Does ShopWP have any unpatched vulnerabilities?

No. All known vulnerabilities in ShopWP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ShopWP compatible with WordPress 6.5.0?

According to WordPress.org data, ShopWP 5.2.4 has been tested up to WordPress 6.5.0. Check the plugin's changelog for the latest compatibility information.

Is ShopWP compatible with PHP 5.6+?

ShopWP requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ShopWP updated?

ShopWP was last updated on Apr 2, 2024. Frequent updates are generally a positive security signal.

What is ShopWP's security score?

ShopWP has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShopWP Security & Risk Analysis

wordpress.org/plugins/wpshopify

Sell Shopify Products on WordPress. Display a simple buy button—or build a complex storefront. Power your WordPress store with a world-class ecommerce …

800 active installs v5.2.4 PHP 5.6+ WP 5.4+ Updated Apr 2, 2024

ecommerceproductsshopshopify

B · Generally Safe

CVEs total1

Unpatched0

Last CVEOct 7, 2019

Plugin page Download

Safety Verdict

Is ShopWP Safe to Use in 2026?

Mostly Safe

Score 84/100

ShopWP is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Oct 7, 2019Updated 2yr ago

Risk Assessment

The WPShopify plugin v5.2.4 exhibits a generally strong security posture based on the static analysis provided, with no identified critical or high severity issues in taint analysis and a commendable 100% usage of prepared statements for SQL queries. The absence of any unprotected entry points (AJAX, REST API, shortcodes, cron) is a significant strength. However, the plugin's vulnerability history reveals a past high severity vulnerability related to missing authorization, which, despite being patched, indicates a potential area for careful review in authorization mechanisms. The moderate output escaping rate (60%) suggests there might be instances where data output is not sufficiently sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in those unescaped outputs. While the current analysis shows no immediate critical threats, the historical pattern and the unescaped output percentage warrant attention.

Key Concerns

Moderate output escaping rate
Past high severity vulnerability (Missing Authorization)

Vulnerabilities

ShopWP Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2019-25214high · 7.2Missing Authorization

ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting

Oct 7, 2019 Patched in 2.0.5 (1836d)

