WP-Safety

Advanced Product Labels for WooCommerce Security & Risk Analysis

wordpress.org/plugins/advanced-product-labels-for-woocommerce

Promote exclusive discounts, new products or free shipping. Create labels easily and quickly!

20K active installs v3.3.3.4 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
badgeslabelsmarkproduct-labelswoocommerce-labels
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 15, 2022
Plugin page Download
Safety Verdict

Is Advanced Product Labels for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Product Labels for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 15, 2022Updated 1mo ago
Risk Assessment

The "advanced-product-labels-for-woocommerce" plugin v3.3.3.2 presents a moderate security risk. While it demonstrates some good practices, such as a decent number of capability checks and nonce checks, there are significant areas of concern. The presence of two AJAX handlers without authentication checks creates a substantial attack surface, potentially allowing unauthorized actions. Furthermore, the use of the `unserialize` function without apparent sanitization is a critical vulnerability risk, as it can lead to Remote Code Execution if an attacker can control the serialized data. The static analysis also reveals that none of the SQL queries utilize prepared statements, which is a significant security flaw that opens the door to SQL injection vulnerabilities. Despite a history of one medium-severity Cross-Site Scripting vulnerability from over a year ago, the current code analysis highlights more immediate and severe potential threats. The plugin's strengths lie in its relatively few entry points and the majority of its outputs being properly escaped. However, the identified vulnerabilities, particularly the lack of authentication on AJAX handlers, the use of `unserialize`, and the absence of prepared statements for SQL queries, necessitate immediate attention and mitigation.

Key Concerns

  • AJAX handlers without authentication
  • Dangerous function: unserialize
  • SQL queries without prepared statements
  • Low percentage of properly escaped outputs
Vulnerabilities
1 published

Advanced Product Labels for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-0399medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting

Feb 15, 2022 Patched in 1.2.3.7 (707d)
Version History

Advanced Product Labels for WooCommerce Release Timeline

v3.3.3.4Current
v3.3.3.3
v3.3.3.2
v3.3.3.1
v3.3.3
v1.2.9.3
v1.2.9.2
v1.2.9.1
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5.3
v1.2.5.2
v1.2.5.1
v1.2.5
v1.2.4.1
v1.2.4
v1.2.3.9
v1.2.3.8
Code Analysis
Analyzed Mar 16, 2026

Advanced Product Labels for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
0 prepared
Unescaped Output
133
145 escaped
Nonce Checks
15
Capability Checks
26
File Operations
5
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

SQL Query Safety

0% prepared6 total queries

Output Escaping

52% escaped278 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths
ajax_get_label (main.php:475)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Advanced Product Labels for WooCommerce Attack Surface

