WP-Safety

iikoCloud integration for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-iikocloud

Integration of the basic functionality of the iikoCloud API into WooCommerce: import of categories and products and export of orders.

100 active installs v2.5.9 PHP 7.4+ WP 6.2+ Updated Mar 15, 2026
deliveryfoodiikorestaurantwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is iikoCloud integration for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

iikoCloud integration for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 19d ago
Risk Assessment

The "wc-iikocloud" v2.5.9 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and has a very high percentage of properly escaped output, minimizing risks of SQL injection and XSS respectively. The absence of any known vulnerabilities (CVEs) in its history is a significant strength, suggesting a history of stable and secure development or active patching.

However, a major concern arises from the substantial attack surface, particularly the 14 AJAX handlers that lack authentication checks. This presents a significant entry point for unauthenticated attackers to interact with plugin functionalities, potentially leading to unauthorized actions if these handlers are not adequately secured within their logic. While taint analysis did not reveal critical or high severity unsanitized flows, the presence of 7 flows with unsanitized paths, even if only medium or low severity, warrants attention. The plugin also bundles Guzzle, which, if outdated, could introduce its own vulnerabilities, though no specific issues are detailed here.

In conclusion, while the plugin's use of prepared statements and output escaping are commendable, the large number of unprotected AJAX endpoints is a critical weakness that significantly elevates the risk profile. The lack of historical vulnerabilities is positive, but it doesn't negate the immediate risks posed by the identified code signals. A thorough review of the unprotected AJAX handlers for proper input validation and authorization is strongly recommended.

Key Concerns

  • 14 unprotected AJAX handlers
  • 7 flows with unsanitized paths
  • Bundled library (Guzzle)
Vulnerabilities
None known

iikoCloud integration for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

iikoCloud integration for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
12
257 escaped
Nonce Checks
7
Capability Checks
6
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared4 total queries

Output Escaping

96% escaped269 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
export_order_manually (includes\Export\Manual_Order_Actions.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

iikoCloud integration for WooCommerce Attack Surface

Entry Points15
Unprotected14

AJAX Handlers 14

authwp_ajax_wc_iikocloud__remove_access_token_ajaxincludes\Admin\Admin.php:300
authwp_ajax_wc_iikocloud__get_organizations_ajaxincludes\Admin\Admin.php:303
authwp_ajax_wc_iikocloud__save_organization_import_ajaxincludes\Admin\Admin.php:306
authwp_ajax_wc_iikocloud__get_terminals_ajaxincludes\Admin\Admin.php:309
authwp_ajax_wc_iikocloud__save_organization_terminals_export_ajaxincludes\Admin\Admin.php:312
authwp_ajax_wc_iikocloud__get_nomenclature_ajaxincludes\Admin\Admin.php:315
authwp_ajax_wc_iikocloud__get_menus_ajaxincludes\Admin\Admin.php:318
authwp_ajax_wc_iikocloud__get_menu_nomenclature_ajaxincludes\Admin\Admin.php:321
authwp_ajax_wc_iikocloud__import_nomenclature_ajaxincludes\Admin\Admin.php:324
authwp_ajax_wc_iikocloud__save_groups_ajaxincludes\Admin\Admin.php:327
authwp_ajax_wc_iikocloud__get_cities_ajaxincludes\Admin\Admin.php:330
authwp_ajax_wc_iikocloud__get_streets_ajaxincludes\Admin\Admin.php:333
authwp_ajax_wc_iikocloud_export_orderincludes\Admin\Admin.php:336
authwp_ajax_wc_iikocloud_check_created_deliveryincludes\Admin\Admin.php:339

