Does PickPlugins Product Designer for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is PickPlugins Product Designer for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, PickPlugins Product Designer for WooCommerce 1.0.40 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is PickPlugins Product Designer for WooCommerce's security score?

PickPlugins Product Designer for WooCommerce has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PickPlugins Product Designer for WooCommerce Security & Risk Analysis

wordpress.org/plugins/product-designer

Ready product designer plugin for WooCommerce

600 active installs v1.0.40 PHP + WP 3.8+ Updated Jan 19, 2026

custom-productproduct-customizerproduct-designerwoocommerce-product-designer

A · Safe

CVEs total3

Unpatched0

Last CVENov 20, 2024

Plugin page Download

Safety Verdict

Is PickPlugins Product Designer for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

PickPlugins Product Designer for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Nov 20, 2024Updated 3mo ago

Risk Assessment

The 'product-designer' plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns are present. The attack surface is moderately large, with 24 entry points, and critically, one AJAX handler lacks any authentication checks, presenting a direct avenue for unauthorized actions.

The static analysis also reveals two flows with unsanitized paths, which, although not classified as critical or high severity by the taint analysis, warrant attention. The plugin's vulnerability history is a substantial red flag, with three known CVEs, including a past critical vulnerability. The common types of vulnerabilities (XSS, Missing Authorization, Deserialization) are particularly concerning and suggest a recurring pattern of insecure coding practices related to input handling and access control.

Despite strengths in data handling and output escaping, the presence of an unprotected AJAX endpoint and a history of critical and medium vulnerabilities, including deserialization and authorization issues, significantly elevates the risk profile. This indicates a need for rigorous security auditing and immediate remediation of the identified unprotected entry point. The plugin's past issues suggest potential weaknesses that could be re-exploited if not addressed comprehensively.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
History of 1 critical CVE
History of 2 medium CVEs
Common vulnerability types: XSS, Missing Auth, Deserialization

Vulnerabilities

3 published

PickPlugins Product Designer for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

3 total CVEs

CVE-2024-9111medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Nov 20, 2024 Patched in 1.0.37 (23d)

CVE-2024-3608medium · 5.3Missing Authorization

Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

Jul 8, 2024 Patched in 1.0.34 (32d)

CVE-2024-31277critical · 9.8Deserialization of Untrusted Data

Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection

Apr 5, 2024 Patched in 1.0.33 (7d)

Version History

PickPlugins Product Designer for WooCommerce Release Timeline

v1.0.38

v1.0.37

v1.0.361 CVE

CVE-2024-9111

v1.0.351 CVE

CVE-2024-9111

v1.0.341 CVE

CVE-2024-9111

v1.0.332 CVEs

CVE-2024-9111 CVE-2024-3608

v1.0.313 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.303 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.293 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.283 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.273 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.263 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.253 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.243 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.233 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.223 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.213 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.203 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.193 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

v1.0.183 CVEs

CVE-2024-9111 CVE-2024-3608 CVE-2024-31277

Code Analysis

Analyzed Mar 16, 2026

PickPlugins Product Designer for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

264

932 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

78% escaped1196 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

product_designer_ajax_update_template (includes\designer-function.php:247)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

PickPlugins Product Designer for WooCommerce Attack Surface

Entry Points24

Unprotected1

AJAX Handlers 23

authwp_ajax_product_designer_ajax_create_templateincludes\designer-function.php:240

noprivwp_ajax_product_designer_ajax_create_templateincludes\designer-function.php:241

authwp_ajax_product_designer_ajax_update_templateincludes\designer-function.php:293

noprivwp_ajax_product_designer_ajax_update_templateincludes\designer-function.php:294

authwp_ajax_product_designer_ajax_load_pre_templateincludes\designer-function.php:339

noprivwp_ajax_product_designer_ajax_load_pre_templateincludes\designer-function.php:340

authwp_ajax_product_designer_ajax_temp_save_side_outputincludes\designer-function.php:448

noprivwp_ajax_product_designer_ajax_temp_save_side_outputincludes\designer-function.php:449

authwp_ajax_product_designer_ajax_delete_attach_idincludes\designer-function.php:489

noprivwp_ajax_product_designer_ajax_delete_attach_idincludes\designer-function.php:490

authwp_ajax_product_designer_ajax_paged_shape_listincludes\designer-function.php:591

noprivwp_ajax_product_designer_ajax_paged_shape_listincludes\designer-function.php:592

authwp_ajax_product_designer_ajax_paged_clipart_listincludes\designer-function.php:696

noprivwp_ajax_product_designer_ajax_paged_clipart_listincludes\designer-function.php:697

authwp_ajax_product_designer_ajax_get_clipart_listincludes\designer-function.php:797

noprivwp_ajax_product_designer_ajax_get_clipart_listincludes\designer-function.php:798

authwp_ajax_product_designer_ajax_get_shape_listincludes\designer-function.php:894

noprivwp_ajax_product_designer_ajax_get_shape_listincludes\designer-function.php:895

authwp_ajax_product_designer_ajax_add_to_cartincludes\functions-wc.php:562

noprivwp_ajax_product_designer_ajax_add_to_cartincludes\functions-wc.php:563

authwp_ajax_product_designer_ajax_save_as_templateincludes\functions-wc.php:641

noprivwp_ajax_product_designer_ajax_save_as_templateincludes\functions-wc.php:642

authwp_ajax_product_designer_ajax_remove_pre_templateincludes\functions-wc.php:676

