WP-Safety

VegaVend Merchant Connector Security & Risk Analysis

wordpress.org/plugins/vegavend-merchant-connector

A plugin that seamlessly integrates and synchronises your products into the VegaVend marketplace.

10 active installs v1.2.0 PHP 7.4+ WP 5.0+ Updated Sep 3, 2025
e-commerceintegrationmarketplacevegavendwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VegaVend Merchant Connector Safe to Use in 2026?

Generally Safe

Score 100/100

VegaVend Merchant Connector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "vegavend-merchant-connector" v1.2.0 plugin demonstrates generally good security practices with a low immediate risk profile. The plugin excels in output escaping and the vast majority of its SQL queries utilize prepared statements, which significantly reduces the likelihood of common vulnerabilities like cross-site scripting (XSS) and SQL injection. The absence of known CVEs and a clean vulnerability history further contributes to a positive security posture.

However, there are specific areas of concern that warrant attention. The presence of 3 AJAX handlers without authentication checks creates a potential attack surface that could be exploited if these endpoints expose sensitive functionality. Additionally, the taint analysis revealed 3 flows with unsanitized paths, which, while not classified as critical or high severity, still represent potential pathways for attackers to manipulate data or execute unintended actions within the plugin's context. The use of the `preg_replace(/e)` dangerous function, though only one instance, also requires careful monitoring as it can be a source of remote code execution vulnerabilities if not handled with extreme care.

In conclusion, the plugin's adherence to many secure coding standards is commendable. The primary weaknesses lie in the unprotected AJAX endpoints and the identified unsanitized paths. While the vulnerability history is currently clean, these code-level concerns mean that ongoing vigilance and potential remediation are advised to maintain a robust security posture.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths identified
  • Presence of dangerous function (preg_replace(/e))
Vulnerabilities
None known

VegaVend Merchant Connector Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

VegaVend Merchant Connector Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
44 prepared
Unescaped Output
14
555 escaped
Nonce Checks
33
Capability Checks
16
File Operations
1
External Requests
19
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/\[et_pb_[^\]]*\].*?\[\/eincludes\vegavend_products.php:1715

Bundled Libraries

Select2

SQL Query Safety

85% prepared52 total queries

Output Escaping

98% escaped569 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths
add_admin_notices (includes\vegavend_products.php:807)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

VegaVend Merchant Connector Attack Surface

Entry Points24
Unprotected3

AJAX Handlers 20

authwp_ajax_vegavend_update_accountincludes\vegavend-ajax-handlers.php:7
authwp_ajax_vegavend_get_store_idincludes\vegavend_account_page.php:36
authwp_ajax_vegavend_update_accountincludes\vegavend_account_page.php:38
authwp_ajax_vegavend_get_policy_templateincludes\vegavend_account_page.php:39
authwp_ajax_vegavend_bulk_editincludes\vegavend_bulk_editor.php:22
authwp_ajax_search_vegavend_categories_quick_editincludes\vegavend_bulk_editor.php:25
authwp_ajax_vegavend_load_category_nameincludes\vegavend_bulk_editor.php:35
authwp_ajax_inline-saveincludes\vegavend_products.php:39
authwp_ajax_load_vegavend_categoriesincludes\vegavend_product_editor_categories.php:29
authwp_ajax_search_vegavend_categoriesincludes\vegavend_product_editor_categories.php:30
authwp_ajax_vegavend_load_issues_ajaxincludes\vegavend_product_issues_page.php:2422
authwp_ajax_vegavend_sync_all_productsincludes\vegavend_product_sync.php:73
authwp_ajax_vegavend_reset_sync_statusincludes\vegavend_product_sync.php:83
authwp_ajax_vegavend_check_store_idincludes\vegavend_settings_page.php:11
authwp_ajax_vegavend_delete_store_idincludes\vegavend_settings_page.php:12
authwp_ajax_vegavend_get_store_idincludes\vegavend_settings_page.php:13
authwp_ajax_get_product_status_dataincludes\vegavend_status_page.php:12
authwp_ajax_get_total_productsincludes\vegavend_status_page.php:13
authwp_ajax_dismiss_vegavend_noticevegavend-merchant-connector.php:86
authwp_ajax_vegavend_load_issues_ajaxvegavend-merchant-connector.php:92

