WP-Safety

MSRP (RRP) Pricing for WooCommerce Security & Risk Analysis

wordpress.org/plugins/msrp-for-woocommerce

Show product Manufacturer's Suggested Retail Price (MSRP) in WooCommerce in your store to increase sales & highlight your competitive prices

300 active installs v2.0.1 PHP + WP 4.4+ Updated Sep 5, 2025
marketingmsrppromotionrrpsales
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 10, 2025
Plugin page Download
Safety Verdict

Is MSRP (RRP) Pricing for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

MSRP (RRP) Pricing for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 10, 2025Updated 8mo ago
Risk Assessment

The "msrp-for-woocommerce" plugin v2.0.1 exhibits a generally good security posture with a small attack surface and a high percentage of properly escaped outputs. The plugin also demonstrates a reasonable number of nonce and capability checks, which are crucial for preventing unauthorized actions. However, the presence of two instances of the `unserialize` function is a significant concern, as unserialization of untrusted data can lead to remote code execution vulnerabilities. While taint analysis did not reveal any immediate exploitable flows, the inherent risk associated with `unserialize` remains. The plugin's vulnerability history shows a past medium-severity Cross-Site Scripting (XSS) vulnerability, indicating a prior weakness in input neutralization. Although currently patched and no unpatched CVEs are listed, this history warrants continued vigilance. Overall, the plugin has strengths in output handling and attack surface management, but the use of `unserialize` and the past XSS vulnerability represent notable areas of risk that require careful consideration.

Key Concerns

  • Dangerous function 'unserialize' found
  • SQL queries not using prepared statements
  • Past medium severity CVE (XSS)
Vulnerabilities
1 published

MSRP (RRP) Pricing for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32552medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MSRP (RRP) Pricing for WooCommerce <= 1.8.1 - Reflected Cross-Site Scripting

Apr 10, 2025 Patched in 2.0.0 (7d)
Version History

MSRP (RRP) Pricing for WooCommerce Release Timeline

v2.0.1Current
v2.0.0
v1.8.11 CVE
CVE-2025-32552
v1.8.01 CVE
CVE-2025-32552
v1.7.121 CVE
CVE-2025-32552
v1.7.111 CVE
CVE-2025-32552
v1.7.101 CVE
CVE-2025-32552
v1.7.91 CVE
CVE-2025-32552
v1.7.81 CVE
CVE-2025-32552
v1.7.71 CVE
CVE-2025-32552
v1.7.61 CVE
CVE-2025-32552
v1.7.51 CVE
CVE-2025-32552
v1.7.41 CVE
CVE-2025-32552
v1.7.31 CVE
CVE-2025-32552
v1.7.21 CVE
CVE-2025-32552
v1.7.11 CVE
CVE-2025-32552
v1.71 CVE
CVE-2025-32552
v1.6.41 CVE
CVE-2025-32552
v1.6.31 CVE
CVE-2025-32552
v1.6.21 CVE
CVE-2025-32552
Code Analysis
Analyzed Mar 16, 2026

MSRP (RRP) Pricing for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
0 prepared
Unescaped Output
2
102 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializeunserialize( $variation_data['_alg_msrp_by_country'][0] ) :includes\class-alg-wc-msrp-core.php:561
unserializeunserialize( $variation_data['_alg_msrp_by_currency'][0] ) :includes\class-alg-wc-msrp-core.php:585

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped104 total outputs
Attack Surface

