WP-Safety

Pravel Rent & Sell Addon for WooCommerce Security & Risk Analysis

wordpress.org/plugins/pravel-rent-sell-addon-for-woocommerce

Pravel Rent & Sell Addon for WooCommerce is a flexible, open-source eCommerce solution built on WordPress. Sell & Rent anything, anywhere and …

10 active installs v1.0.1 PHP 5.6+ WP 4.9+ Updated Jul 24, 2020
e-commerceecommercesalessellstore
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pravel Rent & Sell Addon for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Pravel Rent & Sell Addon for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "pravel-rent-sell-addon-for-woocommerce" plugin, version 1.0.1, exhibits a concerning security posture primarily due to a large, unprotected attack surface. While the plugin demonstrates good practices in handling SQL queries with prepared statements and avoiding dangerous functions or file operations, the lack of authentication checks on all six identified AJAX handlers is a significant weakness. This makes these entry points highly susceptible to unauthorized access and manipulation.

The static analysis revealed no taint flows, dangerous functions, or issues with SQL queries, which are positive indicators. However, the low percentage of properly escaped output (57%) suggests a potential for cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers further exacerbates the risk, as it opens the door for CSRF attacks.

The plugin's vulnerability history is clean, with no recorded CVEs. While this is a positive sign, it's important to note that a lack of past vulnerabilities does not guarantee future security. The current version has several critical security weaknesses that need immediate attention, particularly the unprotected AJAX endpoints, which represent a substantial risk despite the absence of historical issues.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX handlers
  • Insufficient output escaping
Vulnerabilities
None known

Pravel Rent & Sell Addon for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Pravel Rent & Sell Addon for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
26
34 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

57% escaped60 total outputs
Attack Surface
6 unprotected

Pravel Rent & Sell Addon for WooCommerce Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

noprivwp_ajax_pravel_stock_notifyadmin\notification_settings.php:11
authwp_ajax_pravel_stock_notifyadmin\notification_settings.php:12
noprivwp_ajax_pravel_rent_stock_notifyadmin\notification_settings.php:14
authwp_ajax_pravel_rent_stock_notifyadmin\notification_settings.php:15
authwp_ajax_pravel_get_pickup_dataincludes\add_to_checkout_functions.php:6
noprivwp_ajax_pravel_get_pickup_dataincludes\add_to_checkout_functions.php:8
WordPress Hooks 44
actionwoocommerce_email_before_order_tableadmin\add_payment_method.php:27
filterwoocommerce_locate_templateadmin\core_function.php:10
actionwoocommerce_product_options_general_product_dataadmin\core_function.php:12
actionwoocommerce_product_data_panelsadmin\core_function.php:14
actionwoocommerce_product_data_panelsadmin\core_function.php:16
actionproduct_type_optionsadmin\core_function.php:18
actionsave_post_productadmin\core_function.php:20
actionwoocommerce_product_options_general_product_dataadmin\core_function.php:22
filterwoocommerce_product_data_tabsadmin\core_function.php:24
actionwoocommerce_thankyouadmin\core_function.php:26
actionplugins_loadedadmin\core_function.php:28
actionadmin_footeradmin\core_function.php:30
filterwoocommerce_product_data_tabsadmin\core_function.php:32
actionwoocommerce_after_shop_loop_itemadmin\core_function.php:34
actionwoocommerce_after_shop_loop_itemadmin\core_function.php:50
actionwoocommerce_product_meta_startadmin\notification_settings.php:9
filterpage_templateadmin\notification_settings.php:17
actionsave_post_productadmin\notification_settings.php:19
filterwoocommerce_settings_tabs_arrayadmin\pravel_settings_tab.php:7
filterwoocommerce_sections_rns_tabadmin\pravel_settings_tab.php:9
actionwoocommerce_settings_tabs_rns_tabadmin\pravel_settings_tab.php:11
actionwoocommerce_update_options_rns_tabadmin\pravel_settings_tab.php:13
filterwoocommerce_add_cart_item_dataincludes\add_to_cart_function.php:13
filterwoocommerce_add_cart_item_dataincludes\add_to_cart_function.php:15
filterwoocommerce_get_item_dataincludes\add_to_cart_function.php:17
actionwoocommerce_add_order_item_metaincludes\add_to_cart_function.php:19
filterwoocommerce_get_item_dataincludes\add_to_cart_function.php:21
actionwoocommerce_before_calculate_totalsincludes\add_to_cart_function.php:23
actionwoocommerce_email_customer_detailsincludes\add_to_cart_function.php:25
actionwoocommerce_after_cart_tableincludes\add_to_cart_function.php:28
actionwoocommerce_after_order_notesincludes\add_to_checkout_functions.php:4
filterwoocommerce_package_ratesincludes\add_to_checkout_functions.php:10
actionwoocommerce_checkout_update_order_reviewincludes\add_to_checkout_functions.php:12
actionwoocommerce_checkout_update_order_metaincludes\add_to_checkout_functions.php:14
filterwoocommerce_payment_gatewaysincludes\add_to_checkout_functions.php:16
filterwoocommerce_available_payment_gatewaysincludes\add_to_checkout_functions.php:18
actionadmin_enqueue_scriptsindex.php:50
actionwp_enqueue_scriptsindex.php:70
actionadmin_noticesindex.php:79
actionadmin_noticesindex.php:90
actionwoocommerce_single_product_summarytemplates\booking_template.php:9
actionwoocommerce_product_meta_starttemplates\booking_template.php:11
actionwoocommerce_before_shop_loop_item_titletemplates\booking_template.php:13
actionwoocommerce_before_add_to_cart_buttontemplates\booking_template.php:15
Maintenance & Trust

