WP-Safety

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Security & Risk Analysis

wordpress.org/plugins/magical-products-display

The complete WooCommerce Shop Builder for Elementor. Build custom single product pages, cart, checkout, my account & shop archives with 60+ widgets.

3K active installs v2.0.1 PHP 7.4+ WP 6.0+ Updated Mar 11, 2026
checkout-builderelementor-woocommerceproduct-page-buildershop-builderwoocommerce-builder
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 20, 2025
Plugin page Download
Safety Verdict

Is Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Safe to Use in 2026?

Generally Safe

Score 99/100

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 20, 2025Updated 23d ago
Risk Assessment

The "magical-products-display" v2.0.1 plugin exhibits a generally strong security posture due to a high percentage of protected entry points and proper use of prepared statements and output escaping. The static analysis reveals no critical or high-severity code signals such as dangerous functions or file operations. However, a single flow with an unsanitized path, even without a critical severity rating, warrants attention as it represents a potential, albeit likely low-impact, vulnerability. The plugin's vulnerability history shows one medium-severity CVE related to Cross-Site Scripting (XSS), which has been patched. While the historical vulnerability is not currently an issue, the fact that it existed indicates a past susceptibility that the developers have addressed. The presence of a single unsanitized path flow, coupled with a past XSS vulnerability, suggests that while the plugin is well-maintained, continuous vigilance and thorough code reviews are important to prevent future issues, especially concerning input sanitization.

Key Concerns

  • Flow with unsanitized path
  • Past medium CVE (XSS)
Vulnerabilities
1

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12964medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

Nov 20, 2025 Patched in 1.1.30 (1d)
Code Analysis
Analyzed Mar 16, 2026

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
33 prepared
Unescaped Output
149
2875 escaped
Nonce Checks
16
Capability Checks
15
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

97% prepared34 total queries

Output Escaping

95% escaped3024 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

15 flows1 with unsanitized paths
<products-archive-ajax> (includes\ajax\products-archive-ajax.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Attack Surface

Entry Points32
Unprotected0

AJAX Handlers 23

authwp_ajax_mpd_dismiss_menu_noticeincludes\admin-info.php:129
authwp_ajax_mpd_dismiss_pro_noticeincludes\admin-info.php:256
authwp_ajax_mpd_load_more_productsincludes\ajax\products-archive-ajax.php:23
noprivwp_ajax_mpd_load_more_productsincludes\ajax\products-archive-ajax.php:24
authwp_ajax_mpd_filter_productsincludes\ajax\products-archive-ajax.php:27
noprivwp_ajax_mpd_filter_productsincludes\ajax\products-archive-ajax.php:28
authwp_ajax_mpd_load_tab_productsincludes\ajax\products-tab-ajax.php:20
noprivwp_ajax_mpd_load_tab_productsincludes\ajax\products-tab-ajax.php:21
authwp_ajax_mpd_add_to_cartincludes\functions\woocommerce-functions.php:445
noprivwp_ajax_mpd_add_to_cartincludes\functions\woocommerce-functions.php:446
authwp_ajax_mpd_quick_viewincludes\functions\woocommerce-functions.php:560
noprivwp_ajax_mpd_quick_viewincludes\functions\woocommerce-functions.php:561
authwp_ajax_mpd_get_wishlist_itemsincludes\functions\woocommerce-functions.php:615
noprivwp_ajax_mpd_get_wishlist_itemsincludes\functions\woocommerce-functions.php:616
authwp_ajax_mpd_get_compare_itemsincludes\functions\woocommerce-functions.php:670
noprivwp_ajax_mpd_get_compare_itemsincludes\functions\woocommerce-functions.php:671
authwp_ajax_mpd_refresh_order_reviewincludes\functions.php:604
noprivwp_ajax_mpd_refresh_order_reviewincludes\functions.php:605
authwp_ajax_mpd_update_cart_quantityincludes\functions.php:697
noprivwp_ajax_mpd_update_cart_quantityincludes\functions.php:698
authwp_ajax_mpd_get_condition_optionsincludes\templates\class-mpd-template-conditions.php:73
authwp_ajax_mpd_ajax_searchincludes\widgets\ajax-search\ajax-search-handler.php:16
noprivwp_ajax_mpd_ajax_searchincludes\widgets\ajax-search\ajax-search-handler.php:17

