WP-Safety

Dynamic Pricing With Discount Rules for WooCommerce Security & Risk Analysis

wordpress.org/plugins/aco-woo-dynamic-pricing

The Dynamic Pricing With Discount Rules plugin enables bulk discounts for WooCommerce products. Its simple design allows easy setup in minutes.

6K active installs v4.5.10 PHP + WP 4.4+ Updated May 9, 2025
woocommerce-bulk-discountswoocommerce-discount-ruleswoocommerce-dynamic-pricingwoocommerce-pricing-deals
97
A · Safe
CVEs total2
Unpatched0
Last CVEAug 14, 2025
Download
Safety Verdict

Is Dynamic Pricing With Discount Rules for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Dynamic Pricing With Discount Rules for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 14, 2025Updated 10mo ago
Risk Assessment

The "aco-woo-dynamic-pricing" plugin version 4.5.10 presents a mixed security posture with significant areas for improvement. While it demonstrates some good practices like avoiding external HTTP requests and file operations, critical security concerns arise from its large attack surface with unprotected entry points. Specifically, six AJAX handlers lack authentication checks, leaving them vulnerable to unauthorized execution of actions. Additionally, the presence of the `unserialize` function, a known source of code injection vulnerabilities, coupled with a substantial percentage of SQL queries not using prepared statements, raises red flags regarding potential injection attacks. The plugin's vulnerability history, which includes past High and Medium severity CVEs related to Code Injection and SQL Injection, reinforces these concerns, indicating a pattern of exploitable weaknesses. Although there are no currently unpatched CVEs, the historical data suggests a propensity for vulnerabilities that require diligent patching. The taint analysis showing flows with unsanitized paths, while not critical or high severity in this instance, also points to potential risks if data is not handled rigorously.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint analysis
  • Significant SQL queries not using prepared statements
  • Dangerous function (unserialize) detected
  • No nonce checks on entry points
  • Historically significant number of CVEs
  • Significant percentage of unescaped output
Vulnerabilities
2

Dynamic Pricing With Discount Rules for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-47588high · 7.2Improper Control of Generation of Code ('Code Injection')

Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.9 - Authenticated (Shop Manager+) Arbitrary Code Execution

Aug 14, 2025 Patched in 4.5.10 (5d)
CVE-2025-47544medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - Authenticated (Shop manager+) SQL Injection

May 7, 2025 Patched in 4.5.9 (7d)
Code Analysis
Analyzed Mar 16, 2026

Dynamic Pricing With Discount Rules for WooCommerce Code Analysis

Dangerous Functions
9
Raw SQL Queries
9
4 prepared
Unescaped Output
26
35 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize ( $value );includes\class-awdp-api.php:192
unserialize$schedules = unserialize(get_post_meta($discount_rule->ID, 'discount_schedules', true));includes\class-awdp-api.php:1277
unserialize'discount_schedule_days' => unserialize(get_post_meta($discount_rule->ID, 'discount_schedule_days', includes\class-awdp-api.php:1361
unserialize'quantityranges' => unserialize(get_post_meta($discount_rule->ID, 'discount_quantityranges', includes\class-awdp-api.php:1370
unserialize'cartamount' => unserialize(get_post_meta($discount_rule->ID, 'discount_cartamount', trueincludes\class-awdp-api.php:1372
unserialize'rules' => array_key_exists ( 'rules', $discount_config ) ? array_values(array_filteincludes\class-awdp-api.php:1386
unserialize$schedules = unserialize(get_post_meta($awdpID, 'discount_schedules', true));includes\class-awdp-discount.php:1704
unserialize'rules' => $discount_config['rules'] ? unserialize(base64_decode($discount_config['rincludes\class-awdp-discount.php:1730
unserialize'quantity_rules' => get_post_meta($awdpID, 'discount_quantityranges', true) ? unserialize(getincludes\class-awdp-discount.php:1732

SQL Query Safety

31% prepared13 total queries

Output Escaping

57% escaped61 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
wdpAdminOrderContent (includes\class-awdp-front-end.php:252)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Dynamic Pricing With Discount Rules for WooCommerce Attack Surface

Entry Points26
Unprotected6

AJAX Handlers 6

authwp_ajax_wdpAjaxincludes\class-awdp-front-end.php:199
noprivwp_ajax_wdpAjaxincludes\class-awdp-front-end.php:200
authwp_ajax_wdpDynamicDiscountincludes\class-awdp-front-end.php:203
noprivwp_ajax_wdpDynamicDiscountincludes\class-awdp-front-end.php:204
authwp_ajax_wcpaQunantity_Discountincludes\class-awdp-front-end.php:207
noprivwp_ajax_wcpaQunantity_Discountincludes\class-awdp-front-end.php:208

