Does Awesome for WC have any unpatched vulnerabilities?

No. All known vulnerabilities in Awesome for WC have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Awesome for WC compatible with WordPress 5.7.15?

According to WordPress.org data, Awesome for WC 1.0.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Awesome for WC updated?

Awesome for WC was last updated on Mar 24, 2021. Frequent updates are generally a positive security signal.

What is Awesome for WC's security score?

Awesome for WC has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Awesome for WC Security & Risk Analysis

wordpress.org/plugins/awesome-wc

Customize every aspect of your WooCommerce store.

10 active installs v1.0.1 PHP + WP 4.0+ Updated Mar 24, 2021

commercee-commerceecommercewoocommercewordpress-ecommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Awesome for WC Safe to Use in 2026?

Generally Safe

Score 85/100

Awesome for WC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "awesome-wc" plugin v1.0.1 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, representing a substantial attack surface. While the plugin demonstrates good practices in SQL query handling by exclusively using prepared statements and appears to have no known vulnerabilities or previous CVEs, the lack of authentication checks on most of its entry points is a critical weakness. This exposes the plugin to potential unauthorized actions if an attacker can trigger these AJAX endpoints. The taint analysis, though limited in scope, shows all analyzed flows have unsanitized paths, but importantly, no critical or high severity issues were identified. This suggests that while data might be flowing without proper sanitization, it doesn't immediately lead to severe exploits based on the tested flows. The output escaping is also a significant concern, with only 25% of outputs being properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, "awesome-wc" v1.0.1 has a mixed security profile. Its strength lies in its clean vulnerability history and secure database interactions. However, the numerous unprotected AJAX endpoints and poor output escaping practices create significant security risks that need immediate attention. The plugin is vulnerable to attack due to the large attack surface exposed by unauthenticated AJAX handlers and the high likelihood of XSS flaws due to insufficient output escaping. These issues outweigh the positive aspects of its SQL handling and lack of known CVEs.

Key Concerns

14 AJAX handlers without auth checks
25% output escaping is proper
5 unsanitized paths in taint analysis
3 Nonce checks
0 Capability checks

Vulnerabilities

None known

Awesome for WC Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Awesome for WC Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped56 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

st_wc_activate_license (includes\ajax_manager.php:4)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Awesome for WC Attack Surface

Entry Points16

Unprotected14

AJAX Handlers 14

authwp_ajax_st_wc_business_hours_update_optioncomponents\stWcAwesomeBusinessHours\includes\hooks.php:3

noprivwp_ajax_st_wc_business_hours_update_optioncomponents\stWcAwesomeBusinessHours\includes\hooks.php:4

authwp_ajax_st_wc_apply_coupon_codecomponents\stWcCouponCode\includes\hooks.php:3

noprivwp_ajax_st_wc_apply_coupon_codecomponents\stWcCouponCode\includes\hooks.php:4

authwp_ajax_st_wc_activate_licenseincludes\hooks.php:5

noprivwp_ajax_st_wc_activate_licenseincludes\hooks.php:6

authwp_ajax_st_wc_update_componentincludes\hooks.php:9

noprivwp_ajax_st_wc_update_componentincludes\hooks.php:10

authwp_ajax_st_wc_download_componentincludes\hooks.php:13

noprivwp_ajax_st_wc_download_componentincludes\hooks.php:14

authwp_ajax_st_wc_activate_downloadincludes\hooks.php:17

noprivwp_ajax_st_wc_activate_downloadincludes\hooks.php:18

authwp_ajax_st_wc_activate_planincludes\hooks.php:21

noprivwp_ajax_st_wc_activate_planincludes\hooks.php:22

Shortcodes 2

[st_wc_awesome_business_hours] components\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:86

[st_wc_coupon_code] components\stWcCouponCode\stWcCouponCode.php:52

WordPress Hooks 28

actionadmin_noticesawesome.php:66

actionwp_enqueue_scriptsawesome.php:105

actionwp_enqueue_scriptsawesome.php:106

actionelementor/preview/enqueue_stylesawesome.php:109

actionelementor/preview/enqueue_stylesawesome.php:110

actionelementor/editor/before_enqueue_scriptsawesome.php:112

actioninitawesome.php:117

actionplugins_loadedawesome.php:119

actionthe_postsawesome.php:122

actionelementor/elements/categories_registeredawesome.php:125

actionadmin_menucomponents\stWcAwesomeBusinessHours\includes\admin\stWcAwesomeBusinessHoursAdminPage.php:33

actionadmin_enqueue_scriptscomponents\stWcAwesomeBusinessHours\includes\admin\stWcAwesomeBusinessHoursAdminPage.php:36

