WP-Safety

Ibtana – Ecommerce Product Addons Security & Risk Analysis

wordpress.org/plugins/ibtana-ecommerce-product-addons

Ibtana - Ecommerce Product Addons, you get to explore so many options for editing the product page by simple drag and drop functionality.

7K active installs v0.4.7.6 PHP 7.2+ WP 5.2+ Updated Mar 4, 2026
gutenbergproduct-pagetemplateswoocommerce-addons
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is Ibtana – Ecommerce Product Addons Safe to Use in 2026?

Mostly Safe

Score 77/100

Ibtana – Ecommerce Product Addons is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 1mo ago
Risk Assessment

The "ibtana-ecommerce-product-addons" plugin version 0.4.7.6 presents a mixed security posture. While it demonstrates good practices in output escaping (95%) and has a significant number of nonce and capability checks, several critical areas raise concerns. The presence of 5 AJAX handlers without authentication checks creates a substantial attack vector. The use of the `unserialize` function, especially without clear sanitization context, is a known risk that could lead to various vulnerabilities if not handled with extreme care. Furthermore, the taint analysis, while reporting no critical or high severity flows, did identify 5 flows with unsanitized paths, suggesting potential for vulnerabilities if malicious input is not properly handled in these specific cases.

The plugin's vulnerability history is also a significant concern. With 2 known CVEs, and notably one currently unpatched, this indicates a pattern of past security weaknesses. The common vulnerability type of Cross-site Scripting further reinforces the need for vigilant input validation and output encoding. While the plugin has strengths in code escaping and checks, the unprotected entry points, the use of a dangerous function like `unserialize`, and the history of unpatched vulnerabilities collectively contribute to a heightened risk profile. A balanced view acknowledges the implemented security measures but strongly advises addressing the identified unprotected entry points and the outstanding vulnerability.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • Unpatched CVE
  • Flows with unsanitized paths
Vulnerabilities
2

Ibtana – Ecommerce Product Addons Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58786medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ibtana – Ecommerce Product Addons <= 0.4.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched
WF-6a906f90-fac2-43cf-8f67-99f8862dc636-ibtana-ecommerce-product-addonsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ibtana - Ecommerce Product Addons <= 0.2.3 - Reflected Cross-Site Scripting

Nov 1, 2021 Patched in 0.2.4 (813d)
Code Analysis
Analyzed Mar 16, 2026

Ibtana – Ecommerce Product Addons Code Analysis

Dangerous Functions
13
Raw SQL Queries
14
14 prepared
Unescaped Output
219
3864 escaped
Nonce Checks
31
Capability Checks
22
File Operations
2
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$iepa_custom_theme = unserialize( $menuthemes['theme_settings'] );addons\ibtana-mega-menu\inc\admin\class-dynamic-css.php:288
unserialize$iepa_custom_theme = unserialize( $menuthemes['theme_settings'] );addons\ibtana-mega-menu\inc\admin\class-iepa-mm-enqueue-scripts.php:42
unserialize$widget_details = unserialize( $group_details->widget_details );addons\ibtana-mega-menu\inc\admin\widget-manager_class.php:385
unserialize$totalgroups = unserialize($group_detailss);addons\ibtana-mega-menu\inc\backend\menu_settings\top_menu\mega_menu_settings.php:233
unserialize$totalgroups = unserialize( $group_detailss );addons\ibtana-mega-menu\inc\backend\menu_settings\top_menu\mega_menu_settings.php:279
unserialize$widgetsdetails = unserialize( $widget_details );addons\ibtana-mega-menu\inc\backend\menu_settings\top_menu\mega_menu_settings.php:453
unserialize$totalgroups = unserialize( $group_detailss );addons\ibtana-mega-menu\inc\backend\menu_settings\top_menu\mega_menu_settings.php:458
unserialize$theme_settings = unserialize( $menu_theme->theme_settings );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:105
unserialize$widget_details = unserialize( $mypanelwidgets->widget_details );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:437
unserialize$group_details = unserialize( $mypanelwidgets->group_details );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:438
unserialize$group_details = unserialize( $grpwidgets->group_details );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:993
unserialize$group_details = unserialize( $grpwidgets->group_details );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:1022
unserialize$theme_settings = unserialize( $menu_theme->theme_settings );addons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:1136

