WP-Safety

Instant Design Tool Security & Risk Analysis

wordpress.org/plugins/instant-design-tool

Connect WooCommerce to your Instant Design Tool. Enable your customers to create and order their own designs with Instant Design Tool.

40 active installs v3.0.5 PHP 7.4+ WP 5.0+ Updated Aug 27, 2024
design-softwaredesign-tooldrop-shippingprint-on-demandwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Instant Design Tool Safe to Use in 2026?

Generally Safe

Score 92/100

Instant Design Tool has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "instant-design-tool" plugin version 3.0.5 presents a mixed security posture. While it boasts no recorded vulnerabilities or CVEs and demonstrates good practices in SQL query preparation and output escaping, significant concerns arise from its attack surface. The presence of unprotected AJAX handlers and REST API routes without proper permission callbacks creates substantial entry points for potential unauthorized actions or data manipulation. Furthermore, the use of the `unserialize` function, despite no apparent critical taint flows, always carries an inherent risk if the data being unserialized is not strictly controlled and validated.

The lack of historical vulnerabilities is a positive indicator of past security diligence, but it does not negate the immediate risks identified in the static analysis. The plugin has a total of 7 entry points, with 5 of them lacking proper authentication or permission checks. This unmitigated attack surface is the most critical finding. While the plugin shows strengths in other areas, the unprotected entry points are a glaring weakness that attackers could exploit to bypass security controls. A balance of strengths and weaknesses is evident, with the potential for exploitation outweighing the positive aspects due to the numerous unprotected access points.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Use of unserialize function
  • Unsanitized taint flows
Vulnerabilities
None known

Instant Design Tool Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Instant Design Tool Code Analysis

Dangerous Functions
4
Raw SQL Queries
2
9 prepared
Unescaped Output
14
29 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserialize$hidden_meta_data = unserialize($cart_item['IDT_hidden']);includes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:250
unserialize$data = unserialize($cart_item['IDT_hidden']);includes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:288
unserialize$hidden_data = unserialize($values['IDT_hidden']);includes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:308
unserialize$hidden_meta_data = unserialize($cart_item['IDT_hidden']);includes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:368

SQL Query Safety

82% prepared11 total queries

Output Escaping

67% escaped43 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
redirect_user_after_login (includes\Core\API\User\IDT_UserEndpoint_Redirect.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Instant Design Tool Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 2

authwp_ajax_retry_pdf_output_requestincludes\Core\API\Ajax\IDT_Ajax_Retry_Pdf_Output_Request.php:12
authwp_ajax_retry_nopriv_pdf_output_requestincludes\Core\API\Ajax\IDT_Ajax_Retry_Pdf_Output_Request.php:13

REST API Routes 4

POST/wp-json/idt/v1/getcustomer/includes\Core\API\User\IDT_UserEndpoint_Identify.php:21
POST/wp-json/idt/v1/extlogin/includes\Core\API\User\IDT_UserEndpoint_LoginFromEditor.php:27
POST/wp-json/idt/v1/outputready/includes\Core\API\Webhook\IDT_Webhook_ListenToOutputReady.php:29
POST/wp-json/idt/v1/orderstatuschangedincludes\Core\API\Webhook\IDT_Webhook_Order_StatusChanged.php:25

