WP-Safety

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Security & Risk Analysis

wordpress.org/plugins/attribute-stock-for-woocommerce

Set up complex stock configurations with ease. Shared stock, variable quantities, the possibilities are endless.

2K active installs v2.2.8 PHP 7.4+ WP 5.4+ Updated Mar 21, 2026
attribute-stockshared-stockstockvariable-stockwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Safe to Use in 2026?

Generally Safe

Score 100/100

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "attribute-stock-for-woocommerce" plugin v2.2.7 exhibits a mixed security posture. While it boasts no known CVEs and a history free of vulnerabilities, the static analysis reveals several areas of concern. A significant portion of its attack surface, specifically 4 out of 6 entry points, lacks proper authentication checks, including all AJAX handlers. The presence of the `unserialize` function, a known dangerous function, without explicit context on its usage and sanitization is a significant red flag. Furthermore, the taint analysis indicates that all three analyzed flows have unsanitized paths, although they were not classified as critical or high severity.

The plugin's vulnerability history is a strong positive, suggesting diligent development and patching practices in the past. However, this does not negate the risks identified in the current static analysis. The lack of comprehensive authentication on entry points and the potential for `unserialize` to be exploited if used with user-supplied data are primary concerns. The moderate rate of proper output escaping and the presence of SQL queries not using prepared statements also contribute to the overall risk, albeit to a lesser extent than the unauthenticated entry points.

In conclusion, while the plugin's track record is excellent, the current version has identifiable weaknesses in its attack surface management and data handling. The absence of critical or high severity taint flows and the lack of historical vulnerabilities are strengths. However, the unauthenticated AJAX endpoints and the potential risks associated with `unserialize` warrant careful consideration and potential remediation.

Key Concerns

  • 4 unprotected AJAX handlers
  • Use of unserialize function
  • 50% of SQL queries not prepared
  • 41% of outputs not properly escaped
  • 3 unsanitized taint flows
  • Limited nonce checks
Vulnerabilities
None known

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Release Timeline

v2.2.8Current
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.1-rc2
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.10.2
v1.10.1
v1.10.0
Code Analysis
Analyzed Mar 16, 2026

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Code Analysis

Dangerous Functions
1
Raw SQL Queries
10
10 prepared
Unescaped Output
81
116 escaped
Nonce Checks
3
Capability Checks
22
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$ids = unserialize($result);src\Aspects\Admin\Stock\StockListFilters.php:109

SQL Query Safety

50% prepared20 total queries

Output Escaping

59% escaped197 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
column_default (src\Classes\AttributeStockReport.php:59)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 4

authwp_ajax_woocommerce_json_search_productssrc\Compatibility\Aspects\WooCommerce.php:17
authwp_ajax_woocommerce_json_search_products_and_variationssrc\Compatibility\Aspects\WooCommerce.php:18
authwp_ajax_mewz_wcas_tasksrc\Core\Loader.php:43
noprivwp_ajax_mewz_wcas_tasksrc\Core\Loader.php:44

REST API Routes 1

GET/wp-json/mewz/wcas/inline-edit/(?P<id>\d+)src\Aspects\Admin\Stock\StockAjax.php:11

