WP-Safety

Advanced Woo Labels – Product Labels & Badges for WooCommerce Security & Risk Analysis

wordpress.org/plugins/advanced-woo-labels

Labels plugin for WooCommerce. Create labels/badges with custom styles and text for any of your WooCommerce products.

10K active installs v2.39 PHP 7.0+ WP 4.0+ Updated Mar 9, 2026
badgeslabelsproduct-labelswoocommercewoocommerce-labels
93
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 24, 2026
Plugin page Download
Safety Verdict

Is Advanced Woo Labels – Product Labels & Badges for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

Advanced Woo Labels – Product Labels & Badges for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 24, 2026Updated 25d ago
Risk Assessment

The "advanced-woo-labels" v2.39 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing prepared statements for its SQL queries and utilizing nonce and capability checks on its entry points. The absence of direct file operations and external HTTP requests is also a strength. However, concerns arise from the static analysis revealing a significant percentage of output that is not properly escaped (31%), indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the presence of a flow with unsanitized paths in the taint analysis, even without a critical or high severity classification, warrants attention as it could be a precursor to more severe issues if exploited in conjunction with other factors.

The vulnerability history of this plugin is a significant red flag. With a total of four known CVEs, including one high-severity and three medium-severity vulnerabilities, it suggests a pattern of recurring security weaknesses. The common vulnerability types being Code Injection and XSS further align with the concerns identified in the static analysis regarding output escaping and the unsanitized path flow. The fact that all previously known vulnerabilities are patched is positive, but the historical data strongly indicates that the plugin has been a target for attackers and has had significant security flaws in the past. The last vulnerability being in 2026 suggests a recent discovery, which could imply that the current version might still be susceptible to issues that were recently addressed, or that the discovery date might be an anomaly and should be cross-referenced.

In conclusion, while "advanced-woo-labels" v2.39 implements some fundamental security measures like prepared SQL statements and authentication checks, the significant proportion of unescaped output and the history of high and medium severity vulnerabilities, particularly in XSS and Code Injection, present a notable risk. The single unsanitized path flow, though not classified as critical, also adds to this risk profile. Users should be cautious and ensure the plugin is kept up-to-date, and ideally, consider alternatives if the risk is unacceptable given the plugin's past security record.

Key Concerns

  • Significant percentage of unescaped output
  • Flow with unsanitized paths
  • History of high severity CVEs
  • History of medium severity CVEs
Vulnerabilities
4

Advanced Woo Labels – Product Labels & Badges for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2026-1929high · 8.8Improper Control of Generation of Code ('Code Injection')

Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

Feb 24, 2026 Patched in 2.37 (1d)
CVE-2025-32188medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Woo Labels <= 2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025 Patched in 2.16 (18d)
CVE-2024-47622medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Woo Labels <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.02 (11d)
CVE-2024-35675medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Woo Labels – Product Labels for WooCommerce <= 1.93 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2024 Patched in 1.94 (8d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Woo Labels – Product Labels & Badges for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
124
274 escaped
Nonce Checks
8
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

69% escaped398 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
get_select_option_values (includes\admin\class-awl-admin-ajax.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Woo Labels – Product Labels & Badges for WooCommerce Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 5

authwp_ajax_awl-getRuleGroupincludes\admin\class-awl-admin-ajax.php:19
authwp_ajax_awl-getSuboptionValuesincludes\admin\class-awl-admin-ajax.php:21
authwp_ajax_awl-changeLabelStatusincludes\admin\class-awl-admin-ajax.php:23
authwp_ajax_awl-getSelectOptionValuesincludes\admin\class-awl-admin-ajax.php:25
authwp_ajax_awl-showCurrentHooksincludes\admin\class-awl-admin-ajax.php:27

