Does Brands for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Brands for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Brands for WooCommerce 3.8.6.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Brands for WooCommerce compatible with PHP 7.0+?

Brands for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Brands for WooCommerce updated?

Brands for WooCommerce was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is Brands for WooCommerce's security score?

Brands for WooCommerce has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Brands for WooCommerce Security & Risk Analysis

wordpress.org/plugins/brands-for-woocommerce

Brands for WooCommerce plugin allows you to add brands for products in your shop.

6K active installs v3.8.6.9 PHP 7.0+ WP 5.0+ Updated Apr 14, 2026

brandsproduct-brandstaxonomywidgetwoocommerce

A · Safe

CVEs total4

Unpatched0

Last CVEDec 26, 2025

Plugin page Download

Safety Verdict

Is Brands for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Brands for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Dec 26, 2025Updated 1mo ago

Risk Assessment

The 'brands-for-woocommerce' v3.8.6.5 plugin exhibits a mixed security posture. While it demonstrates a relatively robust use of WordPress security features such as nonces and capability checks, several areas raise concerns. The static analysis reveals a significant attack surface, particularly with 23 AJAX handlers, one of which lacks authentication checks. This presents a direct pathway for unauthenticated attackers to interact with potentially sensitive plugin functionality. The presence of the `unserialize` function, a known risk if used with untrusted input, is also noted, although no critical or high severity taint flows were identified, suggesting this risk may be mitigated in current usage. The vulnerability history is a substantial red flag, with 4 medium severity CVEs documented, including SQL injection, CSRF, and XSS. Although there are currently no unpatched vulnerabilities, the pattern of past medium-severity flaws suggests a recurring need for vigilance and prompt patching by users. The last recorded vulnerability in late 2025 is concerningly recent and indicates ongoing security challenges or a delayed discovery/reporting cycle.

Key Concerns

Unprotected AJAX handler
SQL queries without prepared statements
Low percentage of properly escaped output
History of 4 medium severity CVEs
Presence of unserialize function

Vulnerabilities

4 published

Brands for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-68519medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Brands for WooCommerce <= 3.8.6.3 - Authenticated (Contributor+) SQL Injection

Dec 26, 2025 Patched in 3.8.6.4 (11d)

WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommercemedium · 4.3Cross-Site Request Forgery (CSRF)

Brands for WooCommerce <= 3.8.2.2 - Cross-Site Request Forgery

Sep 22, 2023 Patched in 3.8.2.3 (123d)

CVE-2023-44149medium · 4.3Cross-Site Request Forgery (CSRF)

Brands for WooCommerce <= 3.8.2.2 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Sep 22, 2023 Patched in 3.8.2.3 (123d)

CVE-2023-23667medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

May 10, 2023 Patched in 3.8.2 (258d)

Version History

Brands for WooCommerce Release Timeline

v3.8.6.9Current

v3.8.6.8

v3.8.6.7

v3.8.6.6

v3.8.6.5

v3.8.6.4

v3.8.6.31 CVE

v3.8.6.21 CVE

v3.8.6.11 CVE

v3.8.61 CVE

v3.8.51 CVE

v3.8.41 CVE

v3.8.31 CVE

v3.8.2.41 CVE

v3.8.2.31 CVE

v3.8.2.23 CVEs

WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommerce CVE-2025-68519 CVE-2023-44149

v3.8.2.13 CVEs

WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommerce CVE-2025-68519 CVE-2023-44149

v3.8.23 CVEs

WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommerce CVE-2025-68519 CVE-2023-44149

v3.7.0.64 CVEs

CVE-2023-23667 WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommerce CVE-2025-68519 +1 more

v3.7.0.54 CVEs

CVE-2023-23667 WF-996dc1d7-12f8-467d-bf48-a7a82f1c0a41-brands-for-woocommerce CVE-2025-68519 +1 more

Code Analysis

Analyzed Mar 16, 2026

Brands for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

170

158 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

unserializeunserialize( $instance[$name] ) );includes\widgets\base-widget.php:204

unserializereturn empty( $term->category ) ? array( __( 'Uncategorized', 'brands-for-woocommerce' ) ) : unseriaincludes\widgets\widget-catalog.php:57

SQL Query Safety

0% prepared3 total queries

Output Escaping

48% escaped328 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

11 flows1 with unsanitized paths

<framework> (berocket\framework.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Brands for WooCommerce Attack Surface

