WP-Safety

Add Product To Cart Via URL Security & Risk Analysis

wordpress.org/plugins/add-product-to-cart-via-url

Allows a CMS users (eg shop admin) to create a URL (for WooCommerce only) with specific product(s) and quantity info. When clicked by a user this URL …

0 active installs v2.0 PHP 7.0+ WP 5.5+ Updated Feb 8, 2023
add-products-to-cart-via-urladd-to-cart-linkadd-to-cart-urlecommercewoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Add Product To Cart Via URL Safe to Use in 2026?

Generally Safe

Score 85/100

Add Product To Cart Via URL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "add-product-to-cart-via-url" v2.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query handling, exclusively using prepared statements, and has no recorded vulnerabilities or known CVEs. This suggests a generally well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, presenting a considerable attack surface. Furthermore, the absence of nonce checks on these AJAX endpoints is a critical oversight, potentially allowing for Cross-Site Request Forgery (CSRF) attacks. While taint analysis did not reveal any immediate threats, the lack of sanitization and capability checks on entry points is worrying and could lead to unforeseen vulnerabilities when combined with external data.

In conclusion, while the plugin's history of security is commendable, the current version has clear, exploitable weaknesses in its AJAX handling. The lack of authentication and nonce checks on two entry points represents a direct risk to WordPress installations using this plugin. Developers should prioritize addressing these critical security gaps to improve the plugin's overall security.

Key Concerns

  • AJAX handlers without authentication
  • Missing nonce checks on AJAX
  • No capability checks on entry points
  • 72% properly escaped output
Vulnerabilities
None known

Add Product To Cart Via URL Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Add Product To Cart Via URL Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
26 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

72% escaped36 total outputs
Attack Surface
2 unprotected

Add Product To Cart Via URL Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_wcad_producturlform_ajax_requestwoocommerce-add-product-to-cart-via-url.php:118
authwp_ajax_addVariations_ajax_requestwoocommerce-add-product-to-cart-via-url.php:294

Shortcodes 1

[wc-cart-url-form] woocommerce-add-product-to-cart-via-url.php:73
WordPress Hooks 4
actionwp_enqueue_scriptswoocommerce-add-product-to-cart-via-url.php:70
actionwp_enqueue_scriptswoocommerce-add-product-to-cart-via-url.php:97
actionwp_loadedwoocommerce-add-product-to-cart-via-url.php:245
actionwp_enqueue_scriptswoocommerce-add-product-to-cart-via-url.php:266
Maintenance & Trust

Add Product To Cart Via URL Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedFeb 8, 2023
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Add Product To Cart Via URL Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
Mercado Pago payments for WooCommerce

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

A
98

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 3 CVEs
WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
91

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
Developer Profile

Add Product To Cart Via URL Developer Profile

Vinay Lal

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Add Product To Cart Via URL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/add-product-to-cart-via-url/assets/css/wcad.css
Script Paths
/wp-content/plugins/add-product-to-cart-via-url/assets/js/wcad.js
Version Parameters
add-product-to-cart-via-url/assets/css/wcad.css?ver=add-product-to-cart-via-url/assets/js/wcad.js?ver=

HTML / DOM Fingerprints

CSS Classes
csetRowprod_qty_setprod_url_selectprod_url_qtywcad_remove_input
Data Attributes
data-indexdata-searchdata-childrendata-variationsdata-namedata-attributevalue+1 more
JS Globals
wcad_producturlform_ajax_obj
Shortcode Output
<form<select id="wcad_prod_url_select_<input placeholder="Quantity" type="number"<a href="#" class="wcad_remove_input"
FAQ

Frequently Asked Questions about Add Product To Cart Via URL