Does Most Viewed Products for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Most Viewed Products for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Most Viewed Products for WooCommerce compatible with WordPress 5.4.19?

According to WordPress.org data, Most Viewed Products for WooCommerce 1.2.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Most Viewed Products for WooCommerce compatible with PHP 5.6.20+?

Most Viewed Products for WooCommerce requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Most Viewed Products for WooCommerce updated?

Most Viewed Products for WooCommerce was last updated on Oct 4, 2020. Frequent updates are generally a positive security signal.

What is Most Viewed Products for WooCommerce's security score?

Most Viewed Products for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Most Viewed Products for WooCommerce Security Review

Safety Verdict

Is Most Viewed Products for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Most Viewed Products for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The security posture of the "most-viewed-products-for-woocommerce" plugin v1.2.0 presents a mixed bag of good practices alongside specific concerns. On the positive side, the plugin demonstrates a commitment to secure database interactions by utilizing prepared statements for all SQL queries and avoids external HTTP requests. The limited attack surface, with only one shortcode and no AJAX handlers or REST API routes with accessible entry points, is also a strength. However, the presence of a dangerous function like `create_function` is a significant red flag, as it can be a vector for code injection if not handled with extreme care. Furthermore, the relatively low percentage of properly escaped output (44%) suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the lack of explicit nonce checks on its single entry point. The absence of recorded vulnerabilities in its history is positive, but this could also be due to a lack of extensive security auditing or reporting rather than a guarantee of complete security. Overall, while the plugin has some solid security foundations, the identified code signals warrant careful attention and potential remediation.

Key Concerns

Dangerous function `create_function` used
Low output escaping percentage (44%)
No nonce checks on entry points

Vulnerabilities

None known

Most Viewed Products for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Most Viewed Products for WooCommerce Code Analysis

Dangerous Functions

1

Raw SQL Queries

0

0 prepared

Unescaped Output

15

12 escaped

Nonce Checks

0

Capability Checks

2

File Operations

0

External Requests

0

Bundled Libraries

0

Dangerous Functions Found

create_functionadd_action( 'admin_notices', create_function( null, 'echo \'<div class="error"><p>\' . sprintf( __( woocommerce-most-viewed-products.php:28