WP-Safety

Product Addons and Product Options With Custom Fields – WowAddons Security & Risk Analysis

wordpress.org/plugins/product-addons

Product addons for WooCommerce is the ultimate plugin that lets you add extra product options, product fields, and WooCommerce product fields.

3K active installs v1.6.5 PHP 7.4+ WP 6.8+ Updated Apr 15, 2026
extra-product-optionsproduct-addonsproduct-fieldswoocommerce-product-addonswoocommerce-product-fields
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 22, 2025
Download
Safety Verdict

Is Product Addons and Product Options With Custom Fields – WowAddons Safe to Use in 2026?

Mostly Safe

Score 78/100

Product Addons and Product Options With Custom Fields – WowAddons is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 1mo ago
Risk Assessment

The "product-addons" v1.6.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with a high percentage of properly escaped output, a good rate of prepared SQL statements, and a reasonable number of nonce and capability checks. The absence of critical or high-severity taint flows, dangerous functions, and critical/high CVEs is also reassuring. However, significant concerns arise from its attack surface and historical vulnerability data. The presence of an unprotected AJAX handler is a critical security gap that could allow unauthorized actions. Furthermore, the plugin has a known unpatched medium-severity vulnerability, indicating a potential ongoing risk that has not been addressed by the developers. The pattern of past vulnerabilities, specifically mentioning "Missing Authorization," suggests a recurring weakness in how the plugin handles user permissions, which, coupled with the unprotected AJAX endpoint, points to a concerning trend.

Key Concerns

  • Unprotected AJAX handler present
  • 1 unpatched medium severity CVE
  • History of missing authorization vulnerabilities
Vulnerabilities
1 published

Product Addons and Product Options With Custom Fields – WowAddons Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-57958medium · 6.5Missing Authorization

WowAddons <= 1.0.17 - Missing Authorization

Sep 22, 2025Unpatched
Version History

Product Addons and Product Options With Custom Fields – WowAddons Release Timeline

v1.6.5Current1 CVE
CVE-2025-57958
v1.6.41 CVE
CVE-2025-57958
v1.6.31 CVE
CVE-2025-57958
v1.6.21 CVE
CVE-2025-57958
v1.6.11 CVE
CVE-2025-57958
v1.6.01 CVE
CVE-2025-57958
v1.5.111 CVE
CVE-2025-57958
v1.5.101 CVE
CVE-2025-57958
v1.5.91 CVE
CVE-2025-57958
v1.5.81 CVE
CVE-2025-57958
v1.5.71 CVE
CVE-2025-57958
v1.5.61 CVE
CVE-2025-57958
v1.5.51 CVE
CVE-2025-57958
v1.5.41 CVE
CVE-2025-57958
v1.5.31 CVE
CVE-2025-57958
v1.5.21 CVE
CVE-2025-57958
v1.5.11 CVE
CVE-2025-57958
v1.5.01 CVE
CVE-2025-57958
v1.0.191 CVE
CVE-2025-57958
v1.0.181 CVE
CVE-2025-57958
Code Analysis
Analyzed Mar 16, 2026

Product Addons and Product Options With Custom Fields – WowAddons Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
16 prepared
Unescaped Output
11
339 escaped
Nonce Checks
3
Capability Checks
7
File Operations
4
External Requests
2
Bundled Libraries
0

