WP-Safety

Pofily – WooCommerce Product Filters Security & Risk Analysis

wordpress.org/plugins/pofily-woo-product-filters

Easily add customizable filters to WooCommerce products with Pofily. Tailor filters to customer needs for seamless product searches.

700 active installs v1.1.7 PHP 7.0+ WP 5.0.0+ Updated Nov 15, 2025
woocommerce-filter-by-categorywoocommerce-filterswoocommerce-price-filterwoocommerce-product-filter-pluginwoocommerce-product-filters
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pofily – WooCommerce Product Filters Safe to Use in 2026?

Generally Safe

Score 100/100

Pofily – WooCommerce Product Filters has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "pofily-woo-product-filters" plugin v1.1.7 demonstrates a generally good security posture with several strengths. The extensive use of prepared statements for SQL queries and a high percentage of properly escaped output are commendable practices that significantly reduce common web application vulnerabilities. The absence of known CVEs and critical taint flows further indicates a well-maintained and relatively secure codebase. The plugin also correctly utilizes nonce and capability checks in many areas, contributing to its defense against unauthorized actions.

However, a significant concern lies in the attack surface. With a total of 4 entry points, 3 of which are AJAX handlers lacking authentication checks, there is a considerable risk of unauthorized access or execution of sensitive actions. While no dangerous functions or unsanitized paths were identified in the static analysis, the unprotected AJAX endpoints present a clear vulnerability that could be exploited if these endpoints perform actions that should be restricted to authenticated users.

In conclusion, the plugin's foundation in secure coding practices like prepared statements and output escaping is strong. The lack of past vulnerabilities is positive. Nevertheless, the unauthenticated AJAX handlers represent a critical weakness that needs immediate attention to prevent potential security breaches. Addressing this aspect would significantly bolster the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

Pofily – WooCommerce Product Filters Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pofily – WooCommerce Product Filters Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
9
923 escaped
Nonce Checks
11
Capability Checks
9
File Operations
0
External Requests
2
Bundled Libraries
2

Bundled Libraries

Select2DataTables

SQL Query Safety

100% prepared16 total queries

Output Escaping

99% escaped932 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
viwcpf_save_settings (admin\class-woo-product-filters-admin.php:1021)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Pofily – WooCommerce Product Filters Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_viwcpf_search_termincludes\class-woo-product-filters.php:180
authwp_ajax_viwcpf_refresh_block_filterincludes\class-woo-product-filters.php:181
authwp_ajax_viwcpf_ajax_update_filterBlockincludes\class-woo-product-filters.php:182

Shortcodes 1

[VIWCPF_SHORTCODE] public\class-woo-product-filters-public.php:262
WordPress Hooks 39
actionplugins_loadedincludes\class-woo-product-filters.php:150
actionadmin_enqueue_scriptsincludes\class-woo-product-filters.php:165
actionadmin_enqueue_scriptsincludes\class-woo-product-filters.php:166
actioninitincludes\class-woo-product-filters.php:171
actioninitincludes\class-woo-product-filters.php:172
actionadmin_menuincludes\class-woo-product-filters.php:173
actionwidgets_initincludes\class-woo-product-filters.php:175
actionadd_meta_boxesincludes\class-woo-product-filters.php:177
actionadd_meta_boxesincludes\class-woo-product-filters.php:178
actionedit_form_after_titleincludes\class-woo-product-filters.php:179
actionsave_post_viwcpf_filter_blockincludes\class-woo-product-filters.php:183
actionsave_post_viwcpf_filter_menuincludes\class-woo-product-filters.php:184
filtermanage_viwcpf_filter_menu_posts_columnsincludes\class-woo-product-filters.php:186
actionmanage_viwcpf_filter_menu_posts_custom_columnincludes\class-woo-product-filters.php:187
filterpost_row_actionsincludes\class-woo-product-filters.php:189
actionadmin_action_viwcpf_duplicate_block_as_draftincludes\class-woo-product-filters.php:190
actionwp_enqueue_scriptsincludes\class-woo-product-filters.php:205
actionwp_enqueue_scriptsincludes\class-woo-product-filters.php:206
actioninitincludes\class-woo-product-filters.php:207
actioninitincludes\class-woo-product-filters.php:208
actionpre_get_postsincludes\class-woo-product-filters.php:209
actionwp_footerincludes\class-woo-product-filters.php:210
actionwoocommerce_before_template_partincludes\class-woo-product-filters.php:211
filterwoocommerce_redirect_single_search_resultincludes\class-woo-product-filters.php:213
actionadmin_enqueue_scriptsincludes\support.php:33
actionadmin_noticesincludes\support.php:34
actionadmin_initincludes\support.php:35
actionadmin_menuincludes\support.php:36
filterplugin_row_metaincludes\support.php:38
actionadmin_initincludes\support.php:40
actionadmin_bar_menuincludes\support.php:42
actionadmin_noticesincludes\support.php:55
actionwp_dashboard_setupincludes\support.php:57
actionadmin_footerincludes\support.php:697
actionadmin_bar_menuincludes\support.php:831
actionadmin_noticesincludes\support.php:978
actionbefore_woocommerce_initpofily-woo-product-filters.php:45
actionviwcpf_before_menu_filterspublic\class-woo-product-filters-public.php:1552
actionviwcpf_after_menu_filterspublic\class-woo-product-filters-public.php:1555
Maintenance & Trust

