WP-Safety

Extra Product Options for WooCommerce Security & Risk Analysis

wordpress.org/plugins/extra-product-options-for-woocommerce

Add 22+ custom fields to WooCommerce products with nested conditional logic, custom pricing, and advanced display rules.

600 active installs v4.4.6 PHP 7.4+ WP 6.1+ Updated Feb 14, 2026
conditional-logicproduct-addonswoocommerce-custom-fieldswoocommerce-product-addonswoocommerce-product-options
99
A · Safe
CVEs total2
Unpatched0
Last CVEJun 6, 2024
Download
Safety Verdict

Is Extra Product Options for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Extra Product Options for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 6, 2024Updated 1mo ago
Risk Assessment

The 'extra-product-options-for-woocommerce' plugin v4.4.6 presents a mixed security posture. On the positive side, the code analysis shows strong adherence to good security practices, with a very high percentage of output escaping and prepared statements for SQL queries. The presence of numerous nonce and capability checks further indicates an effort to secure various functionalities. However, a significant concern arises from the 19 AJAX handlers, one of which lacks any authentication checks, creating a direct entry point for potential abuse. The absence of any critical or high-severity taint analysis findings is encouraging, but the plugin's history of two medium-severity vulnerabilities, specifically Missing Authorization and Cross-site Scripting, coupled with the recent discovery of a vulnerability on 2024-06-06, suggests a recurring pattern that warrants vigilance. While the current version appears to have addressed past issues, the single unprotected AJAX endpoint and the historical vulnerability types are points of weakness.

Key Concerns

  • Unprotected AJAX handler found
  • Recent medium vulnerability (2024-06-06)
  • History of Missing Authorization vulnerabilities
  • History of Cross-site Scripting vulnerabilities
Vulnerabilities
2

Extra Product Options for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-35727medium · 4.3Missing Authorization

Extra Product Options for WooCommerce <= 3.0.6 - Missing Authorization

Jun 6, 2024 Patched in 3.0.7 (7d)
CVE-2023-47658medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Extra Product Options for WooCommerce <= 4.1 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings

Nov 7, 2023 Patched in 4.2 (525d)
Code Analysis
Analyzed Mar 16, 2026

Extra Product Options for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
35
92 prepared
Unescaped Output
111
2572 escaped
Nonce Checks
26
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

72% prepared127 total queries

Output Escaping

96% escaped2683 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
<addon-builder> (builder\addon-builder.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Extra Product Options for WooCommerce Attack Surface

