Does DesignO have any unpatched vulnerabilities?

Yes — DesignO currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is DesignO compatible with WordPress 6.8.5?

According to WordPress.org data, DesignO 2.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is DesignO updated?

DesignO was last updated on Nov 14, 2025. Frequent updates are generally a positive security signal.

What is DesignO's security score?

DesignO has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DesignO Security & Risk Analysis

wordpress.org/plugins/designo

DesignO - an API-driven, easy-to-use, and works everywhere online designer tool.

60 active installs v2.5.0 PHP + WP 4.7+ Updated Nov 14, 2025

product-customizerproduct-designerproduct-personalizerweb-to-printweb2print

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is DesignO Safe to Use in 2026?

Mostly Safe

Score 79/100

DesignO is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 4mo ago

Risk Assessment

The designo plugin v2.5.0 exhibits a mixed security posture. While it shows strengths in output escaping and avoids dangerous functions and file operations, significant concerns arise from its attack surface and lack of security checks on entry points. The presence of two AJAX handlers without authentication checks is a critical vulnerability, potentially allowing unauthorized actions. Furthermore, the absence of any nonce checks across the plugin, combined with zero capability checks, amplifies the risk associated with these unprotected entry points. The taint analysis reveals a high number of flows with unsanitized paths, although thankfully none were classified as critical or high severity. This suggests potential for various injection attacks if malicious data is processed without proper sanitization, especially in conjunction with the unprotected AJAX handlers.

The plugin's vulnerability history, specifically a single medium-severity CVE for Cross-Site Request Forgery (CSRF) that remains unpatched, further highlights areas requiring immediate attention. While the number of CVEs is low, the existence of an unpatched vulnerability indicates a pattern of potential security oversights and a need for more rigorous patching processes. The previous CSRF vulnerability suggests a recurring theme of insufficient protection against forged requests. In conclusion, designo v2.5.0 has some positive security practices, but the unprotected entry points, lack of nonce and capability checks, and an unpatched CSRF vulnerability present significant risks that warrant prompt remediation.

Key Concerns

Unprotected AJAX handlers
No nonce checks
No capability checks
Unpatched medium CVE (CSRF)
10 unsanitized taint flows
50% SQL queries not prepared

Vulnerabilities

DesignO Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31600medium · 4.3Cross-Site Request Forgery (CSRF)

