Does Neon Product Designer have any unpatched vulnerabilities?

Yes — Neon Product Designer currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Neon Product Designer compatible with WordPress 6.8.5?

According to WordPress.org data, Neon Product Designer 2.2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Neon Product Designer compatible with PHP 7.0+?

Neon Product Designer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Neon Product Designer updated?

Neon Product Designer was last updated on Jul 31, 2025. Frequent updates are generally a positive security signal.

What is Neon Product Designer's security score?

Neon Product Designer has a WP-Safety security score of 54/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Neon Product Designer Security & Risk Analysis

wordpress.org/plugins/neon-product-designer-for-woocommerce

NPD is a WordPress/WooCommerce plugin that helps you set up your online custom neon sign store, and receives orders from your customers.

50 active installs v2.2.0 PHP 7.0+ WP 5.0+ Updated Jul 31, 2025

custom-neonneon-product-configuratorneon-product-designerneon-product-makerneon-sign-designer

C · Use Caution

CVEs total2

Unpatched2

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Neon Product Designer Safe to Use in 2026?

Use With Caution

Score 54/100

Neon Product Designer has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Apr 9, 2025Updated 8mo ago

Risk Assessment

The "neon-product-designer-for-woocommerce" plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping, with 96% of outputs properly handled, and employs nonce checks frequently, several significant concerns raise the risk profile. The presence of 6 AJAX handlers without authentication checks represents a substantial attack surface, making it vulnerable to unauthorized actions. Furthermore, the use of the `unserialize` function, especially without proper input validation, is a known risky practice that could lead to remote code execution if exploited with malicious serialized data. The plugin's vulnerability history, with two currently unpatched CVEs including a high-severity SQL injection, is a strong indicator of recurring security weaknesses. The prevalence of SQL injection vulnerabilities in its history suggests a systemic issue with database query sanitization.

Key Concerns

Unpatched High Severity CVEs
Unpatched Medium Severity CVEs
AJAX handlers without auth checks
Use of dangerous function: unserialize
SQL queries not using prepared statements
Bundled libraries (Select2)

Vulnerabilities

Neon Product Designer Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-32565high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Neon Product Designer <= 2.1.1 - Unauthenticated SQL Injection

Apr 9, 2025Unpatched

CVE-2025-22799medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Neon Product Designer <= 2.1.1 - Authenticated (Contributor+) SQL Injection

Jan 13, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Neon Product Designer Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

700 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $npc_data );includes\functions.php:101

Bundled Libraries

Select2

SQL Query Safety

50% prepared6 total queries

Output Escaping

96% escaped730 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

display (includes\skins\default\class-npd-skin-default.php:26)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Neon Product Designer Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 6

authwp_ajax_npd_clean_dismiss_promoincludes\class-neon-product-designer.php:171

authwp_ajax_npd_clean_track_plugin_clickincludes\class-neon-product-designer.php:172

authwp_ajax_npd_store_variation_attributesincludes\class-neon-product-designer.php:263

noprivwp_ajax_npd_store_variation_attributesincludes\class-neon-product-designer.php:264

authwp_ajax_add_custom_design_to_cartincludes\class-neon-product-designer.php:269

noprivwp_ajax_add_custom_design_to_cartincludes\class-neon-product-designer.php:270

Shortcodes 2

[npd-products] public\class-neon-product-designer-public.php:117

[npd-editor] public\class-neon-product-designer-public.php:118

WordPress Hooks 63

actionplugins_loadedincludes\class-neon-product-designer.php:143

actionadmin_enqueue_scriptsincludes\class-neon-product-designer.php:159

actionadmin_enqueue_scriptsincludes\class-neon-product-designer.php:160

actionadmin_menuincludes\class-neon-product-designer.php:161

actioninitincludes\class-neon-product-designer.php:162

actioninitincludes\class-neon-product-designer.php:163

filterupload_mimesincludes\class-neon-product-designer.php:164

actionadmin_noticesincludes\class-neon-product-designer.php:165

actionadmin_noticesincludes\class-neon-product-designer.php:166

actionadmin_noticesincludes\class-neon-product-designer.php:167

actionadmin_noticesincludes\class-neon-product-designer.php:168

filterwp_check_filetype_and_extincludes\class-neon-product-designer.php:169

actioninitincludes\class-neon-product-designer.php:176

actionadd_meta_boxesincludes\class-neon-product-designer.php:177

actionsave_post_npd-scenesincludes\class-neon-product-designer.php:178

actioninitincludes\class-neon-product-designer.php:183

actionadd_meta_boxesincludes\class-neon-product-designer.php:184

actionsave_post_npd-colors-paletteincludes\class-neon-product-designer.php:185

actioninitincludes\class-neon-product-designer.php:190

actionsave_post_npd-configincludes\class-neon-product-designer.php:191

actionsave_post_productincludes\class-neon-product-designer.php:192

actionadd_meta_boxesincludes\class-neon-product-designer.php:193

actionwoocommerce_product_options_general_product_dataincludes\class-neon-product-designer.php:194

actionwoocommerce_product_after_variable_attributesincludes\class-neon-product-designer.php:195

filterget_user_option_meta-box-order_npd-configincludes\class-neon-product-designer.php:196

