WP-Safety

MOS Product Specifications for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mos-product-specifications-tab

Create structured WooCommerce product specification tables with unlimited rows, drag & drop sorting, tooltips, and responsive design.

30 active installs v1.0.3 PHP 7.4+ WP 6.6+ Updated Mar 4, 2026
custom-product-tabproduct-details-tableproduct-specification-tablewoocommerce-product-specificationswoocommerce-specs
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MOS Product Specifications for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

MOS Product Specifications for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The mos-product-specifications-tab plugin version 1.0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and a majority of SQL queries using prepared statements. The absence of any known CVEs and recorded vulnerabilities suggests a generally stable history, although this can also mean it hasn't been extensively tested or targeted.

However, a significant concern lies in its attack surface. The plugin exposes five AJAX handlers, with a concerning four of them lacking any authentication checks. This creates a substantial entry point for potential attackers to interact with the plugin's functionality without proper authorization, which could lead to unintended consequences or exploitation if specific functions are vulnerable. While taint analysis showed no critical or high-severity flows, the lack of authorization on AJAX endpoints is a critical oversight.

In conclusion, while the plugin shows strengths in secure coding practices like output escaping and prepared statements, the unprotected AJAX handlers are a significant weakness. This oversight creates a notable risk that needs to be addressed. The absence of historical vulnerabilities is a positive sign, but it does not negate the immediate security concerns presented by the exposed AJAX endpoints.

Key Concerns

  • 4 AJAX handlers without auth checks
  • High number of SQL queries, 34% not prepared
Vulnerabilities
None known

MOS Product Specifications for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MOS Product Specifications for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
29 prepared
Unescaped Output
3
110 escaped
Nonce Checks
6
Capability Checks
20
File Operations
2
External Requests
3
Bundled Libraries
0

SQL Query Safety

66% prepared44 total queries

Output Escaping

97% escaped113 total outputs
Attack Surface
4 unprotected

MOS Product Specifications for WooCommerce Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_mos_product_specifications_tab_reset_settingsincludes\API\Ajax_API.php:17
authwp_ajax_verify_user_passwordincludes\Core\Tools.php:23
authwp_ajax_mos_product_specifications_tab_reset_all_settingsincludes\Core\Tools.php:32
authwp_ajax_mos_product_specifications_tab_ajax_callbackincludes\Plugin.php:96
noprivwp_ajax_mos_product_specifications_tab_ajax_callbackincludes\Plugin.php:97
WordPress Hooks 27
actionrest_after_insert_feedbackdocs\webhook-config-example.php:54
actionrest_after_insert_feedbackdocs\webhook-config-example.php:81
actionrest_after_insert_feedbackdocs\webhook-config-example.php:103
actionwoocommerce_product_data_tabsincludes\Admin\AdminClass.php:58
actionwoocommerce_product_data_panelsincludes\Admin\AdminClass.php:59
actionsave_postincludes\Admin\AdminClass.php:60
actioninitincludes\API\Ajax_API.php:18
actionrest_api_initincludes\API\Rest_API.php:37
actionwp_headincludes\Core\More.php:15
actionwp_footerincludes\Core\More.php:16
filterall_pluginsincludes\Core\Tools.php:18
actionadmin_footerincludes\Core\Tools.php:21
actionadmin_initincludes\Hook\Action_Hook.php:25
actionadmin_menuincludes\Hook\Action_Hook.php:26
actioncurrent_screenincludes\Hook\Action_Hook.php:27
actionupgrader_process_completeincludes\Hook\Action_Hook.php:29
filteradmin_body_classincludes\Hook\Filter_Hook.php:35
filtermos_product_specifications_tab_default_options_modifyincludes\Hook\Filter_Hook.php:37
filtermos_product_specifications_tab_default_colors_modifyincludes\Hook\Filter_Hook.php:38
filtermos_product_specifications_tab_default_gradients_modifyincludes\Hook\Filter_Hook.php:39
filtermos_product_specifications_tab_default_tables_modifyincludes\Hook\Filter_Hook.php:40
filtermos_product_specifications_tab_action_links_extraincludes\Hook\Filter_Hook.php:45
actionadmin_enqueue_scriptsincludes\Plugin.php:78
actionadmin_enqueue_scriptsincludes\Plugin.php:79
actionwp_enqueue_scriptsincludes\Plugin.php:93
actionwp_enqueue_scriptsincludes\Plugin.php:94
filterwoocommerce_product_tabsincludes\Public\PublicClass.php:61
Maintenance & Trust

MOS Product Specifications for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

MOS Product Specifications for WooCommerce Alternatives

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs

wp-expand-tabs-free

A
94

A customizable plugin to create and manage WooCommerce product tabs and WordPress tabs to organize content.

10K 5 CVEs
Dynamic Product Tabs Builder for WooCommerce

Dynamic Product Tabs Builder for WooCommerce

dynamic-product-tabs-builder-for-woocommerce

A
100

Create custom product tabs with custom content for clearer WooCommerce product pages - Defined sitewide or per product.

0 No CVEs
Developer Profile

MOS Product Specifications for WooCommerce Developer Profile

Md. Mostak Shahid

4 plugins · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MOS Product Specifications for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mos-product-specifications-tab/assets/css/mos-product-specifications-tab.css/wp-content/plugins/mos-product-specifications-tab/assets/js/mos-product-specifications-tab.js
Script Paths
/wp-content/plugins/mos-product-specifications-tab/assets/js/mos-product-specifications-tab.js
Version Parameters
mos-product-specifications-tab/assets/css/mos-product-specifications-tab.css?ver=mos-product-specifications-tab/assets/js/mos-product-specifications-tab.js?ver=

HTML / DOM Fingerprints

CSS Classes
mos-product-specifications-tab-wrapper
HTML Comments
<!-- MOS Product Specifications Tab --><!-- End MOS Product Specifications Tab -->
Data Attributes
data-mos-product-specifications-tab
JS Globals
mos_product_specifications_tab_ajax_object
REST Endpoints
/wp-json/mos-product-specifications-tab/v1/settings/wp-json/mos-product-specifications-tab/v1/products
Shortcode Output
[mos_product_specifications_tab]
FAQ

Frequently Asked Questions about MOS Product Specifications for WooCommerce