Shortcodes 1

[iiko_kbzhu] includes\Frontend\Shortcodes.php:46
WordPress Hooks 31
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:49
actionadmin_bar_menuincludes\Admin\Admin.php:50
filterplugin_row_metaincludes\Admin\Admin.php:52
actioninitincludes\Admin\Admin.php:54
actionadmin_noticesincludes\Admin\Inactive.php:62
actionproduct_cat_add_form_fieldsincludes\Admin\MetaFields\ID.php:65
actionproduct_cat_edit_form_fieldsincludes\Admin\MetaFields\ID.php:67
actionedited_product_catincludes\Admin\MetaFields\ID.php:68
actioncreate_product_catincludes\Admin\MetaFields\ID.php:69
filtermanage_edit-product_cat_columnsincludes\Admin\MetaFields\ID.php:71
actionmanage_product_cat_custom_columnincludes\Admin\MetaFields\ID.php:73
actionwoocommerce_product_options_general_product_dataincludes\Admin\MetaFields\ID.php:76
actionwoocommerce_process_product_metaincludes\Admin\MetaFields\ID.php:77
filtermanage_edit-product_columnsincludes\Admin\MetaFields\ID.php:79
actionmanage_product_posts_custom_columnincludes\Admin\MetaFields\ID.php:81
actionwoocommerce_product_options_general_product_dataincludes\Admin\MetaFields\KBZHU.php:38
actionwoocommerce_process_product_metaincludes\Admin\MetaFields\KBZHU.php:39
actionwoocommerce_payment_gateways_setting_columnsincludes\Admin\MetaFields\Payment_Methods_IDs.php:37
actionwoocommerce_payment_gateways_setting_column_idincludes\Admin\MetaFields\Payment_Methods_IDs.php:39
filterwoocommerce_admin_order_actionsincludes\Admin\Orders.php:27
filterwoocommerce_admin_order_actionsincludes\Admin\Orders.php:28
actionadmin_menuincludes\Admin\Page.php:39
actionplugins_loadedincludes\Async_Actions\Async_Actions_Init.php:25
actionwoocommerce_checkout_order_createdincludes\Export\Export.php:86
actionwoocommerce_order_status_changedincludes\Export\Export.php:97
actionwoocommerce_order_status_changedincludes\Export\Export.php:107
actionwoocommerce_payment_completeincludes\Export\Export.php:115
actioninitincludes\Frontend\Shortcodes.php:35
actionbefore_woocommerce_initwc-iikocloud.php:238
actionwoocommerce_loadedwc-iikocloud.php:244
filterwoocommerce_get_settings_pageswc-iikocloud.php:380
Maintenance & Trust

iikoCloud integration for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads5K

Community Trust

Rating60/100
Number of ratings4
Active installs100
Alternatives

iikoCloud integration for WooCommerce Alternatives

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

wp-cafe

A
91

Complete restaurant solution for restaurant menus, online food ordering, delivery, reservations and booking

6K 9 CVEs
FoodBook Lite – Online Food Ordering System

FoodBook Lite – Online Food Ordering System

foodbook-light-online-food-ordering-system

A
100

Short Description: WooCommerce-based food ordering and restaurant delivery management plugin.

400 No CVEs
RestroFood Lite – Online Food Ordering and Restaurant Management Plugin For WooCommerce

RestroFood Lite – Online Food Ordering and Restaurant Management Plugin For WooCommerce

restrofood-lite

A
100

Short Description: Complete online food ordering system for restaurants built with WooCommerce.

100 No CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
Developer Profile

iikoCloud integration for WooCommerce Developer Profile

Max

2 plugins · 180 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect iikoCloud integration for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-iikocloud/assets/css/backend.css/wp-content/plugins/wc-iikocloud/assets/css/frontend.css/wp-content/plugins/wc-iikocloud/assets/js/admin.js/wp-content/plugins/wc-iikocloud/assets/js/frontend.js
Script Paths
/wp-content/plugins/wc-iikocloud/assets/js/admin.js/wp-content/plugins/wc-iikocloud/assets/js/frontend.js
Version Parameters
wc-iikocloud/assets/css/backend.css?ver=wc-iikocloud/assets/css/frontend.css?ver=wc-iikocloud/assets/js/admin.js?ver=wc-iikocloud/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc_iikocloud_admin_modalwc_iikocloud_modal_contentwc_iikocloud_close_modalwc_iikocloud_order_list_itemwc_iikocloud_order_statuswc_iikocloud_action_buttonswc_iikocloud_field_wrapperwc_iikocloud_input_field
Data Attributes
data-wc_iikocloud_order_iddata-wc_iikocloud_modal_target
JS Globals
wc_iikocloud_settingswc_iikocloud_ajax_url
REST Endpoints
/wp-json/wc-iikocloud/v1/settings/wp-json/wc-iikocloud/v1/products/wp-json/wc-iikocloud/v1/orders
FAQ

Frequently Asked Questions about iikoCloud integration for WooCommerce