WP-Safety

Private File for Woocommerce Security & Risk Analysis

wordpress.org/plugins/private-file-for-woocommerce

Consente di poter inviare ai tuoi clienti file privati, pagine private ed una pagina condivisa, nella sezione my account di woocommerce nell'area …

80 active installs v1.0.4 PHP + WP 4.9+ Updated Feb 17, 2022
myaccount-woocommerceprivate-contentprivate-filewoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Private File for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Private File for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The plugin "private-file-for-woocommerce" v1.0.4 exhibits a generally good security posture with no known CVEs or critical taint flows. The absence of unpatched vulnerabilities is a strong positive indicator. The use of prepared statements for all SQL queries is excellent practice, mitigating SQL injection risks. However, a significant concern arises from the taint analysis, which indicates all 7 analyzed flows involve unsanitized paths. While no critical or high severity issues were flagged, this suggests a potential for unexpected behavior or security weaknesses if these unsanitized paths are exposed to user-controlled input in a way that could lead to path traversal or other file manipulation vulnerabilities. Furthermore, the output escaping is only at 42%, indicating a considerable risk of cross-site scripting (XSS) vulnerabilities where dynamic content is not properly sanitized before being displayed to users. The lack of capability checks on entry points, despite a low attack surface, is also a concern for authorization bypass.

Key Concerns

  • Flows with unsanitized paths detected
  • Low output escaping percentage
  • No capability checks on entry points
Vulnerabilities
None known

Private File for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Private File for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
61
45 escaped
Nonce Checks
3
Capability Checks
0
File Operations
7
External Requests
0
Bundled Libraries
0

