WP-Safety

Markup by Attribute for WooCommerce Security & Risk Analysis

wordpress.org/plugins/markup-by-attribute-for-woocommerce

This plugin adds product variation markup by attribute to WooCommerce and adjusts product variation regular and sale prices accordingly.

3K active installs v4.6.1 PHP 7.4.3+ WP 5.7+ Updated Apr 9, 2026
attributemarkuppricevariationwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Markup by Attribute for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Markup by Attribute for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin 'markup-by-attribute-for-woocommerce' version 4.6.0 exhibits a generally good security posture, with strong adherence to several best practices. The high percentage of SQL queries using prepared statements and the significant number of nonces and capability checks suggest a thoughtful approach to preventing common web vulnerabilities like SQL injection and privilege escalation. Furthermore, the absence of any recorded historical vulnerabilities or critical/high severity taint flows is a positive indicator of its stability and security over time.

However, a notable concern is the presence of one AJAX handler that lacks authentication checks. This unprotected entry point could potentially be exploited by unauthenticated users to trigger unintended actions or expose sensitive information, depending on the functionality it controls. While the static analysis did not reveal dangerous functions or unsanitized paths in taint flows, this single unprotected AJAX endpoint represents the most immediate and significant risk.

Overall, the plugin is well-developed with strong security foundations. The lack of historical vulnerabilities and the prevalent use of prepared statements and checks are commendable. The primary area for improvement and a source of a moderate risk is the need to secure the identified unprotected AJAX handler. Addressing this single point of failure would significantly enhance the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler found
  • 1 out of 4 AJAX handlers without auth
  • 33% of outputs not properly escaped
Vulnerabilities
None known

Markup by Attribute for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Markup by Attribute for WooCommerce Release Timeline

v4.6.1Current
v4.6.0
v4.5.0
v4.4.0
v4.3.9
v4.3.8
v4.3.7
v4.3.6
v4.3.5
v4.3.4
v4.3.2
v4.3.1
v4.3
v4.0.2
v3.14.2
v3.14.1
v3.13.2
v3.13.1
v3.12.3
v3.12.1
Code Analysis
Analyzed Mar 16, 2026

Markup by Attribute for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
32 prepared
Unescaped Output
30
61 escaped
Nonce Checks
7
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

91% prepared35 total queries

Output Escaping

67% escaped91 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
handleTermMarkupSave (src\backend\term.php:191)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Markup by Attribute for WooCommerce Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_handleMarkupReapplicationsrc\backend\product.php:34
authwp_ajax_getFormattedBasePricesrc\backend\product.php:37
authwp_ajax_mt2mba_refresh_general_panelsrc\backend\product.php:40
authwp_ajax_mt2mba_refresh_product_rowsrc\backend\productlist.php:95
WordPress Hooks 28
actionadmin_enqueue_scriptsmarkup-by-attribute-for-woocommerce.php:89
actionbefore_woocommerce_initmarkup-by-attribute-for-woocommerce.php:94
actionwoocommerce_initmarkup-by-attribute-for-woocommerce.php:268
actionwoocommerce_after_add_attribute_fieldssrc\backend\attribute.php:110
actionwoocommerce_after_edit_attribute_fieldssrc\backend\attribute.php:111
actionwoocommerce_before_attribute_deletesrc\backend\attribute.php:114
actionadmin_enqueue_scriptssrc\backend\product.php:25
actionwoocommerce_bulk_edit_variationssrc\backend\product.php:28
actionwoocommerce_product_options_general_product_datasrc\backend\product.php:31
filtermanage_edit-product_columnssrc\backend\productlist.php:81
actionmanage_product_posts_custom_columnsrc\backend\productlist.php:82
actionpre_get_postssrc\backend\productlist.php:85
actionadmin_enqueue_scriptssrc\backend\productlist.php:88
filterbulk_actions-edit-productsrc\backend\productlist.php:91
filterhandle_bulk_actions-edit-productsrc\backend\productlist.php:92
filterwoocommerce_get_sections_productssrc\backend\settings.php:106
filterwoocommerce_get_settings_productssrc\backend\settings.php:107
filtersanitize_option_mt2mba_max_variationssrc\backend\settings.php:108
actionadmin_noticessrc\backend\settings.php:362
filterpre_get_termssrc\backend\term.php:147
actionadmin_noticessrc\backend\term.php:274
filterwoocommerce_dropdown_variation_attribute_options_htmlsrc\frontend\options.php:59
actionadmin_enqueue_scriptssrc\utility\notices.php:68
actionadmin_initsrc\utility\notices.php:70
actionadmin_noticessrc\utility\notices.php:151
actionadmin_enqueue_scriptssrc\utility\pointers.php:75
filtermt2mba_admin_pointers-edit-termsrc\utility\pointers.php:77
filtermt2mba_admin_pointers-pluginssrc\utility\pointers.php:79
Maintenance & Trust

Markup by Attribute for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 9, 2026
PHP min version7.4.3
Downloads89K

Community Trust

Rating90/100
Number of ratings28
Active installs3K
Alternatives

Markup by Attribute for WooCommerce Alternatives

Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-variation-swatches

A
100

Beautiful Color, Image and Buttons Variation Swatches For WooCommerce Product Attributes

300K 1 CVE
Variation Swatches for WooCommerce – Color, Image & Size Swatches

Variation Swatches for WooCommerce – Color, Image & Size Swatches

variation-swatches-woo

A
100

Variation Swatches for WooCommerce replaces dropdowns with color, image & size swatches, helping shoppers decide faster and buy with confidence.

200K No CVEs
WCBoost – Variation Swatches

WCBoost – Variation Swatches

wcboost-variation-swatches

A
100

WCBoost – Variation Swatches is the ultimate plugin to display WooCommerce product variations in style.

50K No CVEs
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

product-variation-swatches-for-woocommerce

A
100

Variation Swatches for WooCommerce plugin adds button, Image, radio, and color swatches to your product attribute & enhance the product selection.

10K 1 CVE
Variation Price Display Range for WooCommerce

Variation Price Display Range for WooCommerce

variation-price-display

A
100

Adds lots of advanced options to control how you display the price for your WooCommerce variable products.

10K No CVEs
Developer Profile

Markup by Attribute for WooCommerce Developer Profile

Mark Tomlinson

1 plugin · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Markup by Attribute for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/markup-by-attribute-for-woocommerce/src/css/admin-style.css
Version Parameters
markup-by-attribute-for-woocommerce/src/css/admin-style.css?ver=

HTML / DOM Fingerprints

Data Attributes
id="mt2mba_settings"id="mt2mba_instructions"
Shortcode Output
<span id="mbainfo">
FAQ

Frequently Asked Questions about Markup by Attribute for WooCommerce