WP-Safety

Free WooCommerce Theme 99fy Extension Security & Risk Analysis

wordpress.org/plugins/99fy-core

Elementor Addon Pack For 99fy - Free WooCommerce Theme

100 active installs v1.3.0 PHP + WP 5.0+ Updated Jan 13, 2025
elementorelementor-addonelementor-page-builderone-click-demowoocommerce
91
A · Safe
CVEs total2
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is Free WooCommerce Theme 99fy Extension Safe to Use in 2026?

Generally Safe

Score 91/100

Free WooCommerce Theme 99fy Extension has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 7, 2025Updated 1yr ago
Risk Assessment

The '99fy-core' v1.3.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several areas, including the complete absence of vulnerable SQL queries and the presence of a healthy number of nonce and capability checks. The fact that all identified AJAX handlers and REST API routes have authorization checks is a significant strength. However, concerns arise from the use of the `create_function` dangerous function, which can be a source of various vulnerabilities if not handled with extreme care. Furthermore, the taint analysis revealing two flows with unsanitized paths, though not classified as critical or high severity, still warrants attention as it indicates potential for unintended data manipulation or exposure. The plugin's vulnerability history shows two past medium-severity CVEs related to Cross-site Scripting and Cross-Site Request Forgery, suggesting a pattern of input sanitization and authorization weaknesses that have been exploited in the past. Although there are currently no unpatched vulnerabilities, this history reinforces the need for vigilance regarding input handling and access control.

Key Concerns

  • Presence of dangerous function 'create_function'
  • Taint flows with unsanitized paths
  • History of medium severity CVEs (XSS, CSRF)
  • Output escaping is not universally applied (64% properly escaped)
Vulnerabilities
2

Free WooCommerce Theme 99fy Extension Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-22801medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Free WooCommerce Theme 99fy Extension <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.2.9 (8d)
CVE-2023-0503medium · 4.3Cross-Site Request Forgery (CSRF)

Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

Feb 28, 2023 Patched in 1.2.8 (603d)
Code Analysis
Analyzed Mar 16, 2026

Free WooCommerce Theme 99fy Extension Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
124
225 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');admin\classes\class.settings_api.php:105

Output Escaping

64% escaped349 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
templates_ajax_request (admin\classes\template-library.php:150)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Free WooCommerce Theme 99fy Extension Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_nnfytmp_ajax_requestadmin\classes\template-library.php:29
authwp_ajax_nnfytmp_ajax_get_required_pluginadmin\classes\template-library.php:30
authwp_ajax_nnfytmp_ajax_plugin_activationadmin\classes\template-library.php:31
authwp_ajax_nnfytmp_ajax_theme_activationadmin\classes\template-library.php:32
WordPress Hooks 28
actionelementor/documents/register_controlsadmin\classes\class.elementor_options.php:28
actionadmin_initadmin\classes\class.setting.php:14
actionadmin_menuadmin\classes\class.setting.php:15
actionwsa_form_bottom_nnfy_general_tabsadmin\classes\class.setting.php:17
actionadmin_enqueue_scriptsadmin\classes\class.settings_api.php:28
actioncustomize_preview_initadmin\classes\customizer\class.customizer.php:21
actioncustomize_controls_enqueue_scriptsadmin\classes\customizer\class.customizer.php:22
actioncustomize_registeradmin\classes\customizer\class.customizer.php:23
actioncustomize_registeradmin\classes\customizer\class.customizer.php:24
actioncustomize_registeradmin\classes\customizer\class.customizer.php:25
actionadmin_menuadmin\classes\Recommended_Plugins.php:78
actionadmin_enqueue_scriptsadmin\classes\Recommended_Plugins.php:79
actionadmin_menuadmin\classes\template-library.php:27
actionadmin_enqueue_scriptsadmin\classes\template-library.php:35
actionwp_enqueue_scriptsclasses\class.scripts_manager.php:28
actionadmin_enqueue_scriptsclasses\class.scripts_manager.php:29
actionadmin_enqueue_scriptsclasses\class.scripts_manager.php:32
actionwp_enqueue_scriptsclasses\class.scripts_manager.php:35
actionelementor/elements/categories_registeredclasses\class.widgets_control.php:32
actionelementor/widgets/widgets_registeredclasses\class.widgets_control.php:35
actioninitincludes\base.php:25
actionplugins_loadedincludes\base.php:26
actionadmin_noticesincludes\base.php:50
actionadmin_noticesincludes\base.php:56
actionadmin_noticesincludes\base.php:62
actionadmin_headincludes\demo_importer.php:3
filterpt-ocdi/import_filesincludes\demo_importer.php:232
actionpt-ocdi/after_importincludes\demo_importer.php:280
Maintenance & Trust

