WP-Safety

Dynamic AJAX Product Filters for WooCommerce Security & Risk Analysis

wordpress.org/plugins/dynamic-ajax-product-filters-for-woocommerce

Dynamic AJAX Product Filters allow shoppers to quickly filter WooCommerce products by categories, attributes, prices, and more.

700 active installs v1.5.9 PHP 7.0+ WP 4.7+ Updated Mar 30, 2026
ajax-product-filterproduct-filtershop-filterwoocommerce-filterwoocommerce-product-filter
98
A · Safe
CVEs total2
Unpatched0
Last CVEAug 27, 2025
Plugin page Download
Safety Verdict

Is Dynamic AJAX Product Filters for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Dynamic AJAX Product Filters for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Aug 27, 2025Updated 1mo ago
Risk Assessment

This plugin, "dynamic-ajax-product-filters-for-woocommerce" v1.5.8, demonstrates a generally good security posture with several positive indicators. The extensive use of prepared statements for SQL queries and a high percentage of properly escaped output are commendable. The presence of numerous nonce and capability checks further strengthens its defense against common web attacks. However, there are specific areas that warrant concern.

The static analysis reveals two unprotected entry points: one AJAX handler and one REST API route that lacks permission callbacks. This creates a potential attack vector where unauthenticated or unauthorized users could interact with sensitive functionalities. While the taint analysis shows no critical or high-severity unsanitized paths, the presence of two flows with unsanitized paths, even at a lower severity, should be investigated. The plugin also bundles the Select2 library, which, if outdated, could introduce vulnerabilities.

The vulnerability history indicates two past medium-severity CVEs, both related to Cross-Site Scripting (XSS). While there are no currently unpatched vulnerabilities, the nature of past XSS issues suggests that improper input neutralization could be a recurring theme or a potential weakness if not meticulously handled in all input vectors. In conclusion, the plugin has strong foundational security practices, but the identified unprotected entry points, unsanitized taint flows, and past XSS history necessitate careful review and remediation.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • Flows with unsanitized paths (low severity implied)
  • Bundled library (Select2) may be outdated
  • Past medium severity XSS vulnerabilities
Vulnerabilities
2 published

Dynamic AJAX Product Filters for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-6255medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

Aug 27, 2025 Patched in 1.3.8 (1d)
CVE-2025-8073medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter

Aug 27, 2025 Patched in 1.3.8 (1d)
Version History

Dynamic AJAX Product Filters for WooCommerce Release Timeline

v1.5.9Current
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
Code Analysis
Analyzed Mar 16, 2026

Dynamic AJAX Product Filters for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
148
1245 escaped
Nonce Checks
17
Capability Checks
12
File Operations
1
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared18 total queries

Output Escaping

89% escaped1393 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
dapfforwc_reset_settings (admin\admin-page.php:2677)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Dynamic AJAX Product Filters for WooCommerce Attack Surface

Entry Points13
Unprotected2

AJAX Handlers 9

authwp_ajax_dapfforwc_dismiss_slug_check_noticeadmin\admin-notice.php:100
authwp_ajax_dapfforwc_dismiss_ny_noticeadmin\admin-notice.php:119
authwp_ajax_dapfforwc_activate_templateadmin\admin-page.php:2833
authwp_ajax_dapfforwc_send_deactivation_feedbackdynamic-ajax-product-filters-for-woocommerce.php:2414
authwp_ajax_dapfforwc_activate_templatedynamic-ajax-product-filters-for-woocommerce.php:2992
authwp_ajax_woocommerce_get_productsincludes\class-filter-functions.php:53
noprivwp_ajax_woocommerce_get_productsincludes\class-filter-functions.php:54
authwp_ajax_dapfforwc_remind_me_laterincludes\get_review.php:92
authwp_ajax_dapfforwc_review_already_doneincludes\get_review.php:105

REST API Routes 1

GET/wp-json/dynamic-ajax-product-filters-for-woocommerce/v1/attributes/dynamic-ajax-product-filters-for-woocommerce.php:2232