REST API Routes 9

GET/wp-json/mpd/v1/templates/typesincludes\templates\class-mpd-template-builder.php:273
GET/wp-json/mpd/v1/templates/conditions/typesincludes\templates\class-mpd-template-builder.php:285
GET/wp-json/mpd/v1/templates/conditions/optionsincludes\templates\class-mpd-template-builder.php:297
GET/wp-json/mpd/v1/templates/preview-urlincludes\templates\class-mpd-template-builder.php:316
GET/wp-json/mpd/v1/prelayoutsincludes\templates\prelayouts\class-mpd-prelayout-manager.php:130
GET/wp-json/mpd/v1/prelayouts/(?P<layout_id>[\w-]+)includes\templates\prelayouts\class-mpd-prelayout-manager.php:140
GET/wp-json/mpd/v1/prelayouts/(?P<layout_id>[\w-]+)/previewincludes\templates\prelayouts\class-mpd-prelayout-manager.php:156
GET/wp-json/mpd/v1/prelayouts/importincludes\templates\prelayouts\class-mpd-prelayout-manager.php:172
GET/wp-json/mpd/v1/prelayouts/by-type/(?P<template_type>[\w-]+)includes\templates\prelayouts\class-mpd-prelayout-manager.php:192
WordPress Hooks 105
actionadmin_menuincludes\admin\class-mpd-admin.php:82
actionadmin_enqueue_scriptsincludes\admin\class-mpd-admin.php:83
filteradmin_body_classincludes\admin\class-mpd-admin.php:84
actionadmin_noticesincludes\admin\class-mpd-admin.php:256
filterwoocommerce_product_data_tabsincludes\admin\class-mpd-product-video-metabox.php:78
actionwoocommerce_product_data_panelsincludes\admin\class-mpd-product-video-metabox.php:79
actionwoocommerce_process_product_metaincludes\admin\class-mpd-product-video-metabox.php:80
actionwoocommerce_product_options_general_product_dataincludes\admin\class-mpd-product-video-metabox.php:83
actionrest_api_initincludes\admin\class-mpd-rest-api.php:78
actionadmin_initincludes\admin\class-mpd-settings.php:118
actionadmin_footerincludes\admin-info.php:111
actionadmin_noticesincludes\admin-info.php:239
actionadmin_noticesincludes\admin-rev-info.php:85
actioninitincludes\admin-rev-info.php:109
actionwp_enqueue_scriptsincludes\assets-managment.php:17
actionwp_enqueue_scriptsincludes\assets-managment.php:18
actionelementor/frontend/after_enqueue_stylesincludes\assets-managment.php:19
actionelementor/frontend/after_enqueue_scriptsincludes\assets-managment.php:20
actionadmin_enqueue_scriptsincludes\assets-managment.php:21
actionelementor/editor/after_enqueue_stylesincludes\assets-managment.php:22
actionelementor/preview/enqueue_stylesincludes\assets-managment.php:23
actionwp_enqueue_scriptsincludes\assets-managment.php:25
actionelementor/widgets/registerincludes\class-mpd-elementor.php:59
actionelementor/elements/categories_registeredincludes\class-mpd-elementor.php:60
filtercron_schedulesincludes\core\class-mpd-activator.php:217
actioninitincludes\core\class-mpd-i18n.php:39
filterstyle_loader_tagincludes\frontend\class-mpd-performance.php:86
filterscript_loader_tagincludes\frontend\class-mpd-performance.php:91
filterscript_loader_tagincludes\frontend\class-mpd-performance.php:96
actionsave_post_mpd_templateincludes\frontend\class-mpd-performance.php:100
actionelementor/editor/after_saveincludes\frontend\class-mpd-performance.php:101
actionmpd_settings_updatedincludes\frontend\class-mpd-performance.php:104
actionwp_headincludes\frontend\class-mpd-preloader.php:82
actionwp_footerincludes\frontend\class-mpd-preloader.php:83
actionwp_enqueue_scriptsincludes\frontend\class-mpd-preloader.php:88
actionwp_body_openincludes\frontend\class-mpd-preloader.php:89
actionwp_footerincludes\frontend\class-mpd-preloader.php:90
actionbefore_woocommerce_initincludes\functions\woocommerce-functions.php:462
actiontemplate_redirectincludes\functions.php:329
filterwoocommerce_cart_item_nameincludes\functions.php:583
filterwoocommerce_cart_item_nameincludes\functions.php:676
filterwoocommerce_cart_item_nameincludes\functions.php:719
actionwoocommerce_checkout_update_order_reviewincludes\functions.php:722
filterwoocommerce_checkout_fieldsincludes\functions.php:866
actionsave_postincludes\functions.php:893
actionelementor/document/after_saveincludes\functions.php:894
actionwoocommerce_checkout_create_orderincludes\functions.php:1058
filterwoocommerce_checkout_posted_dataincludes\functions.php:1104
filterelementor/editor/localize_settingsincludes\pro-widgets.php:15
actionelementor/editor/after_enqueue_scriptsincludes\pro-widgets.php:16