Shortcodes 1

[attribute_stock] src\Aspects\Common\Shortcode.php:11
WordPress Hooks 137
actionwoocommerce_after_add_attribute_fieldssrc\Aspects\Admin\Attributes\AttributeEdit.php:10
actionwoocommerce_after_edit_attribute_fieldssrc\Aspects\Admin\Attributes\AttributeEdit.php:11
actionwoocommerce_attribute_addedsrc\Aspects\Admin\Attributes\AttributeSave.php:8
actionwoocommerce_attribute_updatedsrc\Aspects\Admin\Attributes\AttributeSave.php:9
actionadmin_headsrc\Aspects\Admin\Attributes\AttributeTermList.php:20
filteradmin_body_classsrc\Aspects\Admin\Attributes\AttributeTermList.php:34
actioncreated_termsrc\Aspects\Admin\Attributes\AttributeTermSave.php:15
actionedited_termsrc\Aspects\Admin\Attributes\AttributeTermSave.php:16
actioncurrent_screensrc\Aspects\Admin\Plugin\PluginHelp.php:10
actionload-edit.phpsrc\Aspects\Admin\Plugin\PluginHelp.php:11
filterplugin_action_linkssrc\Aspects\Admin\Plugin\PluginLinks.php:11
filterplugin_row_metasrc\Aspects\Admin\Plugin\PluginLinks.php:12
actionwoocommerce_product_options_inventory_product_datasrc\Aspects\Admin\Products\ProductEdit.php:13
actionwoocommerce_admin_process_product_objectsrc\Aspects\Admin\Products\ProductEdit.php:14
actionwoocommerce_variation_headersrc\Aspects\Admin\Products\ProductVariationEdit.php:12
actionwoocommerce_variation_optionssrc\Aspects\Admin\Products\ProductVariationEdit.php:13
actionwoocommerce_variation_options_dimensionssrc\Aspects\Admin\Products\ProductVariationEdit.php:14
actionwoocommerce_admin_process_variation_objectsrc\Aspects\Admin\Products\ProductVariationEdit.php:15
filterwoocommerce_admin_reportssrc\Aspects\Admin\Reports\StockReport.php:14
actionadmin_noticessrc\Aspects\Admin\Stock\StockActions.php:19
filterremovable_query_argssrc\Aspects\Admin\Stock\StockActions.php:20
filterpost_row_actionssrc\Aspects\Admin\Stock\StockActions.php:23
actionmewz_wcas_stock_row_actions_outputsrc\Aspects\Admin\Stock\StockActions.php:24
actionpost_action_mewz_wcas_duplicatesrc\Aspects\Admin\Stock\StockActions.php:27
actionpost_action_mewz_wcas_enablesrc\Aspects\Admin\Stock\StockActions.php:28
actionpost_action_mewz_wcas_disablesrc\Aspects\Admin\Stock\StockActions.php:29
filterbulk_post_updated_messagessrc\Aspects\Admin\Stock\StockBulkActions.php:14
filterwoocommerce_screen_idssrc\Aspects\Admin\Stock\StockEdit.php:20
filterenter_title_heresrc\Aspects\Admin\Stock\StockEdit.php:21
filterpost_updated_messagessrc\Aspects\Admin\Stock\StockEdit.php:23
actionadmin_noticessrc\Aspects\Admin\Stock\StockEdit.php:24
actionadmin_post_mewz_wcas_exportsrc\Aspects\Admin\Stock\StockExport.php:13
actionadmin_post_mewz_wcas_importsrc\Aspects\Admin\Stock\StockExport.php:14
actionadmin_noticessrc\Aspects\Admin\Stock\StockList.php:25
filterdisplay_post_statessrc\Aspects\Admin\Stock\StockList.php:30
filterview_mode_post_typessrc\Aspects\Admin\Stock\StockList.php:31
actionrestrict_manage_postssrc\Aspects\Admin\Stock\StockListFilters.php:16
actionpre_get_postssrc\Aspects\Admin\Stock\StockListQuery.php:15
filterposts_clausessrc\Aspects\Admin\Stock\StockListQuery.php:16
filterposts_orderbysrc\Aspects\Admin\Stock\StockListQuery.php:106
filterwp_insert_post_datasrc\Aspects\Admin\Stock\StockSave.php:11
actionpost_updatedsrc\Aspects\Admin\Stock\StockSave.php:13
filterredirect_post_locationsrc\Aspects\Admin\Stock\StockSave.php:77
actionclean_post_cachesrc\Aspects\Common\CleanUp.php:14
actionmewz_attribute_stock_savedsrc\Aspects\Common\CleanUp.php:15
