Does Verowa Connect have any unpatched vulnerabilities?

No. All known vulnerabilities in Verowa Connect have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Verowa Connect compatible with WordPress 6.9.4?

According to WordPress.org data, Verowa Connect 3.3.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Verowa Connect compatible with PHP 7.4+?

Verowa Connect requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Verowa Connect updated?

Verowa Connect was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is Verowa Connect's security score?

Verowa Connect has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Verowa Connect Security Review — Score 95/100 (safe)

Safety Verdict

Is Verowa Connect Safe to Use in 2026?

Generally Safe

Score 95/100

Verowa Connect has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 22, 2025Updated 2mo ago

Risk Assessment

The "verowa-connect" plugin v3.3.4 exhibits a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns are present. The static analysis reveals a substantial attack surface, with 9 out of 38 entry points lacking authentication or permission checks, particularly within its REST API routes. The taint analysis is also concerning, with 13 high-severity flows identified, indicating potential pathways for malicious data to be processed without adequate sanitization, even though no critical severity flows were found. The vulnerability history, with a total of 4 known CVEs including one high and three medium severity vulnerabilities, points to a pattern of past security weaknesses, even though none are currently unpatched. The types of past vulnerabilities (XSS and SQL Injection) align with the potential risks highlighted by the taint analysis. Overall, while the plugin has strengths in code hygiene, the unprotected entry points and high-severity taint flows, coupled with a history of exploitable vulnerabilities, present a notable risk that requires careful consideration and mitigation.

Key Concerns

High severity taint flows found
Unprotected REST API routes
Unprotected AJAX handlers
One high severity past CVE
Three medium severity past CVEs

Vulnerabilities

4

Verowa Connect Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1

Medium

3

4 total CVEs

CVE-2025-58257medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Verowa Connect <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 3.3.0 (73d)

CVE-2025-32609medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Verowa Connect <= 3.0.4 - Reflected Cross-Site Scripting

Apr 14, 2025 Patched in 3.0.5 (9d)

CVE-2025-32676medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Verowa Connect <= 3.0.5 - Authenticated (Administrator+) SQL Injection

Apr 9, 2025 Patched in 3.1.0 (70d)

CVE-2024-11460high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection

Dec 5, 2024 Patched in 3.0.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Verowa Connect Code Analysis

Dangerous Functions

0

Raw SQL Queries

28

147 prepared

Unescaped Output

50

716 escaped

Nonce Checks

5

Capability Checks

5

File Operations

5

External Requests

17

Bundled Libraries

0

SQL Query Safety

84% prepared175 total queries

Output Escaping

93% escaped766 total outputs

Data Flows

16 unsanitized

Data Flow Analysis

23 flows16 with unsanitized paths

hook_add_metatags (general\class-verowa-post-type-hooks.php:256)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Verowa Connect Attack Surface

Entry Points38

Unprotected9

REST API Routes 13

POST/wp-json/verowa/v1/update_translationadmin\class-verowa-backend-settings.php:1359

GET/wp-json/verowa/v1/event/(?P<id>\d+)general\rest-routes.php:26

GET/wp-json/verowa/v1/agenda_event/(?P<current_batch>[-a-zA-Z0-9_]+)/general\rest-routes.php:60

POST/wp-json/verowa/v1/plugin_infogeneral\rest-routes.php:167

GET/wp-json/verowa/v1/update_eventgeneral\rest-routes.php:224

GET/wp-json/verowa/v1/update_persongeneral\rest-routes.php:258

POST/wp-json/verowa/v1/save_renting_requestgeneral\rest-routes.php:291

POST/wp-json/verowa/v1/save_subs_requestgeneral\rest-routes.php:359

POST/wp-json/verowa/v1/resend_subscription_mailgeneral\rest-routes.php:438

GET/wp-json/verowa/v1/verowa_get_block_datageneral\rest-routes.php:497

POST/wp-json/verowa/v1/update/(?P<slug>[a-zA-Z0-9-]+)general\rest-routes.php:532

GET/wp-json/verowa/v1/update_posting/postings\class-verowa-postings.php:75

GET/wp-json/verowa/v1/get_default_news_tempaltes/postings\class-verowa-postings.php:90

Shortcodes 25

[verowa_subscription_overview] general\shortcode\deprecated-shortcode-aliases.php:20

