Does VkCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in VkCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VkCommerce compatible with WordPress 5.9.13?

According to WordPress.org data, VkCommerce 1.1.1 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is VkCommerce compatible with PHP 7.0+?

VkCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VkCommerce updated?

VkCommerce was last updated on Apr 26, 2022. Frequent updates are generally a positive security signal.

What is VkCommerce's security score?

VkCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VkCommerce Security & Risk Analysis

wordpress.org/plugins/vkcommerce

The plugin publishes photos and descriptions of products from your online store to the storefront in a VKontakte group.

90 active installs v1.1.1 PHP 7.0+ WP 5.1+ Updated Apr 26, 2022

ecommerceproductssocialvkontaktewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VkCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

VkCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The vkcommerce plugin v1.1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any detected critical or high severity taint flows, raw SQL queries, or unescaped outputs for the vast majority of cases is a significant positive. The plugin also correctly implements capability checks on its entry points and avoids bundled libraries, which can often introduce vulnerabilities. The vulnerability history further reinforces this, showing no past CVEs, indicating a history of stable and secure development.

However, a notable concern arises from the complete lack of nonce checks on its two AJAX handlers. While capability checks are present, the absence of nonce verification leaves these entry points susceptible to Cross-Site Request Forgery (CSRF) attacks. An attacker could potentially trick a logged-in user into performing an unintended action on the site via these AJAX endpoints if they can craft a malicious request. Despite the clean taint analysis and SQL practices, this missing security control represents a specific, exploitable risk.

In conclusion, vkcommerce v1.1.1 is largely well-secured with good coding practices observed in areas like SQL and output sanitization. The lack of historical vulnerabilities is a strong indicator of past security awareness. The primary weakness lies in the missing CSRF protection for its AJAX endpoints, which is a significant enough concern to warrant attention. Addressing this would elevate the plugin's security posture considerably.

Key Concerns

Missing nonce checks on AJAX handlers

Vulnerabilities

None known

VkCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

VkCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

139 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

86% escaped161 total outputs

Attack Surface

VkCommerce Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_vkcommerce_publish_productincludes\admin\class-admin-ajax-handler.php:12

authwp_ajax_vkcommerce_delete_productincludes\admin\class-admin-ajax-handler.php:13

WordPress Hooks 27

actionadmin_enqueue_scriptsincludes\admin\class-admin-assets.php:8

actionadmin_enqueue_scriptsincludes\admin\class-admin-assets.php:9

actionadmin_menuincludes\admin\class-admin-menus.php:5

actionadmin_menuincludes\admin\class-admin-menus.php:6

actionadmin_menuincludes\admin\class-admin-menus.php:7

actionadd_meta_boxes_productincludes\admin\class-admin-meta-boxes.php:7

actionsubmitpost_boxincludes\admin\class-admin-meta-boxes.php:9

actionproduct_cat_add_form_fieldsincludes\admin\class-admin-product-categories.php:12

actionproduct_cat_edit_form_fieldsincludes\admin\class-admin-product-categories.php:13

actioncreated_product_catincludes\admin\class-admin-product-categories.php:14

actionsaved_product_catincludes\admin\class-admin-product-categories.php:15

filtermanage_edit-product_cat_columnsincludes\admin\class-admin-product-categories.php:17

filtermanage_product_cat_custom_columnincludes\admin\class-admin-product-categories.php:18

filterwoocommerce_product_data_tabsincludes\admin\class-admin-product-data-tabs.php:18

actionwoocommerce_product_data_panelsincludes\admin\class-admin-product-data-tabs.php:19

actionwoocommerce_process_product_metaincludes\admin\class-admin-product-data-tabs.php:20

actionwp_insert_postincludes\admin\class-admin-products.php:17

actiontrashed_postincludes\admin\class-admin-products.php:19

actiondeleted_postincludes\admin\class-admin-products.php:20

filterwoocommerce_products_admin_list_table_filtersincludes\admin\class-admin-products.php:22

filterposts_clausesincludes\admin\class-admin-products.php:23

filtermanage_product_posts_columnsincludes\admin\class-admin-products.php:24

filtermanage_product_posts_custom_columnincludes\admin\class-admin-products.php:25

actioninitincludes\admin\class-admin.php:5

actionload-options.phpincludes\admin\class-admin.php:6

actionplugins_loadedincludes\class-install.php:15

actioninitincludes\class-vkcommerce.php:71

Maintenance & Trust

VkCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 26, 2022

PHP min version7.0

Downloads6K

Community Trust

Rating90/100

Number of ratings4

Active installs90

Alternatives

VkCommerce Alternatives

FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin

trustpulse-api

100

TrustPulse is a FOMO social proof plugin that leverages the power of social proof to instantly boost site conversions by up to 15%!

20K No CVEs

Bulky – Bulk Edit Products for WooCommerce

bulky-bulk-edit-products-for-woo

100

A helpful tool that allows you to bulk edit available attributes of products such as ID, Title, Content,...

10K No CVEs

WooCommerce Grid / List toggle

woocommerce-grid-list-toggle

Adds a grid/list view toggle to product archives

10K No CVEs

Storefront Product Sharing

storefront-product-sharing

Add attractive social sharing icons for Facebook, Twitter, Pinterest and Email to your product pages.

5K No CVEs

WooCommerce Product Details Customiser

woocommerce-product-details-customiser

Customise the appearance of the product details pages in WooCommerce.

2K No CVEs

Developer Profile

VkCommerce Developer Profile

Yaroslav Bogutsky

3 plugins · 400 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VkCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vkcommerce/assets/css/admin.css/wp-content/plugins/vkcommerce/assets/js/admin/meta-boxes-product.js

Script Paths

/wp-content/plugins/vkcommerce/assets/js/admin/meta-boxes-product.js

HTML / DOM Fingerprints

CSS Classes

vkcommerce-warning

Data Attributes

data-general-value

JS Globals

VKCOMMERCE_TRANSLATIONS_DIR

FAQ