WP-Safety

Premmerce Security & Risk Analysis

wordpress.org/plugins/premmerce

Premmerce is a must-have toolkit for WooCommerce with a detailed Setup Wizard for your store.

500 active installs v1.3.22 PHP 5.9+ WP 4.8+ Updated Feb 19, 2026
woocommerce-plugins-bundlewoocommerce-tutorialwoocommerce-wizard
93
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 6, 2026
Plugin page Download
Safety Verdict

Is Premmerce Safe to Use in 2026?

Generally Safe

Score 93/100

Premmerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 6, 2026Updated 1mo ago
Risk Assessment

The Premmerce plugin v1.3.22 presents a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and a high rate of output escaping, significant concerns arise from its attack surface and vulnerability history. The presence of two AJAX handlers without authentication checks creates a direct entry point for unauthorized actions. Taint analysis, though showing no critical or high severity unsanitized flows, still indicates six flows with unsanitized paths, suggesting potential for vulnerabilities if not handled carefully in future updates. The plugin's history of four known CVEs, including a high severity cross-site scripting (XSS) vulnerability and PHP remote file inclusion (RFI) issues, is a significant red flag. The recentness of the last reported vulnerability (2026-02-06) is also concerning, indicating ongoing issues. The combination of an exposed attack surface and past critical vulnerability types points to a need for heightened vigilance.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 6 flows with unsanitized paths
  • 1 high severity vulnerability in history
  • 3 medium severity vulnerabilities in history
  • Bundled Freemius v1.0 library
  • 67% output escaping is not properly escaped
Vulnerabilities
4

Premmerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2026-0555medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

Feb 6, 2026 Patched in 1.3.21 (19d)
CVE-2025-60241high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Premmerce <= 1.3.19 - Unauthenticated Local File Inclusion

Jul 2, 2025 Patched in 1.3.20 (189d)
CVE-2025-64288medium · 4.3Cross-Site Request Forgery (CSRF)

Premmerce <= 1.3.19 - Cross-Site Request Forgery

May 10, 2025 Patched in 1.3.20 (242d)
CVE-2023-23719medium · 6.5Cross-Site Request Forgery (CSRF)

Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction

Apr 2, 2023 Patched in 1.3.19 (377d)
Code Analysis
Analyzed Mar 16, 2026

Premmerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
6 prepared
Unescaped Output
33
66 escaped
Nonce Checks
4
Capability Checks
6
File Operations
2
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$hash = unserialize(file_get_contents('http://vimeo.com/api/v2/video/' . $pathParts[count($pathPartsaddons\premmerce-woocommerce-toolkit\views\admin\product-video-box.php:31
unserialize$hash = unserialize(file_get_contents('http://vimeo.com/api/v2/video/' . $pathParts[count($pathPartsaddons\premmerce-woocommerce-toolkit\views\frontend\product-video.php:17

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared6 total queries

Output Escaping

67% escaped99 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
comparisonAddHandler (addons\premmerce-product-comparison\src\RestApi\ComparisonRestApi.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Premmerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_premmerce_actionssrc\Admin\Admin.php:40
authwp_ajax_premmerce_wizard_actionssrc\Admin\Admin.php:43

