Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Security & Risk Analysis

wordpress.org/plugins/wemanage-app-worker

Woocommerce Mobile App - manage your woocommerce products, get order notifications, and manage orders and leads from your mobile phone.

1K active installs v1.2.8 PHP 5.6.20+ WP 4.5+ Updated Jul 16, 2024

woocommerce-apporder-notificationswemanagewoocommerce-adminwoocommerce-management-app

A · Safe

CVEs total1

Unpatched0

Last CVEMar 19, 2024

Download

Safety Verdict

Is Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Safe to Use in 2026?

Generally Safe

Score 91/100

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 19, 2024Updated 1yr ago

Risk Assessment

The "wemanage-app-worker" v1.2.8 plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices by properly escaping all output and utilizing prepared statements for a high percentage of its SQL queries, several concerning areas warrant attention. The presence of one unprotected AJAX handler creates a significant entry point that could be exploited without proper authentication, potentially leading to unauthorized actions. Furthermore, all four analyzed taint flows reported unsanitized paths, with four identified as high severity. This suggests a potential for attackers to inject malicious data that is not properly validated or cleaned before being used in sensitive operations, even though no critical severity taint flows were found.

The plugin's vulnerability history, though currently showing no unpatched CVEs, includes one high-severity "Unrestricted Upload of File with Dangerous Type" vulnerability reported recently. This historical pattern, combined with the high-severity taint flows and the unprotected AJAX handler, indicates a recurring potential for vulnerabilities that could allow attackers to upload and execute malicious files or compromise data integrity. While the strong output escaping and use of prepared statements are commendable, the unprotected entry points and unsanitized data flows represent critical weaknesses that require immediate remediation.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows
Past high severity vulnerability (Unrestricted Upload)

Vulnerabilities

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-1205high · 8.8Unrestricted Upload of File with Dangerous Type

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload

Mar 19, 2024 Patched in 1.2.3 (11d)

Code Analysis

Analyzed Mar 16, 2026

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

91 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

87% prepared31 total queries

Output Escaping

100% escaped91 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

perform_basic_authentication (includes\class-nouvello-wemanage-worker-oauth.php:58)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 4

authwp_ajax_enable_manual_installationincludes\class-nouvello-wemanage-worker-init.php:55

noprivwp_ajax_nouvello_utm_viewincludes\class-nouvello-wemanage-worker-utm.php:19

authwp_ajax_nouvello_update_counterincludes\class-nouvello-wemanage-worker-visitor-counter.php:34

noprivwp_ajax_nouvello_update_counterincludes\class-nouvello-wemanage-worker-visitor-counter.php:35

REST API Routes 5

GET/wp-json/nouvello-apicheckincludes\class-nouvello-wemanage-worker-api.php:45

POST/wp-json/nouvello-apidoincludes\class-nouvello-wemanage-worker-api.php:63

POST/wp-json/nouvello-apinouvello-wlincludes\class-nouvello-wemanage-worker-api.php:81

POST/wp-json/nouvello-apiwemanage-remove-keysincludes\class-nouvello-wemanage-worker-api.php:99

POST/wp-json/nouvello-apinouvello-miincludes\class-nouvello-wemanage-worker-api.php:117

WordPress Hooks 53

filterwoocommerce_rest_prepare_product_objectincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:33

filterwoocommerce_rest_prepare_product_variation_objectincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:34

filterwoocommerce_rest_prepare_shop_order_objectincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:36

filterwoocommerce_rest_prepare_report_salesincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:39

filterwoocommerce_rest_prepare_report_top_sellersincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:41

filterwoocommerce_new_order_email_allows_resendincludes\class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php:935

filterwoocommerce_rest_api_get_rest_namespacesincludes\class-nouvello-wemanage-worker-api-wc-ext-controller.php:53

actionrest_api_initincludes\class-nouvello-wemanage-worker-api.php:28

actionrest_api_initincludes\class-nouvello-wemanage-worker-api.php:29

actionrest_api_initincludes\class-nouvello-wemanage-worker-api.php:30

actionrest_api_initincludes\class-nouvello-wemanage-worker-api.php:31

actionrest_api_initincludes\class-nouvello-wemanage-worker-api.php:32

actionwp_enqueue_scriptsincludes\class-nouvello-wemanage-worker-chat.php:27

actionadmin_initincludes\class-nouvello-wemanage-worker-init.php:39

filterplugin_row_metaincludes\class-nouvello-wemanage-worker-init.php:47

actioninitincludes\class-nouvello-wemanage-worker-init.php:49

filterall_pluginsincludes\class-nouvello-wemanage-worker-init.php:50

actionadmin_enqueue_scriptsincludes\class-nouvello-wemanage-worker-init.php:53

actionupgrader_process_completeincludes\class-nouvello-wemanage-worker-init.php:58