Entry Points35

Unprotected1

AJAX Handlers 23

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5

authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6

authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7

authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8

authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199

authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200

authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208

authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209

authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5

authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198

authwp_ajax_br_test_keyberocket\includes\updater.php:46

authwp_ajax_br_test_keysberocket\includes\updater.php:47

authwp_ajax_brbrand_alphabet_branddivi\includes\BrandExtension.php:12

authwp_ajax_brbrand_brands_listdivi\includes\BrandExtension.php:13

authwp_ajax_brbrand_brands_productsdivi\includes\BrandExtension.php:14

authwp_ajax_brbrand_product_brands_infodivi\includes\BrandExtension.php:15

authwp_ajax_brbrands_descriptiondivi\includes\BrandExtension.php:16

authwp_ajax_br_brands_clear_cachemain.php:165

authwp_ajax_br_get_brandsmain.php:166

authwp_ajax_br_get_productsmain.php:167

authwp_ajax_br_brands_save_ordermain.php:168

authwp_ajax_br_brands_save_all_ordersmain.php:169

authwp_ajax_br_product_brand_settings_savemain.php:171

Shortcodes 12

[brands_product_thumbnail] addons\divi_shortcode\divi-builder.php:7

[brands_info] addons\divi_shortcode\divi-builder.php:8

[product_brands_info] addons\divi_shortcode\divi-builder.php:9

[brands_products] addons\divi_shortcode\divi-builder.php:10

[brands_list] addons\divi_shortcode\divi-builder.php:11

[brands_catalog] addons\divi_shortcode\divi-builder.php:12

[brands_by_name] addons\divi_shortcode\divi-builder.php:13

[brb_catalog] includes\shortcodes.php:5

[brb_description] includes\shortcodes.php:6

[brb_brands_list] includes\shortcodes.php:7

[brb_products_list] includes\shortcodes.php:8

[brb_prod_binfo] includes\shortcodes.php:9

WordPress Hooks 144

filterbrbrands_section_shortcodes_explanation_listaddons\divi_shortcode\divi-builder.php:14

actionet_builder_modules_loadedaddons\divi_shortcode\divi-builder.php:901

actioninitaddons\show_brands\show_brands_include.php:35

filterbrfr_tabs_info_product_brandaddons\show_brands\show_brands_include.php:40

filterbrfr_data_product_brandaddons\show_brands\show_brands_include.php:41

filterbr_brands_options_to_updateaddons\show_brands\show_brands_include.php:42

filterbr_brands_update_versionaddons\show_brands\show_brands_include.php:43

actionwoocommerce_shop_loop_item_titleaddons\show_brands\show_brands_include.php:289

filterwoocommerce_product_tabsaddons\show_brands\show_brands_include.php:301

actionwoocommerce_product_meta_endaddons\show_brands\show_brands_include.php:305

actionwoocommerce_single_product_summaryaddons\show_brands\show_brands_include.php:311

