WP-Safety

Request Quote for WooCommerce Security & Risk Analysis

wordpress.org/plugins/make-cart-to-quote-for-woocommerce

Request A Quote for WooCommerce You can add quotes for woocommerce products in shop page and product page. Make Cart to Quote for Woocommerce setup ca …

10 active installs v1.0 PHP + WP + Updated Mar 5, 2026
add-to-quote
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Request Quote for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Request Quote for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "make-cart-to-quote-for-woocommerce" plugin version 1.0 exhibits a concerning security posture, primarily due to a significant lack of proper authentication and authorization checks across its exposed entry points. While the plugin demonstrates good practices in handling SQL queries and output escaping, the absence of these fundamental security measures on all identified AJAX handlers and REST API routes creates a substantial attack surface.

The static analysis reveals that all 8 AJAX handlers and 1 REST API route are unprotected. This means any unauthenticated user could potentially interact with these components, leading to unauthorized actions or information disclosure if vulnerabilities exist within their functionality. The absence of capability checks and only one nonce check further exacerbates this risk, as it implies a reliance on indirect security measures or an assumption that these endpoints are not sensitive, which is a dangerous assumption.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This could indicate a history of good security practices or simply a lack of historical scrutiny. However, given the current static analysis findings, the absence of past vulnerabilities should not be interpreted as a guarantee of future safety. The overall conclusion is that while the plugin has strengths in data handling (SQL, output), its fundamental security architecture regarding access control is severely lacking, presenting a high risk of exploitation for unauthorized actions.

Key Concerns

  • All 8 AJAX handlers lack authentication checks
  • 1 REST API route lacks permission callbacks
  • No capability checks found
  • Only 1 nonce check found for 9 entry points
Vulnerabilities
None known

Request Quote for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Request Quote for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Request Quote for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
279 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

96% escaped292 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
mctqfw_save_setting_type (includes\admin.php:580)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Request Quote for WooCommerce Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 8

authwp_ajax_mctqfw_save_quoteincludes\frontend.php:62
noprivwp_ajax_mctqfw_save_quoteincludes\frontend.php:63
authwp_ajax_mctqfw_woocommerce_ajax_add_to_cartincludes\frontend.php:65
noprivwp_ajax_mctqfw_woocommerce_ajax_add_to_cartincludes\frontend.php:66
authwp_ajax_mctqfw_productidgetincludes\frontend.php:67
noprivwp_ajax_mctqfw_productidgetincludes\frontend.php:68
authwp_ajax_mctqfw_product_deleteincludes\frontend.php:69
noprivwp_ajax_mctqfw_product_deleteincludes\frontend.php:70

REST API Routes 1

GET/wp-json/mctqfw/v1/quoteincludes\frontend.php:4
WordPress Hooks 24
actionadmin_menuincludes\admin.php:2
actioninitincludes\admin.php:16
actionadmin_menuincludes\admin.php:53
actionadd_meta_boxesincludes\admin.php:55
actionsave_postincludes\admin.php:92
actionadd_meta_boxesincludes\admin.php:102
actionwoocommerce_product_options_general_product_dataincludes\admin.php:197
actionwoocommerce_admin_process_product_objectincludes\admin.php:212
actionwoocommerce_variation_options_pricingincludes\admin.php:220
actionwoocommerce_save_product_variationincludes\admin.php:235
filterwoocommerce_available_variationincludes\admin.php:243
actioninitincludes\admin.php:579
actioninitincludes\admin.php:759
actionrest_api_initincludes\frontend.php:3
actionwp_footerincludes\frontend.php:54
actioninitincludes\frontend.php:60
actionwoocommerce_after_shop_loop_itemincludes\frontend.php:61
actionwoocommerce_product_meta_startincludes\frontend.php:64
filterwoocommerce_is_purchasableincludes\frontend.php:80
filterwoocommerce_variable_sale_price_htmlincludes\frontend.php:88
filterwoocommerce_variable_price_htmlincludes\frontend.php:89
filterwoocommerce_get_price_htmlincludes\frontend.php:90
actionwp_enqueue_scriptsmake_cart_to_quote_main.php:28
actionadmin_enqueue_scriptsmake_cart_to_quote_main.php:129
Maintenance & Trust

Request Quote for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 5, 2026
PHP min version
Downloads1K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

Request Quote for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

Request Quote for WooCommerce Developer Profile

howdytheme

20 plugins · 5K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Request Quote for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/make-cart-to-quote-for-woocommerce/public/css/design.css/wp-content/plugins/make-cart-to-quote-for-woocommerce/public/js/design.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/build/frontend/index.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/src/assets/css/front-design.css/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/wp-color-picker-alpha.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/css/design.css/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/design.js
Script Paths
/wp-content/plugins/make-cart-to-quote-for-woocommerce/public/js/design.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/build/frontend/index.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/wp-color-picker-alpha.js/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/design.js
Version Parameters
/wp-content/plugins/make-cart-to-quote-for-woocommerce/public/css/design.css?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/public/js/design.js?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/build/frontend/index.js?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/src/assets/css/front-design.css?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/wp-color-picker-alpha.js?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/css/design.css?ver=/wp-content/plugins/make-cart-to-quote-for-woocommerce/admin/js/design.js?ver=

HTML / DOM Fingerprints

CSS Classes
mctqfw_quote_sidebar
HTML Comments
<!-- REACT FRONTEND ENQUEUE SCRIPT -->
Data Attributes
mctqfwproductidMCTQFW_GLOBALSMCTQFW_PRELOADED_QUOTEMCTQFW_PRELOADED_SETTINGS
JS Globals
mctqfwproductidMCTQFW_GLOBALSMCTQFW_PRELOADED_QUOTEMCTQFW_PRELOADED_SETTINGS
REST Endpoints
/wp-json/mctqfw/v1/quote
FAQ

Frequently Asked Questions about Request Quote for WooCommerce