REST API Routes 20

GET/wp-json/awdp/v1/rules/includes\class-awdp-api.php:28
GET/wp-json/awdp/v1/rules/(?P<id>\d+)includes\class-awdp-api.php:33
GET/wp-json/awdp/v1/rules/(?P<filterRule>\w+)includes\class-awdp-api.php:39
POST/wp-json/awdp/v1/rules/includes\class-awdp-api.php:45
POST/wp-json/awdp/v1/statusChange/includes\class-awdp-api.php:50
POST/wp-json/awdp/v1/bulkAction/includes\class-awdp-api.php:55
POST/wp-json/awdp/v1/orderChange/includes\class-awdp-api.php:60
POST/wp-json/awdp/v1/sortList/includes\class-awdp-api.php:65
POST/wp-json/awdp/v1/delete/includes\class-awdp-api.php:70
GET/wp-json/awdp/v1/productlist/includes\class-awdp-api.php:75
GET/wp-json/awdp/v1/productlist/(?P<id>\d+)includes\class-awdp-api.php:80
POST/wp-json/awdp/v1/product_rule/includes\class-awdp-api.php:86
POST/wp-json/awdp/v1/awdp_settings/includes\class-awdp-api.php:91
GET/wp-json/awdp/v1/awdp_settings/(?P<id>\d+)includes\class-awdp-api.php:97
POST/wp-json/awdp/v1/awdp_help/includes\class-awdp-api.php:103
GET/wp-json/awdp/v1/data/productsincludes\class-awdp-api.php:109
GET/wp-json/awdp/v1/productsearchincludes\class-awdp-api.php:115
GET/wp-json/awdp/v1/productlistsearchincludes\class-awdp-api.php:121
GET/wp-json/awdp/v1/taxsearchincludes\class-awdp-api.php:127
POST/wp-json/awdp/v1/duplicateRule/includes\class-awdp-api.php:133
WordPress Hooks 61
actionrest_api_initincludes\class-awdp-api.php:27
actionsave_postincludes\class-awdp-backend.php:97
actionedited_termincludes\class-awdp-backend.php:98
actiondelete_termincludes\class-awdp-backend.php:99
actioncreated_termincludes\class-awdp-backend.php:100
actionadmin_menuincludes\class-awdp-backend.php:102
actionadmin_enqueue_scriptsincludes\class-awdp-backend.php:104
actionadmin_enqueue_scriptsincludes\class-awdp-backend.php:105
actionadmin_footerincludes\class-awdp-backend.php:110
filteradmin_body_classincludes\class-awdp-backend.php:113
actioninitincludes\class-awdp-front-end.php:66
actionwoocommerce_before_calculate_totalsincludes\class-awdp-front-end.php:73
filterwoocommerce_get_price_htmlincludes\class-awdp-front-end.php:76
filterwoocommerce_cart_item_priceincludes\class-awdp-front-end.php:79
filterwoocommerce_cart_item_price_htmlincludes\class-awdp-front-end.php:80
actionwoocommerce_cart_item_subtotalincludes\class-awdp-front-end.php:83
actionadmin_noticesincludes\class-awdp-front-end.php:91
filterwoocommerce_get_shop_coupon_dataincludes\class-awdp-front-end.php:93
actionwoocommerce_after_calculate_totalsincludes\class-awdp-front-end.php:94
filterwoocommerce_cart_totals_coupon_labelincludes\class-awdp-front-end.php:95
filterwoocommerce_coupon_messageincludes\class-awdp-front-end.php:97
filterwoocommerce_coupon_errorincludes\class-awdp-front-end.php:98
actionwoocommerce_checkout_update_order_metaincludes\class-awdp-front-end.php:102
filterwoocommerce_before_single_productincludes\class-awdp-front-end.php:112
filterwoocommerce_before_single_product_summaryincludes\class-awdp-front-end.php:114
filterwoocommerce_single_product_summaryincludes\class-awdp-front-end.php:116
filterwoocommerce_before_add_to_cart_formincludes\class-awdp-front-end.php:118
filterwoocommerce_before_variations_formincludes\class-awdp-front-end.php:120
filterwoocommerce_before_add_to_cart_buttonincludes\class-awdp-front-end.php:122
filterwoocommerce_after_add_to_cart_buttonincludes\class-awdp-front-end.php:124
filterwoocommerce_after_variations_formincludes\class-awdp-front-end.php:126
filterwoocommerce_after_add_to_cart_formincludes\class-awdp-front-end.php:128
filterwoocommerce_product_meta_startincludes\class-awdp-front-end.php:130
filterwoocommerce_product_meta_endincludes\class-awdp-front-end.php:132
filterwoocommerce_after_single_product_summaryincludes\class-awdp-front-end.php:134
filterwoocommerce_after_single_productincludes\class-awdp-front-end.php:136
filterwoocommerce_before_add_to_cart_buttonincludes\class-awdp-front-end.php:138
filterwoocommerce_before_single_productincludes\class-awdp-front-end.php:147
filterwoocommerce_before_single_product_summaryincludes\class-awdp-front-end.php:149
filterwoocommerce_single_product_summaryincludes\class-awdp-front-end.php:151
filterwoocommerce_before_add_to_cart_formincludes\class-awdp-front-end.php:153
filterwoocommerce_before_add_to_cart_buttonincludes\class-awdp-front-end.php:155
filterwoocommerce_after_add_to_cart_buttonincludes\class-awdp-front-end.php:157
filterwoocommerce_after_add_to_cart_formincludes\class-awdp-front-end.php:159
filterwoocommerce_product_meta_startincludes\class-awdp-front-end.php:161
filterwoocommerce_product_meta_endincludes\class-awdp-front-end.php:163
filterwoocommerce_after_single_product_summaryincludes\class-awdp-front-end.php:165
filterwoocommerce_after_single_productincludes\class-awdp-front-end.php:167
filterwoocommerce_before_add_to_cart_buttonincludes\class-awdp-front-end.php:169
actionwp_footerincludes\class-awdp-front-end.php:174
filterwcpa_product_priceincludes\class-awdp-front-end.php:177
actionwoocommerce_widget_shopping_cart_totalincludes\class-awdp-front-end.php:180
actionwoocommerce_admin_order_item_headersincludes\class-awdp-front-end.php:183
actionwoocommerce_admin_order_item_valuesincludes\class-awdp-front-end.php:184
actionwoocommerce_new_order_itemincludes\class-awdp-front-end.php:192
actionwoocommerce_after_order_itemmetaincludes\class-awdp-front-end.php:193
actionwp_enqueue_scriptsincludes\class-awdp-front-end.php:196
actionwoocommerce_after_cart_tableincludes\class-awdp-front-end.php:211
filterwcpa_discount_ruleincludes\class-awdp-front-end.php:214
actionplugins_loadedstart.php:69
actionbefore_woocommerce_initstart.php:81
Maintenance & Trust

