WP-Safety

AMP WooCommerce Security & Risk Analysis

wordpress.org/plugins/amp-woocommerce

AMP for Ecommerce - Easily Enable AMP functionality on WooCommerce platform. Works out of the box with the default WordPress AMP plugin.

100 active installs v1.0 PHP + WP 3.5+ Updated Feb 19, 2020
ampwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is AMP WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

AMP WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The 'amp-woocommerce' plugin v1.0 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and has a clean vulnerability history with no recorded CVEs, there are notable concerns regarding its attack surface and input sanitization. The plugin exposes six AJAX handlers, with two of them lacking proper authentication checks. This is a significant security risk as it allows unauthenticated users to interact with potentially sensitive functionality, opening the door for various exploits if these handlers are not adequately secured internally. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could be processed in an unsafe manner. Although no critical or high severity issues were identified in the taint analysis, these unsanitized paths are a cause for concern and require immediate investigation. The plugin's 80% output escaping rate, while not terrible, also leaves room for potential cross-site scripting (XSS) vulnerabilities on the remaining 20% of outputs.

Key Concerns

  • AJAX handlers without authentication checks
  • Taint flows with unsanitized paths
  • Output escaping rate below 100%
Vulnerabilities
None known

AMP WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

AMP WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
58
228 escaped
Nonce Checks
2
Capability Checks
2
File Operations
2
External Requests
1
Bundled Libraries
0

Output Escaping

80% escaped286 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
amp_woo_comment_handle (templates\layouts\product-review.php:71)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

AMP WooCommerce Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 6

authwp_ajax_amp_woo_add_to_cart_submitinc\amp_woo_ajax_calls.php:3
noprivwp_ajax_amp_woo_add_to_cart_submitinc\amp_woo_ajax_calls.php:4
authwp_ajax_amp_woo_cart_coupon_operationinc\amp_woo_ajax_calls.php:45
noprivwp_ajax_amp_woo_cart_coupon_operationinc\amp_woo_ajax_calls.php:46
authwp_ajax_amp_woo_comment_handletemplates\layouts\product-review.php:68
noprivwp_ajax_amp_woo_comment_handletemplates\layouts\product-review.php:69
WordPress Hooks 31
actionamp_initamp-woocommerce.php:29
actionadmin_noticesamp-woocommerce.php:31
actionpre_amp_render_postamp-woocommerce.php:40
filteramp_post_template_fileamp-woocommerce.php:43
actionwpamp-woocommerce.php:46
filterwc_get_templateamp-woocommerce.php:85
filterampforwp_body_classamp-woocommerce.php:86
filteramp_content_sanitizersamp-woocommerce.php:87
filterampforwp_the_content_last_filteramp-woocommerce.php:90
actionwoocommerce_before_main_contentamp-woocommerce.php:93
actionplugins_loadedinc\amp_woo_ajax_calls.php:7
actionwidgets_initinc\amp_woo_features.php:214
filterampforwp_the_content_last_filterinc\amp_woo_features.php:276
actionampforwp_above_the_titleinc\amp_woo_features.php:294
actionplugins_loadedinc\amp_woo_features.php:315
actionredux/options/redux_builder_amp/savedinc\amp_woo_features.php:319
actionsave_postinc\amp_woo_features.php:320
filteramp_post_template_datainc\amp_woo_features.php:366
actionamp_post_template_cssinc\styles_script.php:5
actionamp_post_template_cssinc\styles_script.php:6
actionamp_post_template_cssinc\styles_script.php:9
actionamp_post_template_cssinc\styles_script.php:10
actionamp_post_template_cssinc\styles_script.php:13
actionamp_post_template_cssinc\styles_script.php:16
actionamp_post_template_cssinc\styles_script.php:19
filterampforwp_the_content_last_filtertemplates\layouts\product-review.php:2
filterwoocommerce_product_review_comment_form_argstemplates\layouts\product-review.php:40
actionamp_post_template_csstemplates\layouts\single.php:40
filterwoocommerce_add_to_cart_validationtemplates\single-product\add-to-cart\grouped.php:113
filterwoocommerce_add_to_cart_validationtemplates\single-product\add-to-cart\simple.php:54
filterwoocommerce_add_to_cart_validationtemplates\single-product\add-to-cart\variable.php:142
Maintenance & Trust

AMP WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedFeb 19, 2020
PHP min version
Downloads21K

Community Trust

Rating40/100
Number of ratings12
Active installs100
Alternatives

AMP WooCommerce Alternatives

CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
ActiveCampaign for WooCommerce

ActiveCampaign for WooCommerce

activecampaign-for-woocommerce

A
100

https://youtu.be/wHPrLFXQTgQ

6K 1 CVE
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

finale-woocommerce-sales-countdown-timer-discount

C
58

Finale lets you create scheduled one time or recurring campaigns. It induces urgency with visual elements such as Countdown Timer and Counter Bar to m …

4K 1 unpatched
Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

shopping-feed-for-google

A
100

Automate real-time product syncing to Google, Microsoft & Facebook from WooCommerce. Launch campaigns and track interactions with Google Analytics 4.

2K No CVEs
PDF Ink Lite – PDF Watermark & Password Protection

PDF Ink Lite – PDF Watermark & Password Protection

waterwoo-pdf

A
100

The original WordPress PDF Watermark & password plugin (fka WaterWoo) Automatically 'tattoo' & protect PDFs for WooCommerce, EDD, an …

2K No CVEs
Developer Profile

AMP WooCommerce Developer Profile

Magazine3

13 plugins · 739K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect AMP WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/amp-woocommerce/inc/styles_script.php/wp-content/plugins/amp-woocommerce/inc/amp_woo_ajax_calls.php/wp-content/plugins/amp-woocommerce/inc/amp_woo_features.php/wp-content/plugins/amp-woocommerce/templates/layouts/product-review.php/wp-content/plugins/amp-woocommerce/templates/layouts/single.php/wp-content/plugins/amp-woocommerce/templates/single-product/add-to-cart/simple.php/wp-content/plugins/amp-woocommerce/templates/single-product/add-to-cart/variable.php/wp-content/plugins/amp-woocommerce/templates/single-product/add-to-cart/variation-add-to-cart-button.php+10 more

HTML / DOM Fingerprints

CSS Classes
amp-woo-product-page
HTML Comments
Add WooCommerce elements in the pageEnable WooCommerce support for AMPRequires woocommerce & ampforwp pluginAdds main fuctionalities for WooCommerce Pages.+13 more
JS Globals
AMP_WOO_VERSIONAMP_WOO_PLUGIN_URIAMP_WOO_PLUGIN_PATHAMP_WOO_INC_DIR
FAQ

Frequently Asked Questions about AMP WooCommerce