WP-Safety

Easy Woocommerce Customizer Security & Risk Analysis

wordpress.org/plugins/easy-woocommerce-customizer

Easily customize your WooCommerce store with tons of options without writing a single code. More than 30+ woocommerce custom options

60 active installs v1.0.2 PHP + WP 3.0.0+ Updated Jan 4, 2017
customizeeasy-woocommerce-customizewoocommercewoocommerce-filterswoocommerce-shop
63
C · Use Caution
CVEs total1
Unpatched1
Last CVESep 8, 2025
Plugin page Download
Safety Verdict

Is Easy Woocommerce Customizer Safe to Use in 2026?

Use With Caution

Score 63/100

Easy Woocommerce Customizer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 8, 2025Updated 9yr ago
Risk Assessment

The "easy-woocommerce-customizer" plugin v1.0.2 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and performing nonce checks on its entry points, significant concerns arise from its attack surface and output sanitization. The presence of two AJAX handlers without authentication checks is a critical vulnerability, creating a wide opening for attackers to potentially execute unauthorized actions. Furthermore, only 5% of output is properly escaped, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, especially given that its historical vulnerability primarily involved XSS.

The taint analysis, while not revealing critical or high severity flows, shows two flows with unsanitized paths, which, combined with the poor output escaping, is concerning. The single medium-severity CVE related to XSS from 2025 suggests a recurring pattern of input validation and output sanitization issues. The overall picture is one of a plugin with some foundational security awareness but lacking robust defenses against common web attacks, particularly when it comes to handling user-supplied input and securing its AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
  • Unsanitized taint flows
  • Unpatched medium severity CVE
  • Use of dangerous function (unserialize)
  • Use of dangerous function (create_function)
Vulnerabilities
1

Easy Woocommerce Customizer Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-59006medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Woocommerce Customizer <= 1.0.2 - Reflected Cross-Site Scripting

Sep 8, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Easy Woocommerce Customizer Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
161
9 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_filter('wp_mail_content_type',create_function('', 'return "text/html"; ')); //send html formatedadmin-contact.php:85
unserializereturn unserialize( gzuncompress( stripslashes( call_user_func( 'base'. '64' .'_decode', rtrim( strtoptions\functions\helpers.php:84

Output Escaping

5% escaped170 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ewc_html_form_code (admin-contact.php:43)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Easy Woocommerce Customizer Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_cs-get-iconsoptions\functions\actions.php:44
authwp_ajax_cs-export-optionsoptions\functions\actions.php:68

Shortcodes 1

[ewc_contact_form] admin-contact.php:110
WordPress Hooks 41
filterwp_mail_content_typeadmin-contact.php:85
actioninitadmin-contact.php:123
filterquery_varsadmin-contact.php:137
filterwoocommerce_account_menu_itemsadmin-contact.php:183
actionwoocommerce_account_contact-to-admin_endpointadmin-contact.php:193
actionadmin_initeasy-woocommerce-customizer.php:26
actionadmin_noticeseasy-woocommerce-customizer.php:29
filterwoocommerce_product_add_to_cart_texthooks.php:12
filterwoocommerce_product_single_add_to_cart_texthooks.php:21
filterwoocommerce_product_add_to_cart_texthooks.php:28
filterwoocommerce_product_add_to_cart_texthooks.php:63
filterwoocommerce_product_single_add_to_cart_texthooks.php:65
filterwoocommerce_checkout_fieldshooks.php:89
filterwoocommerce_checkout_fieldshooks.php:132
filterwoocommerce_checkout_fieldshooks.php:163
filterwoocommerce_checkout_fieldshooks.php:182
actionwoocommerce_before_checkout_formhooks.php:202
filterwoocommerce_checkout_login_messagehooks.php:213
filterwoocommerce_variable_free_price_htmlhooks.php:235
filterwoocommerce_free_price_htmlhooks.php:236
filterwoocommerce_variation_free_price_htmlhooks.php:237
filterwoocommerce_sale_flashhooks.php:249
filterget_product_search_formhooks.php:261
filterwoocommerce_catalog_orderbyhooks.php:282
actioninithooks.php:306
actioninithooks.php:314
actioninitoptions\cs-framework.php:44
actionadmin_footeroptions\functions\actions.php:88
actioncustomize_controls_print_footer_scriptsoptions\functions\actions.php:89
actionadmin_enqueue_scriptsoptions\functions\enqueue.php:39
filtercs_sanitize_textoptions\functions\sanitize.php:14
filtercs_sanitize_textareaoptions\functions\sanitize.php:32
filtercs_sanitize_checkboxoptions\functions\sanitize.php:58
filtercs_sanitize_switcheroptions\functions\sanitize.php:59
filtercs_sanitize_image_selectoptions\functions\sanitize.php:88
filtercs_sanitize_groupoptions\functions\sanitize.php:104
filtercs_sanitize_titleoptions\functions\sanitize.php:119
filtercs_sanitize_cleanoptions\functions\sanitize.php:134
filtercs_validate_emailoptions\functions\validate.php:18
filtercs_validate_numericoptions\functions\validate.php:37
filtercs_validate_requiredoptions\functions\validate.php:54
Maintenance & Trust

Easy Woocommerce Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedJan 4, 2017
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

Easy Woocommerce Customizer Alternatives

Customizer for WooCommerce

Customizer for WooCommerce

woo-customize

A
85

A simple and easy way to Customize woocommerce, disable unwanted checkout feelds, free checkout, chenge WooCommerce button names and change colour sch &hellip;

1K No CVEs
Customize Checkout and Buttons for WooCommerce

Customize Checkout and Buttons for WooCommerce

customize-checkout-and-buttons-for-woocommerce

A
85

An easy way to Customize WooCommerce plugin generated pages and contents. Disable unwanted checkout feelds, free checkout customization and change Woo &hellip;

100 No CVEs
Customizer for WooCommerce

Customizer for WooCommerce

woocommerce-customizer

A
100

Helps you customize WooCommerce without writing any code!

30K No CVEs
Simple Discount Badge for Woocommerce

Simple Discount Badge for Woocommerce

simple-discount-badge

A
85

Add a simple discount badge to woocommerce powered website.

70 No CVEs
All in One Woo

All in One Woo

all-in-one-woo

A
85

This plugin helps you customize WooCommerce without writing any code! All in One Woo plugin allows WordPress/WooCommerce admin to rename the default l &hellip;

10 No CVEs
Developer Profile

Easy Woocommerce Customizer Developer Profile

themebon

13 plugins · 1K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Woocommerce Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-woocommerce-customizer/hooks.php/wp-content/plugins/easy-woocommerce-customizer/admin-contact.php

HTML / DOM Fingerprints

CSS Classes
ucf_formucf_fielducf_buttonucf_label_successucf_label_alert
Data Attributes
svalue
Shortcode Output
[ewc_contact_form]
FAQ

Frequently Asked Questions about Easy Woocommerce Customizer