filterplugins_listberocket\framework.php:84

filterBeRocket_updater_add_pluginberocket\framework.php:105

filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106

actioninitberocket\framework.php:107

actioninitberocket\framework.php:110

actionwp_headberocket\framework.php:111

actionwp_footerberocket\framework.php:112

actionadmin_initberocket\framework.php:113

actionadmin_menuberocket\framework.php:114

actionadmin_enqueue_scriptsberocket\framework.php:115

actionberocket_enqueue_mediaberocket\framework.php:116

filterplugin_row_metaberocket\framework.php:122

filteris_berocket_settings_pageberocket\framework.php:123

actionplugins_loadedberocket\framework.php:128

actionsanitize_comment_cookiesberocket\framework.php:129

actioninstall_plugins_pre_plugin-informationberocket\framework.php:130

filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132

filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135

filterberocket_sanitize_array_predefineberocket\framework.php:136

filterberocket_sanitize_array_ksesberocket\framework.php:137

filterberocket_sanitize_array_ksesberocket\framework.php:140

actionbefore_woocommerce_initberocket\framework.php:150

filterloop_shop_per_pageberocket\framework.php:391

actionupgrader_process_completeberocket\framework.php:499

actionadmin_footerberocket\framework.php:1158

actionwp_footerberocket\framework.php:1159

actionadmin_initberocket\framework.php:1273

actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8

actionwp_footerberocket\includes\admin\admin_bar.php:9

filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149

actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4

filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75

filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76

actionadmin_noticesberocket\includes\admin_notices.php:1198

actionadmin_noticesberocket\includes\admin_notices.php:1207

actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210

actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211

actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212

actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213

actionadmin_footerberocket\includes\admin_notices.php:1285

actionadmin_footerberocket\includes\admin_notices.php:1493

actionadmin_footerberocket\includes\admin_notices.php:1922

actionadmin_footerberocket\includes\admin_notices.php:2079

actioninitberocket\includes\custom_post\enable_disable.php:9

actionadmin_initberocket\includes\custom_post\enable_disable.php:10

actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13

actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14

filterpost_classberocket\includes\custom_post\enable_disable.php:16

filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18

actionpre_get_postsberocket\includes\custom_post\sortable.php:22

actionin_admin_footerberocket\includes\custom_post\sortable.php:117

actioninitberocket\includes\custom_post.php:58

filterinitberocket\includes\custom_post.php:59

filteradmin_initberocket\includes\custom_post.php:60

filterwp_insert_post_databerocket\includes\custom_post.php:61

filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71

actionadd_meta_boxesberocket\includes\custom_post.php:128

actionsave_postberocket\includes\custom_post.php:129

filterpost_row_actionsberocket\includes\custom_post.php:130

filterlist_table_primary_columnberocket\includes\custom_post.php:131

actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133

filteris_berocket_settings_pageberocket\includes\custom_post.php:135

actionadmin_footerberocket\includes\custom_post.php:162

actionadmin_noticesberocket\includes\information_notices.php:197

actionadmin_initberocket\includes\updater.php:18

filterwoocommerce_addons_sectionsberocket\includes\updater.php:27

filteris_berocket_settings_pageberocket\includes\updater.php:28

actionadmin_footerberocket\includes\updater.php:30

actionadmin_headberocket\includes\updater.php:39

actionadmin_menuberocket\includes\updater.php:40

actionadmin_menuberocket\includes\updater.php:41

actionnetwork_admin_menuberocket\includes\updater.php:42

actionadmin_initberocket\includes\updater.php:43

filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44

filterplugins_api_resultberocket\includes\updater.php:45

filterhttp_request_host_is_externalberocket\includes\updater.php:48

actionadmin_footerberocket\includes\updater.php:51

actionwp_footerberocket\includes\updater.php:52

filterberocket_display_additional_noticesberocket\includes\updater.php:92

filtercustom_menu_orderberocket\includes\updater.php:98

filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102

filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103

filterplugins_api_resultberocket\includes\updater.php:109

actioninitberocket\includes\updater.php:1413

actionadmin_enqueue_scriptsberocket\sale\sale.php:4

filterberocket_apl_set_label_preventincludes\functions.php:194

filterbrbrands_section_shortcodes_explanation_listincludes\shortcodes.php:4

actionvc_before_initincludes\visual-composer.php:259

actioninitmain.php:156

filterbr_brands_options_to_updatemain.php:159

actioninitmain.php:161

filterberocket_framework_item_content_ajax_buttonmain.php:163

actionwoocommerce_archive_descriptionmain.php:172

actionwidgets_initmain.php:173