Code Analysis

Analyzed Mar 16, 2026

ShopWP Code Analysis

Dangerous Functions

Raw SQL Queries

55 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Lodash

SQL Query Safety

100% prepared55 total queries

Output Escaping

60% escaped52 total outputs

Attack Surface

ShopWP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 75

actionrest_api_initclasses\api\items\class-cart.php:456

actionrest_api_initclasses\api\items\class-collections.php:466

actionrest_api_initclasses\api\items\class-media-uploader.php:74

actionrest_api_initclasses\api\items\class-products.php:1167

actionrest_api_initclasses\api\items\class-shop.php:55

actionrest_api_initclasses\api\misc\class-notices.php:212

actionrest_api_initclasses\api\misc\class-notices.php:213

actionadmin_noticesclasses\api\misc\class-notices.php:214

actionrest_api_initclasses\api\options\class-components.php:57

actionrest_api_initclasses\api\processing\class-webhooks-deletions.php:53

actionrest_api_initclasses\api\processing\class-webhooks.php:51

actionrest_api_initclasses\api\settings\class-collections.php:47

actionrest_api_initclasses\api\settings\class-connection.php:233

actionrest_api_initclasses\api\settings\class-connection.php:234

actionrest_api_initclasses\api\settings\class-connection.php:236

actionrest_api_initclasses\api\settings\class-general.php:217

actionrest_api_initclasses\api\settings\class-license.php:284

actionrest_api_initclasses\api\settings\class-license.php:286

actionrest_api_initclasses\api\settings\class-license.php:291

actionrest_api_initclasses\api\syncing\class-counts.php:268

actionrest_api_initclasses\api\syncing\class-counts.php:272

actionrest_api_initclasses\api\syncing\class-indicator.php:76

actionrest_api_initclasses\api\syncing\class-status.php:248

actionrest_api_initclasses\api\syncing\class-status.php:250

actionrest_api_initclasses\api\syncing\class-status.php:254

actionrest_api_initclasses\api\syncing\class-status.php:258

actionrest_api_initclasses\api\syncing\class-status.php:262

actionrest_api_initclasses\api\tools\class-cache.php:79

actionrest_api_initclasses\api\tools\class-cache.php:83

actionrest_api_initclasses\api\tools\class-clear.php:80

actionrest_api_initclasses\api\tools\class-clear.php:81

actionplugins_loadedclasses\class-activator.php:441

actionshopwp_on_plugin_activateclasses\class-activator.php:442

filterwpmu_drop_tablesclasses\class-activator.php:443

actionadmin_initclasses\class-activator.php:444

actionwpmu_new_blogclasses\class-activator.php:448

actionwp_initialize_siteclasses\class-activator.php:450

filterwp_setup_nav_menu_itemclasses\class-admin-menus.php:127

actionadmin_initclasses\class-admin-menus.php:128

filterwalker_nav_menu_start_elclasses\class-admin-menus.php:130

filtershopwp_remove_quick_editclasses\class-backend.php:756

actionadmin_menuclasses\class-backend.php:884

actionadmin_enqueue_scriptsclasses\class-backend.php:885

actionadmin_enqueue_scriptsclasses\class-backend.php:886

filteradmin_body_classclasses\class-backend.php:892

actionin_admin_headerclasses\class-backend.php:893

actionadmin_headclasses\class-backend.php:895

actionadmin_footerclasses\class-backend.php:899

actionadmin_enqueue_scriptsclasses\class-backend.php:904

filterpost_row_actionsclasses\class-backend.php:908

actionadmin_noticesclasses\class-backend.php:909

actionedit_form_after_titleclasses\class-backend.php:911

actioninitclasses\class-bootstrap.php:37

actionadmin_initclasses\class-bootstrap.php:41

actionshopwp_on_plugin_deactivateclasses\class-deactivator.php:27

filterbody_classclasses\class-frontend.php:104

actionwp_enqueue_scriptsclasses\class-frontend.php:105

actionwp_enqueue_scriptsclasses\class-frontend.php:106

actionupgrader_process_completeclasses\class-hooks.php:78

filterwps_syncing_settings_timeoutclasses\class-hooks.php:85

filterwps_syncing_settings_blockingclasses\class-hooks.php:89

actionshopwp_breadcrumbsclasses\class-templates.php:196

actionwp_footerclasses\class-templates.php:197

filtersingle_templateclasses\class-templates.php:199

filterarchive_templateclasses\class-templates.php:200

actionpre_get_postsclasses\class-templates.php:202

filterpage_templateclasses\class-templates.php:204

filterwps_products_pagination_startclasses\class-templates.php:206

filterwps_products_pagination_endclasses\class-templates.php:210

filteroption_active_pluginsclasses\compatibility\class-compatibility.php:9

filterstylesheet_directoryclasses\compatibility\class-compatibility.php:14

filtertemplate_directoryclasses\compatibility\class-compatibility.php:15

filtersite_option_active_sitewide_pluginsclasses\compatibility\class-compatibility.php:17

filtercron_schedulesclasses\processing\class-vendor-background-process.php:78

actionafter_plugin_rowshopwp.php:68

Maintenance & Trust

ShopWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.0

Last updatedApr 2, 2024

PHP min version5.6

Downloads353K

Community Trust

Rating80/100

Number of ratings65

Active installs800

Alternatives

ShopWP Alternatives

External Store for Shopify

wp-shopify

Display products from your Shopify store on your WordPress blog using shortcodes.

3K 2 CVEs

Products Showcase – Shopify Integration

products-showcase

100

Display Shopify products and collections in beautiful carousels using native Gutenberg blocks.

20 No CVEs

Buy Button Plus – Sell Shopify Products

jasper-studio-buy-button-plus-connect-to-shopify

100

Turn your WordPress site into a lightweight shop — powered by your Shopify store.

10 No CVEs

SyncKube – Products Sync for Shopify

synckube-products-sync-for-shopify

100

Seamlessly sync your Shopify products into WordPress.

0 No CVEs

Premium Packages – Sell Digital Products Securely

wpdm-premium-packages

Premium Packages is a free, full-featured WordPress eCommerce plugin to sell digital products easily and securely.

3K 9 CVEs

Developer Profile

ShopWP Developer Profile

Andrew

1 plugin · 800 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

1836 days

View full developer profile

Detection Fingerprints

How We Detect ShopWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpshopify/admin/css/vendor/animate.min.css/wp-content/plugins/wpshopify/dist/admin.min.css

Version Parameters

wpshopify/dist/admin.min.css?ver=wpshopify/admin/css/vendor/animate.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

shopwp-exp-noticeshopwp-exp-notice active

Data Attributes

data-plugin="wpshopify/shopwp.php"

FAQ