Shortcodes 2

[awl_get_product_labels] includes\class-awl-shortcodes.php:39
[awl_get_label_by_id] includes\class-awl-shortcodes.php:41
WordPress Hooks 189
actionwp_enqueue_scriptsadvanced-woo-labels.php:73
filterplugin_action_linksadvanced-woo-labels.php:75
actioninitadvanced-woo-labels.php:81
actionwpadvanced-woo-labels.php:83
actionbefore_woocommerce_initadvanced-woo-labels.php:85
actionadmin_noticesadvanced-woo-labels.php:274
actionadmin_action_duplicate_labelincludes\admin\class-awl-admin-duplicate-labels.php:34
filterpost_row_actionsincludes\admin\class-awl-admin-duplicate-labels.php:35
actionpost_submitbox_startincludes\admin\class-awl-admin-duplicate-labels.php:36
actionadmin_noticesincludes\admin\class-awl-admin-notices.php:41
actionadmin_noticesincludes\admin\class-awl-admin-notices.php:44
actionadmin_initincludes\admin\class-awl-admin-notices.php:47
actioninitincludes\admin\class-awl-admin-notices.php:189
filterawl_labels_text_vars_descriptionincludes\admin\class-awl-admin-options-premium.php:55
filterawl_label_rulesincludes\admin\class-awl-admin-options-premium.php:57
filterawl_label_admin_optionsincludes\admin\class-awl-admin-options-premium.php:59
actionadmin_menuincludes\admin\class-awl-admin.php:45
actionadmin_initincludes\admin\class-awl-admin.php:47
actionadd_meta_boxesincludes\admin\class-awl-admin.php:49
actionsave_postincludes\admin\class-awl-admin.php:51
actionadmin_enqueue_scriptsincludes\admin\class-awl-admin.php:53
filtersubmenu_fileincludes\admin\class-awl-admin.php:55
actioninitincludes\admin\class-awl-admin.php:282
filterawl_labels_hooksincludes\class-awl-hooks.php:38
filterawl_labels_hooksincludes\class-awl-hooks.php:42
actionwp_headincludes\class-awl-hooks.php:47
filterrender_block_dataincludes\class-awl-hooks.php:51
filterwoocommerce_sale_flashincludes\class-awl-hooks.php:54
actionwp_headincludes\class-awl-hooks.php:64
actionwp_footerincludes\class-awl-hooks.php:71
filterawl_labels_hooksincludes\class-awl-hooks.php:74
actionwoocommerce_before_product_object_saveincludes\class-awl-hooks.php:77
filterposts_clausesincludes\class-awl-hooks.php:80
filterawl_labels_hooksincludes\class-awl-integrations.php:76
filterawl_label_container_stylesincludes\class-awl-integrations.php:78
actionwp_headincludes\class-awl-integrations.php:80
actionawl_hide_default_sale_flashincludes\class-awl-integrations.php:82
actionawl_hide_default_stock_flashincludes\class-awl-integrations.php:84
filteruabb_woo_products_sale_flashincludes\class-awl-integrations.php:695
filterwoocommerce_blocks_product_grid_item_htmlincludes\class-awl-integrations.php:702
actionwp_headincludes\class-awl-integrations.php:718
filterwoocommerce_stock_htmlincludes\class-awl-integrations.php:724
filterblocksy:woocommerce:product-card:badgesincludes\class-awl-integrations.php:731
filterblocksy:woocommerce:single:after-sale-badgeincludes\class-awl-integrations.php:743
actionloop_startincludes\class-awl-label-display.php:79
filterwoocommerce_product_loop_startincludes\class-awl-label-display.php:80
actioninitincludes\class-awl-taxonomy.php:43
filtermanage_edit-awl-labels_columnsincludes\class-awl-taxonomy.php:46
actionmanage_awl-labels_posts_custom_columnincludes\class-awl-taxonomy.php:49
filtermanage_edit-awl-labels_sortable_columnsincludes\class-awl-taxonomy.php:52
actionpre_get_postsincludes\class-awl-taxonomy.php:55
actionquick_edit_custom_boxincludes\class-awl-taxonomy.php:58
actionsave_postincludes\class-awl-taxonomy.php:61
filterawl_settings_field_font_styleincludes\class-awl-versions.php:43
filterawl_settings_field_font_weightincludes\class-awl-versions.php:44
actionadmin_initincludes\class-awl-versions.php:157
filterawl_labels_hooksincludes\modules\class-awl-astra.php:46
actionawl_hide_default_stock_flashincludes\modules\class-awl-astra.php:48
actionastra_woo_qv_product_imageincludes\modules\class-awl-astra.php:50
filterastra_addon_shop_cards_buttons_htmlincludes\modules\class-awl-astra.php:53
filterastra_woo_shop_out_of_stock_stringincludes\modules\class-awl-astra.php:95
filterawl_labels_hooksincludes\modules\class-awl-avada.php:46
actionawl_hide_default_sale_flashincludes\modules\class-awl-avada.php:48
filterawl_labels_hooksincludes\modules\class-awl-aws.php:49
filteraws_search_pre_filter_productsincludes\modules\class-awl-aws.php:52
filterawl_label_rulesincludes\modules\class-awl-aws.php:55
filterawl_labels_condition_rulesincludes\modules\class-awl-aws.php:57
filterawl_label_container_stylesincludes\modules\class-awl-aws.php:59
filterwc_product_table_cell_data_imageincludes\modules\class-awl-barn-tables.php:58
