WP-Safety

Product Preview for WooCommerce Security & Risk Analysis

wordpress.org/plugins/product-preview-for-woocommerce

Quick Product Preview for WooCommerce Shop Without Product Page Load

50 active installs v3.6.2.5 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
previewproduct-displayquick-viewuiwoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 13, 2022
Plugin page Download
Safety Verdict

Is Product Preview for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Product Preview for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 13, 2022Updated 1mo ago
Risk Assessment

The "product-preview-for-woocommerce" plugin, version 3.6.2.5, exhibits a generally positive security posture with several strong practices in place. The absence of unpatched CVEs and the consistent use of prepared statements for SQL queries are significant strengths. The plugin also demonstrates a commitment to security by implementing a substantial number of nonce and capability checks, along with a relatively low number of external HTTP requests. However, the static analysis reveals a critical concern: the presence of the `unserialize` function, which, if exposed to untrusted input, can lead to Remote Code Execution vulnerabilities. Furthermore, the relatively low percentage of properly escaped output (26%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, particularly given the plugin's attack surface, which consists of 13 AJAX handlers. While there are no critical or high-severity taint flows identified, and all AJAX handlers have authorization checks, the combination of `unserialize` and insufficient output escaping warrants careful attention. The plugin's vulnerability history shows a past medium-severity vulnerability related to missing authorization, indicating a recurring need for rigorous security reviews in this area. In conclusion, while the plugin has made strides in security, the identified risks related to unserialization and output escaping, coupled with its past vulnerability history, necessitate further investigation and remediation.

Key Concerns

  • Presence of unserialize function
  • Low percentage of properly escaped output
  • Medium severity CVE in history
Vulnerabilities
1 published

Product Preview for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-45813medium · 5.4Missing Authorization

BeRocket Plugins <= (Various Versions) - Missing Authorization

Dec 13, 2022 Patched in 3.5.7.7 (406d)
Version History

Product Preview for WooCommerce Release Timeline

v3.6.2.5Current
v3.6.2.4
v3.6.2.3
v3.6.2.2
v3.6.2.1
v3.6.2
v3.6.1
v3.6.0
v3.5.9
v3.5.8
v3.5.7.9
v3.5.7.8
v3.5.7.7
v3.5.7.61 CVE
CVE-2022-45813
v3.5.7.51 CVE
CVE-2022-45813
v3.5.7.41 CVE
CVE-2022-45813
v3.5.7.31 CVE
CVE-2022-45813
v3.5.7.21 CVE
CVE-2022-45813
v3.5.7.11 CVE
CVE-2022-45813
v3.5.71 CVE
CVE-2022-45813
Code Analysis
Analyzed Apr 16, 2026

Product Preview for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
357
125 escaped
Nonce Checks
15
Capability Checks
25
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket/includes/updater.php:128

Output Escaping

26% escaped482 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

7 flows
<framework> (berocket/framework.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Product Preview for WooCommerce Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 13