Entry Points17
Unprotected2

AJAX Handlers 17

authwp_ajax_variation_labeladdons\labels_for_variations\labels_for_variations_include.php:6
noprivwp_ajax_variation_labeladdons\labels_for_variations\labels_for_variations_include.php:7
authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47
authwp_ajax_brlabel_divi_moduledivi\includes\LabelExtension.php:12
authwp_ajax_berocket_apl_color_listenerincludes\better_position.php:37
authwp_ajax_br_label_ajax_demomain.php:152
WordPress Hooks 164
actionwp_enqueue_scriptsaddons\image_bottom\image_bottom_include.php:4
filterbrfr_data_berocket_advanced_label_editoraddons\image_bottom\image_bottom_include.php:5
filterbrfr_data_products_labeladdons\image_bottom\image_bottom_include.php:6
filterwp_headaddons\labels_for_variations\labels_for_variations_include.php:4
filterberocket_apl_condition_check_dataaddons\labels_for_variations\labels_for_variations_include.php:9
filterberocket_advanced_label_editor_check_type_productaddons\labels_for_variations\labels_for_variations_include.php:10
filterberocket_advanced_label_editor_check_type_attributeaddons\labels_for_variations\labels_for_variations_include.php:11
filterberocket_advanced_label_editor_check_type_stockstatusaddons\labels_for_variations\labels_for_variations_include.php:12
filterberocket_advanced_label_editor_check_type_stockquantityaddons\labels_for_variations\labels_for_variations_include.php:13
filterberocket_advanced_label_editor_type_attributeaddons\labels_for_variations\labels_for_variations_include.php:14
filterberocket_advanced_label_editor_type_stockstatusaddons\labels_for_variations\labels_for_variations_include.php:15
filterberocket_advanced_label_editor_type_stockquantityaddons\labels_for_variations\labels_for_variations_include.php:16
filterberocket_apl_better_labels_htmladdons\labels_for_variations\labels_for_variations_include.php:17
filterthe_postsaddons\selector_compat\selector_compat_include.php:5
actionwp_footeraddons\selector_compat\selector_compat_include.php:6
filterwp_headaddons\selector_compat\selector_compat_include.php:7
filterbrfr_data_products_labeladdons\selector_compat\selector_compat_include.php:8
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
actionbapl_show_label_on_product_falseincludes\admin\admin_bar.php:10
filterberocket_apl_show_label_on_product_htmlincludes\admin\admin_bar.php:11
actionberocket_apl_set_label_startincludes\better_position.php:16
filterberocket_apl_show_label_on_product_htmlincludes\better_position.php:17
actionberocket_apl_set_label_endincludes\better_position.php:18
filterbrfr_data_berocket_advanced_label_editorincludes\better_position.php:19
filterberocket_apl_label_show_div_classincludes\better_position.php:20
filterberocket_apl_label_show_label_styleincludes\better_position.php:21
actionberocket_apl_wc_save_productincludes\better_position.php:22
filterbrfr_data_products_labelincludes\better_position.php:23
actioninitincludes\better_position.php:36
filterbrfr_products_label_better_position_setupincludes\better_position.php:38
filterberocket_custom_post_br_labels_default_settingsincludes\better_position.php:39
actionadmin_footerincludes\better_position.php:165
actioninitincludes\compatibility\jet_woo_widgets.php:4
actionjet-woo-builder/templates/products/after-item-thumbnailincludes\compatibility\jet_woo_widgets.php:8
actionjet-woo-builder/templates/products-list/after-item-thumbnailincludes\compatibility\jet_woo_widgets.php:9
actionjet-woo-builder/shortcodes/jet-woo-products/final-query-argsincludes\compatibility\jet_woo_widgets.php:10
actionberocket_pp_popup_inside_imageincludes\compatibility\product_preview.php:4
actionberocket_pp_popup_inside_thumbnailsincludes\compatibility\product_preview.php:5
actionBeRocket_preview_after_general_settingsincludes\compatibility\product_preview.php:6
filterbrfr_berocket_advanced_label_editor_custom_css_explanationincludes\custom_post.php:390
filterbrfr_berocket_advanced_label_editor_content_type_descriptionincludes\custom_post.php:391
filterbrfr_berocket_advanced_label_editor_templatesincludes\custom_post.php:392
filterberocket_label_adjust_optionsincludes\custom_post.php:393
filterberocket_label_custom_get_optionsincludes\custom_post.php:394
actionpre_get_postsincludes\custom_post.php:439
actioninitincludes\free.php:6
filterberocket_labels_templatesincludes\free.php:10
filterberocket_labels_template_preview_startincludes\free.php:11
actionwp_footerincludes\style_generate.php:4
actionBeRocket_products_label_style_generate_eachincludes\style_generate.php:5
filterberocket_apl_show_label_on_product_htmlincludes\svg.php:11
filterbrapl_svg_predefinedincludes\svg.php:12
filterberocket_apl_label_sanitize_dataincludes\svg.php:13
actionwoocommerce_product_write_panel_tabsmain.php:145
actionwoocommerce_product_data_panelsmain.php:147
actionwoocommerce_product_write_panelsmain.php:149
filterberocket_labels_get_base_optionsmain.php:151
actionwp_footermain.php:153
filterBeRocket_updater_menu_order_custom_postmain.php:155
filteradmin_initmain.php:157
actionberocket_apl_set_labelmain.php:159
filterberocket_apl_label_show_textmain.php:165
filterberocket_apl_label_show_label_stylemain.php:166
filterberocket_apl_label_show_div_stylemain.php:168
filterberocket_apl_label_show_custom_cssmain.php:169
filterberocket_apl_label_sanitize_datamain.php:170
filterberocket_apl_label_show_text_eachmain.php:171
filterberocket_labels_tooltip_contentmain.php:172
filterberocket_labels_shortcodes_listmain.php:173
filterberocket_labels_get_product_labels_idsmain.php:174
actionberocket_labels_show_label_on_productmain.php:176
actionbrapl_move_parent_nextmain.php:177
actiondivi_extensions_initmain.php:179
filterbrapl_check_label_on_postmain.php:180
filterwoocommerce_sale_flashmain.php:250
actionproduct_of_day_before_thumbnail_widgetmain.php:253
actionproduct_of_day_before_title_widgetmain.php:254
actionlgv_advanced_after_imgmain.php:255
actionwp_footermain.php:320
actionpre_get_postsmain.php:506
Maintenance & Trust

