Does TangBuy Dropshipping have any unpatched vulnerabilities?

No. All known vulnerabilities in TangBuy Dropshipping have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TangBuy Dropshipping compatible with WordPress 6.8.5?

According to WordPress.org data, TangBuy Dropshipping 2.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is TangBuy Dropshipping compatible with PHP 7.4+?

TangBuy Dropshipping requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TangBuy Dropshipping updated?

TangBuy Dropshipping was last updated on Nov 24, 2025. Frequent updates are generally a positive security signal.

What is TangBuy Dropshipping's security score?

TangBuy Dropshipping has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TangBuy Dropshipping Security & Risk Analysis

wordpress.org/plugins/tangbuy-dropshipping

TangBuy Dropshipping plugin with advanced WooCommerce integration, async image processing, and performance optimization.

10 active installs v2.0.3 PHP 7.4+ WP 5.0+ Updated Nov 24, 2025

dropshippingecommerceimportproductswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TangBuy Dropshipping Safe to Use in 2026?

Generally Safe

Score 100/100

TangBuy Dropshipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The tangbuy-dropshipping plugin v2.0.3 exhibits a generally strong security posture, with a notable absence of known vulnerabilities and excellent practices in output escaping and REST API route protection. The plugin also effectively utilizes nonce checks for its AJAX handlers and employs prepared statements for a significant majority of its SQL queries. However, the presence of three instances of the `shell_exec` function, even if not directly exposed by the static analysis as being tainted, represents a significant potential risk. Any improper sanitization or validation of inputs passed to `shell_exec` could lead to remote code execution vulnerabilities. Furthermore, the taint analysis, while reporting no critical or high-severity flows, did identify two flows with unsanitized paths, which warrants further investigation to ensure these do not lead to vulnerabilities in conjunction with other factors.

Key Concerns

Dangerous function: shell_exec (3 instances)
Taint flows with unsanitized paths (2 instances)

Vulnerabilities

None known

TangBuy Dropshipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TangBuy Dropshipping Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_exec$output = shell_exec('wmic cpu get NumberOfCores /value 2>nul');includes\callback\class-scheduler-config.php:253

shell_exec$output = shell_exec('nproc 2>/dev/null');includes\callback\class-scheduler-config.php:259

shell_exec$output = shell_exec('grep -c ^processor /proc/cpuinfo 2>/dev/null');includes\callback\class-scheduler-config.php:264

SQL Query Safety

79% prepared33 total queries

Output Escaping

100% escaped100 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

ajax_update_scheduler_config (includes\callback\class-callback-admin.php:369)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TangBuy Dropshipping Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_tangbuy_retry_variationincludes\callback\class-callback-admin.php:55

authwp_ajax_tangbuy_get_callback_statsincludes\callback\class-callback-admin.php:56

authwp_ajax_tangbuy_update_scheduler_configincludes\callback\class-callback-admin.php:57

authwp_ajax_tangbuy_reset_scheduler_loadsincludes\callback\class-callback-admin.php:58

authwp_ajax_tangbuy_get_callback_logsincludes\callback\class-callback-admin.php:59

authwp_ajax_tangbuy_verify_tokentangbuy-dropshipping.php:304

authwp_ajax_tangbuy_disconnecttangbuy-dropshipping.php:356

WordPress Hooks 41

actionadmin_menuincludes\callback\class-callback-admin.php:50

actionadmin_enqueue_scriptsincludes\callback\class-callback-admin.php:51

actionwoocommerce_rest_insert_product_variation_objectincludes\callback\class-callback-integration.php:128

actionwoocommerce_rest_insert_product_variation_objectincludes\callback\class-callback-integration.php:132

actiontangbuy_image_interceptedincludes\callback\class-callback-integration.php:136

actionrest_api_initincludes\callback\class-multi-scheduler-handler.php:73

actionwoocommerce_rest_insert_product_variation_objectincludes\callback\class-multi-scheduler-handler.php:76

actionadmin_noticesincludes\callback\class-multi-scheduler-handler.php:80

filterrest_request_before_callbacksincludes\callback\class-multi-scheduler-handler.php:104

actionrest_api_initincludes\class-action-scheduler-handler.php:75

actionwoocommerce_rest_insert_product_variation_objectincludes\class-action-scheduler-handler.php:78

actionwoocommerce_rest_insert_product_objectincludes\class-action-scheduler-handler.php:82