filterwc_product_table_data_imageincludes\modules\class-awl-barn-tables.php:59
filterwc_product_table_cell_data_nameincludes\modules\class-awl-barn-tables.php:61
filterwc_product_table_data_nameincludes\modules\class-awl-barn-tables.php:62
filterfl_builder_register_settings_formincludes\modules\class-awl-bb.php:50
filterawl_show_labels_for_productincludes\modules\class-awl-bb.php:53
actionfl_builder_before_render_modulesincludes\modules\class-awl-bb.php:55
actionfl_builder_render_content_startincludes\modules\class-awl-bb.php:58
actionfl_builder_render_content_completeincludes\modules\class-awl-bb.php:59
filterawl_label_rulesincludes\modules\class-awl-bb.php:62
filterawl_labels_condition_rulesincludes\modules\class-awl-bb.php:63
filterawl_labels_hooksincludes\modules\class-awl-blocks.php:49
actionbreakdance_render_element_templateincludes\modules\class-awl-breakdance.php:49
filterbreakdance_render_element_htmlincludes\modules\class-awl-breakdance.php:51
filterawl_label_rulesincludes\modules\class-awl-breakdance.php:54
filterawl_labels_condition_rulesincludes\modules\class-awl-breakdance.php:55
filterbricks/elements/woocommerce-products/control_groupsincludes\modules\class-awl-bricks.php:49
filterbricks/elements/woocommerce-products/controlsincludes\modules\class-awl-bricks.php:50
filterbricks/content/html_after_beginincludes\modules\class-awl-bricks.php:52
filterbricks/content/html_before_endincludes\modules\class-awl-bricks.php:53
filterawl_label_rulesincludes\modules\class-awl-bricks.php:56
filterawl_labels_condition_rulesincludes\modules\class-awl-bricks.php:57
filterawl_show_labels_for_productincludes\modules\class-awl-bricks.php:60
filterawl_labels_hooksincludes\modules\class-awl-divi.php:46
filterawl_label_text_var_valueincludes\modules\class-awl-easy-discounts.php:45
filterawl_label_condition_match_ruleincludes\modules\class-awl-easy-discounts.php:48
filterawl_labels_hooksincludes\modules\class-awl-elementor.php:50
actionelementor/element/woocommerce-products/section_content/before_section_endincludes\modules\class-awl-elementor.php:53
actionelementor/element/woocommerce-product-related/section_related_products_content/before_section_endincludes\modules\class-awl-elementor.php:54
actionelementor/element/woocommerce-product-title/section_title/before_section_endincludes\modules\class-awl-elementor.php:55
actionelementor/element/woocommerce-product-images/section_product_gallery_style/before_section_endincludes\modules\class-awl-elementor.php:56
actionelementor/frontend/widget/before_renderincludes\modules\class-awl-elementor.php:59
actionelementor/frontend/widget/after_renderincludes\modules\class-awl-elementor.php:60
actionelementor/widget/before_render_contentincludes\modules\class-awl-elementor.php:61
filterelementor/widget/render_contentincludes\modules\class-awl-elementor.php:62
filterawl_show_labels_for_productincludes\modules\class-awl-elementor.php:65
filterawl_label_rulesincludes\modules\class-awl-elementor.php:68
filterawl_labels_condition_rulesincludes\modules\class-awl-elementor.php:69
filterawl_labels_hooksincludes\modules\class-awl-essential-addons.php:54
actioneael_woo_single_product_imageincludes\modules\class-awl-essential-addons.php:57
actionwp_footerincludes\modules\class-awl-essential-addons.php:60
actionawl_hide_default_sale_flashincludes\modules\class-awl-essential-addons.php:63
actionawl_hide_default_stock_flashincludes\modules\class-awl-essential-addons.php:64
filterawl_label_rulesincludes\modules\class-awl-essential-addons.php:67
filterawl_labels_condition_rulesincludes\modules\class-awl-essential-addons.php:68
filterawl_labels_hooksincludes\modules\class-awl-flatsome.php:46
actionwoocommerce_before_single_product_lightbox_summaryincludes\modules\class-awl-flatsome.php:48
filterawl_label_container_stylesincludes\modules\class-awl-flatsome.php:50
filterawl_enable_labelsincludes\modules\class-awl-flatsome.php:52
filterawl_js_container_selectorsincludes\modules\class-awl-flatsome.php:54
filterawl_labels_single_type_hooksincludes\modules\class-awl-flatsome.php:56
filterawl_labels_hooksincludes\modules\class-awl-jet-plugins.php:49
filterawl_js_container_selectorsincludes\modules\class-awl-jet-plugins.php:51
filterjet-engine/listing/pre-get-item-contentincludes\modules\class-awl-jet-plugins.php:53
filterjet-engine/elementor-views/frontend/listing-contentincludes\modules\class-awl-jet-plugins.php:55
actionwp_headincludes\modules\class-awl-jet-plugins.php:57
actioninitincludes\modules\class-awl-jet-plugins.php:60