Advanced Product Labels for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.0
Downloads615K

Community Trust

Rating96/100
Number of ratings252
Active installs20K
Alternatives

Advanced Product Labels for WooCommerce Alternatives

Product Labels For Woocommerce (Sale Badges)

Product Labels For Woocommerce (Sale Badges)

aco-product-labels-for-woocommerce

A
97

Create custom product labels and sale badges for WooCommerce products to highlight offers and promotions.

10K 4 CVEs
Advanced Woo Labels – Product Labels & Badges for WooCommerce

Advanced Woo Labels – Product Labels & Badges for WooCommerce

advanced-woo-labels

A
90

Labels plugin for WooCommerce. Create labels/badges with custom styles and text for any of your WooCommerce products.

10K 5 CVEs
Better Badge – Custom Product Badges for WooCommerce

Better Badge – Custom Product Badges for WooCommerce

custom-product-badge-for-woocommerce

A
100

Create eye-catching product badges and labels for your WooCommerce store in seconds. 100+ built-in product badges. Fully customizable.

300 No CVEs
Unlimited Product Labels and Product Badges for WooCommerce – Elegant Labels

Unlimited Product Labels and Product Badges for WooCommerce – Elegant Labels

elegant-labels

A
100

Create unlimited labels and badges for WooCommerce. Show badges on Images and Product details section.

100 No CVEs
QODE Badges for WooCommerce

QODE Badges for WooCommerce

qode-badges-for-woocommerce

A
100

Display eye-catching predefined or custom badges on your products to highlight sales, promotions, and key product features for all your shoppers.

20 No CVEs
Developer Profile

Advanced Product Labels for WooCommerce Developer Profile

BeRocket

23 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
384 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Product Labels for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-product-labels-for-woocommerce/assets/frontend.css/wp-content/plugins/advanced-product-labels-for-woocommerce/js/frontend.js
Script Paths
/wp-content/plugins/advanced-product-labels-for-woocommerce/addons/image_bottom/assets/frontend.js/wp-content/plugins/advanced-product-labels-for-woocommerce/addons/labels_for_variations/js/frontend.js
Version Parameters
advanced-product-labels-for-woocommerce/assets/frontend.css?ver=advanced-product-labels-for-woocommerce/js/frontend.js?ver=advanced-product-labels-for-woocommerce/addons/image_bottom/assets/frontend.css?ver=advanced-product-labels-for-woocommerce/addons/image_bottom/assets/frontend.js?ver=advanced-product-labels-for-woocommerce/addons/labels_for_variations/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
berocket_label_type_selectbapl_imgbtm_selectorsberocket_better_labelsberocket_hide_variations_load
Data Attributes
brlabelsHelper
JS Globals
bapl_image_btmbrlabelsHelperBeRocket_products_label_version
FAQ

Frequently Asked Questions about Advanced Product Labels for WooCommerce