Shortcodes 3

[plugincy_filters] includes\filter-template.php:2660
[plugincy_filters_single] includes\filter-template.php:3034
[plugincy_filters_selected] includes\filter-template.php:3045
WordPress Hooks 150
actionadmin_noticesadmin\admin-notice.php:65
actionadmin_initadmin\admin-notice.php:93
actionadmin_noticesadmin\admin-notice.php:137
actionadmin_menuadmin\admin-page.php:36
filterpre_update_option_dapfforwc_style_optionsadmin\admin-page.php:2496
actionupdated_optionadmin\admin-page.php:2601
actionadmin_post_dapfforwc_clear_cacheadmin\admin-page.php:2650
actionadmin_noticesadmin\admin-page.php:2670
actionadmin_initadmin\admin-page.php:2726
actionadmin_noticesadmin\admin-page.php:2765
actionadmin_headadmin\admin-page.php:2798
actionelementor/initadmin\elementor-category.php:16
actionelementor/editor/after_enqueue_stylesadmin\elementor-category.php:18
actionelementor/elements/categories_registeredadmin\elementor-category.php:65
actionadmin_initadmin\license-page.php:15
actionadmin_noticesadmin\license-page.php:17
actionadmin_initadmin\settings-init.php:428
filtersafe_style_cssdynamic-ajax-product-filters-for-woocommerce.php:1273
actionplugins_loadeddynamic-ajax-product-filters-for-woocommerce.php:1626
actionadmin_noticesdynamic-ajax-product-filters-for-woocommerce.php:1631
actionwp_enqueue_scriptsdynamic-ajax-product-filters-for-woocommerce.php:1644
actionadmin_enqueue_scriptsdynamic-ajax-product-filters-for-woocommerce.php:1645
actionadmin_bar_menudynamic-ajax-product-filters-for-woocommerce.php:1657
actionenqueue_block_editor_assetsdynamic-ajax-product-filters-for-woocommerce.php:2102
actionwp_footerdynamic-ajax-product-filters-for-woocommerce.php:2132
actionrest_api_initdynamic-ajax-product-filters-for-woocommerce.php:2238
filterblock_categories_alldynamic-ajax-product-filters-for-woocommerce.php:2342
actionenqueue_block_editor_assetsdynamic-ajax-product-filters-for-woocommerce.php:2358
filterwoocommerce_product_query_meta_querydynamic-ajax-product-filters-for-woocommerce.php:2364
filterpre_option_woocommerce_hide_out_of_stock_itemsdynamic-ajax-product-filters-for-woocommerce.php:2374
actioninitdynamic-ajax-product-filters-for-woocommerce.php:2408
actionadmin_initdynamic-ajax-product-filters-for-woocommerce.php:2410
actiontemplate_redirectdynamic-ajax-product-filters-for-woocommerce.php:2859
actionwp_headdynamic-ajax-product-filters-for-woocommerce.php:2869
actionwidgets_initdynamic-ajax-product-filters-for-woocommerce.php:2892
actionwoocommerce_archive_descriptiondynamic-ajax-product-filters-for-woocommerce.php:2921
actionwoocommerce_archive_descriptiondynamic-ajax-product-filters-for-woocommerce.php:2924
actionwoocommerce_archive_descriptiondynamic-ajax-product-filters-for-woocommerce.php:2925
actioninitdynamic-ajax-product-filters-for-woocommerce.php:2927
actionwidgets_initdynamic-ajax-product-filters-for-woocommerce.php:3002
actionwidgets_initdynamic-ajax-product-filters-for-woocommerce.php:3078
actionwidgets_initdynamic-ajax-product-filters-for-woocommerce.php:3154
actionwidgets_initdynamic-ajax-product-filters-for-woocommerce.php:3215
actionwp_enqueue_scriptsdynamic-ajax-product-filters-for-woocommerce.php:3225
actioninitdynamic-ajax-product-filters-for-woocommerce.php:3317
filterwp_resource_hintsdynamic-ajax-product-filters-for-woocommerce.php:3322
actionwp_enqueue_scriptsdynamic-ajax-product-filters-for-woocommerce.php:3354
filterstyle_loader_tagdynamic-ajax-product-filters-for-woocommerce.php:3378
filterscript_loader_tagdynamic-ajax-product-filters-for-woocommerce.php:3379
actiontemplate_redirectdynamic-ajax-product-filters-for-woocommerce.php:3386
actionshutdowndynamic-ajax-product-filters-for-woocommerce.php:3405
filterwoocommerce_enable_cart_sessiondynamic-ajax-product-filters-for-woocommerce.php:3415
filterwoocommerce_use_cart_sessiondynamic-ajax-product-filters-for-woocommerce.php:3419
filterwoocommerce_cart_hashdynamic-ajax-product-filters-for-woocommerce.php:3423
actioninitdynamic-ajax-product-filters-for-woocommerce.php:3431
filtershow_admin_bardynamic-ajax-product-filters-for-woocommerce.php:3433
actionsend_headersdynamic-ajax-product-filters-for-woocommerce.php:3436
filterredirect_canonicaldynamic-ajax-product-filters-for-woocommerce.php:3444
filterplugin_row_metadynamic-ajax-product-filters-for-woocommerce.php:3511
actionwp_loadedincludes\analytics.php:40
actionadmin_footerincludes\analytics.php:46
actioninitincludes\blocks_widget_create.php:73
actionelementor/widgets/registerincludes\blocks_widget_create.php:2274
actionelementor/initincludes\blocks_widget_create.php:2284
actioninitincludes\class-filter-functions.php:25
actionwp_loadedincludes\class-filter-functions.php:26
actionpre_get_postsincludes\class-filter-functions.php:32
filterwoocommerce_product_query_meta_queryincludes\class-filter-functions.php:35
actionwoocommerce_product_queryincludes\class-filter-functions.php:38
filterwoocommerce_shortcode_products_queryincludes\class-filter-functions.php:41
filterwoocommerce_rest_product_object_queryincludes\class-filter-functions.php:44
