Total Findings
181
Security Grade
Coding Score
100/100
The Klaviyo plugin for WooCommerce integrates e-commerce tracking and marketing consent features. The audit identified several security concerns, including missing nonce verification on an AJAX handler, lack of input sanitization in the admin settings save routine, and insufficient protection on the cart rebuild parameter. While most REST endpoints use proper authentication, some publicly accessible endpoints expose product data and version information. The uninstall script also fails to clean up plugin options. No critical SQL injection or authentication bypass vulnerabilities were found. The plugin generally follows WordPress security best practices but has room for improvement in nonce enforcement and input validation.
Show your audit status in your README or website.
<a href="https://wphealthkit.com/directory/woocommerce-klaviyo"><img src="https://wphealthkit.com/api/badge/woocommerce-klaviyo" alt="Klaviyo security audit by WP HealthKit" /></a>
Claim this listing to get a Verified badge, control public audits, and get automatic re-scans.
Claim This PluginGet a comprehensive security audit for your WordPress plugin or theme. Upload your zip and get results in minutes.
Start Free Audit