REST API Routes 3

POST/wp-json/vegavend-store-api/v1/ordersincludes\vegavend_order_import.php:13
PUT/wp-json/vegavend-store-api/v1/orders/(?P<id>\d+)includes\vegavend_order_update.php:24
POST/wp-json/vegavend-store-api/v1/product_resyncincludes\vegavend_products.php:2303

Shortcodes 1

[vegavend_account_form] includes\vegavend_account_page.php:35
WordPress Hooks 112
actionproduct_cat_add_form_fieldsadmin\categories.php:13
actionproduct_cat_edit_form_fieldsadmin\categories.php:14
actionedited_product_catadmin\categories.php:15
actioncreate_product_catadmin\categories.php:16
actionadmin_enqueue_scriptsadmin\categories.php:17
actionwoocommerce_product_options_general_product_dataadmin\woocommerce.php:10
actionwoocommerce_product_after_variable_attributesadmin\woocommerce.php:11
actionwoocommerce_save_product_variationadmin\woocommerce.php:12
actionwoocommerce_process_product_metaadmin\woocommerce.php:13
actionadmin_enqueue_scriptsadmin\woocommerce.php:14
actionadmin_footeradmin\woocommerce.php:19
filtertiny_mce_before_initincludes\templates\vegavend-account-form.php:385
filtertiny_mce_before_initincludes\templates\vegavend-account-form.php:394
actionrest_api_initincludes\vegavend_account_page.php:34
actionadmin_enqueue_scriptsincludes\vegavend_account_page.php:37
actionadmin_menuincludes\vegavend_admin_menu.php:11
actionadmin_menuincludes\vegavend_admin_menu.php:12
actionadmin_enqueue_scriptsincludes\vegavend_admin_menu.php:13
filtermanage_edit-product_columnsincludes\vegavend_bulk_editor.php:11
actionmanage_product_posts_custom_columnincludes\vegavend_bulk_editor.php:12
filtermanage_edit-product_sortable_columnsincludes\vegavend_bulk_editor.php:13
actionpre_get_postsincludes\vegavend_bulk_editor.php:16
actionbulk_edit_custom_boxincludes\vegavend_bulk_editor.php:19
actionquick_edit_custom_boxincludes\vegavend_bulk_editor.php:20
actionadmin_footerincludes\vegavend_bulk_editor.php:21
actionsave_postincludes\vegavend_bulk_editor.php:28
actionadmin_enqueue_scriptsincludes\vegavend_bulk_editor.php:31
actionadmin_headincludes\vegavend_bulk_editor.php:32
filterposts_clausesincludes\vegavend_bulk_editor.php:453
filterwoocommerce_email_enabled_new_orderincludes\vegavend_email_handler.php:14
filterwoocommerce_email_enabled_customer_processing_orderincludes\vegavend_email_handler.php:15
filterwoocommerce_email_enabled_customer_completed_orderincludes\vegavend_email_handler.php:16
filterwoocommerce_email_enabled_customer_invoiceincludes\vegavend_email_handler.php:17
actionrest_api_initincludes\vegavend_order_import.php:12
filterwoocommerce_email_recipient_new_orderincludes\vegavend_order_import.php:20
filterwoocommerce_email_recipient_customer_processing_orderincludes\vegavend_order_import.php:21
filterwoocommerce_email_recipient_customer_completed_orderincludes\vegavend_order_import.php:22
filterwoocommerce_email_recipient_customer_invoiceincludes\vegavend_order_import.php:23
filterwoocommerce_email_recipient_customer_noteincludes\vegavend_order_import.php:24
filterwoocommerce_email_recipient_customer_on_hold_orderincludes\vegavend_order_import.php:25
filterwoocommerce_email_recipient_customer_refunded_orderincludes\vegavend_order_import.php:26
filterwoocommerce_email_recipient_customer_partially_refunded_orderincludes\vegavend_order_import.php:27
actionrest_api_initincludes\vegavend_order_update.php:8
actionwoocommerce_order_status_changedincludes\vegavend_order_update.php:9
filterwoocommerce_email_recipient_new_orderincludes\vegavend_order_update.php:11
filterwoocommerce_email_recipient_customer_processing_orderincludes\vegavend_order_update.php:12
filterwoocommerce_email_recipient_customer_completed_orderincludes\vegavend_order_update.php:13
filterwoocommerce_email_recipient_customer_invoiceincludes\vegavend_order_update.php:14
filterwoocommerce_email_recipient_customer_noteincludes\vegavend_order_update.php:15
filterwoocommerce_email_recipient_customer_on_hold_orderincludes\vegavend_order_update.php:16
