Does Universell have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Universell compatible with WordPress 6.8.5?

According to WordPress.org data, Universell 3.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Universell compatible with PHP 7.2+?

Universell requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Universell updated?

Universell was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is Universell's security score?

Universell has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Universell Security & Risk Analysis

wordpress.org/plugins/universell

Easily sync your WordPress site with the Universell platform for seamless integration of product, customer, and order data.

0 active installs v3.0.0 PHP 7.2+ WP 5.2+ Updated Jan 30, 2026

customers-synce-commerceintegrationorders-syncproducts-sync

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Universell Safe to Use in 2026?

Generally Safe

Score 100/100

Universell has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "universell" v3.0.0 plugin exhibits a generally good security posture, with strong adherence to secure coding practices. The plugin effectively utilizes prepared statements for all SQL queries and demonstrates a high level of output escaping, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The absence of known CVEs and historical vulnerabilities further suggests a mature and well-maintained codebase. However, the plugin does present some areas of concern regarding its attack surface. A significant number of AJAX handlers and a REST API route lack proper authentication or permission checks, creating potential entry points for unauthorized actions if not adequately secured by the WordPress environment itself. While taint analysis did not reveal any immediate critical or high-severity flows, the presence of unprotected entry points warrants careful consideration.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Large attack surface without proper checks

Vulnerabilities

None known

Universell Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Universell Release Timeline

v3.0.0Current

v2.1.1

Code Analysis

Analyzed Apr 16, 2026

Universell Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

356 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared31 total queries

Output Escaping

99% escaped358 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<index> (index.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Universell Attack Surface

Entry Points17

Unprotected6

AJAX Handlers 13

authwp_ajax_set_sync_completeduniversell.php:264

authwp_ajax_get_sync_completeduniversell.php:272

noprivwp_ajax_get_sync_completeduniversell.php:273

authwp_ajax_universell_handle_productsuniversell.php:416

noprivwp_ajax_universell_handle_productsuniversell.php:417

authwp_ajax_universell_start_order_syncuniversell.php:1299

noprivwp_ajax_universell_start_order_syncuniversell.php:1300

authwp_ajax_universell_check_order_progressuniversell.php:1487

noprivwp_ajax_universell_check_order_progressuniversell.php:1488

authwp_ajax_universellProductsuniversell.php:1562

noprivwp_ajax_universellProductsuniversell.php:1563

authwp_ajax_universell_shop_get_productsuniversell.php:1865

noprivwp_ajax_universell_shop_get_productsuniversell.php:1866

REST API Routes 1

GET/wp-json/apf-addon/v1/product-meta/(?P<id>\d+)universell.php:3417

Shortcodes 3

[my_support] universell.php:3454

[total_completed_products] universell.php:4078

[syncCompleted] universell.php:4132

WordPress Hooks 47

actionwp_enqueue_scriptslayout/footer.php:34

actionwp_enqueue_scriptsuniversell.php:101

filterscript_loader_taguniversell.php:113

actionwp_enqueue_scriptsuniversell.php:129

actioninituniversell.php:149

actioninituniversell.php:197

actioninituniversell.php:211

actionadmin_menuuniversell.php:214

actionadmin_enqueue_scriptsuniversell.php:331

actionadmin_enqueue_scriptsuniversell.php:335

actionadmin_enqueue_scriptsuniversell.php:351

actionafter_setup_themeuniversell.php:388

actionsync_product_to_external_apiuniversell.php:537

actionafter_setup_themeuniversell.php:1229

actionafter_setup_themeuniversell.php:1274

actionuniversell_sync_single_orderuniversell.php:1390

actionwoocommerce_cart_calculate_feesuniversell.php:1626

actionwoocommerce_process_product_metauniversell.php:1792

actionuniversell_sync_productsuniversell.php:1897

actionwoocommerce_checkout_update_order_metauniversell.php:2505

actionwoocommerce_after_checkout_billing_formuniversell.php:2536

actionwoocommerce_checkout_update_order_metauniversell.php:2540

actionwoocommerce_order_status_processinguniversell.php:2798

actionwoocommerce_order_status_on-holduniversell.php:2799

actionwoocommerce_checkout_order_processeduniversell.php:2802

filterwoocommerce_thankyou_order_received_textuniversell.php:2920

actionwp_headuniversell.php:2949

actionpre_get_postsuniversell.php:3042

actionwoocommerce_shipping_inituniversell.php:3073

filterwoocommerce_shipping_methodsuniversell.php:3187

actioninituniversell.php:3202

actioninituniversell.php:3227

filteruse_block_editor_for_postuniversell.php:3229

actionwoocommerce_before_add_to_cart_buttonuniversell.php:3270

actionwoocommerce_single_product_summaryuniversell.php:3308

actionwp_enqueue_scriptsuniversell.php:3326

filterwoocommerce_add_cart_item_datauniversell.php:3337

actionwoocommerce_before_calculate_totalsuniversell.php:3378

filterwoocommerce_get_item_datauniversell.php:3395

actionwoocommerce_add_order_item_metauniversell.php:3407

actionrest_api_inituniversell.php:3416

actionplugins_loadeduniversell.php:3461

actionwoocommerce_email_before_order_tableuniversell.php:3483

actionwoocommerce_checkout_create_orderuniversell.php:3484

filterwoocommerce_payment_gatewaysuniversell.php:4029

actionadmin_post_export_sync_errorsuniversell.php:4215

actionadmin_post_nopriv_export_sync_errorsuniversell.php:4216

Maintenance & Trust

Universell Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 30, 2026

PHP min version7.2

Downloads414

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Universell Alternatives

Data Exchange for WooCommerce and 1C:Enterprise/1С:Предприятие

woocommerce-and-1centerprise-data-exchange

100

Provides data exchange between the WooCommerce plugin and business application "1C:Enterprise 8. Trade Management" (and compatible ones).

1K No CVEs

Sharespine Woocommerce Connector

sharespine-woocommerce-connector

Premium Synchronizing of customers, products and orders from WooCommerce to Fortnox, Specter, Visma, Mamut, Hogia, CDON, Fyndiq, Tradera, Afound ...

500 1 CVE

Magento 2 WP Integration

m2wp

Combine Magento 2 with the CMS capabilities of WordPress. Seamless user experience for visitors by integrating the design of Magento and WordPress.

100 1 unpatched

Integration E-conomic for WooCommerce

integration-e-conomic-for-woocommerce

100

Seamless WooCommerce Integration with E-conomic

20 No CVEs

Apptivo eCommerce

apptivo-ecommerce

100

Create, display, and collect payment for your products online. A complete eCommerce solution integrated with Apptivo.

10 No CVEs

Developer Profile

Universell Developer Profile

Universell

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Universell

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/universell/css/bootstrap.min.css/wp-content/plugins/universell/css/style.css/wp-content/plugins/universell/js/toggle.js/wp-content/plugins/universell/js/common.js/wp-content/plugins/universell/js/dataProcessing.js/wp-content/plugins/universell/js/popper.min.js/wp-content/plugins/universell/js/bootstrap.bundle.min.js

Script Paths

https://secure.primegateway.com/token/Collect.jshttps://jstest.authorize.net/v1/Accept.js

Version Parameters

universell-style-csspasswordTogglecommondataProcessing

HTML / DOM Fingerprints

CSS Classes

universell-products

Data Attributes

data-tokenization-key

JS Globals

universellData

FAQ