Free WooCommerce Theme 99fy Extension Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 13, 2025
PHP min version
Downloads22K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Free WooCommerce Theme 99fy Extension Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Exclusive Addons for Elementor

Exclusive Addons for Elementor

exclusive-addons-for-elementor

A
96

Exclusive Addons is one of the Best Elementor Addons With 90+ Elementor Free & Pro Widgets with all the customizations options you ever imagined.

60K 24 CVEs
RTMKit

RTMKit

rometheme-for-elementor

A
89

All-in-one toolkit for Elementor: advanced addons, theme builder, forms, icons & templates to build stunning sites fast and easy.

50K 12 CVEs
Bosa Elementor Addons and Templates for WooCommerce

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

A
99

Elementor Addon with widgets and templates for WooCommerce.

30K 1 CVE
Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor

Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor

ultimate-store-kit

B
83

WooCommerce and EDD Elementor addon with product grid, category, reviews, carousel, filters, cart, checkout, slider and more

5K 12 CVEs
Developer Profile

Free WooCommerce Theme 99fy Extension Developer Profile

HasThemes

14 plugins · 16K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
179 days
View full developer profile
Detection Fingerprints

How We Detect Free WooCommerce Theme 99fy Extension

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/99fy-core/assets/css/frontend.min.css/wp-content/plugins/99fy-core/assets/js/frontend.min.js/wp-content/plugins/99fy-core/assets/css/magnific-popup.css/wp-content/plugins/99fy-core/assets/js/magnific-popup.min.js/wp-content/plugins/99fy-core/assets/css/owl.carousel.min.css/wp-content/plugins/99fy-core/assets/js/owl.carousel.min.js/wp-content/plugins/99fy-core/assets/css/animate.css/wp-content/plugins/99fy-core/assets/js/waypoints.min.js+4 more
Script Paths
/wp-content/plugins/99fy-core/assets/js/frontend.min.js/wp-content/plugins/99fy-core/assets/js/magnific-popup.min.js/wp-content/plugins/99fy-core/assets/js/owl.carousel.min.js/wp-content/plugins/99fy-core/assets/js/waypoints.min.js/wp-content/plugins/99fy-core/assets/js/jquery.counterup.min.js/wp-content/plugins/99fy-core/assets/js/aos.js+1 more
Version Parameters
wp-content/plugins/99fy-core/assets/css/frontend.min.css?ver=wp-content/plugins/99fy-core/assets/js/frontend.min.js?ver=wp-content/plugins/99fy-core/assets/css/magnific-popup.css?ver=wp-content/plugins/99fy-core/assets/js/magnific-popup.min.js?ver=wp-content/plugins/99fy-core/assets/css/owl.carousel.min.css?ver=wp-content/plugins/99fy-core/assets/js/owl.carousel.min.js?ver=wp-content/plugins/99fy-core/assets/css/animate.css?ver=wp-content/plugins/99fy-core/assets/js/waypoints.min.js?ver=wp-content/plugins/99fy-core/assets/js/jquery.counterup.min.js?ver=wp-content/plugins/99fy-core/assets/css/aos.css?ver=wp-content/plugins/99fy-core/assets/js/aos.js?ver=wp-content/plugins/99fy-core/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
nnfy-page-titlennfy-contact-form-areannfy-call-to-action-areannfy-testimonial-areannfy-counter-up-areannfy-hero-slider-areannfy-gallery-area
Data Attributes
data-aosdata-aos-durationdata-aos-delaydata-aos-offsetdata-aos-once
JS Globals
NNFY_ASSETSNNFY_ADMIN_ASSETSNNFY_PL_URLNNFY_PL_PATHNNFY_PLUGIN_BASE
FAQ

Frequently Asked Questions about Free WooCommerce Theme 99fy Extension