actionmewz_attribute_stock_before_savesrc\Aspects\Common\CleanUp.php:16
actionupdate_option_mewz_wcas_limit_product_stocksrc\Aspects\Common\CleanUp.php:17
actionupdate_option_mewz_wcas_allow_backorderssrc\Aspects\Common\CleanUp.php:18
actionupdate_option_mewz_wcas_unmatched_any_variationssrc\Aspects\Common\CleanUp.php:19
actionmewz_wcas_match_rules_savedsrc\Aspects\Common\CleanUp.php:20
actionmewz_wcas_clean_match_rulessrc\Aspects\Common\CleanUp.php:21
actionmewz_wcas_components_savedsrc\Aspects\Common\CleanUp.php:22
actionadded_term_metasrc\Aspects\Common\CleanUp.php:23
actionupdated_term_metasrc\Aspects\Common\CleanUp.php:24
actiondeleted_term_metasrc\Aspects\Common\CleanUp.php:25
actionmewz_wcas_product_stock_changedsrc\Aspects\Common\CleanUp.php:26
actiondelete_postsrc\Aspects\Common\CleanUp.php:29
actiondelete_termsrc\Aspects\Common\CleanUp.php:30
actionwoocommerce_attribute_deletedsrc\Aspects\Common\CleanUp.php:31
actionmewz_wcas_trigger_stock_notificationsrc\Aspects\Common\StockNotifications.php:12
actionmewz_wcas_trigger_no_stock_notificationsrc\Aspects\Common\StockNotifications.php:13
actionmewz_wcas_trigger_low_stock_notificationsrc\Aspects\Common\StockNotifications.php:14
filterwoocommerce_hidden_order_itemmetasrc\Aspects\Common\UpdateOrderStock.php:13
actionwoocommerce_before_order_item_object_savesrc\Aspects\Common\UpdateOrderStock.php:14
actionwoocommerce_reduce_order_stocksrc\Aspects\Common\UpdateOrderStock.php:15
actionwoocommerce_restore_order_stocksrc\Aspects\Common\UpdateOrderStock.php:16
actionwoocommerce_before_delete_order_itemsrc\Aspects\Common\UpdateOrderStock.php:17
actionwoocommerce_before_save_order_itemssrc\Aspects\Common\UpdateOrderStock.php:18
actionwoocommerce_refund_createdsrc\Aspects\Common\UpdateOrderStock.php:19
filterwoocommerce_order_item_quantitysrc\Aspects\Common\UpdateOrderStock.php:22
filterwoocommerce_prevent_adjust_line_item_product_stocksrc\Aspects\Common\UpdateOrderStock.php:23
actionwoocommerce_product_before_set_stocksrc\Aspects\Common\UpdateOrderStock.php:24
actionwoocommerce_variation_before_set_stocksrc\Aspects\Common\UpdateOrderStock.php:25
actionwoocommerce_product_set_stocksrc\Aspects\Common\UpdateOrderStock.php:26
actionwoocommerce_variation_set_stocksrc\Aspects\Common\UpdateOrderStock.php:27
filterwoocommerce_valid_webhook_resourcessrc\Aspects\Common\Webhooks.php:12
filterwoocommerce_webhook_topicssrc\Aspects\Common\Webhooks.php:13
filterwoocommerce_webhook_topic_hookssrc\Aspects\Common\Webhooks.php:14
filterwoocommerce_webhook_payloadsrc\Aspects\Common\Webhooks.php:15
actionmewz_attribute_stock_savedsrc\Aspects\Common\Webhooks.php:17
actionmewz_wcas_stock_changesrc\Aspects\Common\Webhooks.php:18
actionwp_trash_postsrc\Aspects\Common\Webhooks.php:19
actionuntrashed_postsrc\Aspects\Common\Webhooks.php:20
filtermewz_wcas_limit_product_stock_auto_hookssrc\Compatibility\Aspects\AdvancedOrderExport.php:11
filterwoe_fetch_order_productsrc\Compatibility\Aspects\AdvancedOrderExport.php:12
filterwoocommerce_add_cart_itemsrc\Compatibility\Aspects\LumiseProductDesigner.php:10
filtermewz_wcas_order_item_stock_change_callerssrc\Compatibility\Aspects\OpenPOS.php:10
actionop_add_order_final_aftersrc\Compatibility\Aspects\OpenPOS.php:11
actionwoocommerce_order_status_changedsrc\Compatibility\Aspects\OrderStatusActions.php:13
actioninitsrc\Compatibility\Aspects\Polylang.php:22
