WP-Safety

Avalon23 Products Filter for WooCommerce Security & Risk Analysis

wordpress.org/plugins/avalon23-products-filter-for-woocommerce

Avalon23 Products Filter – New generation of WooCommerce Products Filters for your ecommerce

10 active installs v1.1.6 PHP 7.4+ WP 6.0+ Updated Mar 2, 2025
ajax-filterfilterproductsproducts-filterwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Avalon23 Products Filter for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Avalon23 Products Filter for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The Avalon23 Products Filter for WooCommerce plugin, version 1.1.6, exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, with a high percentage of both, there are significant concerns regarding its attack surface and lack of authentication checks. A substantial number of AJAX handlers (36 out of 42) are exposed without any authentication or capability checks, creating a broad entry point for potential attacks. The presence of a single taint flow with an unsanitized path, categorized as high severity, is a critical finding that warrants immediate attention.

Despite the absence of known CVEs and historical vulnerabilities, the plugin's current static analysis reveals a concerning number of unprotected entry points and a high-severity taint flow. This indicates potential for introducing vulnerabilities, even if none have been publicly disclosed or exploited yet. The plugin's strengths lie in its careful handling of database queries and output, but these are overshadowed by the security risks posed by its extensive unprotected AJAX functionality. A balanced conclusion suggests that while the plugin is well-developed in certain areas, its security needs substantial improvement, particularly in its authentication and sanitization mechanisms for its exposed functionality.

Key Concerns

  • Large attack surface without auth checks
  • High severity taint flow with unsanitized path
  • Missing capability checks on AJAX handlers
  • Low number of nonce checks relative to AJAX handlers
Vulnerabilities
None known

Avalon23 Products Filter for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Avalon23 Products Filter for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
43 prepared
Unescaped Output
16
407 escaped
Nonce Checks
5
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

66% prepared65 total queries

Output Escaping

96% escaped423 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

9 flows1 with unsanitized paths
get_smth (avalon23-products-filter.php:463)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
36 unprotected