actiontemplate_redirectincludes\templates\class-mpd-template-builder.php:106
actionwp_enqueue_scriptsincludes\templates\class-mpd-template-builder.php:109
actionrest_api_initincludes\templates\class-mpd-template-builder.php:112
filterbody_classincludes\templates\class-mpd-template-builder.php:115
actioninitincludes\templates\class-mpd-template-builder.php:118
actioninitincludes\templates\class-mpd-template-manager.php:85
filterelementor/cpt_supportincludes\templates\class-mpd-template-manager.php:89
actioninitincludes\templates\class-mpd-template-manager.php:92
filtertheme_mpd_template_templatesincludes\templates\class-mpd-template-manager.php:95
actionelementor/loadedincludes\templates\class-mpd-template-manager.php:101
actionpre_get_postsincludes\templates\class-mpd-template-manager.php:105
actiontemplate_redirectincludes\templates\class-mpd-template-manager.php:106
filtersingle_templateincludes\templates\class-mpd-template-manager.php:109
filtertemplate_includeincludes\templates\class-mpd-template-manager.php:110
actionelementor/documents/registerincludes\templates\class-mpd-template-manager.php:113
actionelementor/preview/initincludes\templates\class-mpd-template-manager.php:116
actionadmin_noticesincludes\templates\class-mpd-template-manager.php:119
actionsave_post_mpd_templateincludes\templates\class-mpd-template-manager.php:122
actiondelete_postincludes\templates\class-mpd-template-manager.php:123
actiontrashed_postincludes\templates\class-mpd-template-manager.php:124
actionelementor/theme/register_conditionsincludes\templates\class-mpd-template-manager.php:554
actionelementor/documents/registerincludes\templates\class-mpd-template-manager.php:573
filtertemplate_includeincludes\templates\class-mpd-template-renderer.php:90
actionwp_enqueue_scriptsincludes\templates\class-mpd-template-renderer.php:237
actionmpd_render_templateincludes\templates\class-mpd-template-renderer.php:244
actionwp_enqueue_scriptsincludes\templates\class-mpd-template-renderer.php:296
actionrest_api_initincludes\templates\prelayouts\class-mpd-prelayout-manager.php:89
actionafter_setup_themeincludes\templates\prelayouts\class-mpd-prelayout-manager.php:92
actionmpd_cleanup_rate_limitsincludes\widgets\ajax-search\ajax-search-handler.php:20
filterwoocommerce_checkout_fieldsincludes\widgets\checkout\class-mpd-widget-multi-step-checkout.php:1686
filterwoocommerce_cart_item_nameincludes\widgets\checkout\class-mpd-widget-multi-step-checkout.php:1690
filterwoocommerce_cart_item_nameincludes\widgets\checkout\class-mpd-widget-order-review.php:774
actionwoocommerce_before_shop_loopincludes\widgets\shop-products.php:1045
actionwoocommerce_before_shop_loopincludes\widgets\shop-products.php:1046
filterwoocommerce_product_single_add_to_cart_textincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:967
filterwoocommerce_loop_add_to_cart_linkincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:978
actionwoocommerce_before_add_to_cart_buttonincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:981
actionwoocommerce_after_add_to_cart_buttonincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:988
filterwoocommerce_quantity_input_argsincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:1018
filterwoocommerce_quantity_input_classesincludes\widgets\single-product\class-mpd-widget-add-to-cart.php:1286
actionwoocommerce_before_single_product_summaryincludes\widgets\single-product\class-mpd-widget-product-gallery.php:558
filterwoocommerce_review_gravatar_sizeincludes\widgets\single-product\class-mpd-widget-product-reviews.php:541
filtercomments_per_pageincludes\widgets\single-product\class-mpd-widget-product-reviews.php:548
filterwoocommerce_product_tabsincludes\widgets\single-product\class-mpd-widget-product-tabs.php:928
actioninitmagical-products-display.php:122
actionplugins_loadedmagical-products-display.php:123
filtercron_schedulesmagical-products-display.php:126
actionadmin_initmagical-products-display.php:132
actioninitmagical-products-display.php:135
actionadmin_noticesmagical-products-display.php:242
actionadmin_noticesmagical-products-display.php:248
actionadmin_noticesmagical-products-display.php:254
actionadmin_noticesmagical-products-display.php:260
actionadmin_noticesmagical-products-display.php:266
actionadmin_noticesmagical-products-display.php:273