Dynamic Pricing With Discount Rules for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 9, 2025
PHP min version
Downloads276K

Community Trust

Rating92/100
Number of ratings66
Active installs6K
Alternatives

Dynamic Pricing With Discount Rules for WooCommerce Alternatives

Offermative – WooCommerce Discount Rules, Upsells & BOGO Powered by AI

Offermative – WooCommerce Discount Rules, Upsells & BOGO Powered by AI

offermative-discount-pricing-related-products-upsell-funnels-for-woocommerce

A
100

Grow revenue and AOV with targeted and automated WooCommerce discount rules, upsells, cross-sells, order bumps, and dynamic pricing offers.

50 No CVEs
Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin

Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin

woo-advanced-discounts

A
92

A powerful WooCommerce dynamic pricing plugin for bulk discounts, free gifts, BOGOs, customer role or groups based deals and much more.

10K No CVEs
ELEX WooCommerce Product Price Custom Text (Before & After Text) and Discount

ELEX WooCommerce Product Price Custom Text (Before & After Text) and Discount

elex-product-price-custom-text-before-after-text-and-discount-for-woocommerce

A
100

Add a text before and after the product price both globally and individually. Also, apply a quick discount for your products.

2K No CVEs
Dynamic Pricing and Discount Rules

Dynamic Pricing and Discount Rules

discount-and-dynamic-pricing

A
99

Dynamic Pricing Plugin lets you create special discounts for your customers based on product and cart details.

1K 1 CVE
ELEX WooCommerce Name Your Price

ELEX WooCommerce Name Your Price

elex-woo-flexible-pricing

A
100

The plugin lets you set the minimum price for your WooCommerce products globally and individually.

600 No CVEs
Developer Profile

Dynamic Pricing With Discount Rules for WooCommerce Developer Profile

acowebs

13 plugins · 74K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
14 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic Pricing With Discount Rules for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aco-woo-dynamic-pricing/assets/css/common.css/wp-content/plugins/aco-woo-dynamic-pricing/assets/css/admin.css/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/backend.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/common.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/price-rules.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/product-lists.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/settings.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/help.js+1 more
Script Paths
/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/backend.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/common.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/price-rules.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/product-lists.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/settings.js/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/help.js+1 more
Version Parameters
/wp-content/plugins/aco-woo-dynamic-pricing/assets/css/common.css?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/css/admin.css?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/backend.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/common.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/price-rules.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/product-lists.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/settings.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/help.js?ver=/wp-content/plugins/aco-woo-dynamic-pricing/assets/js/new-product-rule.js?ver=

HTML / DOM Fingerprints

CSS Classes
pricing-rules_page_awdp_admin_product_listspricing-rules_page_awdp_ui_settings
HTML Comments
<!-- AWDP_Feed_Attribute -->
Data Attributes
awdp_sale_price
JS Globals
AWDP_BackendAWDP_ApiAWDP_DiscountAWDP_Front_EndAWDP_TOKENAWDP_VERSION+12 more
REST Endpoints
/wp-json/awdp-api/
FAQ

Frequently Asked Questions about Dynamic Pricing With Discount Rules for WooCommerce