filterposts_clausesincludes\class-filter-functions.php:47
filterwoocommerce_product_data_store_cpt_get_products_queryincludes\class-filter-functions.php:50
actionelementor/query/custom_queryincludes\class-filter-functions.php:61
filterelementor_pro/woocommerce/queryincludes\class-filter-functions.php:62
filterwoo_product_grid_query_argsincludes\class-filter-functions.php:87
filterwc_product_table_query_argsincludes\class-filter-functions.php:90
filterwcpgsk_query_argsincludes\class-filter-functions.php:93
filterwoocommerce_product_filter_query_argsincludes\class-filter-functions.php:98
filterjet-engine/listing/grid/query-argsincludes\class-filter-functions.php:103
filterwoocommerce_blocks_product_grid_query_argsincludes\class-filter-functions.php:108
actionparse_queryincludes\class-filter-functions.php:113
filterposts_searchincludes\class-filter-functions.php:596
actionwp_loadedincludes\class-filter-functions.php:2575
filteret_builder_module_posts_query_argsincludes\class-filter-functions.php:2580
filterfl_builder_loop_query_argsincludes\class-filter-functions.php:2585
filteroxygen_repeater_query_argsincludes\class-filter-functions.php:2590
filterbricks/query/runincludes\class-filter-functions.php:2595
actionwpincludes\class-filter-functions.php:2602
filterget_postsincludes\class-filter-functions.php:2619
filterget_postsincludes\class-filter-functions.php:2625
filterwoocommerce_product_loop_startincludes\class-inject.php:33
filterwoocommerce_shortcode_products_container_classesincludes\class-inject.php:34
filterwoocommerce_post_classincludes\class-inject.php:37
filterpost_classincludes\class-inject.php:38
filterwoocommerce_pagination_argsincludes\class-inject.php:41
actionwoocommerce_after_shop_loopincludes\class-inject.php:42
actioninitincludes\class-inject.php:43
actioninitincludes\class-inject.php:44
actionwoocommerce_after_shop_loopincludes\class-inject.php:48
actionwoocommerce_after_shop_loopincludes\class-inject.php:49
actionwoocommerce_before_shop_loopincludes\class-inject.php:53
actionwoocommerce_before_shop_loopincludes\class-inject.php:54
filterwoocommerce_result_countincludes\class-inject.php:57
actionwoocommerce_before_shop_loopincludes\class-inject.php:58
filterrender_blockincludes\class-inject.php:61
actionwp_footerincludes\class-inject.php:301
filternavigation_markup_templateincludes\class-inject.php:318
filterwp_link_pagesincludes\class-inject.php:321
filterpaginate_links_outputincludes\class-inject.php:327
actionwoocommerce_after_shop_loopincludes\class-inject.php:505
actionwoocommerce_after_shop_loopincludes\class-inject.php:506
filterwoocommerce_pagination_argsincludes\class-inject.php:509
filternavigation_markup_templateincludes\class-inject.php:512
filterpaginate_links_outputincludes\class-inject.php:517
filterrender_blockincludes\class-inject.php:521
filterposts_searchincludes\filter-template.php:1039
actionsave_post_productincludes\filter-template.php:3921
actionwp_trash_postincludes\filter-template.php:3922
actionuntrashed_postincludes\filter-template.php:3927
actiondeleted_postincludes\filter-template.php:3932
actiontransition_post_statusincludes\filter-template.php:3937
actionsave_post_product_variationincludes\filter-template.php:3944
actionwp_trash_postincludes\filter-template.php:3945
actiondeleted_postincludes\filter-template.php:3950
actioncreated_termincludes\filter-template.php:3957
actionedited_termincludes\filter-template.php:3963
actiondelete_termincludes\filter-template.php:3969
actionupdated_post_metaincludes\filter-template.php:3976
actionadded_post_metaincludes\filter-template.php:4004
actiondeleted_post_metaincludes\filter-template.php:4010
actionwoocommerce_product_set_stockincludes\filter-template.php:4018
actionwoocommerce_variation_set_stockincludes\filter-template.php:4019
actionwoocommerce_product_set_visibilityincludes\filter-template.php:4022
actionwoocommerce_product_set_featuredincludes\filter-template.php:4025
actionwoocommerce_product_bulk_edit_saveincludes\filter-template.php:4028
actionwoocommerce_product_quick_edit_saveincludes\filter-template.php:4029
actionwoocommerce_product_import_inserted_product_objectincludes\filter-template.php:4032
actionwoocommerce_product_import_updated_product_objectincludes\filter-template.php:4033
actionwoocommerce_product_csv_importer_doneincludes\filter-template.php:4036
actionwoocommerce_attribute_addedincludes\filter-template.php:4039
actionwoocommerce_attribute_updatedincludes\filter-template.php:4040
actionwoocommerce_attribute_deletedincludes\filter-template.php:4041
actionset_object_termsincludes\filter-template.php:4044
actionwoocommerce_process_product_metaincludes\filter-template.php:4052
actionwoocommerce_save_product_variationincludes\filter-template.php:4053
actionwoocommerce_settings_savedincludes\filter-template.php:4056
actionwoocommerce_tax_settings_savedincludes\filter-template.php:4057
actionadmin_headincludes\get_review.php:6
actionadmin_noticesincludes\get_review.php:87
Maintenance & Trust