Entry Points19
Unprotected1

AJAX Handlers 19

authwp_ajax_epofw_get_data_based_on_cdincludes\class-epofw-admin.php:100
authwp_ajax_epofw_select_all_productincludes\class-epofw-admin.php:101
authwp_ajax_epofw_disbale_field_optionsincludes\class-epofw-admin.php:102
authwp_ajax_epofw_dismiss_review_noticeincludes\class-epofw-admin.php:105
authwp_ajax_epofw_toggle_status_on_listincludes\class-epofw-admin.php:106
authwp_ajax_epofw_element_addincludes\class-epofw-admin.php:107
authwp_ajax_epofw_get_section_settingsincludes\class-epofw-admin.php:108
authwp_ajax_epofw_get_row_settingsincludes\class-epofw-admin.php:109
authwp_ajax_epofw_get_column_settingsincludes\class-epofw-admin.php:110
authwp_ajax_epofw_delete_addonincludes\class-epofw-admin.php:111
authwp_ajax_epofw_duplicate_addonincludes\class-epofw-admin.php:112
authwp_ajax_epofw_export_addonincludes\class-epofw-admin.php:113
authwp_ajax_epofw_ajax_save_addonincludes\class-epofw-admin.php:115
authwp_ajax_epofw_save_view_preferenceincludes\class-epofw-admin.php:117
authwp_ajax_epofw_get_view_preferenceincludes\class-epofw-admin.php:118
authwp_ajax_epofw_search_addonsincludes\class-epofw-admin.php:120
authwp_ajax_epofw_migrate_to_sectionsincludes\class-epofw-admin.php:122
authwp_ajax_epofw_dismiss_discount_popupincludes\class-epofw-discount-popup.php:53
authwp_ajax_epofw_import_all_fields_ajaxincludes\class-epofw-import.php:28
WordPress Hooks 101
actionbefore_woocommerce_initextra-product-options-for-woocommerce.php:93
actionafter_uninstallextra-product-options-for-woocommerce.php:146
actioninitextra-product-options-for-woocommerce.php:187
actioninitextra-product-options-for-woocommerce.php:277
actionadmin_menuincludes\class-epofw-admin.php:94
actioninitincludes\class-epofw-admin.php:95
actionadmin_enqueue_scriptsincludes\class-epofw-admin.php:96
filterepofw_getting_pageincludes\class-epofw-admin.php:97
filterepofw_ie_admin_tab_ftincludes\class-epofw-admin.php:98
actionadmin_initincludes\class-epofw-admin.php:103
actionadmin_noticesincludes\class-epofw-admin.php:104
filterposts_whereincludes\class-epofw-admin.php:273
actionbefore_delete_postincludes\class-epofw-custom-tables.php:56
actionwpmu_new_blogincludes\class-epofw-custom-tables.php:60
actionadmin_footerincludes\class-epofw-discount-popup.php:52
actionadd_new_btn_prd_listincludes\class-epofw-field-setting.php:79
actionwoocommerce_before_add_to_cart_buttonincludes\class-epofw-front.php:58
actionwoocommerce_after_add_to_cart_buttonincludes\class-epofw-front.php:67
filterwoocommerce_add_cart_item_dataincludes\class-epofw-front.php:68
filterwoocommerce_get_item_dataincludes\class-epofw-front.php:74
filterwoocommerce_available_variationincludes\class-epofw-front.php:81
filterwoocommerce_order_again_cart_item_dataincludes\class-epofw-front.php:87
filterwoocommerce_order_item_get_formatted_meta_dataincludes\class-epofw-front.php:93
actionwp_enqueue_scriptsincludes\class-epofw-front.php:99
filterwoocommerce_add_to_cart_validationincludes\class-epofw-front.php:100
filterwoocommerce_order_item_display_meta_valueincludes\class-epofw-front.php:106
actionwoocommerce_checkout_create_order_line_itemincludes\class-epofw-front.php:112
filterwoocommerce_add_cart_itemincludes\class-epofw-front.php:118
filterwoocommerce_get_cart_item_from_sessionincludes\class-epofw-front.php:119
actionwoocommerce_after_cart_item_quantity_updateincludes\class-epofw-front.php:125
filterwoocommerce_cart_item_priceincludes\class-epofw-front.php:131
filterwoocommerce_widget_cart_item_quantityincludes\class-epofw-front.php:138
actionwoocommerce_before_calculate_totalsincludes\class-epofw-front.php:145
filterwoocommerce_add_to_cart_fragmentsincludes\class-epofw-front.php:152
actionadmin_post_epofw_import_all_fieldsincludes\class-epofw-import.php:27
actionadmin_initincludes\class-epofw-import.php:30
actioninitincludes\class-epofw-init.php:32
filterwoocommerce_locate_templateincludes\class-epofw-init.php:34
filterepofw_display_product_priceincludes\class-epofw-wc-wholesale-prices-rymera.php:62
filterepofw_price_before_calculationincludes\class-epofw-wc-wholesale-prices-rymera.php:63
filterepofw_original_price_without_taxincludes\class-epofw-wc-wholesale-prices-rymera.php:80
filterepofw_price_filterincludes\class-epofw-woocs-compatiblity.php:63