filterawl_labels_hooksincludes\modules\class-awl-kadence.php:50
actionkadence_blocks_post_loop_startincludes\modules\class-awl-kadence.php:52
actionkadence_blocks_portfolio_loop_imageincludes\modules\class-awl-kadence.php:53
filterawl_labels_hooksincludes\modules\class-awl-martfury.php:50
actionelementor/frontend/widget/before_renderincludes\modules\class-awl-martfury.php:52
actionelementor/frontend/widget/after_renderincludes\modules\class-awl-martfury.php:53
filterpll_get_post_typesincludes\modules\class-awl-polylang.php:49
actionwp_loadedincludes\modules\class-awl-prdctfltr.php:46
filterawl_label_condition_match_ruleincludes\modules\class-awl-product-bundles.php:44
actionelementor/widget/before_render_contentincludes\modules\class-awl-shopengine.php:54
filterelementor/widget/render_contentincludes\modules\class-awl-shopengine.php:55
filterawl_labels_hooksincludes\modules\class-awl-shopengine.php:57
filterawl_js_container_selectorsincludes\modules\class-awl-shopengine.php:59
filterawl_labels_hooksincludes\modules\class-awl-sp-slider.php:49
actionwp_footerincludes\modules\class-awl-sp-slider.php:51
filterawl_js_container_selectorsincludes\modules\class-awl-sp-slider.php:53
filterawl_labels_hooksincludes\modules\class-awl-spectra.php:46
actionuagb_post_before_article_gridincludes\modules\class-awl-spectra.php:48
actionuagb_post_after_article_gridincludes\modules\class-awl-spectra.php:49
actionuagb_post_before_article_carouselincludes\modules\class-awl-spectra.php:51
actionuagb_post_after_article_carouselincludes\modules\class-awl-spectra.php:52
actionwp_headincludes\modules\class-awl-spectra.php:54
actionue_woocommerce_product_integrationsincludes\modules\class-awl-unlimites-elements.php:50
filteruc_filter_posts_listincludes\modules\class-awl-unlimites-elements.php:52
filterelementor/widget/render_contentincludes\modules\class-awl-unlimites-elements.php:54
filterawl_labels_hooksincludes\modules\class-awl-virtue.php:44
actionwp_headincludes\modules\class-awl-virtue.php:46
filterawl_product_priceincludes\modules\class-awl-wdr.php:44
filterawl_product_sale_priceincludes\modules\class-awl-wdr.php:45
filterawl_enable_discounts_cacheincludes\modules\class-awl-wdr.php:46
filterawl_labels_hooksincludes\modules\class-awl-woodmart.php:50
actionawl_hide_default_sale_flashincludes\modules\class-awl-woodmart.php:53
filterwoodmart_product_label_outputincludes\modules\class-awl-woodmart.php:73
filterawl_labels_hooksincludes\modules\class-awl-woolementor.php:46
actionthe_postincludes\modules\class-awl-woolementor.php:48
filterawl_labels_hooksincludes\modules\class-awl-woolentor.php:49
actionawl_hide_default_sale_flashincludes\modules\class-awl-woolentor.php:51
actionawl_hide_default_stock_flashincludes\modules\class-awl-woolentor.php:53
actionwp_headincludes\modules\class-awl-woolentor.php:55
actionwp_headincludes\modules\class-awl-woolentor.php:130
actionwp_headincludes\modules\class-awl-woolentor.php:137
filterpre_do_shortcode_tagincludes\modules\class-awl-wpbakery.php:50
filterdo_shortcode_tagincludes\modules\class-awl-wpbakery.php:51
filterawl_label_rulesincludes\modules\class-awl-wpbakery.php:54
filterawl_labels_condition_rulesincludes\modules\class-awl-wpbakery.php:55
actionwoocommerce_product_queryincludes\modules\class-awl-wpf.php:44
filterawl_get_labelsincludes\modules\class-awl-wpf.php:46
filterawl_label_options_get_tax_termsincludes\modules\class-awl-wpml.php:44
filterawl_label_condition_ruleincludes\modules\class-awl-wpml.php:46
filterawl_label_condition_ruleincludes\modules\class-awl-wpml.php:48
filterawl_labels_hooksincludes\modules\class-awl-xstore.php:50
actionawl_hide_default_sale_flashincludes\modules\class-awl-xstore.php:53
actionawl_hide_default_stock_flashincludes\modules\class-awl-xstore.php:56
actionwp_headincludes\modules\class-awl-xstore.php:59
filteretheme_product_gallery_sale_flashincludes\modules\class-awl-xstore.php:86
filterwoocommerce_get_stock_htmlincludes\modules\class-awl-xstore.php:93
filterawl_product_sale_priceincludes\modules\class-awl-yith-discounts.php:48
filterawl_is_on_saleincludes\modules\class-awl-yith-discounts.php:50
filteryith_ywdpd_single_bulk_discountincludes\modules\class-awl-yith-discounts.php:52
filterywdpd_change_base_priceincludes\modules\class-awl-yith-discounts.php:53
filterawl_enable_discounts_cacheincludes\modules\class-awl-yith-discounts.php:55
filterawl_labels_hooksincludes\modules\class-awl-zephyr.php:50
actionawl_hide_default_sale_flashincludes\modules\class-awl-zephyr.php:53
filterus_grid_listing_postincludes\modules\class-awl-zephyr.php:96
Maintenance & Trust

