WP-Safety

Enhancements for WooCommerce Security & Risk Analysis

wordpress.org/plugins/enhancements-for-woocommerce

Enhancements for WooCommerce helps to improve the functionality of WooCommerce with several modules.

50 active installs v1.1.1 PHP 8.1+ WP 5.8+ Updated Feb 10, 2025
codemoduleswoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Enhancements for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Enhancements for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "enhancements-for-woocommerce" plugin v1.1.1 demonstrates some positive security practices, including the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output, indicating attention to common web vulnerabilities. The absence of known CVEs and a clean vulnerability history are also favorable signs, suggesting a generally well-maintained codebase. However, a significant security concern arises from the presence of three AJAX handlers, all of which lack authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users, potentially leading to unauthorized actions or information disclosure if these handlers perform sensitive operations. While the taint analysis did not reveal critical or high-severity issues, the single flow with an unsanitized path warrants attention, even if its impact is currently unknown. The plugin also bundles the Freemius library, which, while not inherently problematic, could pose a risk if it's outdated or contains its own vulnerabilities, though no specific version issues are noted here.

Overall, the plugin's secure handling of SQL and output is commendable. Nevertheless, the unprotected AJAX endpoints are a glaring weakness that significantly elevates the risk profile. The plugin's lack of historical vulnerabilities is a good indicator, but it does not negate the immediate risks presented by the unprotected entry points. A balanced assessment suggests that while the plugin has foundational security strengths, the unprotected AJAX functionality represents a critical area requiring immediate remediation to achieve a robust security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flow with unsanitized paths
  • Bundled Freemius v1.0
Vulnerabilities
None known

Enhancements for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Enhancements for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
165 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

96% escaped172 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<AdminCostOfGoods> (src\Snippets\AdminCostOfGoods.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Enhancements for WooCommerce Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_wsn_togglesrc\Plugin.php:54
authwp_ajax_wsn_savesrc\Plugin.php:72
authwp_ajax_wsn_fetch_tooltipsrc\Plugin.php:108
WordPress Hooks 49
actionadmin_menusrc\Plugin.php:41
actionadmin_enqueue_scriptssrc\Plugin.php:43
actionwp_enqueue_scriptssrc\Plugin.php:145
actionwoocommerce_product_options_pricingsrc\Snippets\AdminCostOfGoods.php:52
actionwoocommerce_process_product_metasrc\Snippets\AdminCostOfGoods.php:53
actionwoocommerce_variation_options_pricingsrc\Snippets\AdminCostOfGoods.php:56
actionwoocommerce_save_product_variationsrc\Snippets\AdminCostOfGoods.php:57
filtermanage_edit-shop_order_columnssrc\Snippets\AdminCostOfGoods.php:60
filtermanage_woocommerce_page_wc-orders_columnssrc\Snippets\AdminCostOfGoods.php:61
actionmanage_shop_order_posts_custom_columnsrc\Snippets\AdminCostOfGoods.php:62
actionmanage_woocommerce_page_wc-orders_custom_columnsrc\Snippets\AdminCostOfGoods.php:63
filterwoocommerce_product_add_to_cart_textsrc\Snippets\ArchiveCartButtonOnbackorder.php:47
actionwoocommerce_cart_is_emptysrc\Snippets\CartChangeYourCartIsEmptyText.php:50
actionwoocommerce_proceed_to_checkoutsrc\Snippets\CartDisplayOrderTotalWeight.php:49
filterwoocommerce_cart_item_namesrc\Snippets\CartDisplayStockAvailability.php:36
actionwoocommerce_cart_is_emptysrc\Snippets\CartEmptyCartCustomMessage.php:72
actionwoocommerce_review_order_before_paymentsrc\Snippets\CheckoutAddTitleToPaymentSection.php:45
filterwoocommerce_checkout_fieldssrc\Snippets\CheckoutChangeFieldsLabels.php:162
filtergettextsrc\Snippets\CheckoutChangeSendToShippingHeading.php:45
actionwoocommerce_before_checkout_formsrc\Snippets\CheckoutContinueShopping.php:53
filterwoocommerce_billing_fieldssrc\Snippets\CheckoutEmailOnTop.php:39
filterwoocommerce_checkout_fieldssrc\Snippets\CheckoutRemoveCheckoutFields.php:159
actionwoocommerce_after_checkout_formsrc\Snippets\CheckoutRemoveShippingAddressOnLocalPickup.php:39
filterwoocommerce_order_button_textsrc\Snippets\CheckoutRenamePlaceOrder.php:46
filterwoocommerce_available_payment_gatewayssrc\Snippets\CheckoutRenamePlaceOrderBacsCod.php:53
actionwoocommerce_product_options_stocksrc\Snippets\GeneralAddSecondStockLocation.php:46
actionsave_post_productsrc\Snippets\GeneralAddSecondStockLocation.php:47
filterwoocommerce_product_get_stock_quantitysrc\Snippets\GeneralAddSecondStockLocation.php:48
filterwoocommerce_product_get_stock_statussrc\Snippets\GeneralAddSecondStockLocation.php:54
filterwoocommerce_payment_complete_reduce_order_stocksrc\Snippets\GeneralAddSecondStockLocation.php:60
filterwoocommerce_is_purchasablesrc\Snippets\GeneralCatalogAndForm.php:63
actionwoocommerce_single_product_summarysrc\Snippets\GeneralCatalogAndForm.php:64
filterwoocommerce_product_single_add_to_cart_textsrc\Snippets\GeneralChangeAddToCartButtonText.php:49
filterwoocommerce_product_add_to_cart_textsrc\Snippets\GeneralChangeAddToCartButtonText.php:50
filterwoocommerce_get_price_htmlsrc\Snippets\GeneralChangeVariablePriceRangeText.php:55
filterwoocommerce_get_price_htmlsrc\Snippets\GeneralChangeZeroPriceToFree.php:49
actionwp_enqueue_scriptssrc\Snippets\GeneralDisbleHomePageCartFragments.php:39
filterwoocommerce_package_ratessrc\Snippets\GeneralHideShippingWhenFree.php:43
actionwoocommerce_sharesrc\Snippets\SingleAddBackToCategory.php:48
actionwoocommerce_after_add_to_cart_buttonsrc\Snippets\SingleAutoApplyCoupon.php:58
actionwoocommerce_add_to_cartsrc\Snippets\SingleAutoApplyCoupon.php:59
filterwoocommerce_product_single_add_to_cart_textsrc\Snippets\SingleCartButtonOnbackorder.php:45
filterwoocommerce_product_related_products_headingsrc\Snippets\SingleChangeRelatedProductsHeading.php:51
filterwoocommerce_product_loop_startsrc\Snippets\SingleChangeRelatedProductsHeading.php:52
actionwoocommerce_single_product_summarysrc\Snippets\SingleSaveTextSales.php:48
filterwoocommerce_available_variationsrc\Snippets\SingleSaveTextSales.php:49
actionwoocommerce_before_add_to_cart_formsrc\Snippets\SingleStockProgressBar.php:43
filterwoocommerce_get_availabilitysrc\Snippets\SingleStockProgressBar.php:44
filterwoocommerce_format_stock_quantitysrc\Snippets\SingleStockQuantitySuffix.php:48
Maintenance & Trust

