Does Quantities and Units for WooCommerce have any unpatched vulnerabilities?

Yes — Quantities and Units for WooCommerce currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Quantities and Units for WooCommerce compatible with WordPress 4.3.34?

According to WordPress.org data, Quantities and Units for WooCommerce 1.0.13 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Quantities and Units for WooCommerce updated?

Quantities and Units for WooCommerce was last updated on Nov 29, 2016. Frequent updates are generally a positive security signal.

What is Quantities and Units for WooCommerce's security score?

Quantities and Units for WooCommerce has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quantities and Units for WooCommerce Security & Risk Analysis

wordpress.org/plugins/quantities-and-units-for-woocommerce

Easily require your customers to buy a minimum / maximum / incremental amount of products. Supports decimal quantities.

1K active installs v1.0.13 PHP + WP 3.5+ Updated Nov 29, 2016

product-maximum-valuesproduct-minimum-valuesproduct-quantitiesproduct-step-valueswoocommerce

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 17, 2025

Plugin page Download

Safety Verdict

Is Quantities and Units for WooCommerce Safe to Use in 2026?

Use With Caution

Score 63/100

Quantities and Units for WooCommerce has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 17, 2025Updated 9yr ago

Risk Assessment

The "quantities-and-units-for-woocommerce" plugin version 1.0.13 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries, performing nonce and capability checks on a significant portion of its entry points, and having a relatively small attack surface with no unprotected AJAX handlers or REST API routes, there are notable concerns. The most significant weakness identified is the complete lack of output escaping across all 60 identified output points. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface. Taint analysis also revealed two flows with unsanitized paths, though thankfully these are not classified as critical or high severity. The plugin's vulnerability history, which includes one medium severity XSS vulnerability discovered on September 17, 2025, and still unpatched, further reinforces the concern about output sanitization. This historical pattern suggests a recurring issue with input handling and a potential lack of diligent security review before releases. In conclusion, while the plugin has strengths in its structured approach to SQL and access control, the pervasive issue of unescaped output and a recent unpatched XSS vulnerability create a significant security risk that requires immediate attention.

Key Concerns

Unpatched Medium Severity CVE
All outputs unescaped
Unsanitized paths found in taint analysis

Vulnerabilities

1 published

Quantities and Units for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58917medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quantities and Units for WooCommerce <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 17, 2025Unpatched

Version History

Quantities and Units for WooCommerce Release Timeline

v1.0.13Current1 CVE

v1.0.121 CVE

v1.0.111 CVE

v1.0.101 CVE

v1.0.91 CVE

v1.0.81 CVE

v1.0.71 CVE

v1.0.61 CVE

v1.0.51 CVE

v1.0.41 CVE

v1.0.31 CVE

v1.0.21 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Quantities and Units for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped60 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

thumbnail_plugin_notice (quantites-and-units.php:286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Quantities and Units for WooCommerce Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wpbo_quantity_message] includes\class-wcqu-actions.php:18

WordPress Hooks 40

actioninitincludes\class-wcqu-actions.php:14

actionwoocommerce_single_product_summaryincludes\class-wcqu-actions.php:53

actionadmin_menuincludes\class-wcqu-advanced-rules.php:11

filterwoocommerce_quantity_input_minincludes\class-wcqu-filters.php:11

filterwoocommerce_quantity_input_maxincludes\class-wcqu-filters.php:12

filterwoocommerce_quantity_input_stepincludes\class-wcqu-filters.php:13

filterwoocommerce_quantity_input_argsincludes\class-wcqu-filters.php:16

filterwoocommerce_loop_add_to_cart_argsincludes\class-wcqu-filters.php:18

actioninitincludes\class-wcqu-post-type.php:11

actionmanage_edit-quantity-rule_columnsincludes\class-wcqu-post-type.php:14

actionmanage_quantity-rule_posts_custom_columnincludes\class-wcqu-post-type.php:15

filtermanage_edit-quantity-rule_sortable_columnsincludes\class-wcqu-post-type.php:16