Shortcodes 1

[product_designer] includes\class-shortcodes.php:11

WordPress Hooks 77

actionadd_meta_boxesincludes\class-meta-boxes.php:12

actionsave_postincludes\class-meta-boxes.php:13

actionadd_meta_boxesincludes\class-meta-boxes.php:15

actionsave_postincludes\class-meta-boxes.php:16

actionadd_meta_boxesincludes\class-meta-boxes.php:19

actionsave_postincludes\class-meta-boxes.php:20

actionadd_meta_boxesincludes\class-post-meta.php:14

actionsave_postincludes\class-post-meta.php:17

filterdisplay_post_statesincludes\class-posttypes.php:15

actioninitincludes\class-posttypes.php:17

actioninitincludes\class-posttypes.php:20

actioninitincludes\class-posttypes.php:21

actioninitincludes\class-posttypes.php:23

actioninitincludes\class-posttypes.php:24

actionadmin_initincludes\class-posttypes.php:25

actionadmin_noticesincludes\class-request-reviews.php:17

actionadmin_noticesincludes\class-request-reviews.php:18

actionadmin_menuincludes\class-settings.php:11

filterwoocommerce_available_variationincludes\functions-wc.php:9

filterjetpack_lazy_images_blacklisted_classesincludes\functions-wc.php:47

filterwoocommerce_product_data_tabsincludes\functions-wc.php:135

actionwoocommerce_product_data_panelsincludes\functions-wc.php:147

actionwoocommerce_process_product_metaincludes\functions-wc.php:193

actionwoocommerce_after_add_to_cart_formincludes\functions-wc.php:206

actionwoocommerce_after_shop_loop_itemincludes\functions-wc.php:207

actionwoocommerce_after_single_productincludes\functions-wc.php:263

actionwoocommerce_product_after_variable_attributesincludes\functions-wc.php:342

actionwoocommerce_save_product_variationincludes\functions-wc.php:344

filterwoocommerce_cart_item_thumbnailincludes\functions-wc.php:388

filterwoocommerce_add_cart_item_dataincludes\functions-wc.php:432

actionwoocommerce_checkout_create_order_line_itemincludes\functions-wc.php:458

actionwoocommerce_before_cart_item_quantity_zeroincludes\functions-wc.php:476

actionclipart_metabox_tabs_content_generalincludes\metabox-clipart-hook.php:11

actionproduct_designer_clipart_metabox_saveincludes\metabox-clipart-hook.php:69

actionproduct_designer_template_metabox_content_canvasincludes\metabox-pd_template-hook.php:11

actionproduct_designer_template_metabox_content_product_sidesincludes\metabox-pd_template-hook.php:176

actionproduct_designer_template_metabox_saveincludes\metabox-pd_template-hook.php:468

actionshape_metabox_tabs_content_generalincludes\metabox-shape-hook.php:11

actionproduct_designer_shape_metabox_saveincludes\metabox-shape-hook.php:72

actionproduct_designer_settings_content_generalincludes\settings-hook.php:4

actionproduct_designer_settings_content_editorincludes\settings-hook.php:166

actionproduct_designer_settings_content_tour_guideincludes\settings-hook.php:287

actionproduct_designer_settings_content_help_supportincludes\settings-hook.php:348

actionproduct_designer_settings_content_templatesincludes\settings-hook.php:438

actionproduct_designer_settings_content_buy_proincludes\settings-hook.php:468

actionproduct_designer_settings_saveincludes\settings-hook.php:736

actionwp_enqueue_scriptsproduct-designer.php:55

actionadmin_enqueue_scriptsproduct-designer.php:56

actionadmin_enqueue_scriptsproduct-designer.php:57

actionplugins_loadedproduct-designer.php:58

actionbefore_woocommerce_initproduct-designer.php:59

filterwidget_textproduct-designer.php:61

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:9

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:30

actionproduct_designer_paneltemplates\product-designer\product-designer-hook.php:49

actionproduct_designer_panel_tab_content_assetstemplates\product-designer\product-designer-hook.php:84

actionproduct_designer_panel_tab_content_assetstemplates\product-designer\product-designer-hook.php:148

actionproduct_designer_image_type_content_cliparttemplates\product-designer\product-designer-hook.php:210

actionproduct_designer_panel_tab_content_assetstemplates\product-designer\product-designer-hook.php:304

actionproduct_designer_text_type_content_texttemplates\product-designer\product-designer-hook.php:368

actionproduct_designer_panel_tab_content_assetstemplates\product-designer\product-designer-hook.php:382

actionproduct_designer_panel_tab_content_editortemplates\product-designer\product-designer-hook.php:589