actionmewz_wcas_task_trigger_product_stock_changessrc\Compatibility\Aspects\Polylang.php:23
actionwoocommerce_product_set_stock_statussrc\Compatibility\Aspects\Polylang.php:34
actionwoocommerce_variation_set_stock_statussrc\Compatibility\Aspects\Polylang.php:39
actionadmin_initsrc\Compatibility\Aspects\WooCommerce.php:14
filtermewz_wcas_limit_product_stocksrc\Compatibility\Aspects\WooCommerce.php:21
actionmanage_product_posts_custom_columnsrc\Compatibility\Aspects\WooCommerce.php:28
filtermewz_wcas_limit_product_stock_autosrc\Compatibility\Aspects\WPLister.php:12
filtermewz_wcas_limit_product_stock_auto_hookssrc\Compatibility\Aspects\WPLister.php:13
filterget_post_metadatasrc\Compatibility\Aspects\WPLister.php:16
filterwpla_get_stocksrc\Compatibility\Aspects\WPLister.php:17
filterwple_get_stocksrc\Compatibility\Aspects\WPLister.php:18
actionwplister_after_create_ordersrc\Compatibility\Aspects\WPLister.php:21
actionwple_after_create_ordersrc\Compatibility\Aspects\WPLister.php:22
actionwpla_after_create_ordersrc\Compatibility\Aspects\WPLister.php:23
filterget_post_metadatasrc\Compatibility\Aspects\WPLister.php:59
actioninitsrc\Compatibility\Aspects\WPML.php:19
actionwoocommerce_product_set_stock_statussrc\Compatibility\Aspects\WPML.php:37
actionwoocommerce_variation_set_stock_statussrc\Compatibility\Aspects\WPML.php:42
filtermewz_wcas_limit_product_stock_quantitysrc\Compatibility\Aspects\WPML.php:45
actionmewz_wcas_task_trigger_product_stock_changessrc\Compatibility\Aspects\WPML.php:46
actionwcml_before_sync_product_datasrc\Compatibility\Aspects\WPML.php:47
actionwcml_after_sync_product_datasrc\Compatibility\Aspects\WPML.php:95
actionmewz_wcas_stock_changesrc\Compatibility\Aspects\WPRocket.php:11
actionshutdownsrc\Compatibility\Aspects\WPRocket.php:22
actionmewz_wcas_trigger_product_stock_changesrc\Compatibility\Aspects\XootixWaitlist.php:10
filtermewz_wcas_limit_product_stock_auto_hookssrc\Compatibility\Aspects\XootixWaitlist.php:11
actionwoocommerce_add_to_cartsrc\Compatibility\Classes\WCCartStockReducer.php:39
actionwoocommerce_cart_item_removedsrc\Compatibility\Classes\WCCartStockReducer.php:40
filtermewz_wcas_product_stock_limits_uncachedsrc\Compatibility\Classes\WCCartStockReducer.php:42
filtermewz_wcas_any_match_data_matchessrc\Compatibility\Classes\WCCartStockReducer.php:43
actionmewz_wcas_before_validate_add_to_cartsrc\Compatibility\Classes\WCCartStockReducer.php:45
actionmewz_wcas_after_validate_add_to_cartsrc\Compatibility\Classes\WCCartStockReducer.php:46
actionwoocommerce_check_cart_itemssrc\Compatibility\Classes\WCCartStockReducer.php:48
actionwoocommerce_check_cart_itemssrc\Compatibility\Classes\WCCartStockReducer.php:49
filtermewz_wcas_cart_validation_itemssrc\Compatibility\Classes\WCCartStockReducer.php:51
actionbefore_woocommerce_initsrc\Core\Loader.php:23
filterwoocommerce_integrationssrc\Core\Loader.php:26
actioninitsrc\Core\Loader.php:39
actionrest_api_initsrc\Core\Loader.php:40
actionshutdownsrc\Core\Loader.php:45
actioncurrent_screensrc\Core\Loader.php:60
actionload-product_page_product_attributessrc\Core\Loader.php:61
actionload-woocommerce_page_wc-reportssrc\Core\Loader.php:62
actionload-plugins.phpsrc\Core\Loader.php:63
actionwoocommerce_cart_loaded_from_sessionsrc\Core\Loader.php:92
actionwc_ajax_get_variationsrc\Core\Loader.php:93
filterwoocommerce_rest_api_get_rest_namespacessrc\Core\Loader.php:176
Maintenance & Trust