SQL Query Safety

80% prepared20 total queries

Output Escaping

97% escaped350 total outputs
Attack Surface
1 unprotected

Product Addons and Product Options With Custom Fields – WowAddons Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_prad_install_pluginincludes\admin\class-our-plugins.php:21
authwp_ajax_prad_deactive_pluginincludes\class-deactive.php:31
WordPress Hooks 55
actionadmin_noticesincludes\admin\class-notice.php:21
actionadmin_initincludes\admin\class-notice.php:22
actionrest_api_initincludes\admin\class-notice.php:25
actionadmin_initincludes\admin\class-options.php:26
actionadmin_menuincludes\admin\class-options.php:27
actionin_admin_headerincludes\admin\class-options.php:28
filterplugin_row_metaincludes\admin\class-options.php:31
filterwoocommerce_product_data_tabsincludes\admin\product\class-product-edit.php:15
actionwoocommerce_product_data_panelsincludes\admin\product\class-product-edit.php:16
actionwoocommerce_before_add_to_cart_buttonincludes\blocks\class-render-product-fields.php:51
filterwoocommerce_product_get_gallery_image_idsincludes\blocks\class-render-product-fields.php:52
actionprad_update_stats_table_dataincludes\class-analytics.php:24
actionadmin_footerincludes\class-deactive.php:29
actionadmin_enqueue_scriptsincludes\class-initialization.php:38
actionactivated_pluginincludes\class-initialization.php:39
actioninitincludes\class-post-type.php:23
filterprad_blocks_price_both_showincludes\common\class-hooks.php:29
actionprad_delete_option_product_metaincludes\common\class-hooks.php:30
actionprad_enqueue_block_cssincludes\common\class-hooks.php:32
actionprad_enqueue_block_jsincludes\common\class-hooks.php:33
filterget_prad_allowed_html_tagsincludes\common\class-hooks.php:35
filterprad_raw_tax_currency_compitable_priceincludes\common\class-hooks.php:37
filterprad_raw_tax_compitable_priceincludes\common\class-hooks.php:38
actionprad_load_script_on_ajaxincludes\common\class-hooks.php:40
filterwoosb_cart_item_subtotalincludes\compatibility\class-compatibility.php:22
filterwoosb_cart_item_priceincludes\compatibility\class-compatibility.php:23
filterwoosb_bundles_priceincludes\compatibility\class-compatibility.php:24
filterprad_single_product_page_priceincludes\compatibility\class-compatibility.php:27
filterprad_cart_checkout_page_priceincludes\compatibility\class-compatibility.php:30
filterprad_cart_checkout_page_percentage_priceincludes\compatibility\class-compatibility.php:31
filterprad_percentage_based_price_rawincludes\compatibility\class-compatibility.php:33
filterprad_get_currency_reverted_priceincludes\compatibility\class-compatibility.php:36
actionprad_handle_cache_on_saveincludes\compatibility\class-compatibility.php:39
filterbody_classincludes\compatibility\class-compatibility.php:42
filterwoocommerce_product_add_to_cart_textincludes\compatibility\class-shop-compatibilty.php:32
filterwoocommerce_product_add_to_cart_urlincludes\compatibility\class-shop-compatibilty.php:33
filterwoocommerce_product_supportsincludes\compatibility\class-shop-compatibilty.php:34
filterwoocommerce_product_duplicateincludes\compatibility\class-shop-compatibilty.php:35
actionprad_cleanup_upload_filesincludes\cron\class-cleanup.php:28
filterwoocommerce_add_cart_item_dataincludes\order\class-cart-page.php:25
filterwoocommerce_get_item_dataincludes\order\class-cart-page.php:26
actionwoocommerce_before_calculate_totalsincludes\order\class-cart-page.php:28
actionwoocommerce_add_to_cartincludes\order\class-cart-page.php:29
actionwoocommerce_before_mini_cartincludes\order\class-cart-page.php:31
actionwoocommerce_checkout_create_order_line_itemincludes\order\class-checkout-page.php:21
actionwoocommerce_checkout_order_processedincludes\order\class-checkout-page.php:25
actionwoocommerce_store_api_checkout_order_processedincludes\order\class-checkout-page.php:26
actionwoocommerce_view_orderincludes\order\class-checkout-page.php:27
actionwoocommerce_thankyouincludes\order\class-checkout-page.php:28
actionwoocommerce_order_status_completedincludes\order\class-checkout-page.php:29
actionrest_api_initincludes\restapi\class-request-api.php:30
filterupload_mimesincludes\restapi\class-request-api.php:1381
filterupload_dirincludes\restapi\class-request-api.php:1400
filterupload_dirincludes\restapi\class-request-api.php:1672
actionplugins_loadedproduct-addons.php:36

Scheduled Events 1

prad_cleanup_upload_files
Maintenance & Trust

Product Addons and Product Options With Custom Fields – WowAddons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads41K

Community Trust

Rating100/100
Number of ratings34
Active installs3K
Alternatives

Product Addons and Product Options With Custom Fields – WowAddons Alternatives

Extra Product Options For WooCommerce | Custom Product Addons and Fields

Extra Product Options For WooCommerce | Custom Product Addons and Fields

woo-extra-product-options

A
100

WooCommerce Extra Product Options plugin lets you add product addons (custom products field) of 20 different field types to your product page.

30K No CVEs
Product Addons for Woocommerce – Product Options with Custom Fields

Product Addons for Woocommerce – Product Options with Custom Fields

woo-custom-product-addons

A
97

WooCommerce Product Addons Add custom fields to your WooCommerce product page. With an easy-to-use Custom Form Builder.

30K 1 CVE
PPOM – Product Addons & Custom Fields for WooCommerce

PPOM – Product Addons & Custom Fields for WooCommerce

woocommerce-product-addon

B
84

Easily add a range of custom fields to WooCommerce products, from text boxes to date selectors, allowing customers to personalize their orders.

20K 11 CVEs
YITH WooCommerce Product Add-Ons

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

A
96

Increase average order value by letting your customers purchase additional options on your products.

20K 7 CVEs
YayExtra – WooCommerce Extra Product Options

YayExtra – WooCommerce Extra Product Options

yayextra

A
93

YayExtra – Product Options for WooCommerce lets you add customizable options and extra fields to your products.

1K 3 CVEs
Developer Profile

Product Addons and Product Options With Custom Fields – WowAddons Developer Profile

WPXPO

9 plugins · 51K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
137 days
View full developer profile
Detection Fingerprints

How We Detect Product Addons and Product Options With Custom Fields – WowAddons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-addons/assets/css/frontend.css/wp-content/plugins/product-addons/assets/css/select2.min.css/wp-content/plugins/product-addons/assets/css/frontend-rtl.css/wp-content/plugins/product-addons/assets/css/select2-rtl.css
Script Paths
/wp-content/plugins/product-addons/assets/js/frontend-script.js/wp-content/plugins/product-addons/assets/js/select2.min.js/wp-content/plugins/product-addons/assets/js/frontend-script.asset.php/wp-content/plugins/product-addons/assets/js/select2.min.asset.php
Version Parameters
product-addons/assets/css/frontend.css?ver=product-addons/assets/css/select2.min.css?ver=product-addons/assets/css/frontend-rtl.css?ver=product-addons/assets/css/select2-rtl.css?ver=product-addons/assets/js/frontend-script.js?ver=product-addons/assets/js/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
prad-frontendprad-main-wrapprad-addons-field
Data Attributes
data-prad-iddata-prad-typedata-prad-product-id
JS Globals
PRAD_VER
FAQ

Frequently Asked Questions about Product Addons and Product Options With Custom Fields – WowAddons