actionwoocommerce_duplicate_productmain.php:175

filterwoocommerce_product_export_product_default_columnsmain.php:178

filterwoocommerce_csv_product_import_mapping_optionsmain.php:182

filterwoocommerce_csv_product_import_mapping_default_columnsmain.php:183

filterwoocommerce_product_importer_parsed_datamain.php:184

filterwoocommerce_product_import_inserted_product_objectmain.php:185

filtertemplate_includemain.php:188

actioncurrent_screenmain.php:189

filterberocket_filter_filter_type_arraymain.php:190

filterBeRocket_updater_menu_order_sub_ordermain.php:191

filtershortcode_atts_productsmain.php:193

filterwoocommerce_shortcode_products_querymain.php:194

filterbr_brands_options_to_updatemain.php:196

filterwc_get_templatemain.php:198

filterwoocommerce_get_breadcrumbmain.php:199

actiondivi_extensions_initmain.php:200

filterparent_filemain.php:202

filtersubmenu_filemain.php:203

filterwoocommerce_coupon_is_validmain.php:367

filterwoocommerce_coupon_get_discount_amountmain.php:368

actionwp_footermain.php:375

filterberocket_framework_item_content_toggleswitchmain.php:496

actionberocket_brand_add_form_fieldsmain.php:498

actionberocket_brand_edit_form_fieldsmain.php:499

actioncreated_termmain.php:500

actionedit_termmain.php:501

actionedit_termmain.php:502

actioncreated_termmain.php:503

actiondelete_termmain.php:504

actionedit_postmain.php:505

actionsave_postmain.php:506

filterwoocommerce_product_filtersmain.php:507

actionwoocommerce_coupon_options_usage_restrictionmain.php:508

actionwoocommerce_coupon_options_savemain.php:509

filterwoocommerce_screen_idsmain.php:511

filtermanage_berocket_brand_custom_columnmain.php:513

filtermanage_edit-berocket_brand_columnsmain.php:514

filtermanage_edit-berocket_brand_sortable_columnsmain.php:515

actionpre_get_termsmain.php:517

Maintenance & Trust

Brands for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 14, 2026

PHP min version7.0

Downloads166K

Community Trust

Rating96/100

Number of ratings76

Active installs6K

Alternatives

Brands for WooCommerce Alternatives

Brands for WooCommerce

unlimited-brands-for-woocommerce

Woocommerce Brands Plugin. You can assign poducts to brands. There\'s shortcode to display list of brands, as well as widget that provides filter …

10 No CVEs

Premmerce Brands for WooCommerce

premmerce-woocommerce-brands

This plugin makes it possible to create an unlimited number of brands that can be assigned to the products for better cataloging.

2K 2 CVEs

Smart Brands for WooCommerce

smart-brands-for-woocommerce

100

Create unlimited brands to assign to your products, highlight the brands of the products you sell, and boost sales instantly!

400 No CVEs

WSB Brands

wsb-brands

Complete solution for brands (manufacturers) management in your Woocommerce shop.

60 1 CVE

Brand Coupons for WooCommerce

brand-coupons-for-woocommerce

This plugin displays your brand-restricted discount coupons automatically on the product pages of your WooCommerce store.

10 No CVEs

Developer Profile

Brands for WooCommerce Developer Profile

BeRocket

23 plugins · 139K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

384 days

View full developer profile

Detection Fingerprints

How We Detect Brands for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/brands-for-woocommerce/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/brands-for-woocommerce/css/style.css/wp-content/plugins/brands-for-woocommerce/css/product-edit-page.css/wp-content/plugins/brands-for-woocommerce/css/product-brand-page.css/wp-content/plugins/brands-for-woocommerce/js/product-brand.js/wp-content/plugins/brands-for-woocommerce/js/product-brand-admin.js

Script Paths

/wp-content/plugins/brands-for-woocommerce/js/product-brand.js/wp-content/plugins/brands-for-woocommerce/js/product-brand-admin.js

Version Parameters

brands-for-woocommerce/css/font-awesome/css/font-awesome.min.css?ver=brands-for-woocommerce/css/style.css?ver=brands-for-woocommerce/css/product-edit-page.css?ver=brands-for-woocommerce/css/product-brand-page.css?ver=brands-for-woocommerce/js/product-brand.js?ver=brands-for-woocommerce/js/product-brand-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

br-brand-tabbr-brand-listbr-brand-itembr-brand-thumbbr-brand-titlebr-brand-clear

Data Attributes

data-br-tabdata-brand-id

JS Globals

br_product_brand

REST Endpoints

/wp-json/berocket_brands/v1/search_brands

Shortcode Output

[brands_products][brands_products_by_category][brands_products_by_tag][brands_products_by_brand]

FAQ

Brands for WooCommerce Security & Risk Analysis

Is Brands for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Brands for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Brands for WooCommerce Release Timeline

Brands for WooCommerce Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Brands for WooCommerce Attack Surface

AJAX Handlers 23

Shortcodes 12

Brands for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Brands for WooCommerce Alternatives

Brands for WooCommerce

Premmerce Brands for WooCommerce

Smart Brands for WooCommerce

WSB Brands

Brand Coupons for WooCommerce

Brands for WooCommerce Developer Profile

How We Detect Brands for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Brands for WooCommerce