WP-Safety

Smart Cart for WooCommerce Security & Risk Analysis

wordpress.org/plugins/smart-cart

The Smart Cart for WooCommerce plugin allows you to engage your visitors with an interactive cart that offers coupons and other rewards, seamlessly in …

0 active installs v1.0.0 PHP 7.4+ WP 6.1+ Updated Jan 5, 2025
coupondiscountwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Smart Cart for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Smart Cart for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "smart-cart" plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and performing zero file operations or external HTTP requests. The absence of known CVEs and any recorded vulnerability history is also a strong indicator of a generally secure codebase to date.

However, significant concerns arise from the attack surface analysis. A substantial portion of the plugin's entry points, specifically 12 out of 21, are unprotected, meaning they lack authentication or authorization checks. While taint analysis found no unsanitized paths, the sheer number of unprotected AJAX handlers presents a considerable risk. If these handlers can be triggered by unauthenticated users and are susceptible to input manipulation, they could potentially lead to various vulnerabilities such as cross-site scripting (XSS) or unauthorized actions, even if direct SQL injection is mitigated by prepared statements.

The plugin's reliance on only 4 capability checks and 2 nonce checks across its entry points further amplifies the risk associated with the unprotected handlers. While the vulnerability history is clean, the static analysis reveals potential weaknesses that, if exploited, could become future vulnerabilities. A balanced conclusion suggests that while the plugin avoids common pitfalls like raw SQL and insecure file operations, its large and largely unprotected attack surface is its primary security vulnerability.

Key Concerns

  • Large attack surface without auth checks
  • Limited capability checks on entry points
  • Limited nonce checks on entry points
  • Moderate rate of unescaped output
Vulnerabilities
None known

Smart Cart for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Smart Cart for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
43
84 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared9 total queries

Output Escaping

66% escaped127 total outputs
Attack Surface
12 unprotected

Smart Cart for WooCommerce Attack Surface

Entry Points21
Unprotected12

AJAX Handlers 14

authwp_ajax_reveal_couponincludes\App\class-routes.php:27
noprivwp_ajax_reveal_couponincludes\App\class-routes.php:28
authwp_ajax_update_cart_item_quantityincludes\App\mini-cart\class-app.php:37
noprivwp_ajax_update_cart_item_quantityincludes\App\mini-cart\class-app.php:38
authwp_ajax_remove_itemincludes\App\mini-cart\class-app.php:40
noprivwp_ajax_remove_itemincludes\App\mini-cart\class-app.php:41
authwp_ajax_wc_update_cart_quantityincludes\App\mini-cart\class-app.php:43
noprivwp_ajax_wc_update_cart_quantityincludes\App\mini-cart\class-app.php:44
authwp_ajax_get_refresh_fragmentsincludes\App\mini-cart\class-fragments.php:37
noprivwp_ajax_get_refresh_fragmentsincludes\App\mini-cart\class-fragments.php:38
authwp_ajax_remove_itemincludes\App\mini-cart\class-fragments.php:40
noprivwp_ajax_remove_itemincludes\App\mini-cart\class-fragments.php:41
authwp_ajax_update_cart_item_quantityincludes\App\mini-cart\class-fragments.php:45
noprivwp_ajax_update_cart_item_quantityincludes\App\mini-cart\class-fragments.php:46

