RedCase Security & Risk Analysis
wordpress.org/plugins/webera-redcaseThis plugin is used to show deals based on Sheerid RedCase platform
Is RedCase Safe to Use in 2026?
Generally Safe
Score 85/100RedCase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The webera-redcase v4.2 plugin presents a mixed security posture. On the positive side, it has no recorded vulnerabilities or known CVEs, indicating a history of relative security and a lack of immediately exploitable public weaknesses. The absence of dangerous functions, file operations, and critical taint analysis findings are also encouraging signs. However, the static analysis reveals several significant concerns that detract from its overall security.
The plugin exposes an unprotected AJAX handler, creating a direct entry point for potential attacks without any authentication or authorization checks. Furthermore, its handling of SQL queries is highly problematic, with no prepared statements used for any of the identified queries, increasing the risk of SQL injection vulnerabilities. The low percentage of properly escaped output is another critical weakness, leaving the plugin susceptible to cross-site scripting (XSS) attacks. The lack of nonce checks on AJAX endpoints further exacerbates the risk of cross-site request forgery (CSRF) attacks.
In conclusion, while the plugin's vulnerability history is clean, the static analysis highlights substantial security flaws. The unprotected AJAX handler, raw SQL queries, and insufficient output escaping represent immediate and serious risks. The absence of capability checks on entry points is also a concern. These issues, despite the clean CVE record, necessitate careful review and remediation to improve the plugin's security.
Key Concerns
- Unprotected AJAX handler detected
- SQL queries without prepared statements
- Low percentage of output escaping
- No nonce checks on AJAX
- No capability checks on entry points
RedCase Security Vulnerabilities
RedCase Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
RedCase Attack Surface
AJAX Handlers 1
Shortcodes 2
WordPress Hooks 8
Maintenance & Trust
RedCase Maintenance & Trust
Maintenance Signals
Community Trust
RedCase Alternatives
Deals
deals
It’s a MIT-licensed (can be used in premium themes), high quality, native and responsive WordPress plugin to create and view slider-based deals
Bogo Deals For WooCommerce
wc-bogo-deals
Special offers, such as 2×1 or 3×2 promotions, are an excellent way to encourage shoppers to fill their carts and return for more.
OfferStack
clicksco-offerstack
We cover Vouchers, Deals, Offers and Click To Call campaigns.
Dynamic Pricing With Discount Rules for WooCommerce
aco-woo-dynamic-pricing
The Dynamic Pricing With Discount Rules plugin enables bulk discounts for WooCommerce products. Its simple design allows easy setup in minutes.
WP Coupons and Deals – WordPress Coupon Plugin
wp-coupons-and-deals
Best WordPress Coupon Plugin. Generate more affiliate sales with coupon codes and deals.
RedCase Developer Profile
1 plugin · 10 total installs
How We Detect RedCase
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/webera-redcase/assets/css/admin.css/wp-content/plugins/webera-redcase/assets/js/admin.js/wp-content/plugins/webera-redcase/assets/css/style.css/wp-content/plugins/webera-redcase/assets/js/script.jsHTML / DOM Fingerprints
redcase_admin_nonceredcase_keyredcase-admin-savedata-nonce="redcase_admin"redcase_exchanger<div class="row"><div class="container"><div id="root">