WP-Safety

Product Input Fields for WooCommerce Security & Risk Analysis

wordpress.org/plugins/product-input-fields-for-woocommerce

Add product addons (fields) to WooCommerce products. Personalise with various product options for WooCommerce. Create product forms for WooCommerce.

5K active installs v1.14.0 PHP 7.4+ WP 4.4+ Updated Jan 6, 2026
custom-fieldsfieldsproduct-addonsproduct-input-fieldswoocommerce-product-fields
95
A · Safe
CVEs total4
Unpatched0
Last CVEMar 7, 2025
Plugin page Download
Safety Verdict

Is Product Input Fields for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Product Input Fields for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Mar 7, 2025Updated 2mo ago
Risk Assessment

The "product-input-fields-for-woocommerce" plugin version 1.14.0 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns. The presence of `unserialize` as a dangerous function, along with two flows with unsanitized paths identified in the taint analysis, indicates potential vulnerabilities that could be exploited. Furthermore, the plugin's history of four known CVEs, including high and medium severity issues like Unrestricted File Upload and Path Traversal, suggests a recurring pattern of security weaknesses that require careful monitoring and prompt patching.

Key Concerns

  • Dangerous function unserialize present
  • Flows with unsanitized paths detected
  • History of 4 known CVEs
  • History of 2 High severity CVEs
  • History of 2 Medium severity CVEs
Vulnerabilities
4

Product Input Fields for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
2

4 total CVEs

CVE-2024-13359high · 8.1Unrestricted Upload of File with Dangerous Type

Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload

Mar 7, 2025 Patched in 1.12.1 (7d)
CVE-2024-10857medium · 6.5Path Traversal: '.../...//'

Product Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File Read

Nov 25, 2024 Patched in 2.0 (1d)
CVE-2024-31431medium · 4.3Cross-Site Request Forgery (CSRF)

Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal

Apr 10, 2024 Patched in 1.8.0 (8d)
CVE-2020-36696high · 7.5Improper Authorization

Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization

Aug 3, 2020 Patched in 1.2.7 (1268d)
Code Analysis
Analyzed Mar 16, 2026

Product Input Fields for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
4
43 escaped
Nonce Checks
4
Capability Checks
1
File Operations
7
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$product_input_fields = ( version_compare( get_option( 'woocommerce_version', null ), '3.0.0', '<' )includes\class-alg-wc-pif-main.php:596

SQL Query Safety

100% prepared4 total queries

Output Escaping

91% escaped47 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
<class-alg-wc-pif-main> (includes\class-alg-wc-pif-main.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Product Input Fields for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_tyche_plugin_deactivation_submit_actionincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:93

Shortcodes 1

[alg_display_product_input_fields] includes\alg-wc-pif-functions.php:36
WordPress Hooks 40
actionadd_meta_boxesincludes\admin\class-alg-wc-pif-per-product-metabox.php:31
actionsave_post_productincludes\admin\class-alg-wc-pif-per-product-metabox.php:32
actioninitincludes\admin\class-alg-wc-pif-settings-all-products-field.php:54
actioninitincludes\admin\class-alg-wc-pif-settings-all-products.php:45
actioninitincludes\admin\class-alg-wc-pif-settings-general.php:45
actioninitincludes\admin\class-alg-wc-pif-settings-per-product.php:45
actionadmin_enqueue_scriptsincludes\class-alg-wc-pif-core.php:32
actionwoocommerce_delete_order_itemsincludes\class-alg-wc-pif-core.php:45
actionwoocommerce_before_delete_order_itemincludes\class-alg-wc-pif-core.php:46
actionadmin_initincludes\class-alg-wc-pif-core.php:47
actionwp_enqueue_scriptsincludes\class-alg-wc-pif-core.php:49
filterastra_get_option_single-product-add-to-cart-actionincludes\class-alg-wc-pif-core.php:52
filterwoocommerce_add_to_cart_validationincludes\class-alg-wc-pif-main.php:55
filterwoocommerce_add_cart_item_dataincludes\class-alg-wc-pif-main.php:56
filterwoocommerce_get_cart_item_from_sessionincludes\class-alg-wc-pif-main.php:57
filterwoocommerce_get_item_dataincludes\class-alg-wc-pif-main.php:60
actionwoocommerce_add_order_item_metaincludes\class-alg-wc-pif-main.php:64
actionwoocommerce_checkout_create_order_line_itemincludes\class-alg-wc-pif-main.php:66
actionwoocommerce_new_order_itemincludes\class-alg-wc-pif-main.php:67
actionwp_headincludes\class-alg-wc-pif-main.php:71
actionwp_headincludes\class-alg-wc-pif-main.php:74
actionwoocommerce_order_item_meta_startincludes\class-alg-wc-pif-main.php:78
actionwoocommerce_before_order_itemmetaincludes\class-alg-wc-pif-main.php:81
actionwoocommerce_checkout_update_order_metaincludes\class-alg-wc-pif-main.php:83
actionwpo_wcpdf_after_item_metaincludes\class-alg-wc-pif-main.php:86
filterwoocommerce_email_attachmentsincludes\class-alg-wc-pif-main.php:89
filterwoe_get_order_product_value_apifincludes\class-alg-wc-pif-main.php:92
filterwoe_get_order_product_fieldsincludes\class-alg-wc-pif-main.php:93
filterwoocommerce_order_again_cart_item_dataincludes\class-alg-wc-pif-main.php:94
filterpif_lite_ts_tracker_dataincludes\class-alg-wc-pif-tracking.php:28
actionadmin_footerincludes\class-alg-wc-pif-tracking.php:30
actionpif_lite_init_tracker_completedincludes\class-alg-wc-pif-tracking.php:31
filterpif_lite_ts_tracker_display_noticeincludes\class-alg-wc-pif-tracking.php:32
actionadmin_print_scripts-plugins.phpincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:92
actionadmin_noticesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:81
filtercron_schedulesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:82
actionadmin_initincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:83
actioninitproduct-input-fields-for-woocommerce.php:127
actionbefore_woocommerce_initproduct-input-fields-for-woocommerce.php:134
filterwoocommerce_get_settings_pagesproduct-input-fields-for-woocommerce.php:135
Maintenance & Trust

