Does TrustMate.io – WooCommerce integration have any unpatched vulnerabilities?

Yes — TrustMate.io – WooCommerce integration currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is TrustMate.io – WooCommerce integration compatible with WordPress 6.9.4?

According to WordPress.org data, TrustMate.io – WooCommerce integration 1.16.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is TrustMate.io – WooCommerce integration updated?

TrustMate.io – WooCommerce integration was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is TrustMate.io – WooCommerce integration's security score?

TrustMate.io – WooCommerce integration has a WP-Safety security score of 75/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TrustMate.io – WooCommerce integration Security & Risk Analysis

wordpress.org/plugins/trustmate-io-integration-for-woocommerce

TrustMate - Reviews for your shop and products at you WooCommerce site. Generate valuable traffic and profit more than others!

3K active installs v1.16.0 PHP + WP + Updated Feb 10, 2026

opinionsproductsreviewssurveys

B · Generally Safe

CVEs total3

Unpatched1

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is TrustMate.io – WooCommerce integration Safe to Use in 2026?

Mostly Safe

Score 75/100

TrustMate.io – WooCommerce integration is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 1mo ago

Risk Assessment

The "trustmate-io-integration-for-woocommerce" plugin v1.16.0 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for SQL queries and implementing nonces and capability checks on its single AJAX entry point, several concerning signals are present. A significant portion of its output (81%) is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted without sufficient sanitization. Furthermore, the taint analysis revealed one flow with an unsanitized path, indicating a potential for data manipulation or unauthorized access, though its severity is not classified as critical or high.

The plugin's vulnerability history is a significant concern, with three known medium-severity CVEs, one of which remains unpatched. The common vulnerability types being CSRF and Missing Authorization suggest recurring weaknesses in how user actions and permissions are handled. The most recent vulnerability being in 2025 indicates potential ongoing issues or a recent discovery, which is troubling. The presence of these past vulnerabilities, especially an unpatched one, combined with the taint flow finding, elevates the overall risk profile despite the positive signs in other areas.

In conclusion, while the plugin has strengths in its database interaction and input validation on its primary entry point, the high percentage of unescaped output, the identified unsanitized taint flow, and the history of multiple medium vulnerabilities, including an unpatched one, necessitate caution. Users should be aware of the potential for XSS, and the plugin developer needs to address the unpatched CVE and the identified taint flow urgently.

Key Concerns

Unpatched CVE
High percentage of unescaped output
Flow with unsanitized paths
History of medium severity CVEs

Vulnerabilities

TrustMate.io – WooCommerce integration Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-58802medium · 4.3Cross-Site Request Forgery (CSRF)

TrustMate.io – WooCommerce integration <= 1.14.0 - Cross-Site Request Forgery

Sep 5, 2025Unpatched

WF-b6bfe229-88a9-45bf-8321-0afe52797c46-trustmate-io-integration-for-woocommercemedium · 6.3Missing Authorization

TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update

Jan 3, 2022 Patched in 1.8.12 (750d)

WF-cc912ace-65d9-4833-a3ad-dc5d37989269-trustmate-io-integration-for-woocommercemedium · 6.3Missing Authorization

TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update

Jan 3, 2022 Patched in 1.8.12 (750d)

Code Analysis

Analyzed Mar 16, 2026

TrustMate.io – WooCommerce integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

198

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

19% escaped243 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

save_checkbox (trustmate-plugin.php:132)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TrustMate.io – WooCommerce integration Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_save_checkboxtrustmate-plugin.php:167

WordPress Hooks 28

actioninitcss\register_styles.php:3

actionadmin_headstyles.php:3

actionadmin_enqueue_scriptstrustmate-plugin.php:64

actionadmin_menutrustmate-plugin.php:65

actionwp_footertrustmate-plugin.php:66

actionwp_footertrustmate-plugin.php:67

actionwp_footertrustmate-plugin.php:68

actionwp_footertrustmate-plugin.php:69

actionwp_footertrustmate-plugin.php:70

actionwoocommerce_before_add_to_cart_formtrustmate-plugin.php:71

actionwoocommerce_after_shop_loop_item_titletrustmate-plugin.php:72

actionwp_footertrustmate-plugin.php:73

actionget_footertrustmate-plugin.php:74

actionget_footertrustmate-plugin.php:75

actionget_footertrustmate-plugin.php:76

actionget_footertrustmate-plugin.php:77

actionget_footertrustmate-plugin.php:78

actionadmin_headtrustmate-plugin.php:79

actioninittrustmate-plugin.php:80

actionwoocommerce_checkout_order_processedtrustmate-plugin.php:387

actionwoocommerce_payment_completetrustmate-plugin.php:399

actionwoocommerce_order_status_completedtrustmate-plugin.php:411

actionadmin_headtrustmate-plugin.php:435

actionwoocommerce_thankyoutrustmate-plugin.php:461

actionupdate_option_trustmate_instant_reviewtrustmate-plugin.php:464

actionupdate_option_trustmate_invitations_enabledtrustmate-plugin.php:469

actionupgrader_process_completetrustmate-plugin.php:475

filterscript_loader_tagtrustmate-plugin.php:523

Maintenance & Trust

TrustMate.io – WooCommerce integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version

Downloads50K

Community Trust

Rating80/100

Number of ratings10

Active installs3K

Alternatives

TrustMate.io – WooCommerce integration Alternatives

Auto Approve Product reviews

auto-approve-product-reviews

Auto-approve product reviews with a minimum rating chosen by you

100 No CVEs

WC Product Tabs Plus

wc-product-tabs-plus

Advance tab management for WooCommerce Product tabs

60 No CVEs

GetReview

getreview

Collect reviews from customers who made purchases in the store! Reward them for opinions with a photo. Show reviews on product page.

10 No CVEs

Inline Review

inline-review

Simple inline reviews that you can place in a post.

10 No CVEs

Kommercely Disable Product Reviews

kommercely-disable-product-reviews

100

Completely disable WooCommerce product reviews with one click. Remove reviews tab, meta boxes, widgets, and all review functionality.

0 No CVEs

Developer Profile

TrustMate.io – WooCommerce integration Developer Profile

michalzagdan

1 plugin · 3K total installs

trust score

Avg Security Score

75/100

Avg Patch Time

750 days

View full developer profile

Detection Fingerprints

How We Detect TrustMate.io – WooCommerce integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trustmate-io-integration-for-woocommerce/css/admin.css/wp-content/plugins/trustmate-io-integration-for-woocommerce/css/style.css/wp-content/plugins/trustmate-io-integration-for-woocommerce/js/admin.js/wp-content/plugins/trustmate-io-integration-for-woocommerce/js/frontend.js

Script Paths

/wp-content/plugins/trustmate-io-integration-for-woocommerce/js/admin.js/wp-content/plugins/trustmate-io-integration-for-woocommerce/js/frontend.js

Version Parameters

trustmate-io-integration-for-woocommerce/css/admin.css?ver=trustmate-io-integration-for-woocommerce/css/style.css?ver=trustmate-io-integration-for-woocommerce/js/admin.js?ver=trustmate-io-integration-for-woocommerce/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

tm-widgets-containeralert-wrapper

HTML Comments

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

Data Attributes

name="csrf-token"

JS Globals

trustmate_render_widget_alpacatrustmate_render_widget_badger2trustmate_render_widget_muskrat2trustmate_render_widget_beetrustmate_render_widget_lemurtrustmate_render_widget_hornet+15 more

REST Endpoints

/wp-json/trustmate-io-integration-for-woocommerce

FAQ