REST API Routes 7

GET/wp-json/smart-cart/v1/settingsincludes\Admin\Routes\class-api.php:36
POST/wp-json/smart-cart/v1/settingsincludes\Admin\Routes\class-api.php:46
GET/wp-json/smart-cart/v1/conditionsincludes\Admin\Routes\class-api.php:56
GET/wp-json/smart-cart/v1/entriesincludes\Admin\Routes\class-api.php:65
POST/wp-json/smart-cart/v1/entriesincludes\Admin\Routes\class-api.php:74
GET/wp-json/smart-cart/v1/time-nowincludes\Admin\Routes\class-api.php:83
POST/wp-json/smart-cart/v1/wc-couponsincludes\Admin\Routes\class-api.php:92
WordPress Hooks 17
actionrest_api_initincludes\Admin\Routes\class-api.php:27
filtersmart_cart_filter_coupons_probabilityincludes\App\class-routes.php:29
actionwp_body_openincludes\App\mini-cart\class-app-copy.php:33
actionwp_body_openincludes\App\mini-cart\class-app.php:33
filterwoocommerce_add_to_cart_fragmentsincludes\App\mini-cart\class-app.php:34
filterwoocommerce_update_order_review_fragmentsincludes\App\mini-cart\class-app.php:35
filterwoocommerce_add_to_cart_fragmentsincludes\App\mini-cart\class-fragments.php:34
filterwoocommerce_update_order_review_fragmentsincludes\App\mini-cart\class-fragments.php:35
actionwoocommerce_add_to_cart_redirectincludes\App\mini-cart\class-fragments.php:43
actionwp_enqueue_scriptsplugin.php:164
actionwp_enqueue_scriptsplugin.php:165
actionadmin_enqueue_scriptsplugin.php:179
actionadmin_enqueue_scriptsplugin.php:180
actiontemplate_redirectplugin.php:182
actioninitsmart-cart.php:69
actionplugins_loadedsmart-cart.php:124
actionupgrader_process_completesmart-cart.php:125
Maintenance & Trust

Smart Cart for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 5, 2025
PHP min version7.4
Downloads264

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Smart Cart for WooCommerce Alternatives

Discount Rules for WooCommerce

Discount Rules for WooCommerce

woo-discount-rules

A
97

The discount plugin for WooCommerce helps you create bulk discount, quantity discount, storewide sale, dynamic pricing discount offers easily.

100K 4 CVEs
Smart Coupons For WooCommerce Coupons

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

A
99

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE
Advanced Dynamic Pricing and Discount Rules for WooCommerce

Advanced Dynamic Pricing and Discount Rules for WooCommerce

advanced-dynamic-pricing-for-woocommerce

A
90

The discount plugin for WooCommerce supports any dynamic pricing discount: bulk discount, role discount, storewide, bogo, gifts, cart discount

20K 7 CVEs
Extended Coupon Features for WooCommerce FREE

Extended Coupon Features for WooCommerce FREE

woocommerce-auto-added-coupons

A
100

Additional functionality for WooCommerce Coupons: Allow discounts to be automatically applied, applying coupons via url, etc...

10K No CVEs
Auto Coupons for WooCommerce

Auto Coupons for WooCommerce

woo-auto-coupons

A
99

Apply WooCommerce Coupons automatically with a fast, lightweight plugin. Set minimum product quantities, apply coupons by URL or automatically.

4K 1 CVE
Developer Profile

Smart Cart for WooCommerce Developer Profile

wowDevs

7 plugins · 2K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Smart Cart for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-cart/build/index.css/wp-content/plugins/smart-cart/build/index.js/wp-content/plugins/smart-cart/assets/vendor/js/jquery.wow-modal.min.js/wp-content/plugins/smart-cart/assets/js/smart-cart.js/wp-content/plugins/smart-cart/assets/vendor/css/wow-modal.min.css/wp-content/plugins/smart-cart/assets/css/smart-cart.css
Script Paths
/wp-content/plugins/smart-cart/build/index.js/wp-content/plugins/smart-cart/assets/vendor/js/jquery.wow-modal.min.js/wp-content/plugins/smart-cart/assets/js/smart-cart.js
Version Parameters
smart-cart/build/index.css?ver=smart-cart/build/index.js?ver=smart-cart/assets/vendor/js/jquery.wow-modal.min.js?ver=smart-cart/assets/js/smart-cart.js?ver=smart-cart/assets/vendor/css/wow-modal.min.css?ver=smart-cart/assets/css/smart-cart.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-reactroot
JS Globals
WOF_LocalizeAdminConfigSMART_CART_CONFIG
REST Endpoints
/wp-json/smart-cart/app/v1
FAQ

Frequently Asked Questions about Smart Cart for WooCommerce