Does Out Of Stock Badge have any unpatched vulnerabilities?

Yes — Out Of Stock Badge currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Out Of Stock Badge compatible with WordPress 6.9.4?

According to WordPress.org data, Out Of Stock Badge 2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Out Of Stock Badge compatible with PHP 5.2.4+?

Out Of Stock Badge requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Out Of Stock Badge updated?

Out Of Stock Badge was last updated on Dec 23, 2025. Frequent updates are generally a positive security signal.

What is Out Of Stock Badge's security score?

Out Of Stock Badge has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Out Of Stock Badge Security & Risk Analysis

wordpress.org/plugins/out-of-stock-badge

Add a badge to product images on woocommerce shop page to advise customers that the product is out of stock. The text on the badge is customizable to …

100 active installs v2.0 PHP 5.2.4+ WP 3.8+ Updated Dec 23, 2025

out-of-stock-badgesold-out-badgewoocommerce-out-of-stock-textwoocommerce-shop-page-out-of-stockwoocommerce-sold-out-text

B · Generally Safe

CVEs total1

Unpatched1

Last CVENov 28, 2024

Plugin page Download

Safety Verdict

Is Out Of Stock Badge Safe to Use in 2026?

Mostly Safe

Score 79/100

Out Of Stock Badge is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Nov 28, 2024Updated 3mo ago

Risk Assessment

The "out-of-stock-badge" v2.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of direct attack surface points like AJAX handlers, REST API routes, or shortcodes, and the lack of dangerous functions or file operations are positive indicators. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests. The presence of capability checks, albeit only two, is also a good sign for securing administrative functions.

However, concerns arise from the taint analysis, which identified one flow with an unsanitized path. While this is not classified as critical or high severity, it represents a potential weakness that could be exploited if certain conditions are met. The output escaping is also not perfect, with 65% properly escaped, leaving room for potential XSS vulnerabilities in the remaining 35% of outputs.

The vulnerability history reveals a past medium-severity vulnerability and a currently unpatched medium-severity vulnerability, both related to Cross-Site Request Forgery (CSRF). This pattern suggests a recurring weakness in handling user input or actions, and the fact that a vulnerability remains unpatched is a significant concern. While the plugin has strengths in its limited attack surface and secure SQL handling, the identified taint flow and the unpatched CSRF vulnerability necessitate caution.

Key Concerns

Unpatched CVE: 1 medium severity
Taint flow with unsanitized path
Output escaping is not fully proper (35% unescaped)
Past medium vulnerability (CSRF)

Vulnerabilities

Out Of Stock Badge Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-53754medium · 6.1Cross-Site Request Forgery (CSRF)

Out Of Stock Badge <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting

Nov 28, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Out Of Stock Badge Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

65% escaped20 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

arrowdesign_o_f_s_b_homepage (admin\admin.php:44)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Out Of Stock Badge Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_enqueue_scriptsadmin\admin.php:14

actionadmin_menuadmin\admin.php:19

actionwoocommerce_before_shop_loop_item_titleindex.php:55

filterplugin_row_metaindex.php:81

Maintenance & Trust

Out Of Stock Badge Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 23, 2025

PHP min version5.2.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Out Of Stock Badge Alternatives

Out of Stock Message Manager for WooCommerce

wc-out-of-stock-message

100

Out of Stock Message Manager is an official plugin maintained by the Coderstime that add features on the woocommerce product stock out.

3K No CVEs

Developer Profile

Out Of Stock Badge Developer Profile

Irish_Cathal

8 plugins · 640 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Out Of Stock Badge

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/out-of-stock-badge/css/style.css/wp-content/plugins/out-of-stock-badge/js/logic.js

Script Paths

/wp-content/plugins/out-of-stock-badge/js/logic.js

Version Parameters

out-of-stock-badge/css/style.css?ver=out-of-stock-badge/js/logic.js?ver=

HTML / DOM Fingerprints

CSS Classes

intro_text_classcontainer_for_left_and_rightcontainer_leftarrowD_notesDivwooLiveSalenav-tabnav-tab-wrappernav-tab-activenav-tab

Data Attributes

data-tabaria-label

FAQ