actionadmin_menuincludes\class-nouvello-wemanage-worker-init.php:61

filterwpcf7_posted_dataincludes\class-nouvello-wemanage-worker-leads.php:30

actionwpcf7_before_send_mailincludes\class-nouvello-wemanage-worker-leads.php:32

actionelementor_pro/forms/new_recordincludes\class-nouvello-wemanage-worker-leads.php:33

actionwp_enqueue_scriptsincludes\class-nouvello-wemanage-worker-utm.php:18

actionwoocommerce_loadedincludes\class-nouvello-wemanage-worker-utm.php:20

actioninitincludes\class-nouvello-wemanage-worker-utm.php:21

actionwp_enqueue_scriptsincludes\class-nouvello-wemanage-worker-visitor-counter.php:31

actionwoocommerce_checkout_create_orderincludes\class-nouvello-wemanage-worker-visitor-counter.php:38

actionsave_postincludes\class-nouvello-wemanage-worker-webhooks.php:33

actionwoocommerce_update_productincludes\class-nouvello-wemanage-worker-webhooks.php:34

actionwp_trash_postincludes\class-nouvello-wemanage-worker-webhooks.php:35

actionuntrash_postincludes\class-nouvello-wemanage-worker-webhooks.php:36

actionafter_delete_postincludes\class-nouvello-wemanage-worker-webhooks.php:37

actionsaved_product_catincludes\class-nouvello-wemanage-worker-webhooks.php:40

actiondelete_product_catincludes\class-nouvello-wemanage-worker-webhooks.php:41

actionsaved_product_tagincludes\class-nouvello-wemanage-worker-webhooks.php:42

actiondelete_product_tagincludes\class-nouvello-wemanage-worker-webhooks.php:43

actionwoocommerce_attribute_addedincludes\class-nouvello-wemanage-worker-webhooks.php:46

actionwoocommerce_attribute_updatedincludes\class-nouvello-wemanage-worker-webhooks.php:47

actionwoocommerce_attribute_deletedincludes\class-nouvello-wemanage-worker-webhooks.php:48

actioncreate_termincludes\class-nouvello-wemanage-worker-webhooks.php:51

actionedit_termincludes\class-nouvello-wemanage-worker-webhooks.php:52

actiondelete_termincludes\class-nouvello-wemanage-worker-webhooks.php:53

actionwoocommerce_new_orderincludes\class-nouvello-wemanage-worker-webhooks.php:56

actionwoocommerce_order_status_changedincludes\class-nouvello-wemanage-worker-webhooks.php:57

actionwoocommerce_payment_completeincludes\class-nouvello-wemanage-worker-webhooks.php:58

actionwoocommerce_process_shop_order_metaincludes\class-nouvello-wemanage-worker-webhooks.php:60

actionwpincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:36

actionwoocommerce_checkout_update_order_metaincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:42

actionwpincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:43

actionwoocommerce_checkout_update_order_metaincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:50

filterwoocommerce_email_format_stringincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:55

filterwcs_renewal_order_meta_queryincludes\utm-tracker\class-nouvello-wemanage-utm-woocommerce.php:58

Maintenance & Trust

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.0

Last updatedJul 16, 2024

PHP min version5.6.20

Downloads16K

Community Trust

Rating80/100

Number of ratings9

Active installs1K

Alternatives

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Alternatives

Hippoo Mobile App for WooCommerce

hippoo

Hippoo helps you manage WooCommerce orders, inventory, and analytics from your mobile. Receive real-time notifications and control your store on the g …

1K 2 CVEs

MStore API – Create Native Android & iOS Apps On The Cloud

mstore-api

Take your WordPress store mobile with MStore API! This plugin bridges the gap between your WordPress website and the powerful FluxBuilder app builder.

3K 28 CVEs

miniOrange OTP Verification and SMS Notification for WooCommerce

miniorange-sms-order-notification-otp-verification

OTP Verification via SMS, Email,or WhatsApp, and SMS Order Notifications, Vendor Notifications for WooCommerce.OTP Login and registration with Phone →

100 1 CVE

SMS for WooCommerce

wc-sms

Order SMS Notifications for Woocommerce

50 1 CVE

Simplify for WooCommerce – Fix slow WooCommerce admin & simplify

simplify-for-woocommerce

Simplify & customize the WooCommerce admin. Improve speed of WooCommerce admin by removing unused features.

40 No CVEs

Developer Profile

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring Developer Profile

Yisrael Buchwald

1 plugin · 1K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wemanage-app-worker/includes/assets/js/nouvello-chat-engine.min.js

Script Paths