WP-Safety

Product File Upload for WooCommerce Security & Risk Analysis

wordpress.org/plugins/products-file-upload-for-woocommerce

Professional AJAX Drag & Drop file upload for WooCommerce product pages. Allow customers to upload images, documents, and files instantly.

100 active installs v2.2.7 PHP + WP 4.0+ Updated Apr 3, 2026
ajax-uploaddrag-and-dropproduct-uploadwoocommerce-file-uploadwoocommerce-product-upload
97
A · Safe
CVEs total1
Unpatched0
Last CVEMar 23, 2026
Plugin page Download
Safety Verdict

Is Product File Upload for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Product File Upload for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 23, 2026Updated 5d ago
Risk Assessment

Based on the provided static analysis and vulnerability history, the 'products-file-upload-for-woocommerce' plugin version 2.2.5 exhibits a strong security posture. The analysis reveals no identified vulnerabilities in its history, and the static code scan shows a diligent implementation of security best practices. All AJAX handlers have authentication checks, SQL queries are exclusively prepared, and all output is properly escaped. The plugin also correctly implements nonce and capability checks, indicating a robust defense against common WordPress attack vectors. The absence of taint analysis findings further reinforces this positive assessment, suggesting that data flows within the plugin are handled securely.

While the plugin demonstrates excellent security hygiene, the presence of file operations and external HTTP requests, though not flagged as immediately dangerous in this analysis, represent potential areas for future scrutiny. These functionalities, especially if not meticulously validated or handled with extreme care, could become vectors for vulnerabilities in different contexts or future versions. However, given the current data, the plugin appears to be developed with security in mind, making it a relatively low-risk component.

Vulnerabilities
1

Product File Upload for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-25328high · 8.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product File Upload for WooCommerce <= 2.2.4 - Unauthenticated Arbitrary File Deletion

Mar 23, 2026 Patched in 2.2.5 (11d)
Version History

Product File Upload for WooCommerce Release Timeline

v2.2.7Current
v2.2.6
v2.2.5
v2.2.31 CVE
CVE-2026-25328
v2.1.51 CVE
CVE-2026-25328
Code Analysis
Analyzed Mar 16, 2026

Product File Upload for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
74 escaped
Nonce Checks
6
Capability Checks
2
File Operations
2
External Requests
2
Bundled Libraries
0

Output Escaping

100% escaped74 total outputs
Attack Surface

Product File Upload for WooCommerce Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_superaddons_products_uploadsfrontend\index.php:11
noprivwp_ajax_superaddons_products_uploadsfrontend\index.php:12
authwp_ajax_superaddons_products_uploads_removefrontend\index.php:13
noprivwp_ajax_superaddons_products_uploads_removefrontend\index.php:14
authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13
WordPress Hooks 24
filterwoocommerce_settings_tabs_arraybackend\index.php:8
actionwoocommerce_settings_tabs_settings_tab_products_uploadbackend\index.php:9
actionwoocommerce_update_options_settings_tab_products_uploadbackend\index.php:10
actionyeeaddons_woo_product_upload_settingsbackend\index.php:11
actionwp_enqueue_scriptsfrontend\index.php:9
actionwoocommerce_before_add_to_cart_buttonfrontend\index.php:10
actionwoocommerce_add_to_cartfrontend\index.php:15
actionadmin_initfrontend\index.php:16
actionsave_postfrontend\index.php:17
filterwoocommerce_add_cart_item_datafrontend\index.php:18
filterwoocommerce_get_cart_item_from_sessionfrontend\index.php:19
actionwoocommerce_add_order_item_metafrontend\index.php:20
filterwoocommerce_get_item_datafrontend\index.php:21
filterwoocommerce_order_item_display_meta_keyfrontend\index.php:22
filterwoocommerce_order_item_display_meta_valuefrontend\index.php:23
actionwoocommerce_order_item_meta_endfrontend\index.php:24
actionadmin_menuyeekit\document.php:10
actionadmin_enqueue_scriptsyeekit\document.php:11
filterfluentform_global_addonsyeekit\document.php:12
actionadmin_noticesyeekit\document.php:14
actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15
actionadmin_inityeekit\document.php:17
actionelementor/editor/after_enqueue_stylesyeekit\document.php:19
filterhttp_responseyeekit\document.php:208
Maintenance & Trust

Product File Upload for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Product File Upload for WooCommerce Alternatives

Drag and Drop Multiple File Upload for Contact Form 7

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

B
81

This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.

60K 14 CVEs
Drag and Drop Multiple File Upload for WooCommerce

Drag and Drop Multiple File Upload for WooCommerce

drag-and-drop-multiple-file-upload-for-woocommerce

A
86

Drag and Drop Multiple File Uploader is a simple, straightforward WordPress plugin extension for WooCommerce.

5K 4 CVEs
Easy DragDrop File Uploader

Easy DragDrop File Uploader

easy-file-uploader

A
100

Enhances Elementor Pro Forms and Contact Form 7 with a drag and drop uploader for seamless file uploads.

10 No CVEs
Elementor Website Builder – more than just a page builder

Elementor Website Builder – more than just a page builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, Atomic Editor, pixel perfect design, global and reusable style systems, mobile r &hellip;

10.0M 47 CVEs
Page Builder by SiteOrigin

Page Builder by SiteOrigin

siteorigin-panels

A
88

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs
Developer Profile

Product File Upload for WooCommerce Developer Profile

add-ons.org

59 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
50 days
View full developer profile
Detection Fingerprints

How We Detect Product File Upload for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/products-file-upload-for-woocommerce/assets/css/drap_drop_file_upload.css/wp-content/plugins/products-file-upload-for-woocommerce/assets/js/drap_drop_file_upload.js
Script Paths
/wp-content/plugins/products-file-upload-for-woocommerce/assets/js/drap_drop_file_upload.js
Version Parameters
products-file-upload-for-woocommerce/assets/js/drap_drop_file_upload.js?ver=products-file-upload-for-woocommerce/assets/css/drap_drop_file_upload.css?ver=

HTML / DOM Fingerprints

CSS Classes
variation-FileUploaddd-upload-wrap
HTML Comments
<!-- IMPORTANT: Do not edit the code below this line -->
Data Attributes
data-iddata-file_namedata-file_typedata-file_sizedata-file_number
JS Globals
superaddons_products_uploads
REST Endpoints
/wp-json/superaddons/v1/products/uploads/wp-json/superaddons/v1/products/uploads/remove
FAQ

Frequently Asked Questions about Product File Upload for WooCommerce