filterwoocommerce_email_recipient_customer_refunded_orderincludes\vegavend_order_update.php:17
filterwoocommerce_email_recipient_customer_partially_refunded_orderincludes\vegavend_order_update.php:18
actionwoocommerce_order_note_addedincludes\vegavend_order_update.php:20
actionvegavend_save_postincludes\vegavend_products.php:9
actionadd_meta_boxesincludes\vegavend_products.php:10
actionvegavend_save_post_productincludes\vegavend_products.php:11
actionrest_api_initincludes\vegavend_products.php:12
actionwp_trash_postincludes\vegavend_products.php:13
actionvegavend_delayed_product_removalincludes\vegavend_products.php:15
actionvegavend_save_post_productincludes\vegavend_products.php:16
actionadmin_noticesincludes\vegavend_products.php:19
actionadmin_initincludes\vegavend_products.php:22
actiontransition_post_statusincludes\vegavend_products.php:23
actionuntrashed_postincludes\vegavend_products.php:24
actionsave_post_productincludes\vegavend_products.php:27
actionsave_postincludes\vegavend_products.php:28
actionvegavend_all_products_syncedincludes\vegavend_products.php:29
actiontransition_post_statusincludes\vegavend_products.php:30
actiontransition_post_statusincludes\vegavend_products.php:36
actionsave_postincludes\vegavend_products.php:40
actionadd_meta_boxesincludes\vegavend_product_editor_categories.php:20
actionsave_post_productincludes\vegavend_product_editor_categories.php:23
actionadmin_enqueue_scriptsincludes\vegavend_product_editor_categories.php:26
actionadd_meta_boxesincludes\vegavend_product_issues_page.php:69
actionsave_post_productincludes\vegavend_product_issues_page.php:2425
actionwp_trash_postincludes\vegavend_product_issues_page.php:2426
actionuntrash_postincludes\vegavend_product_issues_page.php:2427
actionsave_post_productincludes\vegavend_product_issues_page.php:2430
actiontransition_post_statusincludes\vegavend_product_issues_page.php:2431
actionupdated_post_metaincludes\vegavend_product_issues_page.php:2432
actiondeleted_post_metaincludes\vegavend_product_issues_page.php:2437
actionplugins_loadedincludes\vegavend_product_sync.php:67
actioninitincludes\vegavend_product_sync.php:70
actionvegavend_sync_productsincludes\vegavend_product_sync.php:71
actionvegavend_sync_single_productincludes\vegavend_product_sync.php:72
actionupdate_option_vegavend_sync_via_cronincludes\vegavend_product_sync.php:74
actionupdate_option_vegavend_sync_settingincludes\vegavend_product_sync.php:75
actionvegavend_sync_completedincludes\vegavend_product_sync.php:78
actionvegavend_monitor_sync_healthincludes\vegavend_product_sync.php:81
actionwoocommerce_update_productincludes\vegavend_product_sync.php:86
actionwoocommerce_update_product_variationincludes\vegavend_product_sync.php:87
actionwoocommerce_product_set_stockincludes\vegavend_product_sync.php:90
actionwoocommerce_product_set_stock_statusincludes\vegavend_product_sync.php:91
actionvegavend_recalculate_sync_prioritiesincludes\vegavend_product_sync.php:97
actionadmin_noticesincludes\vegavend_product_sync.php:100
actionadmin_enqueue_scriptsincludes\vegavend_settings_page.php:10
actionadmin_initincludes\vegavend_settings_page.php:14
actionupdate_option_vegavend_sync_via_cronincludes\vegavend_settings_page.php:15
actionadmin_enqueue_scriptsincludes\vegavend_status_page.php:14
actionadmin_footerincludes\vegavend_status_page.php:78
actionplugins_loadedvegavend-merchant-connector.php:70
actionadmin_initvegavend-merchant-connector.php:71
actionadmin_enqueue_scriptsvegavend-merchant-connector.php:74
actionadmin_initvegavend-merchant-connector.php:75
actionrest_api_initvegavend-merchant-connector.php:76
filterrest_pre_serve_requestvegavend-merchant-connector.php:77
actionadmin_noticesvegavend-merchant-connector.php:82
actioninitvegavend-merchant-connector.php:89
actionsave_post_productvegavend-merchant-connector.php:93
actionupdated_post_metavegavend-merchant-connector.php:94
actioninitvegavend-merchant-connector.php:108
actionadmin_noticesvegavend-merchant-connector.php:123