SQL Query Safety

50% prepared28 total queries

Output Escaping

95% escaped4083 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
<basic-settings> (addons\ibtana-custom-posttype-addon\inc\tabs\basic-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Ibtana – Ecommerce Product Addons Attack Surface

Entry Points27
Unprotected5

AJAX Handlers 23

noprivwp_ajax_ajaxloginaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:16
noprivwp_ajax_ajaxregisteraddons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:17
authwp_ajax_iepammsavesettingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:27
authwp_ajax_iepa_mm_show_lightbox_htmladdons\ibtana-mega-menu\inc\admin\menu_settings_class.php:30
authwp_ajax_iepa_mm_save_menuitem_settingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:31
authwp_ajax_iepa_mm_show_custom_optionaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:34
authwp_ajax_iepammsavecustomsettingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:35
authwp_ajax_iepa_mm_save_menu_group_settingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:41
authwp_ajax_iepa_mm_edit_menu_group_settingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:42
authwp_ajax_imma_add_selected_widgetaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:13
authwp_ajax_imma_selected_update_widgetaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:14
authwp_ajax_iepa_update_menu_item_columnsaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:15
authwp_ajax_imma_reorder_widget_itemsaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:16
authwp_ajax_imma_edit_widget_dataaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:17
authwp_ajax_imma_delete_widgetaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:18
authwp_ajax_imma_saveitemwidgetaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:19
authwp_ajax_iepa_mm_add_selected_widget_listsaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:22
authwp_ajax_iepa_update_product_tutorial_statusIEPA_Pointers\class-iepa-admin-pointers.php:35
authwp_ajax_iepa_update_mega_menu_tutorial_statusIEPA_Pointers\class-iepa-admin-pointers.php:37
authwp_ajax_activate_iepa_licenseiepa_submenu.php:51
authwp_ajax_iepa_activation_statusiepa_submenu.php:52
authwp_ajax_iepa_setup_pluginsIEPA_Whizzie\iepa_whizzie.php:118
authwp_ajax_iepa_use_gt_editorinc\class-pro.php:25