Pravel Rent & Sell Addon for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJul 24, 2020
PHP min version5.6
Downloads2K

Community Trust

Rating40/100
Number of ratings1
Active installs10
Alternatives

Pravel Rent & Sell Addon for WooCommerce Alternatives

TriPay Payment Gateway

TriPay Payment Gateway

tripay-payment-gateway

A
100

TriPay Payment adalah payment gateway indonesia yang menyediakan beragam metode pembayaran seperti virtual account, convenience store, e-wallet, dll

1K 1 CVE
Ovic Pinmap

Ovic Pinmap

ovic-pinmap

A
85

Need support? [Contact Us](https://kutethemes.com/contact-us/ "Contact Us")

200 No CVEs
ShipperHQ: Shipping & Checkout Experience Solution

ShipperHQ: Shipping & Checkout Experience Solution

woo-shipperhq

A
100

Control the shipping rates and options you show in your WooCommerce cart. Live rates from 30+ carriers, LTL Freight and custom rates.

200 No CVEs
OPay Payment for WooCommerce

OPay Payment for WooCommerce

woo-opay-payment

A
85

歐付寶金流外掛套件,提供合作特店以及個人會員使用開放原始碼商店系統時,無須自行處理複雜的檢核,直接透過安裝設定外掛套件,便可以較快速的方式介接的金流系統。

30 No CVEs
Ninja Shop – The Quickest Way to Start Selling

Ninja Shop – The Quickest Way to Start Selling

ninja-shop

A
85

Ninja Shop is an easy to use eCommerce plugin, the quickest way to start selling your products with WordPress.

20 No CVEs
Developer Profile

Pravel Rent & Sell Addon for WooCommerce Developer Profile

pravel

3 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pravel Rent & Sell Addon for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/pravel_repeater.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/main.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/jquery.dataTables.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/css/main_style.css/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/css/pravel_jquery-ui.css/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/css/jquery.dataTables.css/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/css/style_front.css/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/jquery_front.js
Script Paths
/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/pravel_repeater.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/main.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/jquery.dataTables.js/wp-content/plugins/pravel-rent-sell-addon-for-woocommerce/assets/js/jquery_front.js
Version Parameters
pravel-rent-sell-addon-for-woocommerce/assets/js/pravel_repeater.js?ver=pravel-rent-sell-addon-for-woocommerce/assets/js/main.js?ver=pravel-rent-sell-addon-for-woocommerce/assets/js/jquery.dataTables.js?ver=pravel-rent-sell-addon-for-woocommerce/assets/css/main_style.css?ver=pravel-rent-sell-addon-for-woocommerce/assets/css/pravel_jquery-ui.css?ver=pravel-rent-sell-addon-for-woocommerce/assets/css/jquery.dataTables.css?ver=pravel-rent-sell-addon-for-woocommerce/assets/css/style_front.css?ver=pravel-rent-sell-addon-for-woocommerce/assets/js/jquery_front.js?ver=

HTML / DOM Fingerprints

CSS Classes
pravel_parent_popuppravel_popup_bgpravel_popup_mainPravel_popup_close_btnpravel_closepravel_popup_leftpravel_popup_rightpravel_buy_logo
Data Attributes
data-product_id
JS Globals
ajax_custom
Shortcode Output
<a href=
FAQ

Frequently Asked Questions about Pravel Rent & Sell Addon for WooCommerce