WP-Safety

PiWeb Live sales notification for WooCommerce Security & Risk Analysis

wordpress.org/plugins/live-sales-notifications-for-woocommerce

Fake sales alert for WooCommerce or Live sales notification for WooCommerce. Boost sales by encouraging your visitors to buy when they see your live n …

60K active installs v2.3.47 PHP + WP 3.0.1+ Updated Feb 28, 2026
fake-notificationlive-sales-feedrecent-sales-notificationsales-notificationwoocommerce-notification
73
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 11, 2026
Plugin page Download
Safety Verdict

Is PiWeb Live sales notification for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 73/100

PiWeb Live sales notification for WooCommerce is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 11, 2026Updated 1mo ago
Risk Assessment

The plugin "live-sales-notifications-for-woocommerce" v2.3.47 exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and 99% of outputs being properly escaped. The absence of dangerous functions, file operations, shortcodes, and cron events, combined with the presence of nonce and capability checks on its AJAX handlers, suggests an effort to limit the attack surface and implement basic security controls. However, a significant concern arises from its vulnerability history, which includes two known CVEs, one of which remains unpatched and is rated as high severity. This indicates a recurring pattern of security weaknesses that have not been fully addressed.

The taint analysis did identify one flow with an unsanitized path, although it was not categorized as critical or high severity. The presence of this unsanitized path, even if minor, is a point of concern in conjunction with the historical vulnerabilities. The plugin's single external HTTP request could also be a potential vector if not handled securely, though no specific issues were flagged in the static analysis regarding this. Overall, while the code itself shows good practices in many areas, the persistent existence of unpatched vulnerabilities, particularly a high-severity one, overshadows these strengths and points to a significant risk that requires immediate attention.

Key Concerns

  • Unpatched High Severity CVE
  • Flow with unsanitized path detected
  • Known Medium Severity CVE
Vulnerabilities
2

PiWeb Live sales notification for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2026-27066medium · 5.3Missing Authorization

Live sales notification for WooCommerce <= 2.3.46 - Missing Authorization

Jan 11, 2026Unpatched
CVE-2025-12955high · 7.5Missing Authorization

Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure

Nov 17, 2025 Patched in 2.3.40 (1d)
Code Analysis
Analyzed Mar 16, 2026

PiWeb Live sales notification for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
303 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

99% escaped307 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

18 flows1 with unsanitized paths
handle_tracker_action (admin\class-analytics.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PiWeb Live sales notification for WooCommerce Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_pi_search_productadmin\class-pisol-sales-notification-product.php:51
authwp_ajax_pi_search_categoryadmin\class-pisol-sales-notification-product.php:52
authwp_ajax_pisol_live_orderspublic\class-pisol-sales-notification-public.php:66
noprivwp_ajax_pisol_live_orderspublic\class-pisol-sales-notification-public.php:67
WordPress Hooks 35
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
actioninitadmin\class-order-tag-promotion.php:83
actionadmin_initadmin\class-pisol-sales-notification-admin.php:58
actioninitadmin\class-pisol-sales-notification-control.php:115
actioninitadmin\class-pisol-sales-notification-design.php:216
actionadmin_menuadmin\class-pisol-sales-notification-menu.php:13
actionadmin_enqueue_scriptsadmin\class-pisol-sales-notification-menu.php:16
actionadd_meta_boxesadmin\class-pisol-sales-notification-option.php:86
actionwoocommerce_update_orderadmin\class-pisol-sales-notification-option.php:87
actioninitadmin\class-pisol-sales-notification-option.php:186
actioninitadmin\class-pisol-sales-notification-product.php:361
actioninitadmin\class-pisol-sales-notification-text.php:197
actionwp_loadedadmin\class-preview.php:15
actionadmin_enqueue_scriptsadmin\class-preview.php:16
filterinstall_plugins_nonmenu_tabsadmin\plugins.php:38
actionplugins_loadedincludes\class-pisol-sales-notification.php:98
actionadmin_enqueue_scriptsincludes\class-pisol-sales-notification.php:107
actionadmin_enqueue_scriptsincludes\class-pisol-sales-notification.php:108
actionwp_enqueue_scriptsincludes\class-pisol-sales-notification.php:117
actionwp_enqueue_scriptsincludes\class-pisol-sales-notification.php:118
actionadmin_enqueue_scriptsincludes\conflict-fixer.php:6
actionadmin_footerincludes\pisol.class.form.php:415
actionafter_plugin_row_live-sales-notifications-for-woocommerce-pro/pisol-sales-notification.phpincludes\Pro_Warning.php:17
actionadmin_noticesincludes\review.php:107
filterallowed_redirect_hostsincludes\review.php:202
actionadmin_noticespisol-sales-notification.php:42
actionbefore_woocommerce_initpisol-sales-notification.php:55
actiontemplate_redirectpublic\class-pisol-sales-notification-public.php:64
actionwc_ajax_pisol_live_orderspublic\class-pisol-sales-notification-public.php:68
filterwoocommerce_billing_fieldspublic\class-pisol-sales-notification-public.php:71
actionwoocommerce_checkout_update_order_metapublic\class-pisol-sales-notification-public.php:72
actionwoocommerce_initpublic\class-pisol-sales-notification-public.php:77
actionwoocommerce_set_additional_field_valuepublic\class-pisol-sales-notification-public.php:80
Maintenance & Trust