[verowa_subscription_form] general\shortcode\deprecated-shortcode-aliases.php:21

[verowa_subscription_confirmation] general\shortcode\deprecated-shortcodes.php:12

[verowa_subscription_validation] general\shortcode\deprecated-shortcodes.php:13

[verowa_posting_list_home] postings\class-verowa-postings.php:122

[verowa_posting_list] postings\class-verowa-postings.php:123

[verowa_image] verowa-connect.php:356

[verowa_urlencode] verowa-connect.php:357

[verowa_encode_link] verowa-connect.php:358

[verowa_renting_form] verowa-connect.php:360

[verowa_renting_validate] verowa-connect.php:361

[verowa_renting_response] verowa-connect.php:362

[verowa_sub_targets] verowa-connect.php:363

[verowa_event_list] verowa-connect.php:366

[verowa_event_liste] verowa-connect.php:367

[verowa_event_details_json] verowa-connect.php:368

[verowa_newsletter_request_form] verowa-connect.php:370

[verowa_newsletter_options_form] verowa-connect.php:371

[verowa_person] verowa-connect.php:373

[verowa_personen] verowa-connect.php:374

[verowa_subs_form] verowa-connect.php:376

[verowa_subs_validation] verowa-connect.php:377

[verowa_subs_confirmation] verowa-connect.php:378

[verowa_roster_entries] verowa-connect.php:380

[verowa-first-roster-entry] verowa-connect.php:381

WordPress Hooks 71

actionadmin_noticesadmin\admin-notices.php:37

actionadmin_menuadmin\admin-pages.php:53

actionrest_api_initadmin\class-verowa-backend-settings.php:1356

actionsave_postadmin\save-post-action.php:14

actionadd_meta_boxesevents\assign-list.php:12

actionsave_postevents\assign-list.php:13

filterthe_contentevents\assign-list.php:14

actiongenesis_before_loopevents\class-verowa-event.php:530

actionwidgets_initevents\event-list-widget.php:21

actionverowa_purge_shortcode_cachefunctions\class-verowa-cache-helper.php:21

actionverowa_purge_cache_by_posttypefunctions\class-verowa-cache-helper.php:22

actiontemplate_redirectfunctions\class-verowa-cache-helper.php:26

actionlitespeed_tag_finalizefunctions\lite-speed.php:15

actionlitespeed_control_finalizefunctions\lite-speed.php:16

actionverowa_delete_user_datafunctions\user-data.php:231

filterquery_varsgeneral\class-verowa-post-type-hooks.php:33

filterthe_titlegeneral\class-verowa-post-type-hooks.php:41

filterbody_classgeneral\class-verowa-post-type-hooks.php:42

filterpre_get_postsgeneral\class-verowa-post-type-hooks.php:43

filtertemplate_includegeneral\class-verowa-post-type-hooks.php:44

filterpost_type_linkgeneral\class-verowa-post-type-hooks.php:45

filtersep_fb_event_listing_shortcodegeneral\class-verowa-post-type-hooks.php:49

actionwp_headgeneral\class-verowa-post-type-hooks.php:52

actionparse_requestgeneral\class-verowa-post-type-hooks.php:55

actiontemplate_redirectgeneral\class-verowa-post-type-hooks.php:56

actionplugins_loadedgeneral\class-verowa-update-controller.php:1365

actioninitgeneral\register-post-type.php:15

filtermanage_edit-verowa_event_columnsgeneral\register-post-type.php:16

actionmanage_verowa_event_posts_custom_columngeneral\register-post-type.php:17

filterbulk_actions-edit-verowa_eventgeneral\register-post-type.php:18

filterbulk_actions-edit-verowa_persongeneral\register-post-type.php:19

filterbulk_actions-edit-verowa_postinggeneral\register-post-type.php:20

actionrest_api_initgeneral\rest-routes.php:23

actionrest_api_initgeneral\rest-routes.php:57

actionrest_api_initgeneral\rest-routes.php:164

actionrest_api_initgeneral\rest-routes.php:221

actionrest_api_initgeneral\rest-routes.php:255

actionrest_api_initgeneral\rest-routes.php:288

actionrest_api_initgeneral\rest-routes.php:356

actionrest_api_initgeneral\rest-routes.php:435

actionrest_api_initgeneral\rest-routes.php:494

actionrest_api_initgeneral\rest-routes.php:529

actioninitgeneral\shortcode\deprecated-shortcode-aliases.php:12

actioninitgeneral\shortcode\deprecated-shortcodes.php:4

actionwpgeneral\update-cron.php:34

actionverowa_connect_importergeneral\update-cron.php:52