actionadmin_noticesincludes\class-action-scheduler-handler.php:86

actiontangbuy_cleanup_old_logsincludes\class-action-scheduler-handler.php:89

filterrest_pre_dispatchincludes\class-action-scheduler-handler.php:109

filterhttp_request_timeoutincludes\class-action-scheduler-handler.php:153

filterhttp_request_argsincludes\class-action-scheduler-handler.php:771

actiontangbuy_download_variation_imageincludes\class-async-image-handler-simple.php:42

filterwoocommerce_rest_pre_insert_product_variation_objectincludes\class-async-image-handler-simple.php:46

actionrest_api_initincludes\class-wc-batch-variation-service.php:62

filterwoocommerce_rest_prepare_product_variation_objectincludes\class-wc-batch-variation-service.php:70

actionwoocommerce_rest_insert_product_variation_objectincludes\class-wc-batch-variation-service.php:71

actionwoocommerce_rest_prepare_product_variation_objectincludes\class-wc-batch-variation-service.php:74

filterwoocommerce_rest_prepare_product_variation_objectincludes\class-woocommerce-variation-optimizer.php:56

actionwoocommerce_rest_insert_product_variation_objectincludes\class-woocommerce-variation-optimizer.php:57

actioninitincludes\class-woocommerce-variation-optimizer.php:60

actioninittangbuy-dropshipping.php:173

actioninittangbuy-dropshipping.php:174

actioninittangbuy-dropshipping.php:175

actioninittangbuy-dropshipping.php:176

actionbefore_woocommerce_inittangbuy-dropshipping.php:189

actionadmin_enqueue_scriptstangbuy-dropshipping.php:280

actionadmin_menutangbuy-dropshipping.php:298

actioninittangbuy-dropshipping.php:677

filterwp_image_editor_before_changetangbuy-dropshipping.php:703

filterwp_image_editorstangbuy-dropshipping.php:706

filterwp_handle_upload_prefiltertangbuy-dropshipping.php:709

filterwp_editor_set_qualitytangbuy-dropshipping.php:712

actionwp_loadedtangbuy-dropshipping.php:751

actionadmin_inittangbuy-dropshipping.php:816

actionadmin_noticestangbuy-dropshipping.php:830

Scheduled Events 1

tangbuy_download_variation_image

Maintenance & Trust

TangBuy Dropshipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 24, 2025

PHP min version7.4

Downloads180

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

TangBuy Dropshipping Alternatives

Dropshipping XML for WooCommerce

dropshipping-xml-for-woocommerce

100

Import products from CSV or XML product feeds to WooCommerce. WooCommerce dropshipping plugin to import wholesale products, update and synchronize the …

900 No CVEs

Sharkdropship & affiliate for Amazon

sharkdropship-affiliate-for-amazon

100

Complete Amazon dropshipping solution for WordPress and WooCommerce. Import products, manage inventory, and automate your dropshipping business.

60 No CVEs

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, …

90K 7 CVEs

WP All Import – Product Import for WooCommerce

woocommerce-xml-csv-product-import

100

Drag & drop to import products from any CSV, XML, Excel, or Google Sheets file. Supports variations, images, attributes, brands, and more with pow …

20K No CVEs

Bulky – Bulk Edit Products for WooCommerce

bulky-bulk-edit-products-for-woo

100

A helpful tool that allows you to bulk edit available attributes of products such as ID, Title, Content,...

10K No CVEs

Developer Profile

TangBuy Dropshipping Developer Profile

tangbuydropshipping

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TangBuy Dropshipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tangbuy-dropshipping/css/bootstrap.min.css/wp-content/plugins/tangbuy-dropshipping/css/token-auth.css/wp-content/plugins/tangbuy-dropshipping/js/bootstrap.min.js/wp-content/plugins/tangbuy-dropshipping/js/token-auth.js

Script Paths

/wp-content/plugins/tangbuy-dropshipping/js/bootstrap.min.js/wp-content/plugins/tangbuy-dropshipping/js/token-auth.js

Version Parameters

tangbuy-dropshipping/css/bootstrap.min.css?ver=tangbuy-dropshipping/css/token-auth.css?ver=tangbuy-dropshipping/js/bootstrap.min.js?ver=tangbuy-dropshipping/js/token-auth.js?ver=

HTML / DOM Fingerprints

CSS Classes

tangbuy-page-title

HTML Comments

+36 more

Data Attributes

data-nonce

JS Globals

tangbuy_ajaxtangbuy_form_action

FAQ