WP-Safety

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Security & Risk Analysis

wordpress.org/plugins/conditional-extra-fees-for-woocommerce

Add conditional cart fee / Payment processing fee / Extra cost / Extra fees plugin for WooCommerce / Additional fees / Service charge at checkout for …

2K active installs v1.1.49.41 PHP + WP 3.0.1+ Updated Mar 14, 2026
additional-feecart-feeextra-chargeservice-chargewoocommerce-extra-fee
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 31, 2023
Plugin page Download
Safety Verdict

Is PiWeb Conditional cart fee / Extra charge rule for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

PiWeb Conditional cart fee / Extra charge rule for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 31, 2023Updated 20d ago
Risk Assessment

The plugin "conditional-extra-fees-for-woocommerce" v1.1.49.41 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (84%) of output escaping. It also incorporates a reasonable number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. The absence of critical or high-severity taint flows is also a positive sign.

However, there are notable areas of concern. The presence of one unprotected AJAX handler represents a significant entry point that could be exploited without proper authentication. This is amplified by the fact that there is one flow with an unsanitized path identified in the taint analysis, which could potentially lead to vulnerabilities if the unprotected AJAX handler processes that specific flow. The plugin also has a history of a medium-severity Cross-Site Scripting (XSS) vulnerability, last patched in March 2023. While it is currently unpatched, this indicates a past tendency for input sanitization or output escaping issues that require careful monitoring.

Overall, the plugin has strengths in its handling of database queries and general output escaping. However, the unprotected AJAX endpoint and the historical XSS vulnerability necessitate caution. While most code appears secure, the single unprotected entry point and the unsanitized path flow present a tangible risk that should be addressed.

Key Concerns

  • Unprotected AJAX handler
  • Flow with unsanitized path
  • Medium severity vulnerability history (XSS)
Vulnerabilities
1

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-29093medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 31, 2023 Patched in 1.0.97 (298d)
Code Analysis
Analyzed Mar 16, 2026

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
96
507 escaped
Nonce Checks
5
Capability Checks
31
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

84% escaped603 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
handle_tracker_action (admin\class-analytics.php:80)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 4

authwp_ajax_pi_cefw_extra_charge_dynamic_value_productadmin\additional-charges\additional-charges.php:10
authwp_ajax_pi_cefw_extra_charge_dynamic_value_categoryadmin\additional-charges\additional-charges.php:12
authwp_ajax_pisol_cefw_change_statusadmin\class-conditional-fees-rule-woocommerce-add-fees-rule.php:33
authwp_ajax_pisol_cefw_save_methodadmin\class-conditional-fees-rule-woocommerce-add-fees-rule.php:35

Shortcodes 3

[selected_product_qty] public\class-apply-fees.php:163
[qty] public\class-apply-fees.php:165
[selected_product_count] public\class-apply-fees.php:167
WordPress Hooks 54
actionpi_cefw_extra_form_fieldsadmin\additional-charges\additional-charges.php:5
filterpi_cefw_extra_charge_form_dataadmin\additional-charges\additional-charges.php:6
filterpi_cefw_extra_charge_clone_form_dataadmin\additional-charges\additional-charges.php:7
actionpisol_cefw_save_extra_chargeadmin\additional-charges\additional-charges.php:8
actionpi_cefw_additional_charges_tabadmin\additional-charges\cart-quantity-charges.php:10
actionpi_cefw_additional_charges_tab_contentadmin\additional-charges\cart-quantity-charges.php:11
filterpi_cefw_extra_charge_form_dataadmin\additional-charges\cart-quantity-charges.php:13
filterpi_cefw_extra_charge_clone_form_dataadmin\additional-charges\cart-quantity-charges.php:14
actionpisol_cefw_save_extra_chargeadmin\additional-charges\cart-quantity-charges.php:16
filterpi_cefw_add_additional_chargesadmin\additional-charges\cart-quantity-charges.php:18
actionpi_cefw_additional_charges_tabadmin\additional-charges\cart-subtotal-charges.php:10
actionpi_cefw_additional_charges_tab_contentadmin\additional-charges\cart-subtotal-charges.php:11
filterpi_cefw_extra_charge_form_dataadmin\additional-charges\cart-subtotal-charges.php:13
filterpi_cefw_extra_charge_clone_form_dataadmin\additional-charges\cart-subtotal-charges.php:15
actionpisol_cefw_save_extra_chargeadmin\additional-charges\cart-subtotal-charges.php:17
filterpi_cefw_add_additional_chargesadmin\additional-charges\cart-subtotal-charges.php:19
actionpi_cefw_additional_charges_tabadmin\additional-charges\pro-charges.php:6
actionpi_cefw_additional_charges_tab_contentadmin\additional-charges\pro-charges.php:8
actionpi_cefw_additional_charges_tabadmin\additional-charges\weight-based-charges.php:10
actionpi_cefw_additional_charges_tab_contentadmin\additional-charges\weight-based-charges.php:11
filterpi_cefw_extra_charge_form_dataadmin\additional-charges\weight-based-charges.php:13
filterpi_cefw_extra_charge_clone_form_dataadmin\additional-charges\weight-based-charges.php:14
actionpisol_cefw_save_extra_chargeadmin\additional-charges\weight-based-charges.php:15
filterpi_cefw_add_additional_chargesadmin\additional-charges\weight-based-charges.php:17
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
actioninitadmin\class-conditional-fees-rule-woocommerce-list-fees-rules.php:37
actionadmin_menuadmin\class-conditional-fees-rule-woocommerce-menu.php:12
actionpisol_custom_field_cefw_gateway_feesadmin\class-customfields.php:59
filterwoocommerce_available_payment_gatewaysadmin\class-payment-processing-fee.php:59
actionwp_loadedadmin\class-payment-processing-fee.php:118
actionwoocommerce_new_order_itemadmin\class-store-fee.php:18
actionwp_loadedadmin\option.php:99
actionadmin_enqueue_scriptsadmin\selection_rules\pisol_selection_rule_main.php:249
actionwoocommerce_blocks_loadedblock\class-woo-block.php:30
actionwp_enqueue_scriptsblock\class-woo-block.php:31
actionwoocommerce_blocks_loadedblock\class-woo-payment-method.php:29
actionwp_enqueue_scriptsblock\class-woo-payment-method.php:30
actionadmin_noticesconditional-fees-rule-woocommerce.php:43
actionadmin_noticesconditional-fees-rule-woocommerce.php:56
actionbefore_woocommerce_initconditional-fees-rule-woocommerce.php:75
actionadmin_initconditional-fees-rule-woocommerce.php:122
actionplugins_loadedincludes\class-conditional-fees-rule-woocommerce.php:144
actionadmin_enqueue_scriptsincludes\class-conditional-fees-rule-woocommerce.php:159
actionadmin_enqueue_scriptsincludes\class-conditional-fees-rule-woocommerce.php:160
actionwp_enqueue_scriptsincludes\class-conditional-fees-rule-woocommerce.php:175
actionwp_enqueue_scriptsincludes\class-conditional-fees-rule-woocommerce.php:176
actionadmin_footerincludes\pisol.class.form.php:444
actionafter_plugin_row_conditional-extra-fees-for-woocommerce-pro/conditional-fees-rule-woocommerce.phpincludes\Pro_Warning.php:17
actionadmin_noticesincludes\review.php:108
actionwoocommerce_cart_calculate_feespublic\class-apply-fees.php:23
actionwoocommerce_review_order_after_order_totalpublic\class-apply-fees.php:28
actionwoocommerce_cart_calculate_feespublic\class-apply-payment-processing-fee.php:17
Maintenance & Trust