Shortcodes 4

[im_menuaddon_search_form] addons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:11
[iepamegamenu] addons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:12
[im_menuaddon_login_form] addons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:14
[im_menuaddon_register_form] addons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:15
WordPress Hooks 114
actionadmin_enqueue_scriptsaddons\ibtana-custom-posttype-addon\classes\class-icpa-loader.php:35
actionadmin_post_icpa_process_post_typeaddons\ibtana-custom-posttype-addon\classes\class-icpa-loader.php:36
actioninitaddons\ibtana-custom-posttype-addon\classes\class-icpa-loader.php:37
actioncustom_posttype_registeraddons\ibtana-custom-posttype-addon\classes\class-icpa-loader.php:38
actionadmin_footeraddons\ibtana-custom-posttype-addon\classes\class-icpa-loader.php:275
actionadmin_menuaddons\ibtana-custom-posttype-addon\classes\class-icpa-submenu.php:36
actionnetwork_admin_menuaddons\ibtana-custom-posttype-addon\classes\class-icpa-submenu.php:39
actionwp_enqueue_scriptsaddons\ibtana-mega-menu\inc\admin\class-dynamic-css.php:19
actioninitaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-activation.php:11
actionwp_enqueue_scriptsaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-enqueue-scripts.php:16
actionwp_headaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-enqueue-scripts.php:17
actionwp_footeraddons\ibtana-mega-menu\inc\admin\class-iepa-mm-enqueue-scripts.php:18
actionadmin_enqueue_scriptsaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-enqueue-scripts.php:19
filterwoocommerce_add_to_cart_fragmentsaddons\ibtana-mega-menu\inc\admin\class-iepa-mm-shortcodes.php:13
actionwidgets_initaddons\ibtana-mega-menu\inc\admin\class-register-widgets.php:11
filterwidget_textaddons\ibtana-mega-menu\inc\admin\class-register-widgets.php:12
filterblack_studio_tinymce_enable_pagesaddons\ibtana-mega-menu\inc\admin\class-register-widgets.php:13
actionadmin_menuaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:17
actionadmin_enqueue_scriptsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:18
actionim_menuaddon_nav_menus_scriptsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:19
actionadmin_post_iepamegamenu_mm_save_settingsaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:20
actionadmin_headaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:23
actionadmin_footeraddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:25
actionadmin_initaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:38
filteriepa_mm_custom_menu_item_typesaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:39
filtersiteorigin_panels_is_admin_pageaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:44
actionadmin_print_scripts-nav-menus.phpaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:47
actionadmin_print_styles-nav-menus.phpaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:51
actioninitaddons\ibtana-mega-menu\inc\admin\menu_settings_class.php:53
actionadmin_initaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:11
filterwidget_update_callbackaddons\ibtana-mega-menu\inc\admin\widget-manager_class.php:21
filterwp_nav_menu_argsaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:23
filterwp_nav_menu_objectsaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:26
filteriepamegamenu_navmenu_before_setupaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:29
filteriepa_navmenuafterobjaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:30
filteriepa_navmenuafterobjaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:33
filterwidget_textaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:34
filterwp_nav_menuaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:40
filteriepamegamenu_togglebar_contentaddons\ibtana-mega-menu\inc\frontend\core\iepa_mm_walker_class.php:41
actionwpclasses\class-iepa-helper.php:141
actionwp_enqueue_scriptsclasses\class-iepa-helper.php:142
actionwp_headclasses\class-iepa-helper.php:143
actionwp_enqueue_scriptsclasses\class-iepa-helper.php:144
actionwp_headclasses\class-iepa-helper.php:145
actionwp_footerclasses\class-iepa-helper.php:146
actionplugins_loadedclasses\class-iepa-loader.php:38
actionadmin_noticesclasses\class-iepa-loader.php:68
actionnetwork_admin_noticesclasses\class-iepa-loader.php:69
actionadmin_noticesclasses\class-iepa-loader.php:78
actionnetwork_admin_noticesclasses\class-iepa-loader.php:79
filterive_add_on_license_infoclasses\class-iepa-loader.php:98
actionplugins_loadediepa_addon.php:24
filtergutenberg_can_edit_post_typeiepa_addon.php:42
filteruse_block_editor_for_post_typeiepa_addon.php:48
filterwoocommerce_register_post_type_productiepa_addon.php:54
actionenqueue_block_editor_assetsiepa_addon.php:59
actionwoocommerce_single_product_summaryiepa_addon.php:64
actionwoocommerce_simple_add_to_cartiepa_addon.php:65
actionwoocommerce_grouped_add_to_cartiepa_addon.php:66
actionwoocommerce_variable_add_to_cartiepa_addon.php:67
actionwoocommerce_external_add_to_cartiepa_addon.php:68
actionwoocommerce_single_variationiepa_addon.php:69
actionwoocommerce_single_variationiepa_addon.php:70
actioninitiepa_addon.php:76
actioninitiepa_addon.php:77
actionwp_headiepa_addon.php:78
actionadmin_enqueue_scriptsIEPA_Pointers\class-iepa-admin-pointers.php:29
actionadmin_enqueue_scriptsIEPA_Pointers\class-iepa-admin-pointers.php:32
filterwoocommerce_prevent_automatic_wizard_redirectIEPA_Pointers\class-iepa-admin-pointers.php:39
filterive_is_add_on_installediepa_submenu.php:45
actionive_addon_license_areaiepa_submenu.php:46
filterive_is_envato_add_on_installediepa_submenu.php:48
actionive_envato_addon_license_areaiepa_submenu.php:49
actionadmin_enqueue_scriptsiepa_submenu.php:54
actioninitIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:268
filterload_textdomain_mofileIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:269
actioninitIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:272
actionadmin_menuIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:421
actionadmin_headIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionsIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionsIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:426
actionadmin_noticesIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:429
actionadmin_initIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptsIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:431
actionload-plugins.phpIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:436
actionswitch_themeIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:439
actionswitch_themeIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:442
actionadmin_initIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:447
actionswitch_themeIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:452
actionload_textdomain_mofileIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:475
filterupgrader_source_selectionIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:889
actionplugins_loadedIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:2112
filtertgmpa_table_data_itemsIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:2236
filterupgrader_source_selectionIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:2977
actionadmin_initIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:3147
actionupgrader_process_completeIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:3242
filterupgrader_post_installIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:3301
filterupgrader_post_installIEPA_Whizzie\iepa_tgmpa\iepa-class-tgm-plugin-activation.php:3446
actioniepa_tgmpa_registerIEPA_Whizzie\iepa_tgmpa\required-plugins.php:36
actionactivated_pluginIEPA_Whizzie\iepa_whizzie.php:108
actioninitIEPA_Whizzie\iepa_whizzie.php:111
actioninitIEPA_Whizzie\iepa_whizzie.php:112
actionadmin_enqueue_scriptsIEPA_Whizzie\iepa_whizzie.php:114
actionadmin_menuIEPA_Whizzie\iepa_whizzie.php:115
actionadmin_initIEPA_Whizzie\iepa_whizzie.php:116
filteriepa_tgmpa_loadIEPA_Whizzie\iepa_whizzie.php:117
filteradd_meta_boxesinc\class-pro.php:23
actionsave_postinc\class-pro.php:24
actioniepa_render_productinc\class-public.php:55
actioniepa_render_productinc\class-public.php:57
actiongenesis_loopinc\class-public.php:68
filterwc_get_template_partinc\class-public.php:71
actionwoocommerce_gallery_image_sizeinc\class-public.php:567
actioninitsrc\init.php:102
Maintenance & Trust

