WP-Safety

WC Carte Cultura Security & Risk Analysis

wordpress.org/plugins/wc-carte-cultura

Abilita in WooCommerce il pagamento con Carte Cultura.

40 active installs v1.1.0 PHP + WP 4.0+ Updated Feb 4, 2026
18appcarta-docentecarte-culturapayment-gatewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WC Carte Cultura Safe to Use in 2026?

Generally Safe

Score 100/100

WC Carte Cultura has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "wc-carte-cultura" plugin v1.1.0 demonstrates several positive security practices, including the absence of known CVEs and a complete reliance on prepared statements for SQL queries. The presence of nonce checks on its entry points, although not universally applied to capability checks, is also a good sign. However, the static analysis reveals significant concerns regarding output sanitization, with only 61% of outputs being properly escaped. This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately handled before being rendered in the browser.

Furthermore, the taint analysis identified two flows with unsanitized paths. While no critical or high-severity issues were flagged by this analysis, these unsanitized paths, especially when combined with the poor output escaping, represent a tangible risk. The plugin's attack surface, though small and seemingly protected by initial checks on AJAX handlers, could be exploited if the unescaped output or unsanitized paths allow for malicious input to be processed and displayed. The lack of capability checks on any of its entry points is a notable weakness, meaning that unauthorized users might be able to trigger functionality within the plugin without proper authorization.

In conclusion, while the plugin benefits from a clean vulnerability history and good SQL practices, the identified issues with output escaping and unsanitized paths, coupled with the absence of capability checks, present a moderate security risk. These areas require immediate attention to strengthen the plugin's security posture and mitigate potential exploits.

Key Concerns

  • Insufficient output escaping (39% unescaped)
  • Unsanitized paths in taint analysis (2 flows)
  • No capability checks on entry points
Vulnerabilities
None known

WC Carte Cultura Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WC Carte Cultura Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
48
75 escaped
Nonce Checks
5
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Output Escaping

61% escaped123 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
add_cat_callback (includes\class-wccc-admin.php:210)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WC Carte Cultura Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_wccc-delete-certificateincludes\class-wccc-admin.php:39
authwp_ajax_wccc-add-catincludes\class-wccc-admin.php:40
authwp_ajax_wccc-sandboxincludes\class-wccc-admin.php:41
WordPress Hooks 13
actionadmin_initincludes\class-wccc-admin.php:37
actionadmin_menuincludes\class-wccc-admin.php:38
filterwp_check_filetype_and_extincludes\class-wccc-admin.php:44
actionadmin_noticesincludes\class-wccc-admin.php:850
actionadmin_noticesincludes\class-wccc-admin.php:862
actionwoocommerce_order_details_after_order_tableincludes\class-wccc-gateway.php:47
actionwoocommerce_email_after_order_tableincludes\class-wccc-gateway.php:48
actionwoocommerce_admin_order_data_after_billing_addressincludes\class-wccc-gateway.php:49
filterwoocommerce_payment_gatewaysincludes\class-wccc.php:28
actionwp_enqueue_scriptswc-carte-cultura.php:101
actionadmin_enqueue_scriptswc-carte-cultura.php:102
actionplugins_loadedwc-carte-cultura.php:104
actionbefore_woocommerce_initwc-carte-cultura.php:109
Maintenance & Trust

WC Carte Cultura Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 4, 2026
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

WC Carte Cultura Alternatives

ilGhera Carta Docente for WooCommerce

ilGhera Carta Docente for WooCommerce

wc-carta-docente

A
99

Abilita in WooCommerce il pagamento con Carta del Docente.

200 1 CVE
Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Montonio for WooCommerce

Montonio for WooCommerce

montonio-for-woocommerce

A
100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs
NETOPIA Payments Payment Gateway

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

A
92

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Developer Profile

WC Carte Cultura Developer Profile

ilGhera

13 plugins · 2K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
129 days
View full developer profile
Detection Fingerprints

How We Detect WC Carte Cultura

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-carte-cultura/css/wc-carte-cultura.css/wp-content/plugins/wc-carte-cultura/css/wc-carte-cultura-admin.css/wp-content/plugins/wc-carte-cultura/js/wc-carte-cultura-admin.js/wp-content/plugins/wc-carte-cultura/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.css/wp-content/plugins/wc-carte-cultura/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js/wp-content/plugins/wc-carte-cultura/js/tzCheckbox/js/script.js
Script Paths
/wp-content/plugins/wc-carte-cultura/js/wc-carte-cultura-admin.js/wp-content/plugins/wc-carte-cultura/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js/wp-content/plugins/wc-carte-cultura/js/tzCheckbox/js/script.js
Version Parameters
wc-carte-cultura.css?ver=wc-carte-cultura-admin.css?ver=wc-carte-cultura-admin.js?ver=jquery.tzCheckbox.css?ver=jquery.tzCheckbox.js?ver=script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-codice-carte-cultura
Data Attributes
name="wc-codice-carte-cultura"
JS Globals
wcccData
FAQ

Frequently Asked Questions about WC Carte Cultura