WP-Safety

Ni WooCommerce Product Enquiry Security & Risk Analysis

wordpress.org/plugins/ni-woocommerce-product-enquiry

Streamline Customer Communication and Drive Sales with "Ni WooCommerce Product Enquiry" Plugin.

200 active installs v4.1.8 PHP 7.0+ WP 4.7+ Updated Feb 18, 2024
connect-whatsappenquiryquotationwhatsappwoocommerce
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEMar 31, 2025
Plugin page Download
Safety Verdict

Is Ni WooCommerce Product Enquiry Safe to Use in 2026?

Use With Caution

Score 64/100

Ni WooCommerce Product Enquiry has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 2yr ago
Risk Assessment

The "ni-woocommerce-product-enquiry" plugin v4.1.8 presents a significant security risk due to a combination of concerning static analysis findings and a history of vulnerabilities. While the plugin demonstrates good practice by using prepared statements for SQL queries and avoiding file operations or external HTTP requests, these strengths are overshadowed by critical weaknesses. The analysis reveals a small but unprotected attack surface, with two AJAX handlers lacking any authentication or capability checks. This direct access to functionality without proper authorization is a major concern. Furthermore, the taint analysis indicates two flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited if user input is not properly handled. The plugin's vulnerability history, which includes one currently unpatched medium-severity CVE and a pattern of missing authorization vulnerabilities, strongly suggests that the developers have struggled with securing their code against authorization bypasses. This repeated issue, coupled with the current lack of authorization checks on entry points, indicates a systemic problem that needs immediate attention. The plugin has some good coding habits, but the identified security flaws, especially the unprotected AJAX handlers and the historical CVEs, place it in a precarious security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Unpatched medium severity CVE
  • Missing capability checks
  • Output escaping issues (52% proper)
Vulnerabilities
1 published

Ni WooCommerce Product Enquiry Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31580medium · 5.3Missing Authorization

Ni WooCommerce Product Enquiry <= 4.1.8 - Missing Authorization

Mar 31, 2025Unpatched
Version History

Ni WooCommerce Product Enquiry Release Timeline

v1.41 CVE
CVE-2025-31580
v1.31 CVE
CVE-2025-31580
v1.21 CVE
CVE-2025-31580
v1.11 CVE
CVE-2025-31580
Code Analysis
Analyzed Mar 16, 2026

Ni WooCommerce Product Enquiry Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
10
11 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

52% escaped21 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
admin_init_save (include\ni-enquiry-setting.php:16)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Ni WooCommerce Product Enquiry Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_ni_enquiry_ajax_requestinclude\ni-enquiry-init.php:20
noprivwp_ajax_ni_enquiry_ajax_requestinclude\ni-enquiry-init.php:21
WordPress Hooks 16
actionadmin_initinclude\ni-enquiry-init.php:11
actionadmin_menuinclude\ni-enquiry-init.php:12
actionwp_headinclude\ni-enquiry-init.php:13
actionwp_footerinclude\ni-enquiry-init.php:14
actionni_enquiry_form_datainclude\ni-enquiry-init.php:15
actionadmin_enqueue_scriptsinclude\ni-enquiry-init.php:16
filterplugin_row_metainclude\ni-enquiry-init.php:22
filteradmin_footer_textinclude\ni-enquiry-init.php:24
actionwoocommerce_product_meta_endinclude\ni-enquiry-init.php:118
actionwoocommerce_after_add_to_cart_forminclude\ni-enquiry-init.php:120
actionadmin_menuinclude\ni-enquiry-setting.php:9
actionadmin_initinclude\ni-enquiry-setting.php:10
actionadmin_initinclude\ni-enquiry-setting.php:11
actionactivated_pluginni-woocommerce-product-enquiry.php:26
filterplugin_action_linksni-woocommerce-product-enquiry.php:28
actionplugins_loadedni-woocommerce-product-enquiry.php:29
Maintenance & Trust

Ni WooCommerce Product Enquiry Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 18, 2024
PHP min version7.0
Downloads30K

Community Trust

Rating70/100
Number of ratings6
Active installs200
Alternatives

Ni WooCommerce Product Enquiry Alternatives

Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Social Chat – Click To Chat App Button

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A
100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE
WP Chat App

WP Chat App

wp-whatsapp

A
97

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs
OneClick Chat to Order

OneClick Chat to Order

oneclick-whatsapp-order

A
92

Transform your WooCommerce store with seamless WhatsApp integration. Enable customers to order products instantly via WhatsApp with enhanced features.

40K 6 CVEs
Simple Chat Button

Simple Chat Button

simple-chat-button

A
100

WhatsApp Chat Button - Display the beautiful WhatsApp Sticky Button on the WordPress frontend.

40K No CVEs
Developer Profile

Ni WooCommerce Product Enquiry Developer Profile

Anzar Ahmed

26 plugins · 5K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
228 days
View full developer profile
Detection Fingerprints

How We Detect Ni WooCommerce Product Enquiry

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
../admin/js/bootstrap.js../admin/js/popper.min.js../admin/css/bootstrap.min.css../admin/css/niwoope-style.css../js/ni-enquiry.js../js/ni-enquiry-ajax-script.js
Script Paths
../admin/js/bootstrap.js../admin/js/popper.min.js../admin/css/bootstrap.min.css../admin/css/niwoope-style.css../js/ni-enquiry.js../js/ni-enquiry-ajax-script.js

HTML / DOM Fingerprints

CSS Classes
niwoope-style
HTML Comments
<!-- Add Enquiry button on woocommerce product detail page -->
Data Attributes
data-plugin_name="ni-woocommerce-product-enquiry"data-version="4.1.8"
JS Globals
ni_enquiry_ajax_object
REST Endpoints
/wp-json/niwoope/v1/enquiry_form
FAQ

Frequently Asked Questions about Ni WooCommerce Product Enquiry