WP-Safety

AAkron Personalization Security & Risk Analysis

wordpress.org/plugins/aakron-personalization

This easy-to-use plugin allows your customers to order merchandise personalized with their own photos, imprints, and artwork.

0 active installs v1.0.0 PHP + WP 4.7+ Updated Feb 3, 2022
customizationdesignerproduct-customizerproduct-designer-toolwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AAkron Personalization Safe to Use in 2026?

Generally Safe

Score 85/100

AAkron Personalization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "aakron-personalization" v1.0.0 plugin presents a significant security risk primarily due to its large, unprotected attack surface. All 12 identified AJAX handlers lack authentication checks, meaning any user, including unauthenticated visitors, can trigger these functions. This opens the door to potential cross-site scripting (XSS), unauthorized data manipulation, or denial-of-service (DoS) attacks, depending on the functionality of these handlers.

While the plugin shows strengths in output escaping (91% properly escaped) and has no known CVEs, the complete absence of nonce checks on AJAX actions and only 3 capability checks out of 12 entry points are critical oversights. The taint analysis revealing 5 flows with unsanitized paths further exacerbates this risk, suggesting that user-supplied data might be processed in a way that could lead to vulnerabilities if these paths are triggered by the unprotected AJAX endpoints.

In conclusion, despite a clean vulnerability history, the plugin's design has fundamental security weaknesses. The unprotected AJAX handlers combined with unsanitized data flows represent a high risk. Addressing these critical issues by implementing proper authentication and capability checks on all AJAX endpoints is paramount to securing this plugin.

Key Concerns

  • 12 unprotected AJAX handlers
  • 0 Nonce checks on AJAX
  • 5 Taint flows with unsanitized paths
  • 1 SQL query without prepared statements
  • 3 Capability checks for 12 entry points
Vulnerabilities
None known

AAkron Personalization Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

AAkron Personalization Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
20
204 escaped
Nonce Checks
0
Capability Checks
3
File Operations
7
External Requests
6
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

91% escaped224 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
aakron_design_tool_user_email_validate_callback (admin\class-aakron-personalization-admin.php:646)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

AAkron Personalization Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_aakron_design_sync_productincludes\class-aakron-personalization-connector.php:158
noprivwp_ajax_aakron_design_sync_productincludes\class-aakron-personalization-connector.php:159
authwp_ajax_aakron_design_tool_verify_userincludes\class-aakron-personalization-connector.php:161
noprivwp_ajax_aakron_design_tool_verify_userincludes\class-aakron-personalization-connector.php:162
authwp_ajax_aakron_design_tool_remove_user_tokenincludes\class-aakron-personalization-connector.php:164
noprivwp_ajax_aakron_design_tool_remove_user_tokenincludes\class-aakron-personalization-connector.php:165
authwp_ajax_aakron_design_tool_user_email_validateincludes\class-aakron-personalization-connector.php:167
noprivwp_ajax_aakron_design_tool_user_email_validateincludes\class-aakron-personalization-connector.php:168
authwp_ajax_aakron_design_tool_validate_tokenincludes\class-aakron-personalization-connector.php:187
noprivwp_ajax_aakron_design_tool_validate_tokenincludes\class-aakron-personalization-connector.php:188
authwp_ajax_aakron_design_tool_add_custom_data_to_cartincludes\class-aakron-personalization-connector.php:191
noprivwp_ajax_aakron_design_tool_add_custom_data_to_cartincludes\class-aakron-personalization-connector.php:192
WordPress Hooks 29
actionadd_meta_boxesadmin\class-aakron-personalization-admin.php:55
actionwoocommerce_admin_order_item_valuesadmin\class-aakron-personalization-admin.php:56
actionwoocommerce_admin_order_item_headersadmin\class-aakron-personalization-admin.php:57
filterwoocommerce_locate_templateadmin\class-aakron-personalization-admin.php:58
actionplugins_loadedincludes\class-aakron-personalization-connector.php:137
actionadmin_enqueue_scriptsincludes\class-aakron-personalization-connector.php:152
actionadmin_enqueue_scriptsincludes\class-aakron-personalization-connector.php:153
actionadmin_menuincludes\class-aakron-personalization-connector.php:154
actionadmin_initincludes\class-aakron-personalization-connector.php:155
actionwp_enqueue_scriptsincludes\class-aakron-personalization-connector.php:183
actionwp_enqueue_scriptsincludes\class-aakron-personalization-connector.php:184
actionwoocommerce_single_product_summarypublic\class-aakron-personalization-public.php:123
actionwoocommerce_before_add_to_cart_buttonpublic\class-aakron-personalization-public.php:124
filterwoocommerce_add_cart_item_datapublic\class-aakron-personalization-public.php:127
filterwoocommerce_get_cart_item_from_sessionpublic\class-aakron-personalization-public.php:128
filterwoocommerce_cart_item_namepublic\class-aakron-personalization-public.php:129
filterwoocommerce_checkout_create_order_line_itempublic\class-aakron-personalization-public.php:130
filterwp_mail_content_typepublic\class-aakron-personalization-public.php:131
filterwoocommerce_add_to_cart_validationpublic\class-aakron-personalization-public.php:132
filterwoocommerce_checkout_fieldspublic\class-aakron-personalization-public.php:136
filterwoocommerce_checkout_fieldspublic\class-aakron-personalization-public.php:137
filterwoocommerce_checkout_processpublic\class-aakron-personalization-public.php:138
filterwoocommerce_checkout_create_orderpublic\class-aakron-personalization-public.php:139
filterwoocommerce_ship_to_different_address_checkedpublic\class-aakron-personalization-public.php:140
filterwoocommerce_checkout_get_valuepublic\class-aakron-personalization-public.php:142
actioninitpublic\class-aakron-personalization-public.php:144
filterwoocommerce_get_price_htmlpublic\class-aakron-personalization-public.php:145
actionwoocommerce_thankyoupublic\class-aakron-personalization-public.php:146
filterwoocommerce_thankyoupublic\class-aakron-personalization-public.php:147
Maintenance & Trust