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 21, 2026
PHP min version7.4
Downloads49K

Community Trust

Rating92/100
Number of ratings18
Active installs2K
Alternatives

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Alternatives

Stock Sync for WooCommerce

Stock Sync for WooCommerce

stock-sync-for-woocommerce

A
99

Sync stock quantities between two WooCommerce stores.

1K 3 CVEs
Inventory Sync for WooCommerce

Inventory Sync for WooCommerce

inventory-sync-for-woocommerce

A
100

Allows to sync the stock quantity of products with the same SKU between two WooCommerce stores.

90 No CVEs
Stock Manager for WooCommerce

Stock Manager for WooCommerce

woocommerce-stock-manager

A
92

WooCommerce stock management plugin to manage and edit product stock and their variables from a single dashboard. Stock log, import/export, filters!

20K 4 CVEs
ATUM WooCommerce Inventory Management and Stock Tracking

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

A
100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs
Search by SKU for Woocommerce

Search by SKU for Woocommerce

search-by-sku-for-woocommerce

A
85

Extend the search functionality of woocommerce to include searching of sku

10K No CVEs
Developer Profile

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) Developer Profile

Mewz

1 plugin · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/attribute-stock-for-woocommerce/assets/css/wcas-admin.css/wp-content/plugins/attribute-stock-for-woocommerce/assets/css/wcas-frontend.css/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-admin.js/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-frontend.js/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-vendors.js
Script Paths
/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-admin.js/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-frontend.js/wp-content/plugins/attribute-stock-for-woocommerce/assets/js/wcas-vendors.js
Version Parameters
attribute-stock-for-woocommerce/assets/css/wcas-admin.css?ver=attribute-stock-for-woocommerce/assets/css/wcas-frontend.css?ver=attribute-stock-for-woocommerce/assets/js/wcas-admin.js?ver=attribute-stock-for-woocommerce/assets/js/wcas-frontend.js?ver=attribute-stock-for-woocommerce/assets/js/wcas-vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcas-admin-noticemewz-wcas-admin-noticewcas-form-fieldwcas-form-rowwcas-table-rowmewz-wc-attribute-stock-settings
HTML Comments
<!-- Mewz WCAS Plugin -->
Data Attributes
data-wcas-attribute-stockdata-wcas-product-iddata-wcas-variant-iddata-wcas-stock-leveldata-wcas-stock-iddata-wcas-attribute-name+1 more
JS Globals
mewz_wcas_varsMewzWCASAdmin
REST Endpoints
/wc/v3/attribute-stock/mewz/wcas/inline-edit/(?P<id>\d+)
FAQ

Frequently Asked Questions about Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version)