Avalon23 Products Filter for WooCommerce Attack Surface

Entry Points48
Unprotected36

AJAX Handlers 42

authwp_ajax_avalon23_get_smthavalon23-products-filter.php:115
noprivwp_ajax_avalon23_get_smthavalon23-products-filter.php:116
authwp_ajax_avalon23_import_dataavalon23-products-filter.php:121
authwp_ajax_avalon23_form_redrawclasses\admin\filter-items-fields-options.php:32
authwp_ajax_avalon23_save_filter_field_optionclasses\admin\filter-items-fields-options.php:50
authwp_ajax_avalon23_get_filter_item_dataclasses\admin\filter-items.php:35
authwp_ajax_avalon23_save_filter_item_fieldclasses\admin\filter-items.php:36
authwp_ajax_avalon23_create_filter_fieldclasses\admin\filter-items.php:37
authwp_ajax_avalon23_refresh_filter_items_tableclasses\admin\filter-items.php:38
authwp_ajax_avalon23_delete_filter_fieldclasses\admin\filter-items.php:39
authwp_ajax_avalon23_get_filter_metaclasses\admin\filter-meta.php:61
authwp_ajax_avalon23_save_filter_meta_fieldclasses\admin\filter-meta.php:62
authwp_ajax_avalon23_create_metaclasses\admin\filter-meta.php:63
authwp_ajax_avalon23_delete_filter_metaclasses\admin\filter-meta.php:64
authwp_ajax_avalon23_get_filter_item_optionsclasses\admin\filter-options.php:26
authwp_ajax_avalon23_save_filter_item_option_fieldclasses\admin\filter-options.php:27
authwp_ajax_avalon23_create_filterclasses\admin\filters.php:24
authwp_ajax_avalon23_save_filter_fieldclasses\admin\filters.php:25
authwp_ajax_avalon23_delete_filterclasses\admin\filters.php:26
authwp_ajax_avalon23_clone_filterclasses\admin\filters.php:27
authwp_ajax_avalon23_get_predefinition_tableclasses\admin\predefinition.php:25
authwp_ajax_avalon23_save_table_predefinition_fieldclasses\admin\predefinition.php:26
authwp_ajax_avalon23_manage_alertclasses\admin\rate_alert.php:12
authwp_ajax_avalon23_save_seo_settings_fieldclasses\admin\seo.php:20
authwp_ajax_avalon23_save_seo_rules_fieldclasses\admin\seo.php:21
authwp_ajax_avalon23_delete_seo_rules_fieldclasses\admin\seo.php:22
authwp_ajax_avalon23_create_seo_rules_fieldclasses\admin\seo.php:23
authwp_ajax_avalon23_save_seo_fieldclasses\admin\seo.php:36
authwp_ajax_avalon23_save_settings_fieldclasses\admin\settings.php:26
authwp_ajax_avalon23_save_table_custom_cssclasses\admin\settings.php:29
authwp_ajax_avalon23_get_table_custom_cssclasses\admin\settings.php:34
authwp_ajax_avalon23_form_filter_redrawclasses\filter.php:38
noprivwp_ajax_avalon23_form_filter_redrawclasses\filter.php:39
authwp_ajax_avalon23_get_products_dataclasses\filter.php:41
noprivwp_ajax_avalon23_get_products_dataclasses\filter.php:42
authwp_ajax_avalon23_optimize_clear_cacheclasses\optimization.php:47
authwp_ajax_avalon23_optimize_clear_transientclasses\optimization.php:48
authwp_ajax_avalon23_save_vocabulary_fieldclasses\vocabulary.php:42
authwp_ajax_avalon23_create_vocabulary_fieldclasses\vocabulary.php:43
authwp_ajax_avalon23_delete_vocabulary_fieldclasses\vocabulary.php:44
authwp_ajax_avalon23_filter_resetext\memory_filter\index.php:20
noprivwp_ajax_avalon23_filter_resetext\memory_filter\index.php:21