filterthe_contentgeneral\wp-filter.php:13

filterwpml_tm_dashboard_documentsgeneral\wp-filter.php:14

actioninitincludes\presets.php:53

actionadd_meta_boxespersons\assign-persons.php:12

actionsave_postpersons\assign-persons.php:13

filterthe_contentpersons\assign-persons.php:14

actionwidgets_initpersons\show-persons-widget.php:20

actionrest_api_initpostings\class-verowa-postings.php:72

actionrest_api_initpostings\class-verowa-postings.php:87

actionverowa_connect_postings_importerpostings\class-verowa-postings.php:102

actionpre_get_postspostings\class-verowa-postings.php:103

actioninitpostings\class-verowa-postings.php:104

filterwp_kses_allowed_htmlpostings\class-verowa-postings.php:106

filterajax_query_attachments_argspostings\class-verowa-postings.php:107

filterpost_thumbnail_htmlpostings\class-verowa-postings.php:108

filterforce_filtered_html_on_importpostings\class-verowa-postings.php:295

actionwp_enqueue_scriptsverowa-connect.php:109

actionadmin_enqueue_scriptsverowa-connect.php:110

filtercron_schedulesverowa-connect.php:112

actioninitverowa-connect.php:286

filterquery_varsverowa-connect.php:324

actionplugins_loadedverowa-connect.php:336

actioninitverowa-connect.php:343

filterthe_contentverowa-connect.php:392

actionthe_postverowa-connect.php:407

Scheduled Events 2

verowa_connect_importer

verowa_connect_postings_importer

Maintenance & Trust

Verowa Connect Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version7.4

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Verowa Connect Alternatives

Swiss 5-cent Rounding

swiss-5-cent-rounding

A

85

Swiss 5-cent Rounding allows you to easily apply rounding to the nearest 0.05 interval for discount and VAT amounts in your WooCommerce shop.

100 No CVEs

Swiss QR Bill

swiss-qr-bill

A

85

Swiss QR Bill extends WooCommerce with a new payment method, allowing you to easily send automated and standardized Swiss QR bills to your clients.

100 No CVEs

Church Social

church-social

A

85

This plugin allows churches to display content from their Church Social account on their WordPress website.

80 No CVEs

Church Options

church-options

A

100

An all-in-one solution for churches to add the custom post types and custom fields they need for an effective website. Compatible theme required.

10 No CVEs

Integration for ChurchSuite

cs-integration

A

100

Integration for ChurchSuite is a plugin to enable display of data from ChurchSuite JSON feeds

10 No CVEs

Developer Profile

Verowa Connect Developer Profile

Picture-Planet GmbH

2 plugins · 100 total installs

81

trust score

Avg Security Score

90/100

Avg Patch Time

38 days

View full developer profile

Detection Fingerprints

How We Detect Verowa Connect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/verowa-connect/css/jquery-ui.min.css/wp-content/plugins/verowa-connect/js/functions.min.js/wp-content/plugins/verowa-connect/css/shared-vc-styles.min.css/wp-content/plugins/verowa-connect/css/verowa-connect.min.css/wp-content/plugins/verowa-connect/css/verowa-agenda.min.css/wp-content/plugins/verowa-connect/js/verowa-agenda.min.js/wp-content/plugins/verowa-connect/css/shared-vc-styles.css

Script Paths

/wp-content/plugins/verowa-connect/js/functions.min.js/wp-content/plugins/verowa-connect/js/verowa-agenda.min.js

Version Parameters

verowa-connect/css/jquery-ui.min.css?ver=verowa-connect/js/functions.min.js?ver=verowa-connect/css/shared-vc-styles.min.css?ver=verowa-connect/css/verowa-connect.min.css?ver=verowa-connect/css/verowa-agenda.min.css?ver=verowa-connect/js/verowa-agenda.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

verowa-connect-sharedverowa-agenda

Data Attributes

data-verowa-templatedata-verowa-roles

JS Globals

verowa_L10n_functionsverowa_L10n_agenda

REST Endpoints

/wp-json/verowa-connect/v1/events

Shortcode Output

[verowa-agenda[verowa-event-list[verowa-event-details-json[verowa-image

FAQ

Verowa Connect Security & Risk Analysis