WP-Safety

Product Labels For Woocommerce (Sale Badges) Security & Risk Analysis

wordpress.org/plugins/aco-product-labels-for-woocommerce

Create custom product labels and sale badges for WooCommerce products to highlight offers and promotions.

10K active installs v1.5.13 PHP + WP 4.9+ Updated Jan 14, 2026
badgesproduct-labels-for-woocommercewoocommerce-badgeswoocommerce-labelswoocommerce-sale-badges
97
A · Safe
CVEs total4
Unpatched0
Last CVEMar 3, 2025
Download
Safety Verdict

Is Product Labels For Woocommerce (Sale Badges) Safe to Use in 2026?

Generally Safe

Score 97/100

Product Labels For Woocommerce (Sale Badges) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Mar 3, 2025Updated 4mo ago
Risk Assessment

The 'aco-product-labels-for-woocommerce' plugin v1.5.13 presents a mixed security profile. While the static analysis shows a good effort in sanitizing inputs and a high percentage of SQL queries using prepared statements, the presence of the `unserialize` function is a notable concern, as it can be a vector for Remote Code Execution if untrusted data is passed to it. Furthermore, the lack of nonce checks on any entry points is a significant weakness, potentially exposing the plugin to Cross-Site Request Forgery (CSRF) attacks. The vulnerability history indicates a pattern of medium severity SQL Injection and Cross-Site Scripting vulnerabilities in the past, with the last known vulnerability occurring recently. Although there are currently no unpatched vulnerabilities, this history suggests a recurring need for vigilance regarding input validation and sanitization. Overall, the plugin has some strengths in its secure coding practices for SQL, but the `unserialize` function and the absence of nonce checks introduce specific risks that require attention.

Key Concerns

  • Presence of 'unserialize' function
  • Zero nonce checks on entry points
  • History of medium severity SQLi and XSS
Vulnerabilities
4 published

Product Labels For Woocommerce (Sale Badges) Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2024-10638medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product Labels For Woocommerce (Sale Badges) <= 1.5.10 - Authenticated (Admin+) SQL Injection

Mar 3, 2025 Patched in 1.5.11 (50d)
CVE-2024-12109medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product Labels For Woocommerce (Sale Badges) <= 1.5.8 - Authenticated (Admin+) SQL Injection

Mar 3, 2025 Patched in 1.5.9 (50d)
CVE-2024-53817medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product Labels For Woocommerce <= 1.5.8 - Authenticated (Administrator+) SQL Injection

Dec 2, 2024 Patched in 1.5.9 (11d)
CVE-2024-24886medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Labels For Woocommerce <= 1.5.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Feb 5, 2024 Patched in 1.5.4 (4d)
Version History

Product Labels For Woocommerce (Sale Badges) Release Timeline

v1.5.13Current
v1.5.12
v1.5.11
v1.5.101 CVE
CVE-2024-10638
v1.5.91 CVE
CVE-2024-10638
v1.5.83 CVEs
CVE-2024-10638 CVE-2024-12109 CVE-2024-53817
v1.5.73 CVEs
CVE-2024-10638 CVE-2024-12109 CVE-2024-53817
v1.5.63 CVEs
CVE-2024-10638 CVE-2024-12109 CVE-2024-53817
v1.5.53 CVEs
CVE-2024-10638 CVE-2024-12109 CVE-2024-53817
v1.5.43 CVEs
CVE-2024-10638 CVE-2024-12109 CVE-2024-53817
v1.5.34 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.5.24 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.5.14 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.5.04 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.84 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.74 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.64 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.54 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.44 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
v1.4.34 CVEs
CVE-2024-24886 CVE-2024-10638 CVE-2024-12109 +1 more
Code Analysis
Analyzed Mar 16, 2026

Product Labels For Woocommerce (Sale Badges) Code Analysis

Dangerous Functions
3
Raw SQL Queries
2
18 prepared
Unescaped Output
8
22 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize ( $value );includes\class-acoplw-api.php:182
unserialize$schedules = unserialize(get_post_meta($badge_ID, 'badge_schedules', true));includes\class-acoplw-api.php:564
unserialize$schedules = unserialize(get_post_meta($acoplwID, 'badge_schedules', true));includes\class-acoplw-badge.php:700

SQL Query Safety

90% prepared20 total queries

Output Escaping

73% escaped30 total outputs
Attack Surface

Product Labels For Woocommerce (Sale Badges) Attack Surface

Entry Points17
Unprotected0

REST API Routes 16

GET/wp-json/acoplw/v1/badges/includes\class-acoplw-api.php:29
GET/wp-json/acoplw/v1/badges/(?P<id>\d+)includes\class-acoplw-api.php:35
POST/wp-json/acoplw/v1/badges/includes\class-acoplw-api.php:42
POST/wp-json/acoplw/v1/delete/includes\class-acoplw-api.php:48
POST/wp-json/acoplw/v1/duplicate/includes\class-acoplw-api.php:54
POST/wp-json/acoplw/v1/statusChange/includes\class-acoplw-api.php:60
GET/wp-json/acoplw/v1/productlist/includes\class-acoplw-api.php:66
GET/wp-json/acoplw/v1/productlist/(?P<id>\d+)includes\class-acoplw-api.php:72
POST/wp-json/acoplw/v1/productlist/includes\class-acoplw-api.php:79
POST/wp-json/acoplw/v1/settings/includes\class-acoplw-api.php:85
GET/wp-json/acoplw/v1/settings/(?P<id>\d+)includes\class-acoplw-api.php:91
GET/wp-json/acoplw/v1/data/productsincludes\class-acoplw-api.php:97
GET/wp-json/acoplw/v1/productsearchincludes\class-acoplw-api.php:103
GET/wp-json/acoplw/v1/productlistsearchincludes\class-acoplw-api.php:109
GET/wp-json/acoplw/v1/taxsearchincludes\class-acoplw-api.php:115
GET/wp-json/acoplw/v1/getpreviewthumb/(?P<id>\d+)includes\class-acoplw-api.php:121

