Smart Recently Viewed Products

v1.0.1WordPress PluginAudited 45 days ago

HIGH

WP.org

Total Findings

Security Grade

Coding Score

100/100

Security Findings

Critical2

High10

Medium28

Low7

Info1

Executive Summary

This WooCommerce plugin has several critical security vulnerabilities that could allow attackers to bypass authentication, inject malicious code, and manipulate the application. The most severe issues include missing nonce verification on AJAX endpoints, XSS vulnerabilities through unescaped output, and improper input sanitization. The plugin also contains AI-generated code patterns that commonly introduce security flaws.

Security Report Card

securityD

standardsA

qualityD

compatibilityA

OverallD

Readiness

Production Ready

Needs Work

WP.org Ready

Needs Changes

EAA Compliance

Needs Work

Coding Standards

100/100

PHP Compatibility

Requires PHP 5.6Declared minimum: 7.2

Categories with Findings

CSRFCross-Site ScriptingAuth & AuthorizationPlugin LifecycleAccessibilitySQL InjectionInformation DisclosureType SafetyWordPress CompatibilityWooCommerce CompatibilityError HandlingData PrivacyUpdate SafetyAI-Generated CodeCoding StandardsMultisiteInternationalizationLogging & Debug

Positive Observations

Proper ABSPATH check at the beginning of the main file
Uses WordPress transient API for caching with appropriate expiration
Implements proper WooCommerce HPOS compatibility declaration
Uses absint() for sanitizing integer inputs consistently
Implements proper WordPress singleton pattern for main class
Uses wp_json_encode() instead of native json_encode() for WordPress compatibility
Properly registers activation/deactivation hooks
Implements proper textdomain loading for internationalization
Proper singleton pattern implementation with private constructor
Good use of WordPress transient caching for product data
Proper nonce verification in all AJAX handlers
Text domain matches plugin folder name and is used consistently
Proper escaping with esc_html(), esc_attr(), and wp_json_encode()

Plugin Info

Audit Count: 1
Type: plugin

Embed

Show your audit status in your README or website.

<a href="https://wphealthkit.com/directory/smart-recently-viewed"><img src="https://wphealthkit.com/api/badge/smart-recently-viewed" alt="Smart Recently Viewed Products security audit by WP HealthKit" /></a>

Are you the developer?

Claim this listing to get a Verified badge, control public audits, and get automatic re-scans.

Claim This Plugin

Audit Your Plugin

Get a comprehensive security audit for your WordPress plugin or theme. Upload your zip and get results in minutes.

Start Free Audit

Readiness

Production Ready

Needs Work

WP.org Ready

Needs Changes

EAA Compliance

Needs Work

Coding Standards

100/100

PHP Compatibility

Requires PHP 5.6Declared minimum: 7.2

Categories with Findings

Positive Observations

Proper ABSPATH check at the beginning of the main file
Uses WordPress transient API for caching with appropriate expiration
Implements proper WooCommerce HPOS compatibility declaration
Uses absint() for sanitizing integer inputs consistently
Implements proper WordPress singleton pattern for main class
Uses wp_json_encode() instead of native json_encode() for WordPress compatibility
Properly registers activation/deactivation hooks
Implements proper textdomain loading for internationalization
Proper singleton pattern implementation with private constructor
Good use of WordPress transient caching for product data
Proper nonce verification in all AJAX handlers
Text domain matches plugin folder name and is used consistently
Proper escaping with esc_html(), esc_attr(), and wp_json_encode()