Does Product Specifications for Woocommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Product Specifications for Woocommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Product Specifications for Woocommerce compatible with WordPress 6.6.5?

According to WordPress.org data, Product Specifications for Woocommerce 0.8.7 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Product Specifications for Woocommerce compatible with PHP 7.4+?

Product Specifications for Woocommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Product Specifications for Woocommerce updated?

Product Specifications for Woocommerce was last updated on Nov 12, 2024. Frequent updates are generally a positive security signal.

What is Product Specifications for Woocommerce's security score?

Product Specifications for Woocommerce has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Product Specifications for Woocommerce Security & Risk Analysis

wordpress.org/plugins/product-specifications

This plugin adds a product specifications table to your woocommerce single-product page.

2K active installs v0.8.7 PHP 7.4+ WP 5.9+ Updated Nov 12, 2024

product-attributesproduct-specificationsspecificationsspecifications-tablespecs

A · Safe

CVEs total1

Unpatched0

Last CVEMar 28, 2023

Plugin page Download

Safety Verdict

Is Product Specifications for Woocommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Product Specifications for Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 28, 2023Updated 1yr ago

Risk Assessment

The "product-specifications" v0.8.7 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and the absence of known critical or high-severity vulnerabilities, significant concerns remain regarding its attack surface and output escaping. All five identified AJAX handlers lack authentication checks, creating a broad entry point for potential abuse by unauthenticated users. The very low percentage of properly escaped outputs (7%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern confirmed by its past vulnerability history. The plugin has a history of medium-severity XSS vulnerabilities, and the lack of robust output sanitization suggests this could be an ongoing issue. While the absence of unpatched CVEs and taint analysis findings are positive, the unprotected AJAX endpoints and widespread output escaping issues represent the most immediate and critical security risks.

Key Concerns

All AJAX handlers lack authentication checks
Very low percentage of properly escaped outputs
Past medium severity XSS vulnerability
Limited nonce checks
Limited capability checks

Vulnerabilities

Product Specifications for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-46858medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Specifications for Woocommerce <= 0.6.0 - Reflected Cross-Site Scripting via Arbitrary Query String Parameter

Mar 28, 2023 Patched in 0.7.0 (520d)

Code Analysis

Analyzed Mar 16, 2026

Product Specifications for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

222

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

7% escaped238 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

__invoke (src\ImportExport\ImportDataAjaxHandler.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Product Specifications for Woocommerce Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_dwps_group_rearrangesrc\EntityUpdater\Module.php:24

authwp_ajax_dwps_edit_formsrc\EntityUpdaterUi\Module.php:24

authwp_ajax_dwps_group_rearrange_formsrc\EntityUpdaterUi\Module.php:25

authwp_ajax_dwspecs_export_datasrc\ImportExport\Module.php:23

authwp_ajax_dwspecs_import_datasrc\ImportExport\Module.php:24

WordPress Hooks 20

actionall_admin_noticesproduct-specifications.php:30

actionplugins_loadedproduct-specifications.php:55

actionadmin_enqueue_scriptssrc\Admin\Module.php:20

actionadmin_menusrc\Admin\Module.php:21

actionadmin_menusrc\Admin\Module.php:24

actionadmin_menusrc\AttributeGroupsListUi\Module.php:21

actionadmin_menusrc\AttributesListUi\Module.php:21

actioninitsrc\Content\Module.php:19

actionadmin_menusrc\ImportExport\Module.php:20

actionbefore_woocommerce_initsrc\Integration\Module.php:26

filterwoocommerce_product_tabssrc\Integration\Module.php:27

actionwp_enqueue_scriptssrc\Integration\Module.php:28

actionadmin_initsrc\Integration\Module.php:29

actionadmin_noticessrc\Integration\WooCommerce\WooCommerceNotInstalledNoticeHandler.php:23

actioninitsrc\Metabox\Module.php:19

actionadd_meta_boxessrc\Metabox\Module.php:20

actionwp_insert_postsrc\Metabox\Module.php:21

actionadmin_menusrc\Settings\Module.php:20

actionadmin_initsrc\Settings\Module.php:23

actioninitsrc\Shortcode\Module.php:22

Maintenance & Trust

Product Specifications for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 12, 2024

PHP min version7.4

Downloads45K

Community Trust

Rating94/100

Number of ratings26

Active installs2K

Alternatives

Product Specifications for Woocommerce Alternatives

MOS Product Specifications for WooCommerce

mos-product-specifications-tab

100

Create structured WooCommerce product specification tables with unlimited rows, drag & drop sorting, tooltips, and responsive design.

30 No CVEs

Luma Product Fields

luma-product-fields

100

Add WooCommerce product fields and product specifications in minutes, with inline editing, clickable values, and searchable specs.

0 No CVEs

Swatchly – Product Variation Swatches for WooCommerce

swatchly

Product Variation Swatches For WooCommerce Products.

6K 2 CVEs

Smart Variation Swatches and Attribute Filters for WooCommerce

variation-swatches-style

100

Awesome Color, Image, and Buttons Variation Swatches For WooCommerce Product Attributes. Variation Price Update And product filter by Swatches .

3K No CVEs

Product Attributes Shortcode

wcpas-product-attributes-shortcode

Shortcode to display a linked list of terms from a product attribute, such as all brand links from a brands attribute.

700 No CVEs

Developer Profile

Product Specifications for Woocommerce Developer Profile

Dornaweb

2 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

520 days

View full developer profile

Detection Fingerprints

How We Detect Product Specifications for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/product-specifications/admin.js/wp-content/plugins/product-specifications/admin.css/wp-content/plugins/product-specifications/frontend.css

Version Parameters

product-specifications/admin.js?ver=product-specifications/admin.css?ver=product-specifications/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

dwps_disable_default_styles

JS Globals

dwspecs_plugin

Shortcode Output

[product_specifications]

FAQ