WP-Safety

Product Assembly / Gift Wrap / … Cost for WooCommerce Security & Risk Analysis

wordpress.org/plugins/product-assembly-cost

Add an option to your WooCommerce products to enable assembly, gift wrap or any other service and optionally charge a fee for it.

300 active installs v3.7 PHP 7.2+ WP 5.8+ Updated Dec 4, 2025
assemblyextra-costextra-servicegift-wrapinstallation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Product Assembly / Gift Wrap / … Cost for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Product Assembly / Gift Wrap / … Cost for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "product-assembly-cost" plugin v3.7 exhibits a strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits its attack surface. Furthermore, the complete absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are excellent security practices. The high percentage of properly escaped output (81%) is also commendable, although the remaining 19% could be a minor concern in specific scenarios.

The taint analysis revealed two flows with unsanitized paths. While these are not classified as critical or high severity, they still represent potential vectors for data manipulation or injection if malicious input is supplied. The lack of any recorded historical vulnerabilities (CVEs) is a positive indicator, suggesting consistent security development or a lack of targeted attacks. However, it's important to note that a clean history does not guarantee future safety, and the taint findings warrant attention.

In conclusion, the plugin demonstrates good security hygiene with a minimal attack surface and robust handling of sensitive operations like SQL queries. The primary areas for improvement are addressing the two taint flows with unsanitized paths, as these represent the most concrete, albeit low-severity, risks identified in the code analysis. The complete lack of historical vulnerabilities is a strength, but the taint analysis highlights the need for continued vigilance.

Key Concerns

  • Taint flow with unsanitized path
  • Taint flow with unsanitized path
  • Some output not properly escaped
Vulnerabilities
None known

Product Assembly / Gift Wrap / … Cost for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Product Assembly / Gift Wrap / … Cost for WooCommerce Release Timeline

v3.7Current
v3.6
v3.5
v3.4
v3.3
v3.2
v3.1
v3.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.0
v2.0.1
v2.0.0
v1.3
v1.2.1
Code Analysis
Analyzed Mar 16, 2026

Product Assembly / Gift Wrap / … Cost for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
22 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

81% escaped27 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
assembly_option_html (includes\class-wc-product-extra-service-assembly.php:594)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Product Assembly / Gift Wrap / … Cost for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actioninitincludes\class-wc-product-extra-service-assembly.php:178
actioninitincludes\class-wc-product-extra-service-assembly.php:180
filterwoocommerce_add_cart_item_dataincludes\class-wc-product-extra-service-assembly.php:191
filterwoocommerce_get_cart_item_from_sessionincludes\class-wc-product-extra-service-assembly.php:192
filterwoocommerce_get_item_dataincludes\class-wc-product-extra-service-assembly.php:193
filterwoocommerce_add_cart_itemincludes\class-wc-product-extra-service-assembly.php:194
actionwoocommerce_checkout_create_order_line_itemincludes\class-wc-product-extra-service-assembly.php:195
actionwoocommerce_cart_calculate_feesincludes\class-wc-product-extra-service-assembly.php:196
actionwoocommerce_before_calculate_totalsincludes\class-wc-product-extra-service-assembly.php:197
filterwoocommerce_product_settingsincludes\class-wc-product-extra-service-assembly.php:199
actionwoocommerce_product_options_pricingincludes\class-wc-product-extra-service-assembly.php:202
actionwoocommerce_variation_options_pricingincludes\class-wc-product-extra-service-assembly.php:203
actionwoocommerce_process_product_metaincludes\class-wc-product-extra-service-assembly.php:204
actionwoocommerce_save_product_variationincludes\class-wc-product-extra-service-assembly.php:205
actionwoocommerce_cart_totals_fee_htmlincludes\class-wc-product-extra-service-assembly.php:953
actioninitproduct-assembly-cost.php:62
actionbefore_woocommerce_initproduct-assembly-cost.php:65
Maintenance & Trust

Product Assembly / Gift Wrap / … Cost for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version7.2
Downloads14K

Community Trust

Rating80/100
Number of ratings4
Active installs300
Alternatives

Product Assembly / Gift Wrap / … Cost for WooCommerce Alternatives

WPCore Plugin Manager

WPCore Plugin Manager

wpcore

A
100

Create plugin collections and install them in one click on any WordPress site.

10K No CVEs
Upload Larger Plugins

Upload Larger Plugins

upload-larger-plugins

A
100

Install plugins of any size (i.e. work around web hosting limits)

7K No CVEs
Wp Favs – Plugin Manager

Wp Favs – Plugin Manager

wpfavs

A
85

Wpfavs is a plugin manager tool that let's you import your plugins lists from https://wpfavs.com

3K No CVEs
Gift Wrapper for WooCommerce

Gift Wrapper for WooCommerce

woocommerce-gift-wrapper

A
100

Holidays and birthdays are always coming! Gift wrap your customer's purchase, per order, on the WooCommerce cart and checkout pages.

2K No CVEs
Gift Wrapping for WooCommerce

Gift Wrapping for WooCommerce

gift-wrapping-for-woocommerce

A
92

Allow customers to select a gift wrapper for their orders.

1K No CVEs
Developer Profile

Product Assembly / Gift Wrap / … Cost for WooCommerce Developer Profile

Marco Almeida | Webdados

14 plugins · 15K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
191 days
View full developer profile
Detection Fingerprints

How We Detect Product Assembly / Gift Wrap / … Cost for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-assembly-cost/assets/css/frontend.css/wp-content/plugins/product-assembly-cost/assets/js/frontend.js
Script Paths
/wp-content/plugins/product-assembly-cost/assets/js/frontend.js
Version Parameters
product-assembly-cost/assets/css/frontend.css?ver=product-assembly-cost/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
product-assembly-cost-wrapper
HTML Comments
TO-DO:<!-- HPOS & block-based Cart & Checkout Compatible --><!-- If you're reading this you must know what you're doing ;-) Greetings from sunny Portugal! --><!-- Main class -->+6 more
Data Attributes
data-product_iddata-cost_multiplydata-service_namedata-cost_modedata-taxabledata-tax_class+2 more
JS Globals
window.product_assembly_cost_params
Shortcode Output
<label for="product_assembly_cost-checkbox-[ID]"><input type="checkbox" name="product_assembly_cost-checkbox-[ID]" id="product_assembly_cost-checkbox-[ID]" class="product_assembly_cost-checkbox" value="yes" data-product_id="[ID]" data-cost_multiply="[COST_MULTIPLY]" data-service_name="[SERVICE_NAME]" data-cost_mode="[COST_MODE]" data-taxable="[TAXABLE]" data-tax_class="[TAX_CLASS]" data-add_to_name="[ADD_TO_NAME]" data-fee_name="[FEE_NAME]" /><span class="product_assembly_cost-message">[MESSAGE]</span></label>
FAQ

Frequently Asked Questions about Product Assembly / Gift Wrap / … Cost for WooCommerce