Teleshop Security & Risk Analysis

wordpress.org/plugins/teleshop

Create your online store in Telegram in minutes!

0 active installs v1.0.2 PHP 8.1+ WP 6.2+ Updated May 1, 2025
deliveryshopstoretelegramwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Teleshop Safe to Use in 2026?

Generally Safe

Score 92/100

Teleshop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "teleshop" plugin v1.0.2 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices by exclusively using prepared statements for SQL queries and ensuring all output is properly escaped, indicating a strong defense against common injection and XSS vulnerabilities. The absence of file operations and external HTTP requests further reduces its attack surface in those areas. However, a significant concern arises from the plugin's attack surface. All four identified AJAX handlers lack authentication checks, making them susceptible to unauthorized access and execution by unauthenticated users. This is further exacerbated by a taint analysis flow flagged with "unsanitized paths" and high severity, suggesting a potential pathway for malicious input to be processed in an unsafe manner, despite the overall low number of flows analyzed.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This suggests a lack of past security incidents, which is positive. However, it's important to note that a clean history does not guarantee future security, especially when significant attack surface vulnerabilities are present. The plugin's strengths lie in its secure handling of database interactions and output, but the critical weakness of unprotected AJAX endpoints and a potentially unsanitized taint flow represent a substantial risk that needs immediate attention.

Key Concerns

  • AJAX handlers without authentication
  • High severity taint flow with unsanitized path
Vulnerabilities
None known

Teleshop Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Teleshop Release Timeline

v1.0.2Current
Code Analysis
Analyzed Apr 16, 2026

Teleshop Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
1
508 escaped
Nonce Checks
9
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared18 total queries

Output Escaping

100% escaped509 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<Table_Users> (includes/Admin/Pages/Table_Users.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Teleshop Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_teleshop__set_unset_webhookincludes/Admin/Admin.php:215
authwp_ajax_teleshop__set_delete_commandsincludes/Admin/Admin.php:218
authwp_ajax_teleshop__send_messageincludes/Admin/Admin.php:221
authwp_ajax_teleshop__send_message_to_all_active_chatsincludes/Admin/Admin.php:224
WordPress Hooks 14
actionadmin_enqueue_scriptsincludes/Admin/Admin.php:23
actionadmin_bar_menuincludes/Admin/Admin.php:24
filterplugin_row_metaincludes/Admin/Admin.php:26
actioninitincludes/Admin/Admin.php:27
actionadmin_noticesincludes/Admin/Inactive.php:42
actionadmin_menuincludes/Admin/Pages/Pages.php:17
filtercron_schedulesincludes/Cron.php:22
actioninitincludes/Cron.php:23
actionrest_api_initincludes/Webhooks.php:23
actionbefore_woocommerce_initteleshop.php:172
actionwoocommerce_loadedteleshop.php:179
actionplugins_loadedteleshop.php:181
actioninitteleshop.php:184
filterwoocommerce_get_settings_pagesteleshop.php:289
Maintenance & Trust

Teleshop Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMay 1, 2025
PHP min version8.1
Downloads599

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Teleshop Developer Profile

telebots

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Teleshop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/teleshop/assets/css/widget.css/wp-content/plugins/teleshop/assets/js/widget.js
Script Paths
/wp-content/plugins/teleshop/assets/js/widget.js
Version Parameters
teleshop/assets/css/widget.css?ver=teleshop/assets/js/widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
teleshop-widget-button
Data Attributes
data-teleshop-bot-tokendata-teleshop-bot-usernamedata-teleshop-bot-urldata-teleshop-bot-themedata-teleshop-button-text
JS Globals
TeleshopWidget
Shortcode Output
[teleshop_widget]
FAQ

Frequently Asked Questions about Teleshop