actionadd_meta_boxesincludes\class-wcqu-post-type.php:19

actionadd_meta_boxesincludes\class-wcqu-post-type.php:20

actionadd_meta_boxesincludes\class-wcqu-post-type.php:21

actionadd_meta_boxesincludes\class-wcqu-post-type.php:22

actionadd_meta_boxesincludes\class-wcqu-post-type.php:23

actionadd_meta_boxesincludes\class-wcqu-post-type.php:25

actionsave_postincludes\class-wcqu-post-type.php:28

actionsave_postincludes\class-wcqu-post-type.php:29

actionsave_postincludes\class-wcqu-post-type.php:30

actionsave_postincludes\class-wcqu-post-type.php:31

actionadd_meta_boxesincludes\class-wcqu-product-meta-box.php:10

actionsave_postincludes\class-wcqu-product-meta-box.php:11

filterwoocommerce_get_price_suffixincludes\class-wcqu-product-unit.php:11

actionwoocommerce_add_order_item_metaincludes\class-wcqu-product-unit.php:12

filterwoocommerce_widget_cart_item_quantityincludes\class-wcqu-product-unit.php:13

actionwoocommerce_product_write_panelsincludes\class-wcqu-units-box.php:8

actionsave_postincludes\class-wcqu-units-box.php:9

actionwoocommerce_product_write_panel_tabsincludes\class-wcqu-units-box.php:10

actionwoocommerce_add_to_cart_validationincludes\class-wcqu-validations.php:10

actionwoocommerce_update_cart_validationincludes\class-wcqu-validations.php:11

filteractive_pluginsincludes\wcqu-functions.php:421

actionwp_enqueue_scriptsquantites-and-units.php:56

actionwp_enqueue_scriptsquantites-and-units.php:57

actionadmin_initquantites-and-units.php:58

actioninitquantites-and-units.php:61

actionadmin_initquantites-and-units.php:65

actionplugins_loadedquantites-and-units.php:67

filterwoocommerce_stock_amountquantites-and-units.php:75

Maintenance & Trust

Quantities and Units for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedNov 29, 2016

PHP min version

Downloads23K

Community Trust

Rating88/100

Number of ratings17

Active installs1K

Alternatives

Quantities and Units for WooCommerce Alternatives

Ajax Shop Loop Quantity for WooCommerce

ajax-shop-loop-quantity-for-woocommerce

This plugin's goal is to show product quantity field in the product thumbnail after it has been added to the cart.

10 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

Developer Profile

Quantities and Units for WooCommerce Developer Profile

Nick Verwymeren

2 plugins · 1K total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quantities and Units for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quantities-and-units-for-woocommerce/assets/css/styles.css/wp-content/plugins/quantities-and-units-for-woocommerce/assets/css/admin-styles.css/wp-content/plugins/quantities-and-units-for-woocommerce/assets/js/ipq_input_value_validation.js/wp-content/plugins/quantities-and-units-for-woocommerce/assets/js/ipq_admin_script.js

Script Paths

/wp-content/plugins/quantities-and-units-for-woocommerce/assets/js/ipq_input_value_validation.js/wp-content/plugins/quantities-and-units-for-woocommerce/assets/js/ipq_admin_script.js

Version Parameters

quantities-and-units-for-woocommerce/assets/css/styles.css?ver=quantities-and-units-for-woocommerce/assets/css/admin-styles.css?ver=quantities-and-units-for-woocommerce/assets/js/ipq_input_value_validation.js?ver=quantities-and-units-for-woocommerce/assets/js/ipq_admin_script.js?ver=

HTML / DOM Fingerprints

JS Globals

ipq_validation

FAQ

Quantities and Units for WooCommerce Security & Risk Analysis

Is Quantities and Units for WooCommerce Safe to Use in 2026?

Use With Caution

Key Concerns

Quantities and Units for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Quantities and Units for WooCommerce Release Timeline

Quantities and Units for WooCommerce Code Analysis

Output Escaping

Data Flow Analysis

Quantities and Units for WooCommerce Attack Surface

Shortcodes 1

Quantities and Units for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Quantities and Units for WooCommerce Alternatives

Ajax Shop Loop Quantity for WooCommerce

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Google for WooCommerce

WooPayments: Integrated WooCommerce Payments

Quantities and Units for WooCommerce Developer Profile

How We Detect Quantities and Units for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Quantities and Units for WooCommerce