Output Escaping

42% escaped106 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
protect_access (includes\core-addons\private-file\private-file-addon.class.php:191)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Private File for Woocommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[private-file-for-woocommerce] includes\core-addons\customer-page\customer-page-shortcode.class.php:38
WordPress Hooks 83
actionpffw_addons_initincludes\addon.class.php:31
actionadmin_menuincludes\core-addons\admin-area\admin-area-addon.class.php:34
actionpffw_version_upgradedincludes\core-addons\admin-area\admin-area-addon.class.php:35
filterpffw_configurable_capability_groupsincludes\core-addons\admin-area\admin-area-addon.class.php:36
filterpffw_addon_settings_tabsincludes\core-addons\capabilities\capabilities-admin-interface.class.php:33
actionpffw_in_settings_form_pffw_capabilitiesincludes\core-addons\capabilities\capabilities-admin-interface.class.php:34
filterpffw_addon_validate_options_pffw_capabilitiesincludes\core-addons\capabilities\capabilities-admin-interface.class.php:35
actioninitincludes\core-addons\private-file\private-file-addon.class.php:38
filterquery_varsincludes\core-addons\private-file\private-file-addon.class.php:39
actioninitincludes\core-addons\private-file\private-file-addon.class.php:40
filterpost_type_linkincludes\core-addons\private-file\private-file-addon.class.php:41
actiontemplate_redirectincludes\core-addons\private-file\private-file-addon.class.php:43
actiontemplate_redirectincludes\core-addons\private-file\private-file-addon.class.php:44
actionbefore_delete_postincludes\core-addons\private-file\private-file-addon.class.php:46
filterpffw_configurable_capability_groupsincludes\core-addons\private-file\private-file-addon.class.php:48
filterpffw_addon_settings_tabsincludes\core-addons\private-file\private-file-admin-interface.class.php:33
actionpffw_addon_print_settings_pffw_private_filesincludes\core-addons\private-file\private-file-admin-interface.class.php:34
filterpffw_addon_validate_options_pffw_private_filesincludes\core-addons\private-file\private-file-admin-interface.class.php:35
actionpffw_admin_submenu_pagesincludes\core-addons\private-file\private-file-admin-interface.class.php:39
filtermanage_edit-pffw_private_file_columnsincludes\core-addons\private-file\private-file-admin-interface.class.php:42
actionmanage_pffw_private_file_posts_custom_columnincludes\core-addons\private-file\private-file-admin-interface.class.php:43
filtermanage_edit-pffw_private_file_sortable_columnsincludes\core-addons\private-file\private-file-admin-interface.class.php:44
filterrequestincludes\core-addons\private-file\private-file-admin-interface.class.php:45
actionadmin_menuincludes\core-addons\private-file\private-file-admin-interface.class.php:48
actionsave_postincludes\core-addons\private-file\private-file-admin-interface.class.php:49
actionadmin_noticesincludes\core-addons\private-file\private-file-admin-interface.class.php:50
filterupload_dirincludes\core-addons\private-file\private-file-admin-interface.class.php:51
actionpost_edit_form_tagincludes\core-addons\private-file\private-file-admin-interface.class.php:52
filterpffw_default_optionsincludes\core-addons\private-file\private-file-admin-interface.class.php:599
filterthe_contentincludes\core-addons\private-file\private-file-frontend-interface.class.php:35
actionpffw_customer_area_contentincludes\core-addons\private-file\private-file-frontend-interface.class.php:38
filterget_previous_post_whereincludes\core-addons\private-file\private-file-frontend-interface.class.php:40
filterget_next_post_whereincludes\core-addons\private-file\private-file-frontend-interface.class.php:41
actioninitincludes\core-addons\private-file\private-file-frontend-interface.class.php:43
actioninitincludes\core-addons\private-page\private-page-addon.class.php:37
actioninitincludes\core-addons\private-page\private-page-addon.class.php:39
filterpost_type_linkincludes\core-addons\private-page\private-page-addon.class.php:40
actiontemplate_redirectincludes\core-addons\private-page\private-page-addon.class.php:42
filterpffw_configurable_capability_groupsincludes\core-addons\private-page\private-page-addon.class.php:44
filterpffw_addon_settings_tabsincludes\core-addons\private-page\private-page-admin-interface.class.php:65
actionpffw_addon_print_settings_pffw_private_pagesincludes\core-addons\private-page\private-page-admin-interface.class.php:67
filterpffw_addon_validate_options_pffw_private_pagesincludes\core-addons\private-page\private-page-admin-interface.class.php:69
actionpffw_admin_submenu_pagesincludes\core-addons\private-page\private-page-admin-interface.class.php:77
filtermanage_edit-pffw_private_page_columnsincludes\core-addons\private-page\private-page-admin-interface.class.php:83
actionmanage_pffw_private_page_posts_custom_columnincludes\core-addons\private-page\private-page-admin-interface.class.php:85
filtermanage_edit-pffw_private_page_sortable_columnsincludes\core-addons\private-page\private-page-admin-interface.class.php:87
filterrequestincludes\core-addons\private-page\private-page-admin-interface.class.php:89
actionadmin_menuincludes\core-addons\private-page\private-page-admin-interface.class.php:95
actionsave_postincludes\core-addons\private-page\private-page-admin-interface.class.php:97
actionadmin_noticesincludes\core-addons\private-page\private-page-admin-interface.class.php:99
filterpffw_default_optionsincludes\core-addons\private-page\private-page-admin-interface.class.php:729
actionpffw_customer_area_contentincludes\core-addons\private-page\private-page-frontend-interface.class.php:65
filterthe_contentincludes\core-addons\private-page\private-page-frontend-interface.class.php:67
filterget_previous_post_whereincludes\core-addons\private-page\private-page-frontend-interface.class.php:69
filterget_next_post_whereincludes\core-addons\private-page\private-page-frontend-interface.class.php:71
filterpffw_addon_settings_tabsincludes\core-addons\shared-page\help-addon.class.php:35
filterpffw_after_settings_sideincludes\core-addons\shared-page\help-addon.class.php:36
filterpffw_after_settings_sideincludes\core-addons\shared-page\help-addon.class.php:37
filterpffw_before_settings_pffw_addonsincludes\core-addons\shared-page\help-addon.class.php:38
filteradmin_initincludes\core-addons\shared-page\help-addon.class.php:39
actioninitincludes\plugin.class.php:36
actioninitincludes\plugin.class.php:37
actioninitincludes\plugin.class.php:38
actioninitincludes\plugin.class.php:39
actioninitincludes\plugin.class.php:40
actionplugins_loadedincludes\plugin.class.php:41
actionadmin_initincludes\plugin.class.php:42
filterwoocommerce_account_menu_itemsincludes\settings-my-account-woocommerce.class.php:38
actionwoocommerce_account_private_endpointincludes\settings-my-account-woocommerce.class.php:40
actioninitincludes\settings-my-account-woocommerce.class.php:45
filterwoocommerce_account_menu_itemsincludes\settings-my-account-woocommerce.class.php:65
actionwoocommerce_before_account_navigationincludes\settings-my-account-woocommerce.class.php:88
actionwoocommerce_account_shared_endpointincludes\settings-my-account-woocommerce.class.php:90
actioninitincludes\settings-my-account-woocommerce.class.php:100
actionadmin_menuincludes\settings-my-account-woocommerce.class.php:111
actionadmin_initincludes\settings-my-account-woocommerce.class.php:171
actionpffw_admin_submenu_pagesincludes\settings.class.php:49
actionadmin_initincludes\settings.class.php:50
filterpffw_addon_settings_tabsincludes\settings.class.php:57
actionpffw_addon_print_settings_pffw_coreincludes\settings.class.php:58
filterpffw_addon_validate_options_pffw_coreincludes\settings.class.php:59
filterpffw_default_optionsincludes\settings.class.php:578
actionadmin_noticesprivate-file-for-woocommerce.php:89
Maintenance & Trust

Private File for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 17, 2022
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs80
Alternatives

Private File for Woocommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Developer Profile

Private File for Woocommerce Developer Profile

Roberto Bottalico

7 plugins · 230 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Private File for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/private-file-for-woocommerce/scripts/pffw-frontend.js/wp-content/plugins/private-file-for-woocommerce/themes/frontend/default/css/pffw-frontend-theme.css
Script Paths
/wp-content/plugins/private-file-for-woocommerce/scripts/pffw-frontend.js
Version Parameters
private-file-for-woocommerce/scripts/pffw-frontend.js?ver=private-file-for-woocommerce/themes/frontend/default/css/pffw-frontend-theme.css?ver=

HTML / DOM Fingerprints

CSS Classes
pffw-customer-area
Data Attributes
data-pffw-file-download-url
JS Globals
pffw_frontend_data
Shortcode Output
[pffw_private_file]
FAQ

Frequently Asked Questions about Private File for Woocommerce