Advanced Woo Labels – Product Labels & Badges for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.0
Downloads766K

Community Trust

Rating100/100
Number of ratings63
Active installs10K
Alternatives

Advanced Woo Labels – Product Labels & Badges for WooCommerce Alternatives

Advanced Product Labels for WooCommerce

Advanced Product Labels for WooCommerce

advanced-product-labels-for-woocommerce

A
100

Promote exclusive discounts, new products or free shipping. Create labels easily and quickly!

20K 1 CVE
Product Labels For Woocommerce (Sale Badges)

Product Labels For Woocommerce (Sale Badges)

aco-product-labels-for-woocommerce

A
97

Create custom product labels and sale badges for WooCommerce products to highlight offers and promotions.

10K 4 CVEs
Better Badge – Custom Product Badges for WooCommerce

Better Badge – Custom Product Badges for WooCommerce

custom-product-badge-for-woocommerce

A
100

Create eye-catching product badges and labels for your WooCommerce store in seconds. 100+ built-in product badges. Fully customizable.

200 No CVEs
Unlimited Product Labels and Product Badges for WooCommerce – Elegant Labels

Unlimited Product Labels and Product Badges for WooCommerce – Elegant Labels

elegant-labels

A
100

Create unlimited labels and badges for WooCommerce. Show badges on Images and Product details section.

100 No CVEs
QODE Badges for WooCommerce

QODE Badges for WooCommerce

qode-badges-for-woocommerce

A
100

Display eye-catching predefined or custom badges on your products to highlight sales, promotions, and key product features for all your shoppers.

20 No CVEs
Developer Profile

Advanced Woo Labels – Product Labels & Badges for WooCommerce Developer Profile

ILLID

4 plugins · 81K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
367 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Woo Labels – Product Labels & Badges for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-woo-labels/assets/css/responsive.css
Version Parameters
advanced-woo-labels/assets/css/responsive.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Advanced Woo Labels – Product Labels & Badges for WooCommerce