actionadmin_action_npd_duplicate_configincludes\class-neon-product-designer.php:197

filterpost_row_actionsincludes\class-neon-product-designer.php:198

actionwoocommerce_save_product_variationincludes\class-neon-product-designer.php:199

filterscreen_layout_columnsincludes\class-neon-product-designer.php:200

filterget_user_option_screen_layout_npd-configincludes\class-neon-product-designer.php:201

filtermanage_edit-product_columnsincludes\class-neon-product-designer.php:205

actionmanage_product_posts_custom_columnincludes\class-neon-product-designer.php:206

actionsave_post_productincludes\class-neon-product-designer.php:207

actionwoocommerce_save_product_variationincludes\class-neon-product-designer.php:208

actionwoocommerce_product_options_inventory_product_dataincludes\class-neon-product-designer.php:209

actionwoocommerce_after_add_to_cart_buttonincludes\class-neon-product-designer.php:212

actionwp_enqueue_scriptsincludes\class-neon-product-designer.php:229

actionwp_enqueue_scriptsincludes\class-neon-product-designer.php:230

actioninitincludes\class-neon-product-designer.php:232

actionwoocommerce_after_add_to_cart_buttonincludes\class-neon-product-designer.php:233

filterwoocommerce_loop_add_to_cart_linkincludes\class-neon-product-designer.php:235

filterquery_varsincludes\class-neon-product-designer.php:238

filterinitincludes\class-neon-product-designer.php:239

filterbody_classincludes\class-neon-product-designer.php:244

actioninitincludes\class-neon-product-designer.php:247

filterbody_classincludes\class-neon-product-designer.php:251

filterpost_classincludes\class-neon-product-designer.php:254

actioninitincludes\class-neon-product-designer.php:257

actionwoocommerce_order_item_meta_startincludes\class-neon-product-designer.php:260

filterwoocommerce_cart_item_thumbnailincludes\class-neon-product-designer.php:271

filterwoocommerce_cart_item_nameincludes\class-neon-product-designer.php:272

filterwoocommerce_after_cart_item_nameincludes\class-neon-product-designer.php:273

actionwoocommerce_after_order_itemmetaincludes\class-neon-product-designer.php:275

actionwoocommerce_checkout_create_order_line_itemincludes\class-neon-product-designer.php:277

actionwoocommerce_before_calculate_totalsincludes\class-neon-product-designer.php:281

actionwoocommerce_order_item_meta_startincludes\class-neon-product-designer.php:284

filterkali_safe_style_cssincludes\kali-admin-tools\kali-admin-tools.php:958

filterwoocommerce_in_cart_product_titlepublic\class-neon-product-designer-public.php:297

filterwoocommerce_cart_item_namepublic\class-neon-product-designer-public.php:300

filterwoocommerce_in_cart_product_thumbnailpublic\class-neon-product-designer-public.php:305

filterwoocommerce_cart_item_namepublic\class-neon-product-designer-public.php:308

filterthe_contentpublic\class-neon-product-designer-public.php:319

actionwp_footerpublic\class-neon-product-designer-public.php:381

Maintenance & Trust

Neon Product Designer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 31, 2025

PHP min version7.0

Downloads6K

Community Trust

Rating60/100

Number of ratings2

Active installs50

Alternatives

Neon Product Designer Alternatives

No alternatives data available yet.

Developer Profile

Neon Product Designer Developer Profile

vertim

3 plugins · 100 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Neon Product Designer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neon-product-designer-for-woocommerce/includes/kali-admin-tools/css/kali-admin-ui.css/wp-content/plugins/neon-product-designer-for-woocommerce/includes/kali-admin-tools/css/select2.min.css/wp-content/plugins/neon-product-designer-for-woocommerce/includes/kali-admin-tools/js/modal/modal.min.css/wp-content/plugins/neon-product-designer-for-woocommerce/includes/kali-admin-tools/js/select2.min.js/wp-content/plugins/neon-product-designer-for-woocommerce/admin/css/neon-product-designer-admin.css/wp-content/plugins/neon-product-designer-for-woocommerce/admin/js/neon-product-designer-admin.js/wp-content/plugins/neon-product-designer-for-woocommerce/admin/js/npd-free-promo.js

Version Parameters

neon-product-designer-for-woocommerce/admin/css/neon-product-designer-admin.css?ver=neon-product-designer-for-woocommerce/admin/js/neon-product-designer-admin.js?ver=neon-product-designer-for-woocommerce/admin/js/npd-free-promo.js?ver=

HTML / DOM Fingerprints

CSS Classes

npd-add-to-cart

Data Attributes

data-npd-product-id

JS Globals

NPD_URL

Shortcode Output

[npd_add_to_cart]

FAQ

Neon Product Designer Security & Risk Analysis

Is Neon Product Designer Safe to Use in 2026?

Use With Caution

Key Concerns

Neon Product Designer Security Vulnerabilities

CVEs by Year

Severity Breakdown

Neon Product Designer Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Neon Product Designer Attack Surface

AJAX Handlers 6

Shortcodes 2

Neon Product Designer Maintenance & Trust

Maintenance Signals

Community Trust

Neon Product Designer Alternatives

Neon Product Designer Developer Profile

How We Detect Neon Product Designer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Neon Product Designer