authwp_ajax_brfr_get_export_settingsberocket/includes/admin/import_export.php:7
authwp_ajax_brfr_set_import_settingsberocket/includes/admin/import_export.php:8
authwp_ajax_brfr_confirm_import_settingsberocket/includes/admin/import_export.php:9
authwp_ajax_brfr_get_import_backupsberocket/includes/admin/import_export.php:10
authwp_ajax_brfr_restore_import_backupsberocket/includes/admin/import_export.php:11
authwp_ajax_berocket_admin_close_noticeberocket/includes/admin_notices.php:1291
authwp_ajax_berocket_subscribe_emailberocket/includes/admin_notices.php:1292
authwp_ajax_berocket_rate_stars_closeberocket/includes/admin_notices.php:1300
authwp_ajax_berocket_feature_request_sendberocket/includes/admin_notices.php:1301
authwp_ajax_berocket_error_notices_getberocket/includes/error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket/includes/information_notices.php:198
authwp_ajax_br_test_keyberocket/includes/updater.php:46
authwp_ajax_br_test_keysberocket/includes/updater.php:47
WordPress Hooks 94
filterplugins_listberocket/framework.php:85
filterBeRocket_updater_add_pluginberocket/framework.php:106
filterberocket_admin_notices_rate_stars_pluginsberocket/framework.php:107
actioninitberocket/framework.php:108
actioninitberocket/framework.php:111
actionwp_headberocket/framework.php:112
actionwp_footerberocket/framework.php:113
actionadmin_initberocket/framework.php:114
actionadmin_menuberocket/framework.php:115
actionadmin_enqueue_scriptsberocket/framework.php:116
actionberocket_enqueue_mediaberocket/framework.php:117
filterplugin_row_metaberocket/framework.php:123
filteris_berocket_settings_pageberocket/framework.php:124
actionplugins_loadedberocket/framework.php:129
actionsanitize_comment_cookiesberocket/framework.php:130
actioninstall_plugins_pre_plugin-informationberocket/framework.php:131
filterberocket_admin_notices_subscribe_pluginsberocket/framework.php:133
filterBeRocket_admin_init_user_capabilitiesberocket/framework.php:136
filterberocket_sanitize_array_predefineberocket/framework.php:137
filterberocket_sanitize_array_ksesberocket/framework.php:138
filterberocket_sanitize_array_ksesberocket/framework.php:141
actionbefore_woocommerce_initberocket/framework.php:151
filterloop_shop_per_pageberocket/framework.php:392
actionupgrader_process_completeberocket/framework.php:500
actionadmin_footerberocket/framework.php:1159
actionwp_footerberocket/framework.php:1160
actionadmin_initberocket/framework.php:1274
actionadmin_bar_menuberocket/includes/admin/admin_bar.php:8
actionwp_footerberocket/includes/admin/admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket/includes/admin/admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket/includes/admin/import_export.php:5
actionadmin_enqueue_scriptsberocket/includes/admin/import_export.php:6
filterberocket_admin_notice_is_display_noticeberocket/includes/admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket/includes/admin_notices.php:76
actionadmin_noticesberocket/includes/admin_notices.php:1290
actionadmin_noticesberocket/includes/admin_notices.php:1299
actionberocket_rate_plugin_windowberocket/includes/admin_notices.php:1302
actionberocket_related_plugins_windowberocket/includes/admin_notices.php:1303
actionberocket_above_admin_settingsberocket/includes/admin_notices.php:1304
actionberocket_feature_request_windowberocket/includes/admin_notices.php:1305
actionadmin_footerberocket/includes/admin_notices.php:1377
actionadmin_footerberocket/includes/admin_notices.php:1585
actionadmin_footerberocket/includes/admin_notices.php:2003
actionadmin_footerberocket/includes/admin_notices.php:2160
actioninitberocket/includes/custom_post/enable_disable.php:9
actionadmin_initberocket/includes/custom_post/enable_disable.php:10
actionpost_action_enableberocket/includes/custom_post/enable_disable.php:13
actionpost_action_disableberocket/includes/custom_post/enable_disable.php:14
filterpost_classberocket/includes/custom_post/enable_disable.php:16
filterpre_get_postsberocket/includes/custom_post/enable_disable.php:18
actionpre_get_postsberocket/includes/custom_post/sortable.php:22
actionin_admin_footerberocket/includes/custom_post/sortable.php:117
actioninitberocket/includes/custom_post.php:62
filterinitberocket/includes/custom_post.php:63
filteradmin_initberocket/includes/custom_post.php:64
filterwp_insert_post_databerocket/includes/custom_post.php:65
filterBeRocket_admin_init_user_capabilitiesberocket/includes/custom_post.php:75
actionadd_meta_boxesberocket/includes/custom_post.php:133
actionsave_postberocket/includes/custom_post.php:134
filterpost_row_actionsberocket/includes/custom_post.php:135
filterlist_table_primary_columnberocket/includes/custom_post.php:136
actionadmin_enqueue_scriptsberocket/includes/custom_post.php:138
filteris_berocket_settings_pageberocket/includes/custom_post.php:140
actionadmin_footerberocket/includes/custom_post.php:167
actionadmin_noticesberocket/includes/information_notices.php:197
actionadmin_initberocket/includes/updater.php:18
filterwoocommerce_addons_sectionsberocket/includes/updater.php:27
filteris_berocket_settings_pageberocket/includes/updater.php:28
actionadmin_footerberocket/includes/updater.php:30
actionadmin_headberocket/includes/updater.php:39
actionadmin_menuberocket/includes/updater.php:40
actionadmin_menuberocket/includes/updater.php:41
actionnetwork_admin_menuberocket/includes/updater.php:42
actionadmin_initberocket/includes/updater.php:43
filterpre_set_site_transient_update_pluginsberocket/includes/updater.php:44
filterplugins_api_resultberocket/includes/updater.php:45
filterhttp_request_host_is_externalberocket/includes/updater.php:48
actionadmin_footerberocket/includes/updater.php:51
actionwp_footerberocket/includes/updater.php:52
filterberocket_display_additional_noticesberocket/includes/updater.php:92
filtercustom_menu_orderberocket/includes/updater.php:98
filterberocket_admin_notice_is_display_noticeberocket/includes/updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket/includes/updater.php:103
filterplugins_api_resultberocket/includes/updater.php:109
actioninitberocket/includes/updater.php:1413
actionadmin_enqueue_scriptsberocket/sale/sale.php:4
actionadmin_headincludes/admin/funnels.php:73
actionadmin_headincludes/admin/funnels.php:105
actionwp_footerincludes/functions.php:25
filterberocket_display_additional_noticesmain.php:250
actionBeRocket_wish_wait_widget_startmain.php:304
actionBeRocket_wish_wait_widget_endmain.php:305
filterwc_get_template_partmain.php:383
filterbr_get_preview_boxmain.php:384
Maintenance & Trust