Scheduled Events 1

vegavend_recalculate_sync_priorities
Maintenance & Trust

VegaVend Merchant Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 3, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

VegaVend Merchant Connector Alternatives

Marketplace Integration for Shopee & Lazada

Marketplace Integration for Shopee & Lazada

marketplace-integration-for-shopee-and-lazada

A
92

Sell on Shopee and Lazada from a single integration. Access real-time data syncing, simplified inventory, and order management to scale your business.

80 No CVEs
Sello ChannelConnector

Sello ChannelConnector

sello-channelconnector

C
63

Easily send your products to multiple Nordic and European marketplaces like CDON, Fyndiq, Tradera, Wupti and Coolshop.

80 1 unpatched
Meliconnect

Meliconnect

meliconnect

A
100

Seamless WooCommerce and Mercado Libre integration with real-time sync of products, stock, and prices.

50 No CVEs
Eselt

Eselt

eselt-ebay-amazon-multichannel

A
100

Easily connect your WooCommerce store with the Eselt app to easily sync and manage products across WooCommerce, eBay, and Amazon.

20 No CVEs
Integration E-conomic for WooCommerce

Integration E-conomic for WooCommerce

integration-e-conomic-for-woocommerce

A
100

Seamless WooCommerce Integration with E-conomic

20 No CVEs
Developer Profile

VegaVend Merchant Connector Developer Profile

VegaVend

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VegaVend Merchant Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vegavend-merchant-connector/assets/js/vegavend-admin.js/wp-content/plugins/vegavend-merchant-connector/assets/css/vegavend-admin.css/wp-content/plugins/vegavend-merchant-connector/assets/images/
Script Paths
vegavend-admin-script
Version Parameters
vegavend-merchant-connector/assets/js/vegavend-admin.js?ver=vegavend-merchant-connector/assets/css/vegavend-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
vegavend-connector-wrapvegavend-settings-pagevegavend-status-pagevegavend-support-pagevegavend-account-pagevegavend-issues-pagevegavend-bulk-editor-page
HTML Comments
Improved efficiency of product sync to a priority-based system to reduce load
Data Attributes
data-noncedata-vegavend-skudata-vegavend-product-id
JS Globals
vegavendData
REST Endpoints
/wp-json/vegavend/v1/sync-products/wp-json/vegavend/v1/sync-orders/wp-json/vegavend/v1/get-product-issues
FAQ

Frequently Asked Questions about VegaVend Merchant Connector