ZenCart Products Display Security & Risk Analysis
wordpress.org/plugins/zencart-productsSimple plugin that allows you to add featured products, special products, or new products to any widget slot.
Is ZenCart Products Display Safe to Use in 2026?
Generally Safe
Score 100/100ZenCart Products Display has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The zencart-products v2.1.1 plugin exhibits a mixed security posture. On the positive side, the static analysis shows no identified dangerous functions, all SQL queries utilize prepared statements, and there are no known CVEs or recorded vulnerabilities. This suggests a developer awareness of fundamental security practices like SQL injection prevention and a generally clean security track record.
However, significant concerns arise from the code analysis. The extremely low percentage of properly escaped output (7%) is a major red flag, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. The taint analysis revealing a flow with unsanitized paths further reinforces this risk, suggesting that user-supplied data may be processed or displayed without adequate sanitization, potentially leading to malicious code execution in the user's browser.
While the absence of direct attack vectors like AJAX handlers, REST API routes, and shortcodes is encouraging, the underlying code quality in output handling and data sanitization presents a substantial risk. The lack of nonce and capability checks on potential entry points (though none are explicitly listed, the general lack of these checks implies a weakness if any were to be introduced) is also a concern for authorization and integrity. The plugin's strengths lie in its database interaction security, but its weaknesses in output and path sanitization are critical and need immediate attention.
Key Concerns
- Low output escaping percentage
- Taint flow with unsanitized path
- No nonce checks
- No capability checks
ZenCart Products Display Security Vulnerabilities
ZenCart Products Display Code Analysis
Output Escaping
Data Flow Analysis
ZenCart Products Display Attack Surface
WordPress Hooks 3
Maintenance & Trust
ZenCart Products Display Maintenance & Trust
Maintenance Signals
Community Trust
ZenCart Products Display Alternatives
WooCommerce
woocommerce
Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation
optinmonster
🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀
WooCommerce PayPal Payments
woocommerce-paypal-payments
PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.
Mailchimp for WooCommerce
mailchimp-for-woocommerce
Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
pretty-link
🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗
ZenCart Products Display Developer Profile
1 plugin · 10 total installs
How We Detect ZenCart Products Display
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
id="fpd_product_count"name="fpd_product_count"id="fpd_title"name="fpd_title"id="zbs_product_count"name="zbs_product_count"+6 more