Does Vootouch have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Vootouch compatible with WordPress 4.7.33?

According to WordPress.org data, Vootouch 2.0 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Vootouch updated?

Vootouch was last updated on Mar 26, 2018. Frequent updates are generally a positive security signal.

What is Vootouch's security score?

Vootouch has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vootouch Security & Risk Analysis

wordpress.org/plugins/vootouch

Woocommerce Mobile Application Plugin. It creat connection between the Vootouch Mobile Application and WooCommerce website.

10 active installs v2.0 PHP + WP 4.1+ Updated Mar 26, 2018

online-storewoocommerce-add-onwoocommerce-iphone-applicationwoocommerce-mobilewoocommerce-mobile-application

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Vootouch Safe to Use in 2026?

Generally Safe

Score 85/100

Vootouch has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "vootouch" v2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and includes nonce and capability checks on its single AJAX entry point. The absence of any known CVEs, unpatched vulnerabilities, or common vulnerability types in its history suggests a relatively stable and well-maintained codebase. However, the static analysis reveals significant concerns. The presence of the `create_function` dangerous function is a notable red flag, as it can lead to code injection vulnerabilities if not handled with extreme care. Furthermore, the very low percentage of properly escaped output (1%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also highlights a flow with an unsanitized path, classified as high severity, which could be exploited.

While the plugin has a clean vulnerability history, this does not negate the risks identified in the static analysis. The high number of file operations and external HTTP requests, coupled with the single AJAX handler, could be potential vectors for attack if the identified taint flow or output escaping issues are exploited. The conclusion is that while the plugin has a history of security, the current version has concerning weaknesses, particularly around output sanitization and the use of a dangerous function, which warrant careful attention.

Key Concerns

High severity unsanitized path in taint analysis
Only 1% of outputs properly escaped
Dangerous function 'create_function' used

Vulnerabilities

None known

Vootouch Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Vootouch Release Timeline

v2.0Current

v1.2.3

v1.2.2

v1.2.1

v1.2

v1.1

Code Analysis

Analyzed Apr 16, 2026

Vootouch Code Analysis

Dangerous Functions

Raw SQL Queries

33 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', 'VooTouch::get();' ) );vootouch.php:375

SQL Query Safety

100% prepared33 total queries

Output Escaping

1% escaped90 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<include-wtc-settings> (include/include-wtc-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Vootouch Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wtc_save_settingsinclude/include-wtc-settings.php:41

WordPress Hooks 54

actiontemplate_redirectinclude/include-wtc-catch-request.php:33

filterrewrite_rules_arrayinclude/include-wtc-rewrite-rules.php:32

filterquery_varsinclude/include-wtc-rewrite-rules.php:33

actionwp_loadedinclude/include-wtc-rewrite-rules.php:34

actionadmin_menuinclude/include-wtc-settings.php:40

actionadmin_enqueue_scriptsinclude/include-wtc-settings.php:42

actionadmin_noticesvootouch.php:226

actionplugins_loadedvootouch.php:375

actionwtc_get_applycouponvootouchservice/applycoupon.php:31

actionwtc_general_settingsvootouchservice/applycoupon.php:32

actionwtc_get_categoryvootouchservice/category.php:31

actionwtc_general_settingsvootouchservice/category.php:32

actionwtc_get_change_passwordvootouchservice/change_password.php:31

actionwtc_general_settingsvootouchservice/change_password.php:32

actionwtc_get_countryvootouchservice/country.php:31

actionwtc_general_settingsvootouchservice/country.php:32

actionwtc_get_createuservootouchservice/createuser.php:31

actionwtc_general_settingsvootouchservice/createuser.php:32

actionwtc_get_edituservootouchservice/edituser.php:30

actionwtc_general_settingsvootouchservice/edituser.php:31

actionwtc_get_forgetpasswordvootouchservice/forgetpassword.php:30

actionwtc_general_settingsvootouchservice/forgetpassword.php:31

actionwtc_get_list_reviewvootouchservice/list_review.php:31

actionwtc_general_settingsvootouchservice/list_review.php:32

actionwtc_get_loginvootouchservice/login.php:31

actionwtc_general_settingsvootouchservice/login.php:32

actionwtc_get_orderdetailvootouchservice/orderdetail.php:31

actionwtc_general_settingsvootouchservice/orderdetail.php:32

actionwtc_get_ordersvootouchservice/orders.php:31

actionwtc_general_settingsvootouchservice/orders.php:32

actionwtc_get_productsvootouchservice/products.php:32

actionwtc_general_settingsvootouchservice/products.php:33

actionwtc_get_products_detailvootouchservice/products_detail.php:32

actionwtc_general_settingsvootouchservice/products_detail.php:33

actionwtc_get_remove_couponvootouchservice/remove_coupon.php:31

actionwtc_general_settingsvootouchservice/remove_coupon.php:32

actionwtc_get_save_ordervootouchservice/save_order.php:31

actionwtc_general_settingsvootouchservice/save_order.php:32

actionwtc_get_save_reviewvootouchservice/save_review.php:31

actionwtc_general_settingsvootouchservice/save_review.php:32

actionwtc_get_savebillingvootouchservice/savebilling.php:31

actionwtc_general_settingsvootouchservice/savebilling.php:32

actionwtc_get_saveshippingvootouchservice/saveshipping.php:31

actionwtc_general_settingsvootouchservice/saveshipping.php:32

actionwtc_get_setting_optionvootouchservice/setting_option.php:32

actionwtc_general_settingsvootouchservice/setting_option.php:33

actionwtc_get_shipping_methodsvootouchservice/shipping_methods.php:31

actionwtc_general_settingsvootouchservice/shipping_methods.php:32

actionwtc_get_sortcategoryvootouchservice/sortcategory.php:31

actionwtc_general_settingsvootouchservice/sortcategory.php:32

actionwtc_get_statevootouchservice/state.php:31

actionwtc_general_settingsvootouchservice/state.php:32

actionwtc_get_subcategoryvootouchservice/subcategory.php:31

actionwtc_general_settingsvootouchservice/subcategory.php:32

Maintenance & Trust

Vootouch Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMar 26, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Vootouch Alternatives

Woo Video Gallery

woo-video-gallery

>Woo Video Gallery answers your question on how to embed an Youtube or Vimeo video gallery into a woocommerce product description page.

10 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter …

100K 4 CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple-to-use, all-in-one platform that anyone can set up in just a few minutes!

90K 3 CVEs

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

Developer Profile

Vootouch Developer Profile

jalilfulan

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vootouch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vootouch/images/logo.png

HTML / DOM Fingerprints

Data Attributes

screen_url

REST Endpoints

/wp-json/vootouch/v1/webservice/([a-zA-Z0-9_-]+)$

FAQ