Shortcodes 1

[comparisons_page] addons\premmerce-product-comparison\src\Frontend\Frontend.php:56
WordPress Hooks 36
actionwoocommerce_single_product_summaryaddons\premmerce-product-comparison\src\Frontend\Frontend.php:53
actionwoocommerce_after_shop_loop_itemaddons\premmerce-product-comparison\src\Frontend\Frontend.php:54
actionwp_enqueue_scriptsaddons\premmerce-product-comparison\src\Frontend\Frontend.php:58
actioninitaddons\premmerce-product-comparison\src\Frontend\Frontend.php:61
actionocean_after_single_product_quantity-buttonaddons\premmerce-product-comparison\src\Integration\OceanWpIntegration.php:17
actionocean_after_archive_product_inneraddons\premmerce-product-comparison\src\Integration\OceanWpIntegration.php:22
actionwidgets_initaddons\premmerce-product-comparison\src\ProductComparisonPlugin.php:54
actioninitaddons\premmerce-product-comparison\src\ProductComparisonPlugin.php:56
actionadmin_initaddons\premmerce-product-comparison\src\ProductComparisonPlugin.php:57
actionwc_ajax_premmerce_comparison_addaddons\premmerce-product-comparison\src\RestApi\ComparisonRestApi.php:41
actionrest_api_initaddons\premmerce-product-comparison\src\RestApi\ComparisonRestApi.php:42
actionadd_meta_boxesaddons\premmerce-woocommerce-toolkit\src\Admin\Admin.php:34
actionsave_postaddons\premmerce-woocommerce-toolkit\src\Admin\Admin.php:35
actionadmin_initaddons\premmerce-woocommerce-toolkit\src\Admin\Admin.php:38
actionwoocommerce_product_thumbnailsaddons\premmerce-woocommerce-toolkit\src\Frontend\Frontend.php:33
actionwp_headaddons\premmerce-woocommerce-toolkit\src\Frontend\Frontend.php:37
actionwp_footeraddons\premmerce-woocommerce-toolkit\src\Frontend\Frontend.php:41
actioninitaddons\premmerce-woocommerce-toolkit\src\Frontend\Frontend.php:45
actionadmin_initaddons\premmerce-woocommerce-toolkit\src\PremmerceToolkitPlugin.php:36
actioninitaddons\premmerce-woocommerce-toolkit\src\PremmerceToolkitPlugin.php:37
filterwoocommerce_shipping_instance_form_fields_flat_rateaddons\premmerce-woocommerce-toolkit\src\PremmerceToolkitPlugin.php:46
filterwoocommerce_shipping_instance_form_fields_free_shippingaddons\premmerce-woocommerce-toolkit\src\PremmerceToolkitPlugin.php:47
filterwoocommerce_shipping_instance_form_fields_local_pickupaddons\premmerce-woocommerce-toolkit\src\PremmerceToolkitPlugin.php:51
actionplugins_loadedsrc\Addons\AddonsManager.php:62
filterplugin_action_linkssrc\Addons\AddonsManager.php:64
actionadmin_post_premmerce_addon_actionsrc\Addons\AddonsManager.php:74
actionadmin_menusrc\Admin\Admin.php:34
actionadmin_enqueue_scriptssrc\Admin\Admin.php:35
actionwp_enqueue_scriptssrc\Admin\Admin.php:36
actionadmin_post_premmerce_actionssrc\Admin\Admin.php:37
actionwp_before_admin_bar_rendersrc\Admin\Admin.php:46
actionadmin_initsrc\Admin\Settings.php:18
filtersanitize_titlesrc\Admin\Settings.php:19
actioninitsrc\PremmercePlugin.php:43
actionbefore_woocommerce_initsrc\PremmercePlugin.php:44
filterhide_account_tabsviews\admin\tabs\account.php:8
Maintenance & Trust

Premmerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version5.9
Downloads43K

Community Trust

Rating94/100
Number of ratings32
Active installs500
Alternatives

Premmerce Alternatives

Open Closed Woo commerce Checkout By Ritesh Ghimire

Open Closed Woo commerce Checkout By Ritesh Ghimire

open-closed-woo-commerce-checkout-by-ritesh-ghimire

A
85

This is simple plugin which helps to closed the woocommerce checkout in Store Closed day!

0 No CVEs
Developer Profile

Premmerce Developer Profile

Premmerce

14 plugins · 60K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
416 days
View full developer profile
Detection Fingerprints

How We Detect Premmerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/premmerce-product-comparison/frontend/css/premmerce-product-comparison.css/wp-content/plugins/premmerce-product-comparison/frontend/js/premmerce-product-comparison.js/wp-content/plugins/premmerce-woocommerce-toolkit/assets/css/admin/premium.css/wp-content/plugins/premmerce-woocommerce-toolkit/assets/css/frontend/premium.css/wp-content/plugins/premmerce-woocommerce-toolkit/assets/js/admin/premium.js/wp-content/plugins/premmerce-woocommerce-toolkit/assets/js/frontend/premium.js
Script Paths
/wp-content/plugins/premmerce-product-comparison/frontend/js/premmerce-product-comparison.js

HTML / DOM Fingerprints

CSS Classes
premmerce-product-comparison
Data Attributes
data-premmerce-compare-url
REST Endpoints
/wp-json/premmerce/comparison/delete/
Shortcode Output
[comparisons_page]
FAQ

Frequently Asked Questions about Premmerce