actionwoocommerce_before_calculate_totalsincludes\class-epofw-woocs-compatiblity.php:70
filterepofw_price_filterincludes\class-epofw-woocs-compatiblity.php:78
actionwp_enqueue_scriptsincludes\class-epofw-woocs-compatiblity.php:85
filterwoocommerce_add_to_cart_fragmentsincludes\compatibility\themes\class-epofw-theme-flavor.php:51
actionwoocommerce_ajax_added_to_cartincludes\compatibility\themes\class-epofw-theme-flavor.php:54
filterwoocommerce_widget_cart_item_quantityincludes\compatibility\themes\class-epofw-theme-flavor.php:57
filterwoocommerce_get_item_dataincludes\compatibility\themes\class-epofw-theme-flavor.php:60
filterepofw_after_add_to_cart_button_priorityincludes\compatibility\themes\class-epofw-theme-flavor.php:63
filterepofw_force_validation_without_nonceincludes\compatibility\themes\class-epofw-theme-flavor.php:66
actionwp_enqueue_scriptsincludes\compatibility\themes\class-epofw-theme-flavor.php:70
filterepofw_file_value_before_parseincludes\compatibility\themes\class-epofw-theme-flavor.php:73
filterepofw_get_field_label_classsettings\epofw-actions.php:29
filterepofw_get_field_input_propertysettings\epofw-actions.php:98
actionepofw_html_table_field_label_tdsettings\epofw-actions.php:137
actionepofw_html_table_field_input_tdsettings\epofw-actions.php:176
actionepofw_field_titlesettings\epofw-actions.php:254
actionepofw_field_subtitlesettings\epofw-actions.php:311
actionepofw_field_label_start_tdsettings\epofw-actions.php:370
actionepofw_field_label_end_tdsettings\epofw-actions.php:413
actionepofw_field_input_start_tdsettings\epofw-actions.php:472
actionepofw_field_input_end_tdsettings\epofw-actions.php:508
actionepofw_field_property_text_idsettings\epofw-actions.php:535
actionepofw_field_property_password_idsettings\epofw-actions.php:541
actionepofw_field_property_hidden_idsettings\epofw-actions.php:547
actionepofw_field_property_number_idsettings\epofw-actions.php:553
actionepofw_field_property_datepicker_idsettings\epofw-actions.php:559
actionepofw_field_property_colorpicker_idsettings\epofw-actions.php:565
actionepofw_field_property_checkbox_idsettings\epofw-actions.php:571
actionepofw_field_property_checkboxgroup_idsettings\epofw-actions.php:577
actionepofw_field_property_radiogroup_idsettings\epofw-actions.php:583
actionepofw_field_property_textarea_idsettings\epofw-actions.php:589
actionepofw_field_property_select_idsettings\epofw-actions.php:595
actionepofw_field_property_multiselect_idsettings\epofw-actions.php:601
actionepofw_field_property_timepicker_idsettings\epofw-actions.php:607
actionepofw_field_property_switch_idsettings\epofw-actions.php:613
actionepofw_field_property_text_namesettings\epofw-actions.php:633
actionepofw_field_property_password_namesettings\epofw-actions.php:639
actionepofw_field_property_hidden_namesettings\epofw-actions.php:645
actionepofw_field_property_number_namesettings\epofw-actions.php:651
actionepofw_field_property_datepicker_namesettings\epofw-actions.php:657
actionepofw_field_property_colorpicker_namesettings\epofw-actions.php:663
actionepofw_field_property_checkbox_namesettings\epofw-actions.php:669
actionepofw_field_property_checkboxgroup_namesettings\epofw-actions.php:675
actionepofw_field_property_radiogroup_namesettings\epofw-actions.php:681
actionepofw_field_property_textarea_namesettings\epofw-actions.php:687
actionepofw_field_property_select_namesettings\epofw-actions.php:693
actionepofw_field_property_multiselect_namesettings\epofw-actions.php:699
actionepofw_field_property_timepicker_namesettings\epofw-actions.php:705
actionepofw_field_property_switch_namesettings\epofw-actions.php:711
actionepofw_html_start_tr_displaysettings\epofw-actions.php:777
actionepofw_html_end_tr_displaysettings\epofw-actions.php:812
actionepofw_html_start_table_displaysettings\epofw-actions.php:887
actionepofw_html_end_table_displaysettings\epofw-actions.php:930
filterwp_kses_allowed_htmlsettings\epofw-actions.php:1034
actionepofw_global_settings_sectionssettings\epofw-actions.php:1105
actionepofw_addon_configuration_fieldssettings\epofw-actions.php:1155
filterfs_deactivation_feedback_reasonsettings\epofw-deactivation-feedback.php:25
filterfs_deactivation_feedback_form_datasettings\epofw-deactivation-feedback.php:118
actionadmin_footersettings\epofw-deactivation-feedback.php:156
Maintenance & Trust