Enhancements for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 10, 2025
PHP min version8.1
Downloads2K

Community Trust

Rating100/100
Number of ratings9
Active installs50
Alternatives

Enhancements for WooCommerce Alternatives

YITH WooCommerce Ajax Search

YITH WooCommerce Ajax Search

yith-woocommerce-ajax-search

A
95

YITH WooCommerce Ajax Search allows your users to search products in real time.

40K 4 CVEs
Ultimate FAQ Accordion Plugin

Ultimate FAQ Accordion Plugin

ultimate-faqs

A
89

Full-featured FAQ and accordion plugin with advanced search, simple UI and easy-to-use FAQ blocks and shortcodes.

30K 6 CVEs
Futurio Extra

Futurio Extra

futurio-extra

A
96

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs
Kaya QR Code Generator

Kaya QR Code Generator

kaya-qr-code-generator

A
99

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs
UPI QR Code Payment Gateway for WooCommerce

UPI QR Code Payment Gateway for WooCommerce

upi-qr-code-payment-for-woocommerce

A
99

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, PhonePe or any banking UPI app.

20K 1 CVE
Developer Profile

Enhancements for WooCommerce Developer Profile

Mike Pap

2 plugins · 250 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Enhancements for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/enhancements-for-woocommerce/assets/dist/wsn.iife.js/wp-content/plugins/enhancements-for-woocommerce/assets/dist/style.css
Script Paths
/wp-content/plugins/enhancements-for-woocommerce/assets/dist/wsn.iife.js
Version Parameters
enhancements-for-woocommerce/assets/dist/wsn.iife.js?ver=enhancements-for-woocommerce/assets/dist/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
wsn-settings-pagewsn-settings-wrap
HTML Comments
<!-- WSN Settings --><!-- WSN Settings END --><!-- WSN Snippets Settings --><!-- WSN Snippets Settings END -->
Data Attributes
data-wsn-iddata-wsn-noncedata-wsn-save-url
JS Globals
wsn_ajax_object
REST Endpoints
/wp-json/enhancements-for-woocommerce/v1/settings
FAQ

Frequently Asked Questions about Enhancements for WooCommerce