Does Suffusion Commerce Pack have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Suffusion Commerce Pack compatible with WordPress 4.3.34?

According to WordPress.org data, Suffusion Commerce Pack 1.12 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Suffusion Commerce Pack updated?

Suffusion Commerce Pack was last updated on Nov 18, 2015. Frequent updates are generally a positive security signal.

What is Suffusion Commerce Pack's security score?

Suffusion Commerce Pack has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Suffusion Commerce Pack Security & Risk Analysis

wordpress.org/plugins/suffusion-commerce-pack

Suffusion Commerce Pack aims to provide support for common e-commerce plugins in the Suffusion theme. The purpose of this plugin

20 active installs v1.12 PHP + WP 4.0+ Updated Nov 18, 2015

ecommercejigoshopprospresssuffusionwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Suffusion Commerce Pack Safe to Use in 2026?

Generally Safe

Score 85/100

Suffusion Commerce Pack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "suffusion-commerce-pack" v1.12 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, executing all SQL queries via prepared statements, and having no recorded vulnerabilities or CVEs. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors. However, significant concerns arise from its attack surface. The plugin exposes a single AJAX handler without any authentication checks, creating a clear entry point for unauthorized actions. Furthermore, the static analysis reveals a concerningly low percentage of properly escaped output, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks on the exposed AJAX handler is a critical omission that exacerbates the risk of CSRF attacks.

While the vulnerability history is clean, which is a positive indicator, it does not negate the immediate risks identified in the static code analysis. The unprotected AJAX endpoint combined with insufficient output escaping is a serious flaw. The plugin's strengths in secure SQL handling and lack of external dependencies are overshadowed by these critical security oversights in its input handling and output sanitization. Until these issues are addressed, the plugin should be considered a high risk to any WordPress installation.

Key Concerns

AJAX handler without authentication
Low output escaping percentage
Missing nonce checks

Vulnerabilities

None known

Suffusion Commerce Pack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Suffusion Commerce Pack Release Timeline

v1.12Current

v1.10

v1.02

v1.01

v1.00

Code Analysis

Analyzed Mar 16, 2026

Suffusion Commerce Pack Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

13% escaped15 total outputs

Attack Surface

1 unprotected

Suffusion Commerce Pack Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_scp_move_template_filessuffusion-commerce-pack.php:98

WordPress Hooks 31

actionwp_print_stylessuffusion-commerce-pack.php:38

filterpost_classsuffusion-commerce-pack.php:42

actionjigoshop_before_main_contentsuffusion-commerce-pack.php:46

actionjigoshop_before_main_contentsuffusion-commerce-pack.php:47

actionjigoshop_before_main_contentsuffusion-commerce-pack.php:50

actionjigoshop_before_main_contentsuffusion-commerce-pack.php:52

actionjigoshop_after_main_contentsuffusion-commerce-pack.php:55

actionjigoshop_after_main_contentsuffusion-commerce-pack.php:56

actionjigoshop_after_main_contentsuffusion-commerce-pack.php:57

actionjigoshop_after_main_contentsuffusion-commerce-pack.php:60

actionjigoshop_before_shop_loopsuffusion-commerce-pack.php:64

actionjigoshop_after_shop_loopsuffusion-commerce-pack.php:65

actionjigoshop_before_shop_loop_itemsuffusion-commerce-pack.php:67

actionjigoshop_after_shop_loop_itemsuffusion-commerce-pack.php:68

actionwoocommerce_before_main_contentsuffusion-commerce-pack.php:73

actionwoocommerce_before_main_contentsuffusion-commerce-pack.php:74

actionwoocommerce_before_main_contentsuffusion-commerce-pack.php:77

actionwoocommerce_before_main_contentsuffusion-commerce-pack.php:79

actionwoocommerce_after_main_contentsuffusion-commerce-pack.php:82

actionwoocommerce_after_main_contentsuffusion-commerce-pack.php:83

actionwoocommerce_after_main_contentsuffusion-commerce-pack.php:84

actionwoocommerce_after_main_contentsuffusion-commerce-pack.php:87

actionwoocommerce_before_shop_loopsuffusion-commerce-pack.php:91

actionwoocommerce_after_shop_loopsuffusion-commerce-pack.php:92

actionwoocommerce_before_shop_loop_itemsuffusion-commerce-pack.php:94

actionwoocommerce_after_shop_loop_itemsuffusion-commerce-pack.php:95

actioninitsuffusion-commerce-pack.php:475

actionadmin_menusuffusion-integration-pack.php:17

actionadmin_enqueue_scriptssuffusion-integration-pack.php:18

actionwp_enqueue_scriptssuffusion-integration-pack.php:19

actionwp_print_scriptssuffusion-integration-pack.php:20

Maintenance & Trust

Suffusion Commerce Pack Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedNov 18, 2015

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Suffusion Commerce Pack Alternatives

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs

TI WooCommerce Wishlist

ti-woocommerce-wishlist

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 4 CVEs

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

Make your store multilingual and enable multiple currencies.

100K 5 CVEs

Developer Profile

Suffusion Commerce Pack Developer Profile

Sayontan Sinha

5 plugins · 10K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Suffusion Commerce Pack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/suffusion-commerce-pack/include/css/admin.css/wp-content/plugins/suffusion-commerce-pack/include/js/admin.js

Script Paths

http://fonts.googleapis.com/css?family=Dosis

Version Parameters

suffusion-commerce-pack/include/css/admin.css?ver=suffusion-commerce-pack/include/js/admin.js?ver=http://fonts.googleapis.com/css?family=Dosis?ver=

HTML / DOM Fingerprints

CSS Classes

suf-ip-wrapper

FAQ