Does Splash Sync have any unpatched vulnerabilities?

No. All known vulnerabilities in Splash Sync have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Splash Sync compatible with WordPress 6.8.5?

According to WordPress.org data, Splash Sync 2.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Splash Sync compatible with PHP 7.4+?

Splash Sync requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Splash Sync updated?

Splash Sync was last updated on May 22, 2025. Frequent updates are generally a positive security signal.

What is Splash Sync's security score?

Splash Sync has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Splash Sync Security & Risk Analysis

wordpress.org/plugins/splash-connector

Splash Sync, the synchronization system of innovative companies! Synchronize your website with all your business applications.

100 active installs v2.0.10 PHP 7.4+ WP 6.1+ Updated May 22, 2025

dolibarrerpprestashopsynchronizationwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEDec 5, 2024

Plugin page Download

Safety Verdict

Is Splash Sync Safe to Use in 2026?

Generally Safe

Score 99/100

Splash Sync has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 5, 2024Updated 10mo ago

Risk Assessment

The splash-connector plugin, version 2.0.10, exhibits a generally good security posture in its static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events that represent an attack surface, and crucially, none of these are unprotected. The plugin also avoids dangerous functions, uses prepared statements for all its SQL queries, and performs no file operations or external HTTP requests. This indicates a strong focus on secure coding practices for these areas.

However, the static analysis does reveal a weakness in output escaping, with 25% of outputs being improperly escaped. Additionally, the taint analysis shows two flows with unsanitized paths. While these are not flagged as critical or high severity, they represent potential avenues for vulnerabilities if not properly handled. The vulnerability history, though, shows only one medium-severity CVE in the past, which is now patched. This, combined with the absence of unprotected entry points, suggests that previous vulnerabilities may have been addressed effectively.

In conclusion, splash-connector has a solid foundation with minimal attack surface and secure handling of critical areas like database interactions. The primary concerns lie in the potential for cross-site scripting (XSS) due to unescaped output and unsanitized taint flows. While the past vulnerability was medium severity and is patched, these identified code signals warrant attention to ensure future security.

Key Concerns

Unsanitized Taint Flows
Improper Output Escaping (25%)

Vulnerabilities

Splash Sync Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11368medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

Dec 5, 2024 Patched in 2.0.8 (85d)

Code Analysis

Analyzed Mar 16, 2026

Splash Sync Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

75% escaped12 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

settings_page (includes\class-splash-wordpress-settings.php:229)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Splash Sync Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 16

actioninitincludes\class-splash-wordpress-plugin.php:164

actioninitincludes\class-splash-wordpress-settings.php:84

actionadmin_initincludes\class-splash-wordpress-settings.php:87

actionadmin_menuincludes\class-splash-wordpress-settings.php:90

actionadmin_noticessrc\Notifier.php:64

actionwoocommerce_before_order_object_savesrc\Objects\Order\HooksTrait.php:45

actionsave_postsrc\Objects\Post\HooksTrait.php:46

actiondeleted_postsrc\Objects\Post\HooksTrait.php:53

actionwoocommerce_new_product_variationsrc\Objects\Product\HooksTrait.php:45

actionwoocommerce_update_product_variationsrc\Objects\Product\HooksTrait.php:51

actionwoocommerce_product_set_stocksrc\Objects\Product\HooksTrait.php:57

actionwoocommerce_variation_set_stocksrc\Objects\Product\HooksTrait.php:58

filtersend_email_change_emailsrc\Objects\Users\CRUDTrait.php:106

actionuser_registersrc\Objects\Users\HooksTrait.php:45

actionprofile_updatesrc\Objects\Users\HooksTrait.php:51

actiondeleted_usersrc\Objects\Users\HooksTrait.php:57

Maintenance & Trust

Splash Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 22, 2025

PHP min version7.4

Downloads16K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Splash Sync Alternatives

Afterpay Gateway for WooCommerce

afterpay-gateway-for-woocommerce

Provide Afterpay as a payment option for WooCommerce orders.

10K 2 CVEs

Holded integration

holded-integration

100

Holded service integration with WooCommerce

2K No CVEs

FG PrestaShop to WooCommerce

fg-prestashop-to-woocommerce

A plugin to migrate PrestaShop e-commerce solution to WooCommerce

1K 2 CVEs

Stock Sync for WooCommerce

stock-sync-for-woocommerce

Sync stock quantities between two WooCommerce stores.

1K 3 CVEs

WSW – Shopify WooCommerce / WordPress Integration and Migration

wsw-import-export-ecommerce-integration

100

It links and imports products,categories,tags from Shopify and converts them into WooCommerce items automatically with the same metadata.

600 No CVEs

Developer Profile

Splash Sync Developer Profile

nanard33

1 plugin · 100 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

85 days

View full developer profile

Detection Fingerprints

How We Detect Splash Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/splash-connector/assets/css/splash-connector.css/wp-content/plugins/splash-connector/assets/js/splash-connector.js

Generator Patterns

Splash Connector 2.0.10

Script Paths

/wp-content/plugins/splash-connector/assets/js/splash-connector.js

Version Parameters

splash-connector/assets/css/splash-connector.css?ver=splash-connector/assets/js/splash-connector.js?ver=

HTML / DOM Fingerprints

HTML Comments

+11 more

Data Attributes

data-splash-connector-iddata-splash-connector-actiondata-splash-connector-targetdata-splash-connector-nonce

JS Globals

SplashConnectorSettingsSplashConnectorAjax

FAQ