DesignO <= 2.2.0 - Cross-Site Request Forgery

Mar 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

DesignO Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

200 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared12 total queries

Output Escaping

93% escaped216 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

11 flows10 with unsanitized paths

<design-tool> (design-tool.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

DesignO Attack Surface

Entry Points15

Unprotected2

AJAX Handlers 2

authwp_ajax_designnbuy_ajax_add_to_cartdesigno.php:1758

noprivwp_ajax_designnbuy_ajax_add_to_cartdesigno.php:1759

REST API Routes 13

POST/wp-json/designo/v1/login/verifyclass.designo-rest-api.php:5

POST/wp-json/designo/v1/studio/loginclass.designo-rest-api.php:16

POST/wp-json/designo/v1/studio/logoutclass.designo-rest-api.php:27

GET/wp-json/designo/v1/productclass.designo-rest-api.php:38

GET/wp-json/designo/v1/categoriesclass.designo-rest-api.php:48

GET/wp-json/designo/v1/category/productsclass.designo-rest-api.php:58

GET/wp-json/designo/v1/product/optionsclass.designo-rest-api.php:71

POST/wp-json/designo/v1/product/priceclass.designo-rest-api.php:82

POST/wp-json/designo/v1/studio/registerclass.designo-rest-api.php:93

POST/wp-json/designo/v1/cart/add-itemclass.designo-rest-api.php:104

POST/wp-json/designo/v1/customer/detailsclass.designo-rest-api.php:116

GET/wp-json/designo/v1/ordersclass.designo-rest-api.php:127

POST/wp-json/designo/v1/refresh-tokenclass.designo-rest-api.php:135

WordPress Hooks 52

actionrest_api_initclass.designo-rest-api.php:4

actionrest_api_initclass.designo-rest-api.php:15

actionrest_api_initclass.designo-rest-api.php:26

actionrest_api_initclass.designo-rest-api.php:37

actionrest_api_initclass.designo-rest-api.php:47

actionrest_api_initclass.designo-rest-api.php:57

actionrest_api_initclass.designo-rest-api.php:70

actionrest_api_initclass.designo-rest-api.php:81

actionrest_api_initclass.designo-rest-api.php:92

actionrest_api_initclass.designo-rest-api.php:103

actionrest_api_initclass.designo-rest-api.php:115

actionrest_api_initclass.designo-rest-api.php:126

actionrest_api_initclass.designo-rest-api.php:134

actionwidgets_initcustom_wooCommerce_cart_widget.php:23

actionplugins_loadeddesigno.php:26

actionadmin_noticesdesigno.php:43

actioninitdesigno.php:148

filterquery_varsdesigno.php:158

filterwoocommerce_account_menu_itemsdesigno.php:170

actionwoocommerce_account_my-designs_endpointdesigno.php:181

actionwoocommerce_account_my-quotes_endpointdesigno.php:201

actionwoocommerce_account_my-messages_endpointdesigno.php:305

filterthe_titledesigno.php:307

filterpage_templatedesigno.php:331

actionwp_headdesigno.php:335

actionadmin_menudesigno.php:350

actionwp_enqueue_scriptsdesigno.php:823

actionwp_enqueue_scriptsdesigno.php:870

actionwp_headdesigno.php:1045

actionwoocommerce_new_order_itemdesigno.php:1238

filterwoocommerce_order_item_get_formatted_meta_datadesigno.php:1282

actionwoocommerce_cart_calculate_feesdesigno.php:1295

actionwoocommerce_before_calculate_totalsdesigno.php:1313

actionwoocommerce_cart_item_thumbnaildesigno.php:1358

actionsave_postdesigno.php:1510

filterwoocommerce_order_again_cart_item_datadesigno.php:1530

actionwoocommerce_after_add_to_cart_buttondesigno.php:1763

filterwoocommerce_cart_item_quantitydesigno.php:1890

actionwoocommerce_checkout_create_order_line_itemdesigno.php:1899

filterwoocommerce_get_item_datadesigno.php:1915

filterwoocommerce_add_cart_item_datadesigno.php:1933

actionwoocommerce_add_to_cart_validationdesigno.php:2117

actionwoocommerce_before_add_to_cart_buttondesigno.php:2162

actionwoocommerce_before_add_to_cart_quantitydesigno.php:2693

filterwc_get_templatedesigno.php:2809

actioninitdesigno.php:2812

actionwoocommerce_after_shop_loop_itemdesigno.php:2817

filterauto_update_plugindesigno.php:2828

filtersite_transient_update_pluginsdesigno.php:2838

actionwoocommerce_before_single_product_summarydesigno.php:2846

actionwoocommerce_product_thumbnailsdesigno.php:2852

actionwpdesigno.php:2894

Maintenance & Trust

DesignO Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 14, 2025

PHP min version

Downloads9K

Community Trust

Rating72/100

Number of ratings10

Active installs60

Alternatives

DesignO Alternatives

Zakeke Interactive Product Designer for WooCommerce

zakeke-interactive-product-designer

100

Let your buyers customize and view their personalized product before purchasing. Get happy customers buying from you and coming back for more.

2K No CVEs

Printcart Web to Print Product Designer for WooCommerce

printcart-integration

Printcart helps Printing startup founders and entrepreneurs to boost sales of their Custom Printed Products globally and effortlessly.

100 1 unpatched

Printlane™ Product Designer

colorlab

100

WooCommerce integration of Printlane™ Interactive Product Designer

70 No CVEs

Smart Customizer for WooCommerce

smart-customizer-for-woocommerce

Allow your customers to customize and preview their personalized products before making a purchase. Maximize profits and customer satisfaction.

60 No CVEs

PickPlugins Product Designer for WooCommerce

product-designer

Ready product designer plugin for WooCommerce

600 3 CVEs

Developer Profile

DesignO Developer Profile

designnbuy

1 plugin · 60 total installs

trust score

Avg Security Score

79/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DesignO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/designo/css/designo-style.css/wp-content/plugins/designo/js/designo.js

Script Paths

/wp-content/plugins/designo/js/designo.js

Version Parameters

designo/style.css?ver=designo.js?ver=

HTML / DOM Fingerprints

CSS Classes

designo_editor

Data Attributes

data-src

JS Globals

designo_rest_api

REST Endpoints

/wp-json/designo-rest-api/v1/store-settings/wp-json/designo-rest-api/v1/get-product-info

FAQ