Dynamic AJAX Product Filters for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.0
Downloads10K

Community Trust

Rating100/100
Number of ratings10
Active installs700
Alternatives

Dynamic AJAX Product Filters for WooCommerce Alternatives

YITH WooCommerce Ajax Product Filter

YITH WooCommerce Ajax Product Filter

yith-woocommerce-ajax-navigation

A
97

YITH WooCommerce Ajax Product Filter offers you the perfect way to filter all products of your WooCommerce shop.

80K 3 CVEs
Product Filter for WooCommerce by WBW

Product Filter for WooCommerce by WBW

woo-product-filter

A
88

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 9 CVEs
WCAPF – Ajax Product Filter for WooCommerce

WCAPF – Ajax Product Filter for WooCommerce

wc-ajax-product-filter

A
97

Filter WooCommerce products by category, tag, attribute, price, rating, author, meta fields, and keyword using AJAX.

9K 1 CVE
Filter Everything&nbsp;— WordPress & WooCommerce Filters

Filter Everything&nbsp;— WordPress & WooCommerce Filters

filter-everything

A
100

The most flexible filters plugin for WordPress & WooCommerce – filter anything.

50K No CVEs
Advanced AJAX Product Filters

Advanced AJAX Product Filters

woocommerce-ajax-filters

A
92

Fast and flexible AJAX product filters for WooCommerce. Filter by categories, attributes, price, tags, rating, and more. No page reloads.

50K 4 CVEs
Developer Profile

Dynamic AJAX Product Filters for WooCommerce Developer Profile

Plugincy

5 plugins · 960 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic AJAX Product Filters for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/style.css/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/app.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/vendor.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery-ui.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery.validate.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/nouislider.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/nouislider.min.css/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/jquery-ui.css
Script Paths
/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery-ui.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery.validate.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/nouislider.min.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/vendor.js/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/app.js
Version Parameters
/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/style.css?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery-ui.min.js?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/jquery.validate.min.js?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/nouislider.min.js?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/vendor.js?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/js/app.js?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/nouislider.min.css?ver=/wp-content/plugins/dynamic-ajax-product-filters-for-woocommerce/assets/css/jquery-ui.css?ver=

HTML / DOM Fingerprints

CSS Classes
dapfforwc-widget-containerdapfforwc-filter-wrapperdapfforwc-widget-titledapfforwc-search-fielddapfforwc-range-sliderdapfforwc-price-range-filter
HTML Comments
<!-- DAPFFORWC START --><!-- DAPFFORWC END -->
Data Attributes
data-dapfforwc-widget-iddata-dapfforwc-filter-type
JS Globals
dapfforwc_ajax_object
FAQ

Frequently Asked Questions about Dynamic AJAX Product Filters for WooCommerce