Shortcodes 6

[avalon23] avalon23-products-filter.php:111
[avalon23_button] avalon23-products-filter.php:112
[avalon23_h_images] avalon23-products-filter.php:113
[avalon23_content] ext\content_shortcode\index.php:10
[avalon23_map] ext\image_map\index.php:13
[avalon23_qr] ext\qr_generator\index.php:12
WordPress Hooks 94
actionbefore_woocommerce_initavalon23-products-filter.php:38
actionavalon23_before_filter_drawavalon23-products-filter.php:118
actionavalon23_after_filter_drawavalon23-products-filter.php:119
actionavalon23_draw_popupavalon23-products-filter.php:124
actionavalon23_draw_settings_tableavalon23-products-filter.php:125
actionavalon23_draw_main_tableavalon23-products-filter.php:126
actionadmin_initavalon23-products-filter.php:136
actionadmin_enqueue_scriptsavalon23-products-filter.php:148
actionwidgets_initavalon23-products-filter.php:150
actionwp_headavalon23-products-filter.php:280
actionadmin_menuavalon23-products-filter.php:283
actionwp_print_footer_scriptsavalon23-products-filter.php:293
actioninitavalon23-products-filter.php:694
actionadmin_initclasses\admin\filter-items-fields-options.php:13
filteravalon23_get_field_item_field_optionclasses\admin\filter-items-fields-options.php:16
actionadmin_enqueue_scriptsclasses\admin\filter-items-fields-options.php:49
actionadmin_enqueue_scriptsclasses\admin\filter-items.php:22
actionadmin_initclasses\admin\filter-items.php:23
actionavalon23_filter_items_tableclasses\admin\filter-items.php:44
actionadmin_enqueue_scriptsclasses\admin\filter-meta.php:16
actionadmin_initclasses\admin\filter-meta.php:17
filteravalon23_table_orderby_select_argsclasses\admin\filter-meta.php:21
filteravalon23_extend_filter_fieldsclasses\admin\filter-meta.php:272
actionavalon23_meta_fields_tableclasses\admin\filter-meta.php:304
actionadmin_enqueue_scriptsclasses\admin\filter-options.php:13
actionadmin_initclasses\admin\filter-options.php:14
actionavalon23_filter_options_tableclasses\admin\filter-options.php:50
actionadmin_initclasses\admin\filters.php:16
actionavalon23_admin_tableclasses\admin\filters.php:32
actionadmin_enqueue_scriptsclasses\admin\predefinition.php:12
actionadmin_initclasses\admin\predefinition.php:13
actionadmin_enqueue_scriptsclasses\admin\seo.php:14
actionadmin_initclasses\admin\seo.php:15
filteravlon23_export_dataclasses\admin\seo.php:17
filteravalon23_import_dataclasses\admin\seo.php:18
actionavalon23_draw_seo_tabclasses\admin\seo.php:25
actionadmin_enqueue_scriptsclasses\admin\settings.php:13
actionadmin_initclasses\admin\settings.php:14
actionadmin_bar_menuclasses\admin\settings.php:40
actionavalon23_extend_settingsclasses\admin\skins.php:26
actioninitclasses\filter.php:36
actionwp_headclasses\filter.php:45
filterwoocommerce_shortcode_products_queryclasses\filter.php:53
actionwoocommerce_product_queryclasses\filter.php:54
filterwoot_wp_query_argsclasses\filter.php:56
filterwoocommerce_is_filteredclasses\filter.php:58
filtercron_schedulesclasses\helper.php:9
filteravalon23_get_filtered_price_queryclasses\helper.php:10
filteravalon23-get-calendar-namesclasses\helper.php:617
actionavalon23_extend_settingsclasses\optimization.php:29
actionavalon23_cache_count_data_auto_cleanclasses\optimization.php:40
filterwp_robotsclasses\seo.php:18
actionwp_headclasses\seo.php:19
filterdocument_title_partsclasses\seo.php:21
filterthe_titleclasses\seo.php:22
filterwoocommerce_page_titleclasses\seo.php:23
filteravalon23_ajax_redraw_selectorclasses\seo.php:31
actionavalon23_extend_optionsclasses\url-parse.php:54
filterdo_parse_requestclasses\url-parse.php:57
filteravalon23_current_langclasses\vocabulary.php:20
actionadmin_enqueue_scriptsclasses\vocabulary.php:30
actionadmin_initclasses\vocabulary.php:31
filterwoocommerce_price_filter_sqlclasses\woo-price-filter-widget.php:12
filteravalon23_get_all_metacompatibility\acf.php:27
filteravalon23_get_meta_optionscompatibility\acf.php:29
actionavalon23_fields_optionsdata\fields-options.php:7
actionavalon23_get_available_fieldsdata\fields.php:7
filterposts_wheredata\fields.php:28
filter_posts_groupbydata\fields.php:40
filterposts_joindata\fields.php:52
filterposts_wheredata\fields.php:93
filterposts_wheredata\fields.php:118
actionavalon23_extend_optionsdata\filter-options.php:7
actionavalon23_extend_settingsdata\settings.php:7
actionwp_headext\content_shortcode\index.php:11
filteravalon23_extend_filter_fieldsext\custom_html\index.php:13
actionavalon23_extend_settingsext\custom_html\index.php:14
actionwp_enqueue_scriptsext\image_map\index.php:14
filteravalon23_taxonomy_front_viewext\image_map\index.php:16
filteravalon23_meta_front_viewext\image_map\index.php:17
filteravalon23_extend_filter_fieldsext\image_map\index.php:19
filteravalon23_fields_options_row_extendext\image_map\index.php:20
actionadmin_enqueue_scriptsext\image_map\index.php:23
actionavalon23_extend_optionsext\memory_filter\index.php:14
filteravalon23_request_get_dataext\memory_filter\index.php:16
filteravalon23_after_parse_query_argsext\memory_filter\index.php:17
filteravalon23_filter_redraw_dataext\memory_filter\index.php:18
actionwp_enqueue_scriptsext\mobile_behavior\index.php:10
actionavalon23_extend_optionsext\mobile_behavior\index.php:11
filteravalon23_filter_redraw_dataext\mobile_behavior\index.php:13
actionadmin_enqueue_scriptsext\mobile_behavior\index.php:15
actionwp_enqueue_scriptsext\qr_generator\index.php:13
filteravalon23_extend_filter_fieldsext\qr_generator\index.php:15
filteravalon23_fields_options_row_extendext\qr_generator\index.php:16