PiWeb Live sales notification for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 28, 2026
PHP min version
Downloads229K

Community Trust

Rating82/100
Number of ratings29
Active installs60K
Alternatives

PiWeb Live sales notification for WooCommerce Alternatives

Live Sales Notifier for WooCommerce

Live Sales Notifier for WooCommerce

wp-sales-notifier

A
100

Automatically display recent woocommerce sales to boost your sales on your online store as social proof.

10 No CVEs
Live Sales Notification (Recent Sales Popups)

Live Sales Notification (Recent Sales Popups)

sales-pop

A
85

Beautiful live sales popups to feed recent orders to visitors. Best social proof to motivate customers to purchase and build brand trust.

400 No CVEs
Live Sales Notification

Live Sales Notification

live-sales-notification

A
85

Live sales notification from woocommerce live-data/demo data with javascript library. This plugin illustrate a beautiful pop-up view to the users, wh &hellip;

10 No CVEs
Order & Sales Popups For WooCommerce

Order & Sales Popups For WooCommerce

order-sales-popups-for-woocommerce

A
100

Boost your WooCommerce sales! This plugin uses the power of social proof and FOMO (Fear Of Missing Out) to build trust and encourage visitors to buy.

0 No CVEs
SALERT – Fake Sales Notification WooCommerce

SALERT – Fake Sales Notification WooCommerce

salert

A
99

Display beautiful popup sales notification on your website with just few clicks.

9K 2 CVEs
Developer Profile

PiWeb Live sales notification for WooCommerce Developer Profile

PI Web Solution

30 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect PiWeb Live sales notification for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/css/bootstrap.css/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/css/pisol-sales-notification-admin.css/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-sales-notification-admin.js/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/jsrender.min.js/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-translate.js/wp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-quick-save.js
Script Paths
wp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-sales-notification-admin.jswp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/jsrender.min.jswp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-translate.jswp-content/plugins/live-sales-notifications-for-woocommerce/admin/js/pisol-quick-save.js
Version Parameters
live-sales-notifications-for-woocommerce/admin/css/bootstrap.css?ver=live-sales-notifications-for-woocommerce/admin/css/pisol-sales-notification-admin.css?ver=live-sales-notifications-for-woocommerce/admin/js/pisol-sales-notification-admin.js?ver=live-sales-notifications-for-woocommerce/admin/js/jsrender.min.js?ver=live-sales-notifications-for-woocommerce/admin/js/pisol-translate.js?ver=live-sales-notifications-for-woocommerce/admin/js/pisol-quick-save.js?ver=

HTML / DOM Fingerprints

CSS Classes
pisol-setting-wrapperpisol-container-wrapperpisol-containerpisol-row
Data Attributes
id="bootstrap-wrapper"
JS Globals
pi_ajax_object
FAQ

Frequently Asked Questions about PiWeb Live sales notification for WooCommerce