WP-Safety

ilGhera 18app for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-18app

Description: Abilita in WooCommerce il pagamento con buoni 18app, il Bonus Cultura previsto dallo stato Italiano.

20 active installs v1.4.2 PHP + WP 4.0+ Updated Oct 6, 2025
18appcarta-docentecarte-culturapayment-gatewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ilGhera 18app for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

ilGhera 18app for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The plugin "wc-18app" v1.4.2 exhibits a generally good security posture with several positive indicators. Notably, all identified AJAX handlers have authentication checks, there are no REST API routes without permission callbacks, and all SQL queries utilize prepared statements. The extensive output escaping (99%) is also a strong point, minimizing the risk of cross-site scripting vulnerabilities. The lack of any recorded vulnerabilities in its history further suggests a commitment to security by the developers.

Key Concerns

  • Flows with unsanitized paths detected
  • Dangerous function move_uploaded_file detected
  • File operations detected
  • Capability checks are missing
Vulnerabilities
None known

ilGhera 18app for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ilGhera 18app for WooCommerce Release Timeline

v1.4.2Current
v1.4.1
v1.4.0
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.1
v1.1.0
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.9.1
Code Analysis
Analyzed Apr 16, 2026

ilGhera 18app for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
1
118 escaped
Nonce Checks
5
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

move_uploaded_filemove_uploaded_file( $tmp_name, WC18_PRIVATE . $name );includes/class-wc18-admin.php:653

Output Escaping

99% escaped119 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
add_cat_callback (includes/class-wc18-admin.php:188)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ilGhera 18app for WooCommerce Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_wc18-delete-certificateincludes/class-wc18-admin.php:38
authwp_ajax_wc18-add-catincludes/class-wc18-admin.php:39
authwp_ajax_wc18-sandboxincludes/class-wc18-admin.php:40
WordPress Hooks 11
actionadmin_initincludes/class-wc18-admin.php:36
actionadmin_menuincludes/class-wc18-admin.php:37
actionadmin_noticesincludes/class-wc18-admin.php:658
actionwoocommerce_order_details_after_order_tableincludes/class-wc18-gateway.php:47
actionwoocommerce_email_after_order_tableincludes/class-wc18-gateway.php:48
actionwoocommerce_admin_order_data_after_billing_addressincludes/class-wc18-gateway.php:49
filterwoocommerce_payment_gatewaysincludes/class-wc18.php:28
actionwp_enqueue_scriptswc-18app.php:102
actionadmin_enqueue_scriptswc-18app.php:103
actionplugins_loadedwc-18app.php:106
actionbefore_woocommerce_initwc-18app.php:111
Maintenance & Trust

ilGhera 18app for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 6, 2025
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

ilGhera 18app for WooCommerce Alternatives

ilGhera Carta Docente for WooCommerce

ilGhera Carta Docente for WooCommerce

wc-carta-docente

A
99

Abilita in WooCommerce il pagamento con Carta del Docente.

200 1 CVE
WC Carte Cultura

WC Carte Cultura

wc-carte-cultura

A
100

Abilita in WooCommerce il pagamento con Carte Cultura.

30 No CVEs
Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Montonio for WooCommerce

Montonio for WooCommerce

montonio-for-woocommerce

A
100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs
NETOPIA Payments Payment Gateway

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

A
100

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs
Developer Profile

ilGhera 18app for WooCommerce Developer Profile

ilGhera

16 plugins · 2K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
113 days
View full developer profile
Detection Fingerprints

How We Detect ilGhera 18app for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-18app/css/wc-18app.css/wp-content/plugins/wc-18app/css/wc-18app-admin.css/wp-content/plugins/wc-18app/js/wc-18app-admin.js/wp-content/plugins/wc-18app/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.css/wp-content/plugins/wc-18app/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js/wp-content/plugins/wc-18app/js/tzCheckbox/js/script.js/wp-content/plugins/wc-18app/images/18app.png
Script Paths
/wp-content/plugins/wc-18app/js/wc-18app-admin.js/wp-content/plugins/wc-18app/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js/wp-content/plugins/wc-18app/js/tzCheckbox/js/script.js
Version Parameters
wc-18app/css/wc-18app.css?ver=wc-18app/css/wc-18app-admin.css?ver=wc-18app/js/wc-18app-admin.js?ver=tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.css?ver=tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js?ver=tzCheckbox/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-codice-18app
Data Attributes
id="wc-codice-18app"
JS Globals
wc18Data
FAQ

Frequently Asked Questions about ilGhera 18app for WooCommerce