Does Cart All In One For WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Cart All In One For WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cart All In One For WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Cart All In One For WooCommerce 1.1.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cart All In One For WooCommerce compatible with PHP 7.0+?

Cart All In One For WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cart All In One For WooCommerce updated?

Cart All In One For WooCommerce was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Cart All In One For WooCommerce's security score?

Cart All In One For WooCommerce has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cart All In One For WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-cart-all-in-one

Cart All In One For WooCommerce helps your customers view cart effortlessly.

6K active installs v1.1.22 PHP 7.0+ WP 5.0+ Updated Feb 6, 2026

cart-all-in-one-for-woocommercewc-cartwc-mini-cartwc-sticky-cartwoocommerce-mini-cart

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 17, 2026

Plugin page Download

Safety Verdict

Is Cart All In One For WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

Cart All In One For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 17, 2026Updated 1mo ago

Risk Assessment

The "woo-cart-all-in-one" plugin, version 1.1.22, exhibits a generally strong security posture due to excellent adherence to secure coding practices. The absence of critical or high severity taint flows, no raw SQL queries, a high percentage of properly escaped output, and robust use of nonce and capability checks across its AJAX endpoints are significant strengths. Furthermore, the vulnerability history indicates that all previously disclosed CVEs are now patched, which is a positive sign of active maintenance.

However, there are a few areas that warrant attention. The presence of two external HTTP requests, while not inherently a vulnerability, can introduce risks if not handled with extreme care, especially regarding data validation and potential for SSRF or information leakage. The plugin's vulnerability history, though currently clear of unpatched issues, has in the past included "Injection" and CSRF vulnerabilities. This pattern, even with recent patches, suggests a historical tendency for these types of flaws to emerge, necessitating continued vigilance.

In conclusion, this plugin is built on a solid foundation of secure coding. The immediate static analysis reveals minimal direct exploitable risks. The primary concern stems from the historical vulnerability types and the less controlled nature of external HTTP requests. While the current state is promising, ongoing monitoring and a cautious approach to its external dependencies are recommended.

Key Concerns

Past high/medium severity vulnerabilities (Injection, CSRF)
2 External HTTP requests

Vulnerabilities

Cart All In One For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-2019high · 7.2Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

Feb 17, 2026 Patched in 1.1.22 (1d)

CVE-2022-46806medium · 5.4Cross-Site Request Forgery (CSRF)

Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes

Feb 14, 2023 Patched in 1.1.11 (343d)

Code Analysis

Analyzed Mar 16, 2026

Cart All In One For WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

574 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

95% escaped604 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

viwcaio_show_variation (includes\frontend\frontend.php:83)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Cart All In One For WooCommerce Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_viwcaio_search_productincludes\admin\settings.php:8

authwp_ajax_viwcaio_search_catsincludes\admin\settings.php:9

authwp_ajax_vi_wcaio_get_class_iconincludes\frontend\frontend.php:19

authwp_ajax_vi_wcaio_get_menu_cart_textincludes\frontend\frontend.php:20

authwp_ajax_vi_wcaio_change_sc_pd_price_styleincludes\frontend\frontend.php:21

authwp_ajax_vi_wcaio_get_sc_footer_pd_plus_htmlincludes\frontend\frontend.php:22

authwp_ajax_viwcaio_get_cart_fragmentsincludes\frontend\frontend.php:23

WordPress Hooks 42

actioninitincludes\admin\admin.php:8

filterplugin_action_links_woo-cart-all-in-one/woo-cart-all-in-one.phpincludes\admin\admin.php:9