Shortcodes 1

[idt_atc_button] includes\Admin\IDT_Button_Post_Type.php:21
WordPress Hooks 78
actionadmin_noticesIDT.php:38
actioninitincludes\Admin\IDT_Button_Post_Type.php:17
actionsave_postincludes\Admin\IDT_Button_Post_Type.php:18
actionmanage_idt_buttons_posts_columnsincludes\Admin\IDT_Button_Post_Type.php:19
actionmanage_idt_buttons_posts_custom_columnincludes\Admin\IDT_Button_Post_Type.php:20
filterwoocommerce_settings_tabs_arrayincludes\Admin\IDT_Settings_Tab.php:18
actionwoocommerce_settings_tabs_settings_idtincludes\Admin\IDT_Settings_Tab.php:19
actionwoocommerce_update_options_settings_idtincludes\Admin\IDT_Settings_Tab.php:20
actionwc_settings_idt_updatedincludes\Admin\IDT_Settings_Tab.php:21
filterpre_update_option_wc_settings_idt_print_api_client_idincludes\Admin\IDT_Settings_Tab.php:22
filterpre_update_option_wc_settings_idt_print_api_secretincludes\Admin\IDT_Settings_Tab.php:23
actionwoocommerce_after_settings_settings_idtincludes\Admin\IDT_Settings_Tab.php:26
actionadmin_post_clear_idt_logincludes\Admin\IDT_Settings_Tab.php:27
actionadmin_post_download_idt_logincludes\Admin\IDT_Settings_Tab.php:28
actionadmin_noticesincludes\Core\API\Settings\IDT_Settings_Syncer.php:218
actionadmin_noticesincludes\Core\API\Settings\IDT_Settings_Syncer.php:225
actionadmin_noticesincludes\Core\API\Settings\IDT_Settings_Syncer.php:231
actioninitincludes\Core\API\Snapshot\IDT_Check_Output_Pdf_Quota.php:20
actionidt_display_quote_reached_for_order_messageincludes\Core\API\Snapshot\IDT_Check_Output_Pdf_Quota.php:21
actionadmin_noticesincludes\Core\API\Snapshot\IDT_Check_Output_Pdf_Quota.php:37
actionadmin_noticesincludes\Core\API\Snapshot\IDT_Check_Output_Pdf_Quota.php:52
actionidt_run_output_binderincludes\Core\API\Snapshot\IDT_Render_Manager.php:22
actionidt_run_output_binder_by_guidincludes\Core\API\Snapshot\IDT_Render_Manager.php:23
filterwoocommerce_is_rest_api_requestincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:26
actionrest_api_initincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:27
filterwoocommerce_add_cart_item_dataincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:28
filterwoocommerce_get_item_dataincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:29
filterwoocommerce_cart_item_thumbnailincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:30
actionwoocommerce_checkout_create_order_line_itemincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:31
actionwoocommerce_before_calculate_totalsincludes\Core\API\Snapshot\IDT_SnapshotEndpoint_Push.php:32
actionrest_api_initincludes\Core\API\User\IDT_UserEndpoint_Identify.php:17
actionrest_api_initincludes\Core\API\User\IDT_UserEndpoint_LoginFromEditor.php:19
actioninitincludes\Core\API\User\IDT_UserEndpoint_Redirect.php:15
actionuser_registerincludes\Core\API\User\IDT_UserEndpoint_Redirect.php:16
actionwp_loginincludes\Core\API\User\IDT_UserEndpoint_Redirect.php:17
actionrest_api_initincludes\Core\API\Webhook\IDT_Webhook_ListenToOutputReady.php:21
actionrest_api_initincludes\Core\API\Webhook\IDT_Webhook_Order_StatusChanged.php:16
actionelementor/elements/categories_registeredincludes\Core\Elementor\IDT_Add_Elementor_IDT_Category.php:11
filterelementor/frontend/the_contentincludes\Core\Elementor\IDT_Change_Link_On_Elementor_Button.php:15
actionadmin_initincludes\Core\Elementor\IDT_Display_Elementor_Notice.php:19
actionadmin_noticesincludes\Core\Elementor\IDT_Display_Elementor_Notice.php:27
actionelementor/widget/render_contentincludes\Core\Elementor\IDT_Elementor_Change_Add_To_Cart_Button.php:15
actioninitincludes\Core\Elementor\IDT_Register_Editable_Product_ATC_Widget.php:12
actioninitincludes\Core\Initializer.php:49
actionadmin_noticesincludes\Core\Initializer.php:59
actioninitincludes\Core\Initializer.php:85
actionadmin_noticesincludes\Core\Initializer.php:205
actionadmin_noticesincludes\Core\Initializer.php:207
actionset_auth_cookieincludes\Core\LoginCookie\IDT_User_Cookie.php:24
actionset_logged_in_cookieincludes\Core\LoginCookie\IDT_User_Cookie.php:31
actioninitincludes\Core\LoginCookie\IDT_User_Cookie.php:38
actioninitincludes\Core\LoginCookie\IDT_User_Cookie.php:39
actionwoocommerce_order_status_processingincludes\Core\PrintApi\IDT_Forward_On_Paid.php:23
actionwoocommerce_order_status_on-holdincludes\Core\PrintApi\IDT_Forward_On_Paid.php:24
actionadmin_noticesincludes\Core\PrintApi\IDT_Forward_On_Paid.php:44
actionadd_meta_boxesincludes\Core\PrintApi\IDT_PrintApi.php:22
actionsave_postincludes\Core\PrintApi\IDT_PrintApi.php:23
actionadmin_noticesincludes\Core\PrintApi\IDT_PrintApi.php:373
actionadmin_noticesincludes\Core\PrintApi\IDT_PrintApi_Connection.php:91
actionadmin_noticesincludes\Core\PrintApi\IDT_PrintApi_Connection.php:101
filterwoocommerce_admin_order_item_thumbnailincludes\Core\WooCommerce\IDT_Change_Order_Page_Thumbnail.php:15
filterwoocommerce_admin_order_actionsincludes\Core\WooCommerce\IDT_Display_output_request_status.php:13
actionadmin_headincludes\Core\WooCommerce\IDT_Display_output_request_status.php:14
filtermanage_edit-shop_order_columnsincludes\Core\WooCommerce\IDT_Display_PrintApi_Forward_Status.php:20
actionmanage_shop_order_posts_custom_columnincludes\Core\WooCommerce\IDT_Display_PrintApi_Forward_Status.php:21
actioninitincludes\Core\WooCommerce\IDT_Register_Order_Statuses.php:13
actioninitincludes\Core\WooCommerce\IDT_Register_Order_Statuses.php:14
filterwc_order_statusesincludes\Core\WooCommerce\IDT_Register_Order_Statuses.php:15
actionadd_meta_boxesincludes\Core\WooCommerce\IDT_Show_Pid_On_Product_Page.php:15
actionidt_order_status_updatedincludes\Core\WooCommerce\IDT_Update_Order_Status.php:20
actionadmin_noticesincludes\Core\WooCommerce\IDT_Update_Order_Status.php:86
filterproduct_type_selectorincludes\Core\WooCommerce\IDT_WooCommerce_Handler.php:13
actionwoocommerce_single_product_summaryincludes\Core\WooCommerce\IDT_WooCommerce_Handler.php:14
actionadmin_footerincludes\Core\WooCommerce\IDT_WooCommerce_Handler.php:15
actionwp_loadedincludes\Core\WooCommerce\IDT_WooCommerce_Handler.php:16
actionwoocommerce_product_options_general_product_dataincludes\Core\WooCommerce\IDT_WooCommerce_ProductFields.php:20
actionwoocommerce_process_product_metaincludes\Core\WooCommerce\IDT_WooCommerce_ProductFields.php:21
actioninitincludes\Core\WooCommerce\Register_Editable_product.php:7