actionadmin_enqueue_scriptscomponents\stWcAwesomeBusinessHours\includes\admin\stWcAwesomeBusinessHoursAdminPage.php:37

actionadmin_enqueue_scriptscomponents\stWcAwesomeBusinessHours\includes\admin\stWcAwesomeBusinessHoursAdminPage.php:38

actionadmin_headcomponents\stWcAwesomeBusinessHours\includes\admin\stWcAwesomeBusinessHoursAdminPage.php:39

actionwp_enqueue_scriptscomponents\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:72

actionelementor/preview/enqueue_stylescomponents\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:74

actionelementor/preview/enqueue_stylescomponents\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:75

actionelementor/frontend/the_contentcomponents\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:77

actionelementor/widgets/widgets_registeredcomponents\stWcAwesomeBusinessHours\stWcAwesomeBusinessHours.php:80

actionwp_enqueue_scriptscomponents\stWcCouponCode\stWcCouponCode.php:47

actionelementor/preview/enqueue_stylescomponents\stWcCouponCode\stWcCouponCode.php:48

actionadmin_menuincludes\admin\admin-page.php:20

actionadmin_enqueue_scriptsincludes\admin\admin-page.php:23

actionadmin_enqueue_scriptsincludes\admin\admin-page.php:24

actionadmin_enqueue_scriptsincludes\admin\admin-page.php:25

actionadmin_headincludes\admin\admin-page.php:26

filteradmin_footer_textincludes\admin\admin-page.php:28

Maintenance & Trust

Awesome for WC Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMar 24, 2021

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Awesome for WC Alternatives

2C2P Redirect API for WooCommerce

2c2p-redirect-api-for-woocommerce

Accept Payment (Credit/Debit Cards, Alipay, Alternative/Cash Payments) on your WooCommerce webstore.

900 No CVEs

WooCommerce PayPal Here Payment Gateway

woocommerce-paypal-here-gateway

Accept payment in-person using PayPal Here as a point-of-sale system.

200 No CVEs

Interface for Geniki Taxydromiki API v2 and Woo

interface-for-geniki-taxydromiki-and-woo

Interface for Geniki Taxydromiki API v2 and Woocommerce.

50 No CVEs

Extended Setup for WooCommerce – Customize your eCommerce

extended-setup-for-woocommerce

100

WooCommerce Extended Setup is a powerful customizer for WooCommerce that helps you customize with no code.

10 No CVEs

WooDPD

woodpd

Wordpress plugin for WooCommerce and DPD, with cart button widget.

10 No CVEs

Developer Profile

Awesome for WC Developer Profile

Roberto Torres

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Awesome for WC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/awesome-wc/assets/css/roboto.font.css/wp-content/plugins/awesome-wc/assets/css/materialdesignicons.min.css/wp-content/plugins/awesome-wc/assets/css/vuetify-2.3.16.css/wp-content/plugins/awesome-wc/assets/css/stWcAwesome.css/wp-content/plugins/awesome-wc/assets/scripts/vue@2.6.0.js/wp-content/plugins/awesome-wc/assets/scripts/vue@2.6.0.min.js/wp-content/plugins/awesome-wc/assets/scripts/vuetify@2.1.4.min.js/wp-content/plugins/awesome-wc/assets/scripts/axios.min.js+3 more

Script Paths

/wp-content/plugins/awesome-wc/assets/scripts/vue@2.6.0.js/wp-content/plugins/awesome-wc/assets/scripts/vue@2.6.0.min.js/wp-content/plugins/awesome-wc/assets/scripts/vuetify@2.1.4.min.js/wp-content/plugins/awesome-wc/assets/scripts/axios.min.js/wp-content/plugins/awesome-wc/assets/scripts/stInitializeModular.js/wp-content/plugins/awesome-wc/assets/scripts/stInitialize.js

Version Parameters

/wp-content/plugins/awesome-wc/assets/css/stWcAwesome.css?ver=/wp-content/plugins/awesome-wc/assets/scripts/stInitializeModular.js?ver=/wp-content/plugins/awesome-wc/assets/scripts/stInitialize.js?ver=/wp-content/plugins/awesome-wc/assets/css/stWcAwesomeElementor.css?ver=

HTML / DOM Fingerprints

CSS Classes

st-wc-awesome-elementor

Data Attributes

data-plugin-name="Awesome for WC"

JS Globals

StWcAwesomeStWcAwesomeFunctionsStWcAPIStWcLicenseManagerStWcAwesomeAdminPage

FAQ