MSRP (RRP) Pricing for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[alg_wc_msrp_wpml] includes\class-alg-wc-msrp-core.php:247
WordPress Hooks 26
actionadmin_initincludes\class-alg-wc-msrp-bulk-price-converter-tool.php:41
actionadmin_menuincludes\class-alg-wc-msrp-bulk-price-converter-tool.php:42
actionadmin_noticesincludes\class-alg-wc-msrp-bulk-price-converter-tool.php:84
actionwoocommerce_product_options_pricingincludes\class-alg-wc-msrp-core.php:95
actionsave_post_productincludes\class-alg-wc-msrp-core.php:96
actionwoocommerce_variation_options_pricingincludes\class-alg-wc-msrp-core.php:99
actionwoocommerce_save_product_variationincludes\class-alg-wc-msrp-core.php:100
actionwoocommerce_product_options_general_product_dataincludes\class-alg-wc-msrp-core.php:101
filtermanage_edit-product_columnsincludes\class-alg-wc-msrp-core.php:105
actionmanage_product_posts_custom_columnincludes\class-alg-wc-msrp-core.php:106
actionwoocommerce_product_bulk_and_quick_editincludes\class-alg-wc-msrp-core.php:128
filterwoocommerce_get_price_htmlincludes\class-alg-wc-msrp-core.php:135
actionwoocommerce_delete_product_transientsincludes\class-alg-wc-msrp-core.php:152
filterwoocommerce_get_price_htmlincludes\class-alg-wc-msrp-core.php:241
filterwoocommerce_cart_item_priceincludes\class-alg-wc-msrp-core.php:244
filterwoocommerce_get_price_htmlincludes\class-alg-wc-msrp-core.php:1230
actioninitincludes\class-alg-wc-msrp.php:86
actionbefore_woocommerce_initincludes\class-alg-wc-msrp.php:89
filterwoocommerce_get_settings_pagesincludes\class-alg-wc-msrp.php:184
actionadmin_initincludes\class-alg-wc-msrp.php:191
actionadmin_initincludes\settings\class-alg-wc-msrp-settings-admin-advanced.php:39
actionadmin_noticesincludes\settings\class-alg-wc-msrp-settings-admin-advanced.php:161
filterwoocommerce_get_sections_alg_wc_msrpincludes\settings\class-alg-wc-msrp-settings-section.php:40
filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-settings-msrp.php:37
actionadmin_noticesincludes\settings\class-alg-wc-settings-msrp.php:106
actionplugins_loadedmsrp-for-woocommerce.php:65
Maintenance & Trust

MSRP (RRP) Pricing for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 5, 2025
PHP min version
Downloads18K

Community Trust

Rating86/100
Number of ratings9
Active installs300
Alternatives

MSRP (RRP) Pricing for WooCommerce Alternatives

AutoPromote

AutoPromote

autopromote

A
100

Dynamically update sales information, banners, announcements, and promotions with ease across your website.

0 No CVEs
Nexora Promo Messages for WooCommerce

Nexora Promo Messages for WooCommerce

nexora-promo-messages-for-woocommerce

A
100

Increase WooCommerce sales with eye-catching promo messages. Highlight offers, urgency, and product benefits directly on product & shop pages.

0 No CVEs
Smart Discount

Smart Discount

smart-discount

A
100

🚀 Transform Your WooCommerce Store with Dynamic Discounts Create engaging bulk discounts with real-time progress messages to boost sales.

0 No CVEs
Account Engagement

Account Engagement

pardot

A
92

Integrate Account Engagement with WordPress: easily track visitors, embed forms and dynamic content in pages and posts, or use the forms or dynamic co &hellip;

2K 1 CVE
Woobox

Woobox

woobox

A
99

Easily embed your Woobox promotions in WordPress using a simple shortcode.

1K 2 CVEs
Developer Profile

MSRP (RRP) Pricing for WooCommerce Developer Profile

WPFactory

64 plugins · 137K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
94 days
View full developer profile
Detection Fingerprints

How We Detect MSRP (RRP) Pricing for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/msrp-for-woocommerce/assets/css/alg-wc-msrp.css/wp-content/plugins/msrp-for-woocommerce/assets/js/alg-wc-msrp.js
Script Paths
/wp-content/plugins/msrp-for-woocommerce/assets/js/alg-wc-msrp.js
Version Parameters
msrp-for-woocommerce/assets/css/alg-wc-msrp.css?ver=msrp-for-woocommerce/assets/js/alg-wc-msrp.js?ver=

HTML / DOM Fingerprints

CSS Classes
alg-wc-msrp-admin-field-label
Data Attributes
data-alg-wc-msrp-placeholder
JS Globals
alg_wc_msrp_options
Shortcode Output
[alg_wc_msrp]
FAQ

Frequently Asked Questions about MSRP (RRP) Pricing for WooCommerce