WP-Safety

Display product variations dropdown on shop page Security & Risk Analysis

wordpress.org/plugins/display-product-variations-dropdown-on-shop-page

Display WooCommerce product variations dropdown on shop page and category page.

300 active installs v1.1.3 PHP 7.0+ WP 4.7+ Updated May 31, 2024
variationsvariations-dropdownvariations-shop-pagewoocommerce
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 4, 2025
Plugin page Download
Safety Verdict

Is Display product variations dropdown on shop page Safe to Use in 2026?

Mostly Safe

Score 70/100

Display product variations dropdown on shop page is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 4, 2025Updated 1yr ago
Risk Assessment

The "display-product-variations-dropdown-on-shop-page" plugin version 1.1.3 presents a mixed security posture. While it demonstrates good practice by using prepared statements for all its SQL queries and performing no external HTTP requests or file operations, several critical security concerns emerge from the static analysis and vulnerability history. The plugin has a notable attack surface, with one AJAX handler lacking any authentication checks, making it a direct target for unauthorized actions. Furthermore, the complete absence of nonce checks on its entry points, especially the unprotected AJAX handler, significantly amplifies the risk of Cross-Site Request Forgery (CSRF) attacks. The vulnerability history, including a past medium-severity issue related to missing authorization, reinforces the pattern of inadequate access control within the plugin. This, combined with the current unprotected AJAX endpoint, suggests a recurring weakness in ensuring that only legitimate users can interact with the plugin's functionality. Despite the positive aspects like prepared SQL statements, the identified unprotected entry points and the historical pattern of authorization issues warrant a cautious approach and recommend immediate remediation.

Key Concerns

  • AJAX handler without authorization checks
  • No nonce checks on entry points
  • Unpatched medium severity CVE
  • Low percentage of properly escaped output
Vulnerabilities
1

Display product variations dropdown on shop page Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32226medium · 4.3Missing Authorization

Display product variations dropdown on shop page <= 1.1.3 - Missing Authorization

Apr 4, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Display product variations dropdown on shop page Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
53
27 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

34% escaped80 total outputs
Attack Surface
1 unprotected

Display product variations dropdown on shop page Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_niwoovdincludes\ni-variation-dropdown-shop-page-init.php:9
WordPress Hooks 10
actionactivated_plugindisplay-variation-dropdown-on-shop-page.php:24
filterplugin_action_linksdisplay-variation-dropdown-on-shop-page.php:25
actionwoocommerce_before_shop_loopincludes\ni-variation-dropdown-hook.php:7
filterwoocommerce_dropdown_variation_attribute_options_argsincludes\ni-variation-dropdown-hook.php:8
actionwoocommerce_product_options_inventory_product_dataincludes\ni-variation-dropdown-hook.php:9
actionwoocommerce_process_product_metaincludes\ni-variation-dropdown-hook.php:10
actionwoocommerce_after_shop_loop_itemincludes\ni-variation-dropdown-hook.php:45
actionadmin_menuincludes\ni-variation-dropdown-shop-page-init.php:7
actionadmin_enqueue_scriptsincludes\ni-variation-dropdown-shop-page-init.php:8
actionwp_footerincludes\ni-variation-dropdown-shop-page-init.php:11
Maintenance & Trust

Display product variations dropdown on shop page Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 31, 2024
PHP min version7.0
Downloads13K

Community Trust

Rating100/100
Number of ratings3
Active installs300
Alternatives

Display product variations dropdown on shop page Alternatives

Show Variations as Single Products for WooCommerce

Show Variations as Single Products for WooCommerce

woo-show-single-variations-shop-category

A
99

Display WooCommerce product variations as individual products on shop, category, and tag pages — helping customers find and buy exactly what they want &hellip;

500 1 CVE
Show only lowest prices in variable products for WooCommerce

Show only lowest prices in variable products for WooCommerce

show-only-lowest-prices-in-woocommerce-variable-products

A
100

Clean up your variable product prices by showing only the lowest price instead of confusing price ranges. Now with customizable settings!

7K No CVEs
WPC Variation Swatches for WooCommerce

WPC Variation Swatches for WooCommerce

wpc-variation-swatches

A
100

WPC Variation Swatches is a beautiful color, image, radio and buttons variation swatches for WooCommerce product attributes.

7K No CVEs
YITH Essential Kit for WooCommerce #1

YITH Essential Kit for WooCommerce #1

yith-essential-kit-for-woocommerce-1

A
98

The YITH Essential Kit for WooCommerce #1 plugin enhance your WordPress site with this group of impressive features for WooCommerce.

5K 2 CVEs
WC Variations Radio Buttons

WC Variations Radio Buttons

wc-variations-radio-buttons

A
92

Variations Radio Buttons for WooCommerce. Let your customers choose product variations using radio buttons instead of dropdowns.

3K No CVEs
Developer Profile

Display product variations dropdown on shop page Developer Profile

Anzar Ahmed

25 plugins · 5K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
228 days
View full developer profile
Detection Fingerprints

How We Detect Display product variations dropdown on shop page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/css/lib/bootstrap.min.css/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/lib/bootstrap.min.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/lib/popper.min.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/css/niwoovd-style.css/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/niwoovd-setting.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/script.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/css/font-awesome.css/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/amcharts/amcharts.js+2 more
Script Paths
/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/lib/bootstrap.min.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/lib/popper.min.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/niwoovd-setting.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/script.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/amcharts/amcharts.js/wp-content/plugins/display-variation-dropdown-on-shop-page/admin/js/amcharts/light.js+1 more

HTML / DOM Fingerprints

CSS Classes
niwoovd-bootstrap-cssniwoovd-styleniwoovd-font-awesome-cssniwoovd-amcharts-scriptniwoovd-light-scriptniwoovd-pie-script
Data Attributes
niwoovd-ajaxurl
JS Globals
niwoovd_ajax_object
FAQ

Frequently Asked Questions about Display product variations dropdown on shop page