WP-Safety

Extra Product Options Builder for WooCommerce Security & Risk Analysis

wordpress.org/plugins/additional-product-fields-for-woocommerce

The most customizable extra product options builder for WooCommerce. You will love how many fields and features the free version has.

2K active installs v1.2.162 PHP + WP 3.3+ Updated Apr 15, 2026
extra-product-optionswoocommercewoocommerce-fieldswoocommerce-formwoocommerce-options
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 23, 2024
Plugin page Download
Safety Verdict

Is Extra Product Options Builder for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Extra Product Options Builder for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Oct 23, 2024Updated 1mo ago
Risk Assessment

The plugin "additional-product-fields-for-woocommerce" v1.2.158 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and having no external HTTP requests, significant concerns arise from its attack surface and historical vulnerabilities.

The static analysis reveals a single AJAX handler that lacks authentication checks, presenting a direct entry point for potential exploitation. The presence of the `unserialize` function is a notable concern, as improper handling of unserialized data can lead to severe vulnerabilities if not carefully sanitized. Although the taint analysis did not find critical or high-severity issues in the analyzed flows, the single flow with unsanitized paths warrants attention. The output escaping is also a weakness, with only 56% of outputs being properly escaped, increasing the risk of cross-site scripting (XSS).

The vulnerability history indicates a pattern of medium-severity issues, primarily XSS and CSRF, with the most recent vulnerability being in late 2024. The absence of currently unpatched vulnerabilities is positive, but the recurring nature of these vulnerability types suggests potential ongoing weaknesses in input validation and output sanitization. Overall, the plugin has some strengths in secure coding practices but needs improvement in securing its entry points and ensuring comprehensive output sanitization to mitigate identified risks.

Key Concerns

  • AJAX handler without auth check
  • Presence of unserialize function
  • Only 56% of outputs properly escaped
  • Flow with unsanitized paths
  • 2 medium severity vulnerabilities historically
Vulnerabilities
2 published

Extra Product Options Builder for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-9214medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting

Oct 23, 2024 Patched in 1.2.134 (1d)
CVE-2024-31940medium · 4.3Cross-Site Request Forgery (CSRF)

Extra Product Options Builder for WooCommerce <= 1.2.104 - Cross-Site Request Forgery to Notice Dismissal

Apr 10, 2024 Patched in 1.2.105 (8d)
Version History

Extra Product Options Builder for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Extra Product Options Builder for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
32
41 escaped
Nonce Checks
1
Capability Checks
2
File Operations
8
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$oldLineItems=unserialize($lineMeta['rn_line_items'][0]);core\Managers\OrderLineUpdater\OrderLineUpdater.php:44

SQL Query Safety

100% prepared4 total queries

Output Escaping

56% escaped73 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
GetFileUpload (ajax\OrderDesignerAjax.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Extra Product Options Builder for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_woocommerce_tm_get_variations_arraycore\Managers\WooStagesManager.php:61
WordPress Hooks 36
actioninitcore\Loader.php:53
actionadmin_noticescore\Loader.php:63
actionadmin_footercore\Loader.php:213
actionadmin_menucore\Loader.php:214
actionadmin_headcore\Loader.php:215
actionadmin_initcore\Loader.php:216
actionadmin_noticescore\Loader.php:217
actionadmin_enqueue_scriptscore\Loader.php:218
filterwoocommerce_product_data_tabscore\Loader.php:219
actionwoocommerce_product_data_panelscore\Loader.php:220
actionwoocommerce_process_product_metacore\Loader.php:221
actionwoocommerce_before_add_to_cart_buttoncore\Loader.php:222
actionwoocommerce_after_shop_loop_itemcore\Loader.php:223
filterwoo-extra-product-get-additional-fieldscore\Loader.php:225
filterwoocommerce_get_item_datacore\Managers\WooStagesManager.php:42
filterwoocommerce_add_cart_item_datacore\Managers\WooStagesManager.php:45
actionwoocommerce_before_cart_contentscore\Managers\WooStagesManager.php:46
actionwoocommerce_before_cart_contentscore\Managers\WooStagesManager.php:48
filterwoocommerce_order_item_get_formatted_meta_datacore\Managers\WooStagesManager.php:49
filterwoocommerce_order_again_cart_item_datacore\Managers\WooStagesManager.php:50
actionwoocommerce_before_calculate_totalscore\Managers\WooStagesManager.php:52
filterwoocommerce_add_to_cart_validationcore\Managers\WooStagesManager.php:55
actionwoocommerce_checkout_create_order_line_itemcore\Managers\WooStagesManager.php:56
actiontemplate_redirectcore\Managers\WooStagesManager.php:57
filterwoocommerce_checkout_cart_item_quantitycore\Managers\WooStagesManager.php:58
actionwoocommerce_saved_order_itemscore\Managers\WooStagesManager.php:59
actionadmin_enqueue_scriptscore\Managers\WooStagesManager.php:60
filterwoocommerce_add_to_cart_validationcore\Managers\WooStagesManager.php:372
filterwoocommerce_cart_item_namecore\Managers\WooStagesManager.php:374
actionadmin_enqueue_scriptscore\PluginBase.php:148
actionadmin_menucore\PluginBase.php:149
actionadmin_initcore\PluginBase.php:150
actionadmin_print_stylescore\PluginBase.php:204
actionadmin_print_scriptscore\PluginBase.php:205
filterwoo-extra-product-initialize-product-designer-varIntegration\PluginsIntegration\Plugins\RentalProduct\RentalProductIntegration.php:18
filterwoo-extra-product-load-extra-optionsIntegration\PluginsIntegration\Plugins\RentalProduct\RentalProductIntegration.php:31
Maintenance & Trust