Extra Product Options for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 14, 2026
PHP min version7.4
Downloads48K

Community Trust

Rating82/100
Number of ratings9
Active installs600
Alternatives

Extra Product Options for WooCommerce Alternatives

Product Addons for Woocommerce – Product Options with Custom Fields

Product Addons for Woocommerce – Product Options with Custom Fields

woo-custom-product-addons

A
97

WooCommerce Product Addons Add custom fields to your WooCommerce product page. With an easy-to-use Custom Form Builder.

30K 1 CVE
YITH WooCommerce Product Add-Ons

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

A
96

Increase average order value by letting your customers purchase additional options on your products.

20K 7 CVEs
Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor

Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor

flexible-product-fields

A
100

Add extra product options on your WooCommerce product page. Product addons for all product variations. 20 free product addons.

10K No CVEs
Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

custom-product-type-for-woocommerce

A
100

Create WooCommerce Add-Ons, Data, Options, Booking, Layouts, and Appointments as custom product types. Revolutionize store's possibilities!

70 No CVEs
Extra Product Data for WooCommerce

Extra Product Data for WooCommerce

extra-product-data-for-woocommerce

A
100

A WooCommerce plugin that collects additional user data for products and displays it in the order summary.

0 No CVEs
Developer Profile

Extra Product Options for WooCommerce Developer Profile

actpro

3 plugins · 610 total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
266 days
View full developer profile
Detection Fingerprints

How We Detect Extra Product Options for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/extra-product-options-for-woocommerce/assets/css/frontend/epofw-frontend.css/wp-content/plugins/extra-product-options-for-woocommerce/assets/js/frontend/epofw-frontend.js/wp-content/plugins/extra-product-options-for-woocommerce/assets/css/backend/epofw-backend.css/wp-content/plugins/extra-product-options-for-woocommerce/assets/js/backend/epofw-backend.js/wp-content/plugins/extra-product-options-for-woocommerce/assets/js/admin/epofw-admin.js/wp-content/plugins/extra-product-options-for-woocommerce/assets/css/epofw-datepicker.css/wp-content/plugins/extra-product-options-for-woocommerce/assets/js/epofw-datepicker.js/wp-content/plugins/extra-product-options-for-woocommerce/assets/js/epofw-colorpicker.js+4 more
Script Paths
extra-product-options-for-woocommerce/assets/js/frontend/epofw-frontend.jsextra-product-options-for-woocommerce/assets/js/backend/epofw-backend.jsextra-product-options-for-woocommerce/assets/js/admin/epofw-admin.jsextra-product-options-for-woocommerce/assets/js/epofw-datepicker.jsextra-product-options-for-woocommerce/assets/js/epofw-colorpicker.jsextra-product-options-for-woocommerce/assets/js/epofw-select2.js+1 more
Version Parameters
extra-product-options-for-woocommerce/assets/css/frontend/epofw-frontend.css?ver=extra-product-options-for-woocommerce/assets/js/frontend/epofw-frontend.js?ver=extra-product-options-for-woocommerce/assets/css/backend/epofw-backend.css?ver=extra-product-options-for-woocommerce/assets/js/backend/epofw-backend.js?ver=extra-product-options-for-woocommerce/assets/js/admin/epofw-admin.js?ver=extra-product-options-for-woocommerce/assets/css/epofw-datepicker.css?ver=extra-product-options-for-woocommerce/assets/js/epofw-datepicker.js?ver=extra-product-options-for-woocommerce/assets/js/epofw-colorpicker.js?ver=extra-product-options-for-woocommerce/assets/js/epofw-select2.js?ver=extra-product-options-for-woocommerce/assets/css/epofw-select2.css?ver=extra-product-options-for-woocommerce/assets/js/epofw-datetimepicker.js?ver=extra-product-options-for-woocommerce/assets/css/epofw-datetimepicker.css?ver=

HTML / DOM Fingerprints

CSS Classes
epofw-frontend-wrapperepofw-backend-wrapperepofw-options-sectionepofw-field-wrapperepofw-date-fieldepofw-color-fieldepofw-select2-fieldepofw-datetime-field
HTML Comments
<!-- If this file is called directly, abort. --><!-- Include WordPress admin functions for plugin management. --><!-- Check for plugin conflicts and handle accordingly. --><!-- Current is PRO, deactivate if FREE is active. -->+21 more
Data Attributes
data-epofw-field-iddata-epofw-typedata-epofw-pricedata-epofw-conditional-logicdata-epofw-options
JS Globals
epofw_frontend_paramsepofw_admin_paramsepofw_datepicker_settingsepofw_select2_settingsepofw_datetime_settings
FAQ

Frequently Asked Questions about Extra Product Options for WooCommerce