Scheduled Events 3

mpd_daily_license_check
mpd_weekly_cleanup
mpd_cleanup_rate_limits
Maintenance & Trust

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads94K

Community Trust

Rating100/100
Number of ratings9
Active installs3K
Alternatives

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Alternatives

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

A
96

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter &hellip;

90K 4 CVEs
ShopBuilder – WooCommerce Builder For Elementor

ShopBuilder – WooCommerce Builder For Elementor

shopbuilder

A
95

WooCommerce builder for Elementor includes 80+ widgets, WooCommerce templates, quick view, compare, wishlist, shop & archive page builder and more.

9K 3 CVEs
CoDesigner – All in One Elementor WooCommerce Builder

CoDesigner – All in One Elementor WooCommerce Builder

woolementor

D
47

Design stunning WooCommerce sites that sell with 94+ Widgets, 14+ Modules, & 150+ Templates of CoDesigner Elementor WooCommerce addon.

6K 2 unpatched
ShopMaker – Elementor WooCommerce Builder, Widgets & Templates

ShopMaker – Elementor WooCommerce Builder, Widgets & Templates

shopmaker

A
100

Create fully custom WooCommerce pages with Elementor: 50+ dedicated WooCommerce widgets and beautiful pre-designed templates.

90 No CVEs
UnikForce Elementor WooCommerce Builder

UnikForce Elementor WooCommerce Builder

unikforce-elementor-woocommerce

A
100

Enhance your Elementor page building experience with elementor dynamic woocommerce builder. Add power to your woocommerce builder using our easy-to-us &hellip;

0 No CVEs
Developer Profile

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder Developer Profile

Noor Alam

102 plugins · 29K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/magical-products-display/assets/css/frontend.css/wp-content/plugins/magical-products-display/assets/js/frontend.js
Script Paths
/wp-content/plugins/magical-products-display/assets/js/frontend.js
Version Parameters
magical-products-display/assets/css/frontend.css?ver=magical-products-display/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
mpd-products-wrap
Data Attributes
data-elementor-iddata-elementor-type
JS Globals
mpd_frontend_ajax_object
REST Endpoints
/wp-json/mpd-api/v1/get-products
Shortcode Output
[mpd_products]
FAQ

Frequently Asked Questions about Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder