Does Vendor API for Bazzar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Vendor API for Bazzar compatible with WordPress 6.8.5?

According to WordPress.org data, Vendor API for Bazzar 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Vendor API for Bazzar compatible with PHP 7.4+?

Vendor API for Bazzar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vendor API for Bazzar updated?

Vendor API for Bazzar was last updated on Apr 19, 2025. Frequent updates are generally a positive security signal.

What is Vendor API for Bazzar's security score?

Vendor API for Bazzar has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vendor API for Bazzar Security & Risk Analysis

wordpress.org/plugins/vendor-api-for-bazzar

Custom REST API for integrating WooCommerce products with partner platforms.

0 active installs v1.0 PHP 7.4+ WP 5.6+ Updated Apr 19, 2025

bazzarbazzar-bacustom-apirest-apiwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Vendor API for Bazzar Safe to Use in 2026?

Generally Safe

Score 92/100

Vendor API for Bazzar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "vendor-api-for-bazzar" v1.0 plugin exhibits a concerningly high risk due to a significant unprotected entry point in its REST API. While the code signals indicate good practices in SQL query handling and output escaping, the absence of permission callbacks for the single REST API route is a critical security oversight. This means any unauthenticated user could potentially interact with this endpoint, leading to unauthorized actions or information disclosure depending on its functionality. The static analysis found no taint flows, which is positive, but this does not mitigate the risk posed by the exposed REST API. The plugin's vulnerability history is clean, showing no past CVEs. However, this lack of history doesn't excuse the present security flaw; it could simply mean the plugin hasn't been thoroughly audited or exploited yet. The presence of dangerous functions like `ini_set` and `set_time_limit` is also a minor concern, as these can be misused in certain contexts, although they are not directly tied to an exploitable vulnerability in this analysis.

Key Concerns

REST API route without permission callback
Presence of dangerous functions (ini_set, set_time_limit)

Vulnerabilities

None known

Vendor API for Bazzar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Vendor API for Bazzar Release Timeline

v1.0Current

Code Analysis

Analyzed Apr 16, 2026

Vendor API for Bazzar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

ini_set@ini_set('memory_limit', '3064M');vendor-api-for-bazzar.php:75

set_time_limit@set_time_limit(6000);vendor-api-for-bazzar.php:76

Attack Surface

1 unprotected

Vendor API for Bazzar Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/bazzar/v1/productsvendor-api-for-bazzar.php:50

WordPress Hooks 5

actionplugins_loadedvendor-api-for-bazzar.php:22

actionadmin_noticesvendor-api-for-bazzar.php:33

actionrest_api_initvendor-api-for-bazzar.php:36

actionsave_post_productvendor-api-for-bazzar.php:37

actionwoocommerce_update_productvendor-api-for-bazzar.php:38

Maintenance & Trust

Vendor API for Bazzar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 19, 2025

PHP min version7.4

Downloads268

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Vendor API for Bazzar Alternatives

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs

CoCart – Headless REST API for WooCommerce

cart-rest-api-for-woocommerce

100

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K 1 CVE

Custom API for WP

custom-api-for-wp

Connect WordPress with External APIs and create no-code custom WordPress REST API endpoints to interact with the WordPress database to perform SQL ope …

1K 2 CVEs

MultiManager WP – Manage All Your WordPress Sites Easily

multimanager-wp

Helps to automatically connect a WordPress site to the ICDSoft WordPress MultiManager tool which allows users to manage multiple WordPress sites from …

1K 1 CVE

WCFM – Multivendor Marketplace REST API for WooCommerce

wcfm-marketplace-rest-api

REST API for the most featured and powerful multi vendor plugin for your WooCommerce Multi-vendor Marketplace.

1K 2 CVEs

Developer Profile

Vendor API for Bazzar Developer Profile

desperadohouse

5 plugins · 200 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vendor API for Bazzar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

error

REST Endpoints

/wp-json/bazzar/v1/products

FAQ