WP-Safety

C4D Woo Variation Images Security & Risk Analysis

wordpress.org/plugins/c4d-woo-variation-swatches

C4D WooCommerce Variation Images can show product variation items in images, colors, and label.

100 active installs v1.3.64 PHP + WP 4.0+ Updated Jun 1, 2020
product-attributesvariation-imageswoocommercewoocommerce-attributeswoocommerce-variation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is C4D Woo Variation Images Safe to Use in 2026?

Generally Safe

Score 85/100

C4D Woo Variation Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The c4d-woo-variation-swatches plugin v1.3.64 exhibits a strong security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events, especially those lacking authentication, significantly limits the plugin's attack surface. The code analysis also shows no critical or high severity taint flows, no dangerous functions, and no external HTTP requests, which are all positive indicators.

However, there are areas for improvement. The plugin uses raw SQL queries without prepared statements, which introduces a risk of SQL injection if the data used in these queries is not meticulously sanitized. While the majority of output is properly escaped, a portion is not, presenting a potential cross-site scripting (XSS) vulnerability. The presence of file operations without further context on their usage also warrants caution.

Given the complete lack of historical vulnerabilities, the plugin appears to have been developed with security in mind or has a very small footprint that has avoided discovery. The plugin's strengths lie in its minimal attack surface and good handling of nonces and capability checks. The weaknesses, though not exploitable in a hypothetical scenario without specific data flow, are the unescaped outputs and raw SQL queries.

Key Concerns

  • SQL queries without prepared statements
  • Some output not properly escaped
Vulnerabilities
None known

C4D Woo Variation Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

C4D Woo Variation Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
29
104 escaped
Nonce Checks
5
Capability Checks
13
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

78% escaped133 total outputs
Attack Surface

C4D Woo Variation Images Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 51
filterplugin_row_metac4d-woo-variation-swatches.php:17
actionadmin_enqueue_scriptsc4d-woo-variation-swatches.php:54
actionwp_enqueue_scriptsc4d-woo-variation-swatches.php:55
actionadmin_enqueue_scriptsc4d-woo-variation-swatches.php:56
actionc4d-plugin-manager-sectionc4d-woo-variation-swatches.php:57
actionwoocommerce_after_add_attribute_fieldsc4d-woo-variation-swatches.php:58
actionplugins_loadedc4d-woo-variation-swatches.php:60
filterwoocommerce_cart_item_thumbnailincludes\cart.php:2
actioninitincludes\class-tgm-plugin-activation.php:268
filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:269
actioninitincludes\class-tgm-plugin-activation.php:272
actionadmin_menuincludes\class-tgm-plugin-activation.php:421
actionadmin_headincludes\class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:426
actionadmin_noticesincludes\class-tgm-plugin-activation.php:429
actionadmin_initincludes\class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:431
actionload-plugins.phpincludes\class-tgm-plugin-activation.php:436
actionswitch_themeincludes\class-tgm-plugin-activation.php:439
actionswitch_themeincludes\class-tgm-plugin-activation.php:442
actionadmin_initincludes\class-tgm-plugin-activation.php:447
actionswitch_themeincludes\class-tgm-plugin-activation.php:452
actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:475
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:889
actionplugins_loadedincludes\class-tgm-plugin-activation.php:2112
filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2236
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:2977
actionadmin_initincludes\class-tgm-plugin-activation.php:3147
actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3242
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3301
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3446
actionwoocommerce_after_shop_loop_itemincludes\loop.php:2
actionwoocommerce_after_shop_loop_itemincludes\loop.php:3
actionadd_meta_boxesincludes\metaboxes.php:2
actionwoocommerce_process_product_metaincludes\metaboxes.php:3
actionwoocommerce_after_add_attribute_fieldsincludes\metaboxes.php:4
actionwoocommerce_after_edit_attribute_fieldsincludes\metaboxes.php:5
actionwoocommerce_attribute_addedincludes\metaboxes.php:6
actionwoocommerce_attribute_updatedincludes\metaboxes.php:7
actiontgmpa_registerincludes\required.php:36
actionwoocommerce_before_single_productincludes\single.php:2
actionc4d_woo_qv_before_single_product_summaryincludes\single.php:3
actionyith_wcqv_product_summaryincludes\single.php:4
actionafter_setup_themeincludes\single.php:5
filterwoocommerce_add_cart_itemincludes\single.php:6
filterwoocommerce_add_cart_item_dataincludes\single.php:7
actionwp_enqueue_scriptsincludes\single.php:8
actionwoocommerce_product_write_panel_tabsincludes\tab.php:3
actionwoocommerce_product_data_panelsincludes\tab.php:4
actionwoocommerce_admin_process_product_objectincludes\tab.php:5
Maintenance & Trust