Shortcodes 1

[acoplw_badge] includes\class-acoplw-front-end.php:141
WordPress Hooks 32
actionrest_api_initincludes\class-acoplw-api.php:27
actionsave_postincludes\class-acoplw-backend.php:96
actionedited_termincludes\class-acoplw-backend.php:97
actiondelete_termincludes\class-acoplw-backend.php:98
actioncreated_termincludes\class-acoplw-backend.php:99
actionadmin_menuincludes\class-acoplw-backend.php:101
actionadmin_enqueue_scriptsincludes\class-acoplw-backend.php:102
actionadmin_enqueue_scriptsincludes\class-acoplw-backend.php:103
actionadmin_footerincludes\class-acoplw-backend.php:109
actioninitincludes\class-acoplw-front-end.php:66
actionwp_enqueue_scriptsincludes\class-acoplw-front-end.php:71
actionwp_enqueue_scriptsincludes\class-acoplw-front-end.php:72
actionwp_footerincludes\class-acoplw-front-end.php:75
actionwoocommerce_after_shop_loop_itemincludes\class-acoplw-front-end.php:92
actionwoocommerce_shop_loopincludes\class-acoplw-front-end.php:94
actionwoocommerce_before_shop_loop_item_titleincludes\class-acoplw-front-end.php:100
filterwoocommerce_single_product_image_htmlincludes\class-acoplw-front-end.php:110
filterpost_thumbnail_htmlincludes\class-acoplw-front-end.php:111
filterwoocommerce_product_get_imageincludes\class-acoplw-front-end.php:112
actionwp_footerincludes\class-acoplw-front-end.php:120
filterwoocommerce_blocks_product_grid_item_htmlincludes\class-acoplw-front-end.php:127
filterelementor/widget/render_contentincludes\class-acoplw-front-end.php:130
actionjet-woo-builder/shortcodes/jet-woo-products/loop-item-endincludes\class-acoplw-front-end.php:135
actionacoplwBadgeHookincludes\class-acoplw-front-end.php:140
filterthemify_post_start_moduleincludes\class-acoplw-front-end.php:148
filterthemify_before_post_image_moduleincludes\class-acoplw-front-end.php:150
filterthemify_after_post_image_moduleincludes\class-acoplw-front-end.php:152
filterthemify_before_post_title_moduleincludes\class-acoplw-front-end.php:154
filterthemify_after_post_title_moduleincludes\class-acoplw-front-end.php:156
filterthemify_post_end_moduleincludes\class-acoplw-front-end.php:158
actionplugins_loadedstart.php:64
actionbefore_woocommerce_initstart.php:75
Maintenance & Trust

Product Labels For Woocommerce (Sale Badges) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version
Downloads231K

Community Trust

Rating92/100
Number of ratings53
Active installs10K
Alternatives

Product Labels For Woocommerce (Sale Badges) Alternatives

Better Badge – Custom Product Badges for WooCommerce

Better Badge – Custom Product Badges for WooCommerce

custom-product-badge-for-woocommerce

A
100

Create eye-catching product badges and labels for your WooCommerce store in seconds. 100+ built-in product badges. Fully customizable.

300 No CVEs
QODE Badges for WooCommerce

QODE Badges for WooCommerce

qode-badges-for-woocommerce

A
100

Display eye-catching predefined or custom badges on your products to highlight sales, promotions, and key product features for all your shoppers.

20 No CVEs
Advanced Product Labels for WooCommerce

Advanced Product Labels for WooCommerce

advanced-product-labels-for-woocommerce

A
100

Promote exclusive discounts, new products or free shipping. Create labels easily and quickly!

20K 1 CVE
Advanced Woo Labels – Product Labels & Badges for WooCommerce

Advanced Woo Labels – Product Labels & Badges for WooCommerce

advanced-woo-labels

A
90

Labels plugin for WooCommerce. Create labels/badges with custom styles and text for any of your WooCommerce products.

10K 5 CVEs
Product Badges For Woocommerce

Product Badges For Woocommerce

product-badges-for-woocommerce

A
100

Add beautiful, fully customizable product badges and labels to your WooCommerce shop, category, and single product pages — no coding required.

500 No CVEs
Developer Profile

Product Labels For Woocommerce (Sale Badges) Developer Profile

acowebs

14 plugins · 74K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
77 days
View full developer profile
Detection Fingerprints

How We Detect Product Labels For Woocommerce (Sale Badges)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aco-product-labels-for-woocommerce/assets/css/aco-product-labels-for-woocommerce.css/wp-content/plugins/aco-product-labels-for-woocommerce/assets/js/aco-product-labels-for-woocommerce.js
Script Paths
/wp-content/plugins/aco-product-labels-for-woocommerce/assets/js/aco-product-labels-for-woocommerce.js
Version Parameters
aco-product-labels-for-woocommerce/assets/css/aco-product-labels-for-woocommerce.css?ver=aco-product-labels-for-woocommerce/assets/js/aco-product-labels-for-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
acoplw-badgesacoplw-sale-badge-wrap
HTML Comments
<!-- plw_survey_form --><!-- This file is part of the aco-product-labels-for-woocommerce plugin. --><!-- Plugin Name: Acowebs Product Labels For Woocommerce --><!-- Version: 1.5.13 -->
Data Attributes
data-plugin-namedata-plugin-versiondata-plugin-url
JS Globals
ACOPLW_TOKEN
FAQ

Frequently Asked Questions about Product Labels For Woocommerce (Sale Badges)