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:609

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:698

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:730

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:893

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:1069

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:1107

actionproduct_designer_toolstemplates\product-designer\product-designer-hook.php:1208

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1310

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1327

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1567

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1584

actionproduct_designer_welcome_tour_contenttemplates\product-designer\product-designer-hook.php:1611

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1622

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1641

actionproduct_designer_editortemplates\product-designer\product-designer-hook.php:1655

Maintenance & Trust

PickPlugins Product Designer for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version

Downloads69K

Community Trust

Rating64/100

Number of ratings12

Active installs600

Alternatives

PickPlugins Product Designer for WooCommerce Alternatives

Custom Product Builder for WooCommerce – Product Designer and Customizer

custom-product-builder-for-woocommerce

100

The WooCommerce product designer plugin trusted by 200+ stores. Let customers design custom t-shirts, mugs, phone cases, jewelry and more with an intu …

300 No CVEs

Visual Product Configurator for Woocommerce Lite

visual-products-configurator-for-woocommerce

100

A woocommerce product customizer for woocommerce that allows customers to build any composite product visually.

200 No CVEs

Pixobe Product Designer – WooCommerce Product Customizer

pixobe-product-designer

100

A WooCommerce product designer and product customizer that lets customers personalize products with text, images, optional AI-generated designs, and r …

0 No CVEs

Precise Expressions Product Customizer

precise-expressions-product-customiser

100

Easily sell custom products in WooCommerce. Shoppers personalize items by uploading images and text in a live preview modal

0 No CVEs

Zakeke Interactive Product Designer for WooCommerce

zakeke-interactive-product-designer

100

Let your buyers customize and view their personalized product before purchasing. Get happy customers buying from you and coming back for more.

2K No CVEs

Developer Profile

PickPlugins Product Designer for WooCommerce Developer Profile

PickPlugins

14 plugins · 94K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

330 days

View full developer profile

Detection Fingerprints

How We Detect PickPlugins Product Designer for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/product-designer/assets/front/css/customize-link.css/wp-content/plugins/product-designer/assets/front/js/jquery-impromptu.min.js/wp-content/plugins/product-designer/assets/front/css/jquery-impromptu.min.css/wp-content/plugins/product-designer/assets/front/js/jscolor.js/wp-content/plugins/product-designer/assets/front/js/fabric.min.js/wp-content/plugins/product-designer/assets/front/js/jquery.scrollbar.min.js/wp-content/plugins/product-designer/assets/front/js/product-designer.js/wp-content/plugins/product-designer/assets/front/js/fabric.curvedText.js+8 more

Script Paths

/wp-content/plugins/product-designer/assets/front/js/jquery-impromptu.min.js/wp-content/plugins/product-designer/assets/front/js/jscolor.js/wp-content/plugins/product-designer/assets/front/js/fabric.min.js/wp-content/plugins/product-designer/assets/front/js/jquery.scrollbar.min.js/wp-content/plugins/product-designer/assets/front/js/product-designer.js/wp-content/plugins/product-designer/assets/front/js/fabric.curvedText.js+2 more

Version Parameters

product-designer/assets/front/js/product-designer.js?ver=

HTML / DOM Fingerprints

CSS Classes

product-designer-editorpickplugins-product-designer

HTML Comments

Data Attributes

data-product-designer-iddata-product-designer-options

JS Globals

product_designer_ajaxProductDesigner

REST Endpoints

/wp-json/product-designer/v1/settings

Shortcode Output

[product_designer]

FAQ

PickPlugins Product Designer for WooCommerce Security & Risk Analysis

Is PickPlugins Product Designer for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

PickPlugins Product Designer for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

PickPlugins Product Designer for WooCommerce Release Timeline

PickPlugins Product Designer for WooCommerce Code Analysis

Output Escaping

Data Flow Analysis

PickPlugins Product Designer for WooCommerce Attack Surface

AJAX Handlers 23

Shortcodes 1

PickPlugins Product Designer for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

PickPlugins Product Designer for WooCommerce Alternatives

Custom Product Builder for WooCommerce – Product Designer and Customizer

Visual Product Configurator for Woocommerce Lite

Pixobe Product Designer – WooCommerce Product Customizer

Precise Expressions Product Customizer

Zakeke Interactive Product Designer for WooCommerce

PickPlugins Product Designer for WooCommerce Developer Profile

How We Detect PickPlugins Product Designer for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about PickPlugins Product Designer for WooCommerce