Does Woo Cashback have any unpatched vulnerabilities?

No. All known vulnerabilities in Woo Cashback have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Woo Cashback compatible with WordPress 4.6.30?

According to WordPress.org data, Woo Cashback 1.0.0 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Woo Cashback updated?

Woo Cashback was last updated on Mar 28, 2017. Frequent updates are generally a positive security signal.

What is Woo Cashback's security score?

Woo Cashback has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Woo Cashback Security & Risk Analysis

wordpress.org/plugins/woo-cashback

Gives users the ability to load a virtual wallet balance using WooCommerce checkout.

10 active installs v1.0.0 PHP + WP 4.0+ Updated Mar 28, 2017

cash-backuser-walletwalletwoocommercewoocommerce-credits

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Woo Cashback Safe to Use in 2026?

Generally Safe

Score 85/100

Woo Cashback has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "woo-cashback" v1.0.0 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by having no known CVEs, a limited attack surface with only one shortcode as an entry point, and proper nonce and capability checks in place. The absence of file operations and external HTTP requests further reduces potential attack vectors.

However, significant concerns arise from the static analysis. The presence of the `unserialize` function seven times is a major red flag, as it can lead to Remote Code Execution if improperly handled, especially when dealing with user-controlled input. Coupled with this, 100% of SQL queries are not using prepared statements, which opens the door to SQL injection vulnerabilities. The taint analysis showing two unsanitized flows, while not classified as critical or high severity, still indicates potential pathways for malicious data to reach sensitive functions.

Overall, while the plugin benefits from a clean vulnerability history and a seemingly controlled attack surface, the identified code signals, particularly `unserialize` and raw SQL queries, present substantial risks that require immediate attention. The lack of severe historical vulnerabilities might suggest that these dangerous functions have not been exploited in the past, but this does not negate the inherent risk.

Key Concerns

Dangerous function 'unserialize' used 7 times
100% of SQL queries are not prepared
Taint flows with unsanitized paths (2)
Output escaping is not fully implemented (51%)

Vulnerabilities

None known

Woo Cashback Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Woo Cashback Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$penddingDataUnsrialize = unserialize($penddingData);class-cb.php:260

unserialize$detailunsearilize = unserialize($disBalfetch);class-cb.php:343

unserialize$disUnse = unserialize($discontDeatils);class-cb.php:376

unserialize$penddingDataUnserialize = unserialize($penddingData);class-cb.php:416

unserialize$detailunsearilize = unserialize($disBalfetch);class-cb.php:471

unserialize$unserializeCompleteData = unserialize($completeOrderDetails);class-cb.php:595

unserialize$statementUnserializes = unserialize($statementFetch);class-cb.php:742

SQL Query Safety

0% prepared2 total queries

Output Escaping

51% escaped39 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wcb_save_editor_val (class-wc-settings-cash-back.php:220)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Woo Cashback Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wallet] class-cb.php:63

WordPress Hooks 18

actionadmin_noticesclass-cb.php:19

filterwoocommerce_get_settings_pagesclass-cb.php:25

actionwp_enqueue_scriptsclass-cb.php:28

actionadd_meta_boxesclass-cb.php:31

actionsave_postclass-cb.php:34

actionwoocommerce_single_product_summaryclass-cb.php:43

actionwoocommerce_before_cart_totalsclass-cb.php:46

actionwoocommerce_email_before_order_tableclass-cb.php:51

actionwoocommerce_thankyouclass-cb.php:54

actionwoocommerce_cart_calculate_feesclass-cb.php:57

actionwoocommerce_thankyouclass-cb.php:60

actionwoocommerce_after_shop_loop_itemclass-cb.php:66

actionwoocommerce_before_my_accountclass-cb.php:69

actionwoocommerce_checkout_order_reviewclass-cb.php:71

filterwp_mail_content_typeclass-cb.php:637

filterwoocommerce_settings_tabs_arrayclass-wc-settings-cash-back.php:26

actionwoocommerce_admin_field_wcbeditorclass-wc-settings-cash-back.php:29

actionwoocommerce_update_option_wcbeditorclass-wc-settings-cash-back.php:30

Maintenance & Trust

Woo Cashback Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedMar 28, 2017

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Woo Cashback Alternatives

Wallet for WooCommerce

woo-wallet

A extendable WooCommerce wallet system which support payment, partial payment, cashback reward program as well as refund for your WooCommerce store.

20K 7 CVEs

Return Refund and Exchange For WooCommerce

woo-refund-and-exchange-lite

Provide an easy refund service and increase customer satisfaction with WooCommerce Return Refund, and Exchange Warranty Management Plugin.

5K 5 CVEs

Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments

wallet-system-for-woocommerce

This plugin adds a digital wallet and Buy Now Pay Later feature to your WooCommerce store, allowing customers to add funds, check balances, and make s …

2K 8 CVEs

Simpaisa Wallet (Jazzcash & Easypaisa) Payment Services

simpaisa-wallet-payment-services

Providing Easy To Integrate Jazzcash & Easypaisa Digital Payment Services.

1K No CVEs

PAYDUNYA WOOCOMMERCE PAR

paydunya-woocommerce-payment-gateway

PAYDUNYA Woocommerce Payment Gateway allows you to accept payment on your Woocommerce store, PAYDUNYA supports Mobile Wallets Method Payment and Bank …

600 No CVEs

Developer Profile

Woo Cashback Developer Profile

Sourav Seth

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Woo Cashback

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-cashback/css/discount.css/wp-content/plugins/woo-cashback/js/jquery.colorbox-min.js

Script Paths

/wp-content/plugins/woo-cashback/js/jquery.colorbox-min.js

Version Parameters

woo-cashback/css/discount.css?ver=woo-cashback/popup/colorbox.css?ver=woo-cashback/js/jquery.colorbox-min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcb_wallet_balancewcb_statement_datewcb_statement_typewcb_statement_amount

Data Attributes

data-wcb-balance

JS Globals

jQuerywcb_currency_symbol

Shortcode Output

[wallet]

FAQ