Product Preview for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.0
Downloads15K

Community Trust

Rating86/100
Number of ratings3
Active installs50
Alternatives

Product Preview for WooCommerce Alternatives

APL Quick View

APL Quick View

apl-quick-view

A
92

Add a Quick View feature to your WooCommerce store with customizable options for modal and drawer display, button styles, and product information.

0 No CVEs
Popup Product Preview for Woocommerce

Popup Product Preview for Woocommerce

doubledome-shopquick-preview

A
100

The Popup Product Preview for Woocommerce plugin enhances user experience by allowing swift access to product details without the necessity of navigat &hellip;

0 No CVEs
Quick View Popup For WooCommerce

Quick View Popup For WooCommerce

quick-view-popup-woo

A
85

Quick View Popup For WooCommerce brings an array of features to enhance your WooCommerce experience, offering seamless product previews and details.

0 No CVEs
QuickView – Instant Product Preview

QuickView – Instant Product Preview

quickview-instant-product-preview

A
100

Instantly preview WooCommerce products in a modal popup with AJAX-powered Quick View and customizable buttons.

0 No CVEs
WPC Smart Quick View for WooCommerce

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

A
97

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs
Developer Profile

Product Preview for WooCommerce Developer Profile

BeRocket

23 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
384 days
View full developer profile
Detection Fingerprints

How We Detect Product Preview for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-preview-for-woocommerce/style.css/wp-content/plugins/product-preview-for-woocommerce/js/product-preview.js/wp-content/plugins/product-preview-for-woocommerce/js/frontend.js
Script Paths
/wp-content/plugins/product-preview-for-woocommerce/js/product-preview.js/wp-content/plugins/product-preview-for-woocommerce/js/frontend.js
Version Parameters
product-preview-for-woocommerce/style.css?ver=product-preview-for-woocommerce/js/product-preview.js?ver=product-preview-for-woocommerce/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
br-product-preview-contentbr-product-preview-imagebr-product-preview-titlebr-product-preview-pricebr-product-preview-add-to-cart
HTML Comments
<!-- BeRocket Product Preview --><!-- End BeRocket Product Preview -->
Data Attributes
data-br-product-preview-iddata-br-product-preview-nonce
JS Globals
BeRocket_product_preview
FAQ

Frequently Asked Questions about Product Preview for WooCommerce