Does Token Vendor for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Token Vendor for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Token Vendor for WooCommerce compatible with WordPress 4.9.29?

According to WordPress.org data, Token Vendor for WooCommerce 0.1.11 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Token Vendor for WooCommerce compatible with PHP 7.1+?

Token Vendor for WooCommerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Token Vendor for WooCommerce updated?

Token Vendor for WooCommerce was last updated on Dec 5, 2018. Frequent updates are generally a positive security signal.

What is Token Vendor for WooCommerce's security score?

Token Vendor for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Token Vendor for WooCommerce Security & Risk Analysis

wordpress.org/plugins/token-vendor-for-woocommerce

Enables to generate token as product, which can be validated by the WC shop while it is valid and is not expired.

0 active installs v0.1.11 PHP 7.1+ WP 4.6+ Updated Dec 5, 2018

woocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Token Vendor for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Token Vendor for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "token-vendor-for-woocommerce" plugin v0.1.11 demonstrates a generally positive security posture, with several good practices observed. All identified AJAX handlers include authentication checks, and all SQL queries utilize prepared statements, which significantly mitigates the risk of SQL injection. The plugin also incorporates nonce checks and capability checks, further enhancing its security. A high percentage of output escaping indicates a good effort to prevent cross-site scripting vulnerabilities.

However, the taint analysis reveals four flows with unsanitized paths. While these did not reach a critical or high severity level in the static analysis, they represent a potential area of concern if user-supplied input is not handled with extreme care throughout these flows. The presence of file operations and external HTTP requests, although not flagged as inherently problematic, warrants careful review in conjunction with the unsanitized paths. The plugin's clean vulnerability history is a strong positive indicator, suggesting a lack of previously discovered exploitable flaws.

In conclusion, the plugin has a solid foundation of secure coding practices. The primary area for improvement lies in thoroughly sanitizing all user-controlled input along the identified unsanitized paths to eliminate any potential for unexpected behavior or security vulnerabilities. The absence of known CVEs and the strong implementation of core security features like prepared statements and authentication checks are commendable strengths.

Key Concerns

Unsanitized paths in taint analysis

Vulnerabilities

None known

Token Vendor for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Token Vendor for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

209 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

87% escaped239 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

send_header (includes\rest-api\class-ntvwc-rest-api-endpoints.php:134)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Token Vendor for WooCommerce Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ntvwc_update_option_dataincludes\class-ntvwc-option-manager.php:278

WordPress Hooks 41

actionnetwork_admin_menuincludes\3rd\ntvwc-client\class\class-ntvwc-client-page.php:123

actionadmin_menuincludes\3rd\ntvwc-client\class\class-ntvwc-client-page.php:126

actionall_admin_noticesincludes\3rd\ntvwc-client\class\class-ntvwc-client-page.php:127

actionnetwork_admin_menuincludes\3rd\ntvwc-client\class\class-ntvwc-client.php:327

actionadmin_menuincludes\3rd\ntvwc-client\class\class-ntvwc-client.php:330

actionall_admin_noticesincludes\3rd\ntvwc-client\class\class-ntvwc-client.php:333

filtercron_schedulesincludes\3rd\ntvwc-client\class\class-ntvwc-client.php:338

actioninitincludes\abstract\class-ntvwc-endpoint-abstract.php:24

filterwoocommerce_settings_pagesincludes\abstract\class-ntvwc-endpoint-abstract.php:25

filterquery_varsincludes\abstract\class-ntvwc-endpoint-abstract.php:26

filterthe_titleincludes\abstract\class-ntvwc-endpoint-abstract.php:27

filterwoocommerce_account_menu_itemsincludes\abstract\class-ntvwc-endpoint-abstract.php:28

actionwp_footerincludes\abstract\class-ntvwc-endpoint-abstract.php:30

actionadmin_menuincludes\admin\class-ntvwc-admin-pages.php:68

actionadmin_enqueue_scriptsincludes\admin\class-ntvwc-admin-pages.php:71

actionadmin_menuincludes\admin\class-ntvwc-admin-pages.php:74

actionadd_meta_boxesincludes\admin\class-ntvwc-order-metabox.php:62

actionadmin_enqueue_scriptsincludes\admin\class-ntvwc-product-metabox.php:70

actionsave_postincludes\admin\class-ntvwc-product-metabox.php:77

actionwoocommerce_process_product_meta_simpleincludes\admin\class-ntvwc-product-metabox.php:87

filterwoocommerce_product_data_tabsincludes\admin\class-ntvwc-product-metabox.php:104

filterproduct_type_optionsincludes\admin\class-ntvwc-product-metabox.php:106

actionwoocommerce_product_options_general_product_dataincludes\admin\class-ntvwc-product-metabox.php:112

actionntvwc_action_render_product_form_startincludes\admin\class-ntvwc-product-metabox.php:114

actionadmin_enqueue_scriptsincludes\class-ntvwc-option-manager.php:275

filterwoocommerce_order_item_needs_processingincludes\class-ntvwc-order-manager.php:112

actionwoocommerce_order_status_completedincludes\class-ntvwc-token-manager.php:112

filterntvwc_filter_rest_api_maybe_update_tokenincludes\class-ntvwc-token-manager.php:123

actionplugins_loadedincludes\class-ntvwc.php:343

actionwp_enqueue_scriptsincludes\class-ntvwc.php:484

actionadmin_enqueue_scriptsincludes\class-ntvwc.php:485

actioncustomize_preview_initincludes\class-ntvwc.php:486

actioncustomize_controls_print_footer_scriptsincludes\class-ntvwc.php:487

actionwp_enqueue_scriptsincludes\endpoint\class-ntvwc-endpoint-purchased-tokens.php:35

actionwp_footerincludes\endpoint\class-ntvwc-endpoint-purchased-tokens.php:36

actionall_admin_noticesincludes\function\functions-notice.php:132

actionall_admin_noticesincludes\notification\class-ntvwc-notification-manager.php:93

actioninitincludes\notification\class-ntvwc-post-type-notification.php:69

actionrest_api_initincludes\rest-api\class-ntvwc-rest-api.php:162

filterrest_api_initincludes\rest-api\class-ntvwc-rest-api.php:163

actioninitincludes\token\class-ntvwc-post-type-token.php:78

Maintenance & Trust

Token Vendor for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 5, 2018

PHP min version7.1

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Token Vendor for WooCommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Developer Profile

Token Vendor for WooCommerce Developer Profile

Nora

6 plugins · 230 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Token Vendor for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/token-vendor-for-woocommerce/assets/js/admin-setting-page.js/wp-content/plugins/token-vendor-for-woocommerce/assets/css/admin-menu-pages.css

Script Paths

/wp-content/plugins/token-vendor-for-woocommerce/assets/js/admin-setting-page.js

Version Parameters

/wp-content/plugins/token-vendor-for-woocommerce/assets/js/admin-setting-page.js?ver=/wp-content/plugins/token-vendor-for-woocommerce/assets/css/admin-menu-pages.css?ver=

HTML / DOM Fingerprints

CSS Classes

ntvwc-admin-page

HTML Comments

+25 more

Data Attributes

data-id="ntvwc_admin_page"

FAQ