AAkron Personalization Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 3, 2022
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

AAkron Personalization Alternatives

PickPlugins Product Designer for WooCommerce

PickPlugins Product Designer for WooCommerce

product-designer

A
95

Ready product designer plugin for WooCommerce

600 3 CVEs
Custom Product Builder for WooCommerce – Product Designer and Customizer

Custom Product Builder for WooCommerce – Product Designer and Customizer

custom-product-builder-for-woocommerce

A
100

The WooCommerce product designer plugin trusted by 200+ stores. Let customers design custom t-shirts, mugs, phone cases, jewelry and more with an intu …

300 No CVEs
Visual Product Configurator for Woocommerce Lite

Visual Product Configurator for Woocommerce Lite

visual-products-configurator-for-woocommerce

A
100

A woocommerce product customizer for woocommerce that allows customers to build any composite product visually.

200 No CVEs
MyStyle Custom Product Designer

MyStyle Custom Product Designer

mystyle-custom-product-designer

A
98

The MyStyle Custom Product Designer allows your website visitors to design, customize & personalize, and purchase your WooCommerce products.

80 1 CVE
Smart Customizer for WooCommerce

Smart Customizer for WooCommerce

smart-customizer-for-woocommerce

A
92

Allow your customers to customize and preview their personalized products before making a purchase. Maximize profits and customer satisfaction.

60 No CVEs
Developer Profile

AAkron Personalization Developer Profile

erinrouse

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AAkron Personalization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aakron-personalization/assets/js/aakron-personalization-admin.js/wp-content/plugins/aakron-personalization/assets/css/aakron-personalization-admin.css/wp-content/plugins/aakron-personalization/assets/js/aakron-personalization-public.js/wp-content/plugins/aakron-personalization/assets/css/aakron-personalization-public.css
Script Paths
/wp-content/plugins/aakron-personalization/assets/js/aakron-personalization-admin.js/wp-content/plugins/aakron-personalization/assets/js/aakron-personalization-public.js
Version Parameters
aakron-personalization/assets/js/aakron-personalization-admin.js?ver=aakron-personalization/assets/css/aakron-personalization-admin.css?ver=aakron-personalization/assets/js/aakron-personalization-public.js?ver=aakron-personalization/assets/css/aakron-personalization-public.css?ver=

HTML / DOM Fingerprints

CSS Classes
aakron-personalization-admin-css
Data Attributes
aakronPricingObjaakran_dynamic_oricing_callback
JS Globals
aakron_personalization
FAQ

Frequently Asked Questions about AAkron Personalization