actionadmin_menuincludes\admin\cart.php:11

actionadmin_initincludes\admin\cart.php:12

actionadmin_enqueue_scriptsincludes\admin\cart.php:13

actioncustomize_registerincludes\admin\design.php:12

actioncustomize_preview_initincludes\admin\design.php:13

actioncustomize_controls_enqueue_scriptsincludes\admin\design.php:14

actionwp_print_stylesincludes\admin\design.php:15

actionwp_enqueue_scriptsincludes\frontend\ajax-add-to-cart.php:11

actionwp_enqueue_scriptsincludes\frontend\frontend.php:16

filterwoocommerce_add_to_cart_fragmentsincludes\frontend\frontend.php:17

actiontemplate_redirectincludes\frontend\frontend.php:18

filterwoocommerce_after_calculate_totalsincludes\frontend\frontend.php:25

filterviwcaio_quantity_input_argsincludes\frontend\frontend.php:27

actionvi_wcaio_get_sidebar_cart_contentincludes\frontend\frontend.php:28

filterwoocommerce_add_to_cart_fragmentsincludes\frontend\frontend.php:75

actionwp_enqueue_scriptsincludes\frontend\menu-cart.php:11

filterwp_page_menuincludes\frontend\menu-cart.php:12

filterwp_nav_menu_itemsincludes\frontend\menu-cart.php:13

filterblock_core_navigation_render_inner_blocksincludes\frontend\menu-cart.php:14

actionwp_enqueue_scriptsincludes\frontend\sidebar-cart-content.php:11

actionwp_footerincludes\frontend\sidebar-cart-content.php:49

actionviwcaio_sidebar_enqueue_scriptsincludes\frontend\sidebar-cart-icon.php:10

actionvi_wcaio_get_sidebar_cart_iconincludes\frontend\sidebar-cart-icon.php:11

actionwp_footerincludes\frontend\sidebar-cart-icon.php:27

actionwp_enqueue_scriptsincludes\frontend\variable-atc.php:12

filterwoocommerce_loop_add_to_cart_linkincludes\frontend\variable-atc.php:13

filterwoocommerce_product_add_to_cart_textincludes\frontend\variable-atc.php:16

actionadmin_enqueue_scriptsincludes\support.php:32

actionadmin_noticesincludes\support.php:33

actionadmin_initincludes\support.php:34

actionadmin_menuincludes\support.php:35

filterplugin_row_metaincludes\support.php:37

actionadmin_initincludes\support.php:39

actionadmin_bar_menuincludes\support.php:41

actionadmin_noticesincludes\support.php:52

actionadmin_footerincludes\support.php:669

actionadmin_bar_menuincludes\support.php:807

actionadmin_noticesincludes\support.php:953

actionbefore_woocommerce_initwoo-cart-all-in-one.php:33

actionplugins_loadedwoo-cart-all-in-one.php:34

Maintenance & Trust

Cart All In One For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version7.0

Downloads225K

Community Trust

Rating90/100

Number of ratings51

Active installs6K

Alternatives

Cart All In One For WooCommerce Alternatives

Complete Mini Cart for WooCommerce

complete-mini-cart-for-woocommerce

100

Complete Mini Cart for WooCommerce is a lightweight and fully customizable mini cart plugin that improves user experience with an AJAX-powered cart.

10 No CVEs

Cart Label

zwk-add-to-cart-button-label

This Plugin will allow the user to customize the default text of woocommerce cart ‘Add to Cart’ to any of its liking.

10 No CVEs

Ajax mini cart for Woocommerce

zt-ajax-mini-cart

Ajax mini cart for woocommerce by Artem Koliada. Adds ajax mini cart to your site.

0 No CVEs

Developer Profile

Cart All In One For WooCommerce Developer Profile

VillaTheme

58 plugins · 167K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

217 days

View full developer profile

Detection Fingerprints

How We Detect Cart All In One For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-cart-all-in-one/includes/frontend/ajax-add-to-cart.js/wp-content/plugins/woo-cart-all-in-one/assets/css/frontend.css/wp-content/plugins/woo-cart-all-in-one/assets/js/frontend.js/wp-content/plugins/woo-cart-all-in-one/assets/js/cart-fragments.js

Script Paths

ajax-add-to-cart.jsfrontend.jscart-fragments.js

Version Parameters

woo-cart-all-in-one/assets/css/frontend.css?ver=woo-cart-all-in-one/assets/js/frontend.js?ver=woo-cart-all-in-one/includes/frontend/ajax-add-to-cart.js?ver=woo-cart-all-in-one/assets/js/cart-fragments.js?ver=

HTML / DOM Fingerprints

CSS Classes

vi-wcaio-ajax-atc-wrapvi-wcaio-mini-cart-contentvi-wcaio-mini-cart-empty

Data Attributes

data-viwcaio_cart_contentdata-viwcaio_cart_update

JS Globals

VIWCAIO_CART_ALL_IN_ONE_DATA

FAQ