Orders Synchronization for Merit Aktiva Security & Risk Analysis

wordpress.org/plugins/synchronization-merit-aktiva

Orders Synchronization for Woocommerce to Merit Aktiva

10 active installs v1.0.0 PHP + WP 6.7+ Updated Jul 18, 2025
commentsspam
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Orders Synchronization for Merit Aktiva Safe to Use in 2026?

Generally Safe

Score 100/100

Orders Synchronization for Merit Aktiva has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12mo ago
Risk Assessment

The "synchronization-merit-aktiva" plugin v1.0.0 exhibits a concerning security posture due to its significant reliance on unprotected entry points. While the absence of known CVEs and taint flows suggests a lack of externally documented vulnerabilities and complex exploitable data handling, the static analysis reveals critical weaknesses.

The plugin exposes two AJAX handlers, both of which lack any form of authentication or capability checks. This presents a direct attack vector, allowing any unauthenticated user to potentially trigger plugin functionality, leading to unintended consequences or information disclosure. Furthermore, the low percentage of properly escaped outputs (32%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper sanitization.

Although the plugin demonstrates some good practices by using prepared statements for the majority of its SQL queries and has no recorded vulnerability history, these strengths are overshadowed by the fundamental security flaws in its entry point handling and output sanitization. The lack of nonces and capability checks on AJAX handlers is a severe oversight. Consequently, while the plugin might appear safe based on its CVE history, it carries a substantial inherent risk that needs immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping coverage
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

Orders Synchronization for Merit Aktiva Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Orders Synchronization for Merit Aktiva Release Timeline

v1.0.0.1
v1.0
Code Analysis
Analyzed Mar 17, 2026

Orders Synchronization for Merit Aktiva Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
15
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

80% prepared5 total queries

Output Escaping

32% escaped22 total outputs
Attack Surface
2 unprotected

Orders Synchronization for Merit Aktiva Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_sync_merit_invoicesadmin\class-merit-aktiva-API-get-all-invoices.php:11
authwp_ajax_sync_invoiceadmin\class-merit-aktiva-create-invoice.php:13
WordPress Hooks 15
actionadmin_initadmin\class-merit-aktiva-filter-create-invoice.php:13
actionplugins_loadedadmin\class-merit-aktiva-filter-create-invoice.php:14
actioncurrent_screenadmin\class-merit-aktiva-filter-create-invoice.php:15
actionadmin_initadmin\class-merit-aktiva-filter-create-invoice.php:23
actionadmin_menuadmin\metaboxes\merit-aktiva-plugin-options.php:4
actionadmin_initadmin\metaboxes\merit-aktiva-plugin-options.php:5
actionwoocommerce_initadmin\woocommerce-extra-fields.php:2
actionwoocommerce_store_api_checkout_order_processedadmin\woocommerce-extra-fields.php:47
actionwoocommerce_admin_order_data_after_billing_addressadmin\woocommerce-extra-fields.php:52
actionwp_footeradmin\woocommerce-extra-fields.php:77
actionplugins_loadedincludes\class-merit-aktiva-syncronization.php:169
actionadmin_enqueue_scriptsincludes\class-merit-aktiva-syncronization.php:184
actionadmin_enqueue_scriptsincludes\class-merit-aktiva-syncronization.php:185
actionwp_enqueue_scriptsincludes\class-merit-aktiva-syncronization.php:200
actionwp_enqueue_scriptsincludes\class-merit-aktiva-syncronization.php:201
Maintenance & Trust

Orders Synchronization for Merit Aktiva Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJul 18, 2025
PHP min version
Downloads935

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Orders Synchronization for Merit Aktiva Developer Profile

freelancermartin

3 plugins · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Orders Synchronization for Merit Aktiva

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/synchronization-merit-aktiva/admin/css/merit-aktiva-syncronization-admin.css/wp-content/plugins/synchronization-merit-aktiva/admin/js/merit-aktiva-syncronization-admin.js
Script Paths
/wp-content/plugins/synchronization-merit-aktiva/admin/js/merit-aktiva-syncronization-admin.js
Version Parameters
merit-aktiva-syncronization/admin/css/merit-aktiva-syncronization-admin.css?ver=merit-aktiva-syncronization/admin/js/merit-aktiva-syncronization-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Orders Synchronization for Merit Aktiva