Scheduled Events 2

idt_run_output_binder
idt_run_output_binder_by_guid
Maintenance & Trust

Instant Design Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedAug 27, 2024
PHP min version7.4
Downloads7K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

Instant Design Tool Alternatives

Printify for WooCommerce

Printify for WooCommerce

printify-for-woocommerce

A
92

Printify is a print on demand drop shipping platform for WordPress users.

10K No CVEs
QPMN POD by QP Group

QPMN POD by QP Group

qpmn-pod-by-qp-group

A
100

Partner with QPMN, leverage the next-gen customizable print-on-demand drop shipping plugin to transform your store.

200 No CVEs
Teezily plus for WooCommerce

Teezily plus for WooCommerce

teezily-plus-shipping-method

A
85

Teezily Plus is a complete print on demand fulfillment service.

0 No CVEs
Printful Integration for WooCommerce

Printful Integration for WooCommerce

printful-shipping-for-woocommerce

A
98

Grow your store with the top print-on-demand dropshipping plugin

50K 2 CVEs
Gelato Integration for WooCommerce

Gelato Integration for WooCommerce

gelato-integration-for-woocommerce

A
92

Sell globally, print locally with 100+ production hubs in 32 countries

5K No CVEs
Developer Profile

Instant Design Tool Developer Profile

Instant Design Tool

1 plugin · 40 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Instant Design Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/instant-design-tool/dist/bundle.js

HTML / DOM Fingerprints

Data Attributes
data-idt-id
JS Globals
idt_vue_data
REST Endpoints
/wp-json/idt/v1/pushthesnapshot/
FAQ

Frequently Asked Questions about Instant Design Tool