Pofily – WooCommerce Product Filters Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 15, 2025
PHP min version7.0
Downloads20K

Community Trust

Rating96/100
Number of ratings8
Active installs700
Alternatives

Pofily – WooCommerce Product Filters Alternatives

Advanced AJAX Product Filters

Advanced AJAX Product Filters

woocommerce-ajax-filters

A
92

Fast and flexible AJAX product filters for WooCommerce. Filter by categories, attributes, price, tags, rating, and more. No page reloads.

50K 4 CVEs
Customizer for WooCommerce

Customizer for WooCommerce

woocommerce-customizer

A
100

Helps you customize WooCommerce without writing any code!

30K No CVEs
Additional Order Filters for WooCommerce

Additional Order Filters for WooCommerce

additional-order-filters-for-woocommerce

A
97

Do you have a large WooCommerce store with hunderd or thousands orders? Then this plugin created for you.

2K 3 CVEs
annasta Filters for WooCommerce

annasta Filters for WooCommerce

annasta-woocommerce-product-filters

A
100

All-in-one products search and filtering solution for your WooCommerce shop with rich features and customization options.

2K No CVEs
Customizer for WooCommerce

Customizer for WooCommerce

woo-customize

A
85

A simple and easy way to Customize woocommerce, disable unwanted checkout feelds, free checkout, chenge WooCommerce button names and change colour sch …

1K No CVEs
Developer Profile

Pofily – WooCommerce Product Filters Developer Profile

VillaTheme

58 plugins · 167K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
217 days
View full developer profile
Detection Fingerprints

How We Detect Pofily – WooCommerce Product Filters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pofily-woo-product-filters/assets/css/grid.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/button.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/checkbox.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/form.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/icon.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/dropdown.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/input.min.css/wp-content/plugins/pofily-woo-product-filters/assets/css/tab.min.css+14 more
Script Paths
/wp-content/plugins/pofily-woo-product-filters/assets/js/custom.js/wp-content/plugins/pofily-woo-product-filters/assets/js/admin.js/wp-content/plugins/pofily-woo-product-filters/assets/js/select2.min.js/wp-content/plugins/pofily-woo-product-filters/assets/js/rangeSlider.js/wp-content/plugins/pofily-woo-product-filters/assets/js/nouislider.min.js/wp-content/plugins/pofily-woo-product-filters/assets/js/main.js
Version Parameters
/pofily-woo-product-filters/assets/css/grid.min.css?ver=/pofily-woo-product-filters/assets/css/button.min.css?ver=/pofily-woo-product-filters/assets/css/checkbox.min.css?ver=/pofily-woo-product-filters/assets/css/form.min.css?ver=/pofily-woo-product-filters/assets/css/icon.min.css?ver=/pofily-woo-product-filters/assets/css/dropdown.min.css?ver=/pofily-woo-product-filters/assets/css/input.min.css?ver=/pofily-woo-product-filters/assets/css/tab.min.css?ver=/pofily-woo-product-filters/assets/css/animate.min.css?ver=/pofily-woo-product-filters/assets/css/select2.min.css?ver=/pofily-woo-product-filters/assets/css/select2-theme.css?ver=/pofily-woo-product-filters/assets/css/rangeSlider.css?ver=/pofily-woo-product-filters/assets/css/nouislider.min.css?ver=/pofily-woo-product-filters/assets/css/custom.css?ver=/pofily-woo-product-filters/assets/css/admin.css?ver=/pofily-woo-product-filters/assets/css/admin-settings.css?ver=/pofily-woo-product-filters/assets/js/custom.js?ver=/pofily-woo-product-filters/assets/js/admin.js?ver=/pofily-woo-product-filters/assets/js/select2.min.js?ver=/pofily-woo-product-filters/assets/js/rangeSlider.js?ver=/pofily-woo-product-filters/assets/js/nouislider.min.js?ver=/pofily-woo-product-filters/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
viwcpf-woo-product-filtersviwcpf-admin-settingsviwcpf-filter-menu-wrapviwcpf-filter-block-wrap
HTML Comments
<!-- Currently plugin version. --><!-- The code that runs during plugin activation. --><!-- The code that runs during plugin deactivation. --><!-- The core plugin class that is used to define internationalization, admin-specific hooks, and public-facing site hooks. -->+12 more
Data Attributes
data-iddata-viwcpf-filter-id
JS Globals
VIWCPF_FREE_VERSIONVIWCPF_FREE_DIR_PATHVIWCPF_FREE_DIR_URLVIWCPF_FREE_ADMIN_IMG_URLVIWCPF_FREE_CSSVIWCPF_FREE_BASE_NAME+1 more
FAQ

Frequently Asked Questions about Pofily – WooCommerce Product Filters