C4D Woo Variation Images Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 1, 2020
PHP min version
Downloads21K

Community Trust

Rating80/100
Number of ratings12
Active installs100
Alternatives

C4D Woo Variation Images Alternatives

Swatchly – Product Variation Swatches for WooCommerce

Swatchly – Product Variation Swatches for WooCommerce

swatchly

A
98

Product Variation Swatches For WooCommerce Products.

6K 2 CVEs
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-variation-swatches

A
100

Beautiful Color, Image and Buttons Variation Swatches For WooCommerce Product Attributes

300K 1 CVE
Additional Variation Images Gallery for WooCommerce

Additional Variation Images Gallery for WooCommerce

woo-variation-gallery

A
92

Allows inserting multiple images per variation to let your store customers to see different sets of images when WooCommerce product variations are swi …

20K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

product-variation-swatches-for-woocommerce

A
100

Variation Swatches for WooCommerce plugin adds button, Image, radio, and color swatches to your product attribute & enhance the product selection.

10K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-product-variation-swatches

A
100

Variation Swatches for WooCommerce change beautiful colors, images and buttons variation swatches for WooCommerce product attributes.

10K 1 CVE
Developer Profile

C4D Woo Variation Images Developer Profile

coffee4dev

18 plugins · 400 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect C4D Woo Variation Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/c4d-woo-variation-swatches/assets/tippy.min.js/wp-content/plugins/c4d-woo-variation-swatches/assets/default.js/wp-content/plugins/c4d-woo-variation-swatches/assets/default.css/wp-content/plugins/c4d-woo-variation-swatches/lib/slick/slick.js/wp-content/plugins/c4d-woo-variation-swatches/assets/jquery.pan.js/wp-content/plugins/c4d-woo-variation-swatches/lib/slick/slick.css/wp-content/plugins/c4d-woo-variation-swatches/lib/slick/slick-theme.css/wp-content/plugins/c4d-woo-variation-swatches/assets/css/jquery.pan.css
Script Paths
/wp-content/plugins/c4d-woo-variation-swatches/assets/tippy.min.js/wp-content/plugins/c4d-woo-variation-swatches/assets/default.js/wp-content/plugins/c4d-woo-variation-swatches/lib/slick/slick.js/wp-content/plugins/c4d-woo-variation-swatches/assets/jquery.pan.js
Version Parameters
c4d-woo-variation-swatches/assets/tippy.min.js?ver=c4d-woo-variation-swatches/assets/default.js?ver=c4d-woo-variation-swatches/assets/default.css?ver=c4d-woo-variation-swatches/lib/slick/slick.js?ver=c4d-woo-variation-swatches/assets/jquery.pan.js?ver=c4d-woo-variation-swatches/lib/slick/slick.css?ver=c4d-woo-variation-swatches/lib/slick/slick-theme.css?ver=c4d-woo-variation-swatches/assets/css/jquery.pan.css?ver=

HTML / DOM Fingerprints

CSS Classes
c4d-woo-vs-single-gallery-replace-class
Data Attributes
c4d-woo-vs-single-gallery-replace-class
JS Globals
c4d_plugin_managerC4DWOOVS_PLUGIN_URI
FAQ

Frequently Asked Questions about C4D Woo Variation Images