"]);w9ss_base.php:13
unserialize$items = unserialize($_SESSION['w9ss_order_items']);w9ss_base.php:492

SQL Query Safety

81% prepared37 total queries

Output Escaping

1% escaped468 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
w9ss_ecAdmin (w9ss_admin.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

sleekStore lite Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[ss_addtocart] w9ss.php:43
[ss_addproduct] w9ss.php:44
[ss_productlist] w9ss.php:45
WordPress Hooks 13
actioninitw9ss.php:37
actioninitw9ss.php:38
actionwpw9ss.php:39
filterthe_contentw9ss.php:41
filterthe_titlew9ss.php:42
actionplugins_loadedw9ss.php:47
actionsetup_themew9ss.php:48
actionwp_print_stylesw9ss.php:50
actionwidgets_initw9ss.php:52
actionadmin_menuw9ss.php:55
actionadd_meta_boxesw9ss.php:56
actionsave_postw9ss.php:57
actionpost_edit_form_tagw9ss.php:58
Maintenance & Trust

sleekStore lite Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJan 23, 2013
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

sleekStore lite Alternatives

Shopping Cart & eCommerce Store

Shopping Cart & eCommerce Store

wp-easycart

A
88

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs
Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
Shopify Importer

Shopify Importer

shopify

A
85

Import products from a Shopify.com online store into your blog.

100 No CVEs
Shift4Shop Online Store

Shift4Shop Online Store

3dcart-wp-online-store

A
100

Shift4Shop Online Store provides a streamlined way to sell any number of products from your Shift4Shop store directly on your WordPress blog.

40 No CVEs
CommerceBird

CommerceBird

commercebird

A
100

Elevate WooCommerce to the next level by turning it into a complete ERP system.

30 No CVEs
Developer Profile

sleekStore lite Developer Profile

dunqan

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect sleekStore lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sleekstore/w9ss.css

HTML / DOM Fingerprints

CSS Classes
w9ss_productsw9ss_productw9ss_imgw9ss_titlew9ss_pricew9ss_buttonw9ss_cartw9ss_cart_item+9 more
HTML Comments
główna funkcja zmieniająca contentautmatyczne dodanie koszykana końcu lub na początku
Data Attributes
data-product-iddata-quantitydata-price
JS Globals
w9ss_ajax_url
REST Endpoints
/wp-json/w9ss/v1/add-to-cart/wp-json/w9ss/v1/update-cart/wp-json/w9ss/v1/checkout
Shortcode Output
[ss_addtocart][ss_addproduct][ss_productlist]
FAQ

Frequently Asked Questions about sleekStore lite