Product Input Fields for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 6, 2026
PHP min version7.4
Downloads154K

Community Trust

Rating80/100
Number of ratings17
Active installs5K
Alternatives

Product Input Fields for WooCommerce Alternatives

Product Addons for Woocommerce – Product Options with Custom Fields

Product Addons for Woocommerce – Product Options with Custom Fields

woo-custom-product-addons

A
97

WooCommerce Product Addons Add custom fields to your WooCommerce product page. With an easy-to-use Custom Form Builder.

30K 1 CVE
YITH WooCommerce Product Add-Ons

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

A
96

Increase average order value by letting your customers purchase additional options on your products.

20K 7 CVEs
Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

custom-product-type-for-woocommerce

A
100

Create WooCommerce Add-Ons, Data, Options, Booking, Layouts, and Appointments as custom product types. Revolutionize store's possibilities!

70 No CVEs
Extra Product Data for WooCommerce

Extra Product Data for WooCommerce

extra-product-data-for-woocommerce

A
100

A WooCommerce plugin that collects additional user data for products and displays it in the order summary.

0 No CVEs
Extra Product Options For WooCommerce | Custom Product Addons and Fields

Extra Product Options For WooCommerce | Custom Product Addons and Fields

woo-extra-product-options

A
100

WooCommerce Extra Product Options plugin lets you add product addons (custom products field) of 20 different field types to your product page.

30K No CVEs
Developer Profile

Product Input Fields for WooCommerce Developer Profile

tychesoftwares

20 plugins · 160K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
232 days
View full developer profile
Detection Fingerprints

How We Detect Product Input Fields for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-input-fields-for-woocommerce/includes/js/plugin-deactivation.js/wp-content/plugins/product-input-fields-for-woocommerce/includes/css/admin.css
Script Paths
includes/js/plugin-deactivation.js
Version Parameters
product-input-fields-for-woocommerce/includes/css/admin.css?ver=product-input-fields-for-woocommerce/includes/js/plugin-deactivation.js?ver=

HTML / DOM Fingerprints

CSS Classes
alg-wc-pif-admin-settingsalg-wc-pif-per-product-metaboxalg-wc-pif-all-products-settingsalg-wc-pif-product-field-wrapper
HTML Comments
<!-- Tyche Softwares Plugin Deactivation Form --><!-- Plugin Settings Section: General --><!-- Plugin Settings Section: Per Product --><!-- Plugin Settings Section: All Products -->
Data Attributes
data-plugin-slug="product-input-fields-for-woocommerce"data-field-iddata-field-typedata-product-id
JS Globals
alg_wc_pif_admin_params
FAQ

Frequently Asked Questions about Product Input Fields for WooCommerce