WP-Safety

NS Custom Cart Message for WooCoomerce Security & Risk Analysis

wordpress.org/plugins/ns-custom-message-cart

Add a custom message in cart page! No code required!

30 active installs v1.2.4 PHP + WP 4.3+ Updated Feb 4, 2022
cart-message-woocommercecart-woocommercewoocommerce-cartwoocommerce-cart-messagewordpress-cart-message
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NS Custom Cart Message for WooCoomerce Safe to Use in 2026?

Generally Safe

Score 85/100

NS Custom Cart Message for WooCoomerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The ns-custom-message-cart plugin v1.2.4 exhibits a concerning security posture primarily due to its unprotected AJAX handlers, which represent its entire attack surface. While the plugin demonstrates good practices in its handling of SQL queries by exclusively using prepared statements and avoiding dangerous functions, the lack of authentication checks on its entry points creates a significant vulnerability. Any user, regardless of their logged-in status or permissions, can potentially interact with these AJAX handlers, making them prime targets for malicious exploitation.

The static analysis revealed two AJAX handlers, both lacking authentication. Although taint analysis did not reveal critical or high-severity unsanitized paths, the inherent risk of unprotected entry points remains. Furthermore, a low output escaping rate of 13% suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data may not be adequately sanitized before being displayed. The absence of any recorded vulnerabilities in its history might indicate a lack of scrutiny or a relatively new plugin, but it should not be interpreted as a sign of inherent security.

In conclusion, while the plugin's SQL handling is commendable, the unprotected AJAX endpoints and poor output escaping are serious weaknesses that expose the site to potential attacks, including unauthorized actions and XSS. The lack of vulnerability history is not a strong mitigating factor against these directly observable code flaws.

Key Concerns

  • AJAX handlers without auth checks
  • Low output escaping rate (13%)
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

NS Custom Cart Message for WooCoomerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

NS Custom Cart Message for WooCoomerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
27
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

13% escaped31 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
pe_deactivation_ajax_function (plugineye\plugineye-ajax\plugineye_on_deactivation_function.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

NS Custom Cart Message for WooCoomerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_pe_deactivation_ajax_functionplugineye\plugineye-ajax\plugineye_on_deactivation_function.php:2
noprivwp_ajax_pe_deactivation_ajax_functionplugineye\plugineye-ajax\plugineye_on_deactivation_function.php:3
WordPress Hooks 14
actionadmin_menuns-admin-options\ns-admin-options-setup.php:7
actionadmin_enqueue_scriptsns-admin-options\ns-admin-options-setup.php:13
actionwp_enqueue_scriptsns-admin-options\ns-admin-options-setup.php:20
actionadmin_initns-custom-message-cart-option.php:24
actionwoocommerce_before_cart_tablens-custom-message-cart.php:47
actionwoocommerce_after_cart_tablens-custom-message-cart.php:49
actionwoocommerce_after_cartns-custom-message-cart.php:50
filterplugin_action_linksplugineye\plugineye-class.php:96
actionadmin_menuplugineye\plugineye-class.php:113
actionadmin_enqueue_scriptsplugineye\plugineye-class.php:125
actionadmin_enqueue_scriptsplugineye\plugineye-class.php:136
actionactivated_pluginplugineye\plugineye-class.php:147
actionin_admin_footerplugineye\plugineye-class.php:401
actionactivated_pluginplugineye\plugineye-class.php:440
Maintenance & Trust

NS Custom Cart Message for WooCoomerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 4, 2022
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

NS Custom Cart Message for WooCoomerce Alternatives

NC Ajax Cart for woocommerce

NC Ajax Cart for woocommerce

nc-ajax-cart-for-woocommerce

A
85

This plugin allows you to add ajax driven drop down cart for your woocommerce store using shortcode [nc_ajax_cart]

30 No CVEs
side cart plus for woocommerce

side cart plus for woocommerce

side-cart-plus-for-woocommerce

A
85

Side cart for Woocommerce is an interactive Side Cart for your WooCommerce store.

10 No CVEs
Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

cart-for-woocommerce

A
100

FunnelKit Cart adds a beautiful sliding cart to your WooCommerce store. Let the buyers add items, edit quantity and add upsells on the side cart.

30K No CVEs
Abandoned Cart Lite for WooCommerce

Abandoned Cart Lite for WooCommerce

woocommerce-abandoned-cart

A
93

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Reduce cart abandonment, recover lost revenue & increase sales.

20K 12 CVEs
Disable Cart Fragments by Optimocha

Disable Cart Fragments by Optimocha

disable-cart-fragments

A
100

A better way to disable WooCommerce's cart fragments script, and re-enqueue it when the cart is updated. Works with all caching plugins.

10K No CVEs
Developer Profile

NS Custom Cart Message for WooCoomerce Developer Profile

NsThemes

24 plugins · 4K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NS Custom Cart Message for WooCoomerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ns-custom-message-cart/ns-admin-options/css/ns-option-css-page.css/wp-content/plugins/ns-custom-message-cart/ns-admin-options/css/ns-option-css-custom-page.css/wp-content/plugins/ns-custom-message-cart/ns-admin-options/js/ns-option-js-page.js/wp-content/plugins/ns-custom-message-cart/ns-admin-options/css/ns-option-css-class.css/wp-content/plugins/ns-custom-message-cart/plugineye/assets/css/plugineye_style.css/wp-content/plugins/ns-custom-message-cart/plugineye/assets/js/plugineye_scripts.js
Script Paths
/wp-content/plugins/ns-custom-message-cart/ns-admin-options/js/ns-option-js-page.js/wp-content/plugins/ns-custom-message-cart/plugineye/assets/js/plugineye_scripts.js
Version Parameters
ns-option-css-page.css?ver=ns-option-css-custom-page.css?ver=ns-option-js-page.js?ver=ns-option-css-class.css?ver=plugineye_style.css?ver=plugineye_scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
ns-woocommerce-ns_woocommerce_
HTML Comments
/* *** plugin options *** *//* *** add link premium *** *//* *** add menu page and add sub menu page *** *//* *** add style *** */+24 more
JS Globals
window.pe_data
FAQ

Frequently Asked Questions about NS Custom Cart Message for WooCoomerce