Allergens System for Woocommerce Security & Risk Analysis

wordpress.org/plugins/allergens-for-woocommerce

Allergens System for Woocommerce

100 active installs v1.6.2 PHP 7.4+ WP 3.8+ Updated Nov 7, 2025
allergenswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Allergens System for Woocommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Allergens System for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "allergens-for-woocommerce" v1.6.2 plugin exhibits a generally strong security posture based on the static analysis. The absence of known CVEs and a clean vulnerability history indicates a good track record. Furthermore, the plugin utilizes prepared statements for all SQL queries, avoids file operations and external HTTP requests, and has a limited attack surface, with only one AJAX handler identified and no unauthenticated entry points. This demonstrates a commitment to secure coding practices in these critical areas.

However, there are areas for improvement. The output escaping is only 56% proper, which is a significant concern. While the taint analysis shows no critical or high severity flows, it did identify two flows with unsanitized paths. This, coupled with the lack of capability checks on the AJAX handler and only two nonce checks across the entire plugin, suggests potential weaknesses that could be exploited if an attacker can manipulate inputs to these handlers.

In conclusion, "allergens-for-woocommerce" v1.6.2 has several strengths, particularly in its handling of database queries and avoidance of external interactions. Nevertheless, the moderate rate of unescaped output and the potential for unsanitized input to the AJAX handler, without robust authentication or capability checks, represent the primary security risks. Addressing these issues would significantly enhance the plugin's overall security.

Key Concerns

  • Low output escaping rate (56%)
  • Unsanitized paths in taint flows (2)
  • No capability checks on AJAX handler
  • Limited nonce checks on AJAX handler
Vulnerabilities
None known

Allergens System for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Allergens System for Woocommerce Release Timeline

v1.6.1
Code Analysis
Analyzed Mar 16, 2026

Allergens System for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
15 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

56% escaped27 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
treceafw_ajax_preview_icons (allergens-woocommerce.php:260)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Allergens System for Woocommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_treceafw_preview_iconsallergens-woocommerce.php:259
WordPress Hooks 17
actioninitallergens-woocommerce.php:21
actionwp_enqueue_scriptsallergens-woocommerce.php:30
actionwp_enqueue_scriptsallergens-woocommerce.php:65
actionadmin_enqueue_scriptsallergens-woocommerce.php:70
actionadmin_menuallergens-woocommerce.php:124
filterwoocommerce_product_data_tabsallergens-woocommerce.php:275
actionwoocommerce_product_data_panelsallergens-woocommerce.php:285
actionwoocommerce_process_product_metaallergens-woocommerce.php:324
actionwoocommerce_before_add_to_cart_formallergens-woocommerce.php:351
actionwoocommerce_product_after_variable_attributesallergens-woocommerce.php:414
actionwoocommerce_save_product_variationallergens-woocommerce.php:433
actionwoocommerce_available_variationallergens-woocommerce.php:451
actioninitallergens-woocommerce.php:466
actionadmin_initallergens-woocommerce.php:470
actionwoocommerce_update_productallergens-woocommerce.php:473
actionicl_make_duplicateallergens-woocommerce.php:476
actionwoocommerce_save_product_variationallergens-woocommerce.php:479
Maintenance & Trust

Allergens System for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 7, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Developer Profile

Allergens System for Woocommerce Developer Profile

Danilo Ulloa

3 plugins · 100 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Allergens System for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/allergens-for-woocommerce/css/style.css/wp-content/plugins/allergens-for-woocommerce/js/variations.js/wp-content/plugins/allergens-for-woocommerce/css/admin.css
Script Paths
/wp-content/plugins/allergens-for-woocommerce/js/variations.js

HTML / DOM Fingerprints

CSS Classes
treceafw-settings-wraptreceafw-theme-selectortreceafw-preview-sectiontreceafw-icons-preview
Data Attributes
data-icon-theme
JS Globals
treceafwData
FAQ

Frequently Asked Questions about Allergens System for Woocommerce