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version
Downloads109K

Community Trust

Rating98/100
Number of ratings37
Active installs2K
Alternatives

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Alternatives

Extra Fees for WooCommerce

Extra Fees for WooCommerce

woo-conditional-product-fees-for-checkout

A
100

Charge extra fees in cart, based on the combination of multiple conditional rules that you configure.

8K No CVEs
Conditional Fees for WooCommerce Lite

Conditional Fees for WooCommerce Lite

woo-add-custom-fee

A
92

Conditional Fees for WooCommerce allows businesses to streamline their pricing strategies. They can apply correct tax rate & abide by regional tax &hellip;

500 No CVEs
Cart Additional Fee For WooCommerce

Cart Additional Fee For WooCommerce

woo-cart-additional-fee

A
100

Add Additional Fee to your Customer Cart Based on Some Filters.

40 No CVEs
WooBooster Additional Charges for WooCommerce

WooBooster Additional Charges for WooCommerce

wb-additional-charges-for-woocommerce

A
100

Our plugin will provide you option to add additional fees directly from the WordPress admin panel and display on the checkout page.

20 No CVEs
Extra Checkout Fee – Woo

Extra Checkout Fee – Woo

extra-checkout-fee-woo

A
85

Here is a short description of the plugin. This should be no more than 150 characters. No markup here.

10 No CVEs
Developer Profile

PiWeb Conditional cart fee / Extra charge rule for WooCommerce Developer Profile

PI Web Solution

30 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect PiWeb Conditional cart fee / Extra charge rule for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/css/bootstrap.css/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/css/conditional-fees-rule-woocommerce-admin.css/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/css/jquery-ui.css/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/css/jquery-confirm.min.css/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/js/jquery-confirm.min.js/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/js/conditional-fees-rule-woocommerce-admin.js
Script Paths
/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/js/jquery-confirm.min.js/wp-content/plugins/conditional-extra-fees-for-woocommerce/admin/js/conditional-fees-rule-woocommerce-admin.js
Version Parameters
conditional-extra-fees-for-woocommerce/admin/css/bootstrap.css?ver=conditional-extra-fees-for-woocommerce/admin/css/conditional-fees-rule-woocommerce-admin.css?ver=conditional-extra-fees-for-woocommerce/admin/css/jquery-ui.css?ver=conditional-extra-fees-for-woocommerce/admin/css/jquery-confirm.min.css?ver=conditional-extra-fees-for-woocommerce/admin/js/jquery-confirm.min.js?ver=conditional-extra-fees-for-woocommerce/admin/js/conditional-fees-rule-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pisol-cefw
HTML Comments
<!-- Conditional extra fees for WooCommerce --><!-- Please Install and Activate WooCommerce plugin, without that this plugin cant work --><!-- Please uninstall/deactivate the Pro version of Conditional fees rule plugin -->
Data Attributes
data-slug="conditional-extra-fees-for-woocommerce"
JS Globals
cefw_variables
FAQ

Frequently Asked Questions about PiWeb Conditional cart fee / Extra charge rule for WooCommerce