Extra Product Options Builder for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version
Downloads185K

Community Trust

Rating96/100
Number of ratings94
Active installs2K
Alternatives

Extra Product Options Builder for WooCommerce Alternatives

QODE Product Extra Options for WooCommerce

QODE Product Extra Options for WooCommerce

qode-product-extra-options-for-woocommerce

A
100

QODE Product Extra Options for WooCommerce elevates the eCommerce experience by providing your shoppers with selectable advanced product options.

30 No CVEs
Extra Product Options For WooCommerce | Custom Product Addons and Fields

Extra Product Options For WooCommerce | Custom Product Addons and Fields

woo-extra-product-options

A
100

WooCommerce Extra Product Options plugin lets you add product addons (custom products field) of 20 different field types to your product page.

30K No CVEs
Simple Registration for WooCommerce

Simple Registration for WooCommerce

woocommerce-simple-registration

A
93

A simple plugin to add a [woocommerce_simple_registration] shortcode to display the registration form on a separate page.

4K 2 CVEs
Product Addons and Product Options With Custom Fields – WowAddons

Product Addons and Product Options With Custom Fields – WowAddons

product-addons

B
78

Product addons for WooCommerce is the ultimate plugin that lets you add extra product options, product fields, and WooCommerce product fields.

3K 1 unpatched
YayExtra – WooCommerce Extra Product Options

YayExtra – WooCommerce Extra Product Options

yayextra

A
93

YayExtra – Product Options for WooCommerce lets you add customizable options and extra fields to your products.

1K 3 CVEs
Developer Profile

Extra Product Options Builder for WooCommerce Developer Profile

EDGARROJAS

19 plugins · 12K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect Extra Product Options Builder for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/additional-product-fields-for-woocommerce/styles/cart.css/wp-content/plugins/additional-product-fields-for-woocommerce/scripts/admin.js/wp-content/plugins/additional-product-fields-for-woocommerce/assets/js/main.js/wp-content/plugins/additional-product-fields-for-woocommerce/assets/css/main.css
Script Paths
rednaowooextraproduct/core/Managers/WooStagesManager.php
Version Parameters
additional-product-fields-for-woocommerce/style.css?ver=additional-product-fields-for-woocommerce/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
rednao-woo-extra-product-fieldrednao-woo-extra-product-inputrednao-woo-extra-product-selectrednao-woo-extra-product-textarearednao-woo-extra-product-radiorednao-woo-extra-product-checkboxrednao-woo-extra-product-color-pickerrednao-woo-extra-product-date+2 more
Data Attributes
data-field-iddata-field-typedata-product-id
JS Globals
RednaoWooExtraProductRednaoWooExtraProductData
REST Endpoints
/wp-json/rednaowooextraproduct/v1/options
FAQ

Frequently Asked Questions about Extra Product Options Builder for WooCommerce