Ibtana – Ecommerce Product Addons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.2
Downloads482K

Community Trust

Rating100/100
Number of ratings4
Active installs7K
Alternatives

Ibtana – Ecommerce Product Addons Alternatives

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
Extendify

Extendify

extendify

A
100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs
Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

templately

A
95

Templately is an AI-powered WordPress templates cloud for Elementor and Gutenberg that offers 6,500+ ready template designs for a wide range of niches

400K 6 CVEs
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns

essential-blocks

B
83

Gutenberg block editor with AI. 70+ Gutenberg blocks, patterns, WooCommerce blocks, post grid, gallery, menu with Gutenberg block library.

200K 28 CVEs
AI Powered Starter Templates by Kadence WP

AI Powered Starter Templates by Kadence WP

kadence-starter-templates

A
100

Build a Beautiful "performance optimized" website with ease.

200K 1 CVE
Developer Profile

Ibtana – Ecommerce Product Addons Developer Profile

VW THEMES

213 plugins · 66K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
197 days
View full developer profile
Detection Fingerprints

How We Detect Ibtana – Ecommerce Product Addons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ibtana-ecommerce-product-addons/IEPA_Whizzie/assets/css/whizzie.css/wp-content/plugins/ibtana-ecommerce-product-addons/IEPA_Whizzie/assets/js/whizzie.js/wp-content/plugins/ibtana-ecommerce-product-addons/assets/css/admin.css/wp-content/plugins/ibtana-ecommerce-product-addons/assets/js/admin.js
Script Paths
/wp-content/plugins/ibtana-ecommerce-product-addons/IEPA_Whizzie/assets/js/whizzie.js/wp-content/plugins/ibtana-ecommerce-product-addons/assets/js/admin.js
Version Parameters
ibtana-ecommerce-product-addons/IEPA_Whizzie/assets/css/whizzie.css?ver=ibtana-ecommerce-product-addons/IEPA_Whizzie/assets/js/whizzie.js?ver=ibtana-ecommerce-product-addons/assets/css/admin.css?ver=ibtana-ecommerce-product-addons/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
icpa-tax-img-idcustom_media_urlcategory-image-wrappericpa_tax_media_buttonicpa_tax_media_removecustom_media_image
Data Attributes
data-ibtanaproductaddondata-ibtana-product-iddata-iepa-iddata-iepa-product-iddata-iepa-product-variation-iddata-iepa-product-addon-price+5 more
JS Globals
IEPA_TEXT_DOMAINIEPA_PLUGIN_URIIEPA_VERSIONicpa_loader_instanceICPA_PLUGIN_URIICPA_VERSION+1 more
FAQ

Frequently Asked Questions about Ibtana – Ecommerce Product Addons