WP-Safety

Cart Popup for WooCommerce Security & Risk Analysis

wordpress.org/plugins/added-to-cart-popup-woocommerce

Cart Popup for WooCommerce enables Ajax add-to-cart and displays an instant popup showing the added product.

9K active installs v1.8.2 PHP + WP 4.0+ Updated Dec 14, 2025
ajax-add-to-cartcartcart-popuppopupwoocommerce-cart
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Cart Popup for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Cart Popup for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin 'added-to-cart-popup-woocommerce' v1.8.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. A significant strength is the complete absence of recorded CVEs, indicating a history of secure development or prompt patching. The code analysis reveals robust security practices, with all identified AJAX handlers having authentication checks, 100% of SQL queries utilizing prepared statements, and a high percentage (92%) of output properly escaped. Furthermore, the presence of nonce and capability checks on entry points further strengthens its defense against common web vulnerabilities.

However, there are a couple of minor areas for potential improvement. The taint analysis indicates two flows with unsanitized paths. While not classified as critical or high severity in this instance, this suggests that user-supplied data might not be consistently handled with the utmost caution in all scenarios, which could be a latent risk if the plugin's functionality evolves or if a specific attack vector is discovered. Additionally, the plugin performs file operations and makes external HTTP requests, which are inherently areas that require careful validation to prevent exploitation. Overall, the plugin appears to be well-secured with a proactive approach to common web vulnerabilities, but vigilance regarding data sanitization in identified taint flows is advisable.

Key Concerns

  • Flows with unsanitized paths detected
  • Performs file operations
  • Makes external HTTP requests
Vulnerabilities
None known

Cart Popup for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Cart Popup for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
97 escaped
Nonce Checks
5
Capability Checks
6
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

92% escaped106 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
xoo_cp_update_cart (includes\class-xoo-cp-core.php:142)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cart Popup for WooCommerce Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_xoo_admin_settings_saveincludes\xoo-framework\admin\class-xoo-admin-settings.php:53
authwp_ajax_xoo_admin_settings_exportincludes\xoo-framework\admin\class-xoo-admin-settings.php:54
authwp_ajax_xoo_admin_settings_importincludes\xoo-framework\admin\class-xoo-admin-settings.php:55
WordPress Hooks 25
actioninitadmin\class-xoo-cp-admin-settings.php:22
actionadmin_menuadmin\class-xoo-cp-admin-settings.php:23
actionxoo_as_enqueue_scriptsadmin\class-xoo-cp-admin-settings.php:25
actionxoo_tab_page_endadmin\class-xoo-cp-admin-settings.php:28
actionwc_ajax_xoo_cp_add_to_cartincludes\class-xoo-cp-core.php:28
actionwc_ajax_xoo_cp_update_cartincludes\class-xoo-cp-core.php:29
filterwoocommerce_add_to_cart_fragmentsincludes\class-xoo-cp-core.php:30
actionwoocommerce_add_to_cartincludes\class-xoo-cp-core.php:31
actionwp_enqueue_scriptsincludes\class-xoo-cp-public.php:15
actionwp_footerincludes\class-xoo-cp-public.php:16
filterpre_option_woocommerce_cart_redirect_after_addincludes\class-xoo-cp-public.php:17
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:59
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:60
actionadmin_enqueue_scriptsincludes\xoo-framework\admin\class-xoo-admin-settings.php:64
actionwp_loadedincludes\xoo-framework\admin\class-xoo-admin-settings.php:66
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:67
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:68
actionadmin_noticesincludes\xoo-framework\admin\class-xoo-admin-settings.php:74
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:75
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:76
actioninitincludes\xoo-framework\class-xoo-helper.php:43
actionadmin_initincludes\xoo-framework\class-xoo-helper.php:44
actionplugins_loadedxoo-cp-main.php:38
actionwp_enqueue_scriptsxoo-cp-main.php:41
actionwp_headxoo-cp-main.php:46
Maintenance & Trust

Cart Popup for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 14, 2025
PHP min version
Downloads138K

Community Trust

Rating88/100
Number of ratings70
Active installs9K
Alternatives

Cart Popup for WooCommerce Alternatives

Ajax Side Cart Button for WooCommerce eshop

Ajax Side Cart Button for WooCommerce eshop

custom-woo-cart-button

A
85

Add a custom cart button for WooCommerce eshop to boost you sales and help your customers speedup checkout process

10 No CVEs
Finch Cart — Added-to-Cart Popup for WooCommerce

Finch Cart — Added-to-Cart Popup for WooCommerce

finch-cart-product-recommendations

A
100

The Finch cart displays WooCommerce product recommendations in a popup when a product is added to the cart. Added to cart notification popup.

10 No CVEs
Cart Popup for WooCommerce

Cart Popup for WooCommerce

woo-cart-popup

A
100

Adds Cart icon accross site at bottom that contains list of added cart items and cart button, Empty Cart Button and proceed to checkout button.

10 No CVEs
Side Cart Woocommerce | Woocommerce Cart

Side Cart Woocommerce | Woocommerce Cart

side-cart-woocommerce

A
98

Manage your cart from just a click away with an interactive design

80K 3 CVEs
CartPops – High Converting Add To Cart Popup For WooCommerce

CartPops – High Converting Add To Cart Popup For WooCommerce

cartpops

A
100

Included For Free

4K No CVEs
Developer Profile

Cart Popup for WooCommerce Developer Profile

xootix

6 plugins · 136K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
320 days
View full developer profile
Detection Fingerprints

How We Detect Cart Popup for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/added-to-cart-popup-woocommerce/admin/assets/css/xoo-cp-admin-css.css/wp-content/plugins/added-to-cart-popup-woocommerce/admin/assets/js/xoo-cp-admin-js.js/wp-content/plugins/added-to-cart-popup-woocommerce/assets/css/xoo-cp-style.css/wp-content/plugins/added-to-cart-popup-woocommerce/assets/js/xoo-cp-js.js
Script Paths
/wp-content/plugins/added-to-cart-popup-woocommerce/admin/assets/js/xoo-cp-admin-js.js/wp-content/plugins/added-to-cart-popup-woocommerce/assets/js/xoo-cp-js.js
Version Parameters
added-to-cart-popup-woocommerce/admin/assets/css/xoo-cp-admin-css.css?ver=added-to-cart-popup-woocommerce/admin/assets/js/xoo-cp-admin-js.js?ver=added-to-cart-popup-woocommerce/assets/css/xoo-cp-style.css?ver=added-to-cart-popup-woocommerce/assets/js/xoo-cp-js.js?ver=

HTML / DOM Fingerprints

CSS Classes
xoo-cp-btn-vcxcp-chngxoo-cp-btn-chxoo-cp-pqtyxoo-cp-containerxcp-btnxoo-cp-pimgxoo-cp-pdetails+2 more
Data Attributes
data-xoo-cp-btn-vcdata-xoo-cp-btn-chdata-xoo-cp-ch
JS Globals
xoo_cp_admin_paramsxoo_cp_localize
FAQ

Frequently Asked Questions about Cart Popup for WooCommerce