Does Vextras for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Vextras for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vextras for WooCommerce compatible with WordPress 5.6.17?

According to WordPress.org data, Vextras for WooCommerce 2.0.2 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Vextras for WooCommerce updated?

Vextras for WooCommerce was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Vextras for WooCommerce's security score?

Vextras for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vextras for WooCommerce Security & Risk Analysis

wordpress.org/plugins/vextras-woocommerce

Vextras is a must-have plugin for any WooCommerce store that wants to drive sales, stay organized and help their customers.

10 active installs v2.0.2 PHP + WP 4.9+ Updated Unknown

automationemailmarketingmessagingworkflows

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Vextras for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Vextras for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The vextras-woocommerce v2.0.2 plugin exhibits significant security concerns primarily due to its exposed attack surface and lack of proper input validation and output sanitization. All five identified AJAX handlers are completely unprotected, meaning any unauthenticated user could potentially trigger them. The presence of two critical taint analysis flows with unsanitized paths further amplifies this risk, indicating potential for code injection or other severe vulnerabilities if these flows are exploited. The plugin also uses the dangerous `unserialize` function twice, which can be a vector for deserialization vulnerabilities if untrusted data is processed.

Key Concerns

5 unprotected AJAX handlers
2 critical taint flows with unsanitized paths
Dangerous function: unserialize used twice
0% properly escaped output
0 nonce checks
2 capability checks (but others missing)

Vulnerabilities

None known

Vextras for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Vextras for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif (empty($cached) || !($cached = unserialize($cached))) {includes\class-vextras-woocommerce-options.php:225

unserialize$this->setWooSession('cart', unserialize($cart->cart));includes\class-vextras-woocommerce-service.php:522

SQL Query Safety

100% prepared12 total queries

Output Escaping

0% escaped15 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

get_user_by_hash (includes\class-vextras-woocommerce-service.php:609)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Vextras for WooCommerce Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_vextras_sign_upincludes\class-vextras-woocommerce.php:216

authwp_ajax_vextras_log_inincludes\class-vextras-woocommerce.php:217

noprivwp_ajax_vextras_get_user_by_hashincludes\class-vextras-woocommerce.php:348

noprivwp_ajax_vextras_set_user_by_emailincludes\class-vextras-woocommerce.php:349

noprivwp_ajax_vextras_phone_homeincludes\class-vextras-woocommerce.php:352

WordPress Hooks 40

actionplugins_loadedincludes\class-vextras-woocommerce.php:186

actionadmin_enqueue_scriptsincludes\class-vextras-woocommerce.php:200

actionadmin_enqueue_scriptsincludes\class-vextras-woocommerce.php:201

actionadmin_menuincludes\class-vextras-woocommerce.php:204

actionadmin_initincludes\class-vextras-woocommerce.php:211

actionplugins_loadedincludes\class-vextras-woocommerce.php:213

actionwp_enqueue_scriptsincludes\class-vextras-woocommerce.php:231

actionwp_enqueue_scriptsincludes\class-vextras-woocommerce.php:232

actionwoocommerce_emailincludes\class-vextras-woocommerce.php:247

actionwoocommerce_ppe_checkout_order_reviewincludes\class-vextras-woocommerce.php:267

actionwoocommerce_register_formincludes\class-vextras-woocommerce.php:268

actionwoocommerce_checkout_order_processedincludes\class-vextras-woocommerce.php:270

actionwoocommerce_ppe_do_payactionincludes\class-vextras-woocommerce.php:271

actionwoocommerce_register_postincludes\class-vextras-woocommerce.php:272

actionadmin_initincludes\class-vextras-woocommerce.php:287

actionwoocommerce_initincludes\class-vextras-woocommerce.php:288

filterhttp_request_argsincludes\class-vextras-woocommerce.php:291

actioninitincludes\class-vextras-woocommerce.php:294

actionwoocommerce_api_create_orderincludes\class-vextras-woocommerce.php:297

actionwoocommerce_thankyouincludes\class-vextras-woocommerce.php:298

actionwoocommerce_order_status_changedincludes\class-vextras-woocommerce.php:299

actionwp_trash_postincludes\class-vextras-woocommerce.php:302

actionuntrashed_postincludes\class-vextras-woocommerce.php:303

actionsave_postincludes\class-vextras-woocommerce.php:306

actionwoocommerce_new_productincludes\class-vextras-woocommerce.php:309

actionwoocommerce_update_productincludes\class-vextras-woocommerce.php:312

actionwoocommerce_trash_productincludes\class-vextras-woocommerce.php:315

actionwoocommerce_delete_productincludes\class-vextras-woocommerce.php:318

actionwoocommerce_ajax_added_to_cartincludes\class-vextras-woocommerce.php:321

actionwoocommerce_cart_item_removedincludes\class-vextras-woocommerce.php:324

actionwoocommerce_cart_item_restoredincludes\class-vextras-woocommerce.php:327

actionwoocommerce_after_cart_item_quantity_updateincludes\class-vextras-woocommerce.php:330

filterwoocommerce_update_cart_action_cart_updatedincludes\class-vextras-woocommerce.php:333

actionwoocommerce_cart_emptiedincludes\class-vextras-woocommerce.php:337

actionuser_registerincludes\class-vextras-woocommerce.php:340

actionprofile_updateincludes\class-vextras-woocommerce.php:343

actionrest_api_initvextras-woocommerce.php:302

filterwoocommerce_get_catalog_ordering_argsvextras-woocommerce.php:314

filterwoocommerce_default_catalog_orderby_optionsvextras-woocommerce.php:340

filterwoocommerce_catalog_orderbyvextras-woocommerce.php:341

Maintenance & Trust

Vextras for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Vextras for WooCommerce Alternatives

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

themarketer

Collect subscribers. Send newsletters. Create 1:1 personalised emails using dynamic blocks. Activate one of almost 30 predefined workflows.

600 1 CVE

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs

MailerLite – WooCommerce integration

woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K 4 CVEs

Developer Profile

Vextras for WooCommerce Developer Profile

ryanhungate

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vextras for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vextras-woocommerce/assets/css/vextras-woocommerce-public.css/wp-content/plugins/vextras-woocommerce/assets/js/vextras-woocommerce-public.js/wp-content/plugins/vextras-woocommerce/assets/css/vextras-woocommerce-admin.css/wp-content/plugins/vextras-woocommerce/assets/js/vextras-woocommerce-admin.js

Script Paths

/wp-content/plugins/vextras-woocommerce/assets/js/vextras-woocommerce-public.js/wp-content/plugins/vextras-woocommerce/assets/js/vextras-woocommerce-admin.js

Version Parameters

vextras-woocommerce/assets/css/vextras-woocommerce-public.css?ver=vextras-woocommerce/assets/js/vextras-woocommerce-public.js?ver=vextras-woocommerce/assets/css/vextras-woocommerce-admin.css?ver=vextras-woocommerce/assets/js/vextras-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

vextras-woocommerce

Data Attributes

data-vextras-ajax-url

JS Globals

Vextras

REST Endpoints

/wp-json/vextras/v1/skus

FAQ