Scheduled Events 1

avalon23_cache_count_data_auto_clean
Maintenance & Trust

Avalon23 Products Filter for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 2, 2025
PHP min version7.4
Downloads3K

Community Trust

Rating92/100
Number of ratings7
Active installs10
Alternatives

Avalon23 Products Filter for WooCommerce Alternatives

annasta Filters for WooCommerce

annasta Filters for WooCommerce

annasta-woocommerce-product-filters

A
100

All-in-one products search and filtering solution for your WooCommerce shop with rich features and customization options.

2K No CVEs
WOOF by Category

WOOF by Category

woof-by-category

A
92

WooCommerce Product Filter (WOOF) extension to display a set of filters depending on the current product category page.

2K No CVEs
Active Products Tables for WooCommerce. Use constructor to create tables 

Active Products Tables for WooCommerce. Use constructor to create tables 

profit-products-tables-for-woocommerce

A
87

WooCommerce Active Products Tables - is the WooCommerce Products Table plugin displaying shop products in table format

1K 12 CVEs
MDTF – Meta Data and Taxonomies Filter

MDTF – Meta Data and Taxonomies Filter

wp-meta-data-filter-and-taxonomy-filter

D
40

The main idea of the plugin – make your WordPress site content is filterable and searchable by meta fields and taxonomies on the same time.

1K 1 unpatched
Shop Products Filter

Shop Products Filter

trusty-woo-products-filter

C
68

Filter all products of your woocommerce shop. Filter by categories,tags,attributes,taxonomies,price slider,on sale etc.

30 1 unpatched
Developer Profile

Avalon23 Products Filter for WooCommerce Developer Profile

paradigmatools

2 plugins · 10 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Avalon23 Products Filter for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/admin/system.css/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/helper.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/selectm-23.css/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/selectm-23.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/growls.css/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/popup-23.css/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/switcher-23.css/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/admin/options.css+7 more
Script Paths
/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/helper.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/selectm-23.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/data-table-23/data-table-23.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/admin/generated-tables.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/popup-23.js/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/admin/alasql.min.js+1 more
Version Parameters
/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/admin/system.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/helper.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/selectm-23.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/selectm-23.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/growls.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/popup-23.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/switcher-23.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/css/admin/options.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/data-table-23/data-table-23.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/data-table-23/data-table-23.css?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/admin/generated-tables.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/popup-23.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/admin/alasql.min.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/spectrum/spectrum.min.js?ver=/wp-content/plugins/avalon23-products-filter-for-woocommerce/assets/js/spectrum/spectrum.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
avalon23-products-filteravalon23-filter-widgetavalon23-color-paletteavalon23-color-palette-wrapper
HTML Comments
<!-- avalon23-products-filter -->
Data Attributes
data-avalon23-filter-iddata-avalon23-optionsdata-avalon23-ajax-urldata-avalon23-widget-id
JS Globals
avalon23Avalon23_AdminAvalon23_SettingsAvalon23_VocabularyAvalon23_CompatibilityAvalon23_DB_Controller+8 more
REST Endpoints
/wp-json/avalon23/v1/get_filters/wp-json/avalon23/v1/get_products
Shortcode Output
[avalon23][avalon23_button][avalon23_h_images]
FAQ

Frequently Asked Questions about Avalon23 Products Filter for WooCommerce