Does Raffle Play Woocommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Raffle Play Woocommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Raffle Play Woocommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Raffle Play Woocommerce 2.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Raffle Play Woocommerce compatible with PHP 7.2+?

Raffle Play Woocommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Raffle Play Woocommerce updated?

Raffle Play Woocommerce was last updated on Feb 11, 2026. Frequent updates are generally a positive security signal.

What is Raffle Play Woocommerce's security score?

Raffle Play Woocommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Raffle Play Woocommerce Security & Risk Analysis

wordpress.org/plugins/raffle-play-woo

Raffle Play Woo is generating raffle tickets for woocommerce products, based on the number defined by the admin. Adds raffle tickets to your woocommer …

900 active installs v2.5.2 PHP 7.2+ WP 5.6+ Updated Feb 11, 2026

contestgiveawaylotteryraffleraffle-tickets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Raffle Play Woocommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Raffle Play Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The raffle-play-woo plugin v2.5.2 presents a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, a significant concern arises from its attack surface. Three AJAX handlers are exposed, and importantly, none of them have authentication checks. This means any unauthenticated user could potentially interact with these handlers, leading to unintended consequences. The taint analysis further highlights this risk, identifying two flows with unsanitized paths, both classified as high severity. These unsanitized paths, coupled with unprotected AJAX handlers, strongly suggest a potential for vulnerabilities like Cross-Site Scripting (XSS) or other forms of injection attacks if the AJAX handlers are indeed involved in processing user-supplied data without proper validation and sanitization.

The plugin's vulnerability history is notably clean, with zero recorded CVEs. This is a positive indicator and suggests that the plugin has historically been well-maintained or has not attracted significant malicious attention. However, the absence of historical vulnerabilities should not overshadow the immediate risks identified in the static analysis. The current version has a considerable number of unprotected entry points and high-severity taint flows, which represent immediate security concerns that need addressing. The plugin's strengths lie in its SQL handling and output escaping, but these are undermined by the exposed AJAX functionality and taint issues. A balanced conclusion is that while the plugin has a good track record, the current version has critical security weaknesses due to its exposed and potentially unsanitized AJAX handlers.

Key Concerns

AJAX handlers without auth checks
High severity taint flows with unsanitized paths
Total entry points unprotected

Vulnerabilities

None known

Raffle Play Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Raffle Play Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

97 prepared

Unescaped Output

271 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

81% prepared120 total queries

Output Escaping

77% escaped353 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

drp_woo_save_custom_fields (includes\RafflePlayWoo_LifeCycle.php:1318)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Raffle Play Woocommerce Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_drp_save_settingsincludes\RafflePlayWoo_Plugin.php:485

authwp_ajax_drp_get_dataincludes\RafflePlayWoo_Plugin.php:486

authwp_ajax_drp_fix_dbincludes\RafflePlayWoo_Plugin.php:487

WordPress Hooks 31

actionadmin_menuincludes\RafflePlayWoo_Plugin.php:416

actionadmin_enqueue_scriptsincludes\RafflePlayWoo_Plugin.php:417

actionwp_enqueue_scriptsincludes\RafflePlayWoo_Plugin.php:419

filterwoocommerce_product_data_tabsincludes\RafflePlayWoo_Plugin.php:421

actionwoocommerce_product_data_panelsincludes\RafflePlayWoo_Plugin.php:422

filterwoocommerce_shop_order_list_table_columnsincludes\RafflePlayWoo_Plugin.php:425

actionwoocommerce_shop_order_list_table_custom_columnincludes\RafflePlayWoo_Plugin.php:426

actionwoocommerce_process_product_metaincludes\RafflePlayWoo_Plugin.php:430

actionwoocommerce_admin_order_data_after_order_detailsincludes\RafflePlayWoo_Plugin.php:432

filtermanage_edit-product_columnsincludes\RafflePlayWoo_Plugin.php:433

actionmanage_product_posts_custom_columnincludes\RafflePlayWoo_Plugin.php:434

filterplugin_row_metaincludes\RafflePlayWoo_Plugin.php:435

actionwoocommerce_email_after_order_tableincludes\RafflePlayWoo_Plugin.php:437

actionwoocommerce_before_save_order_itemsincludes\RafflePlayWoo_Plugin.php:439

actionwp_headincludes\RafflePlayWoo_Plugin.php:452

actionwoocommerce_order_status_failedincludes\RafflePlayWoo_Plugin.php:476

actionwoocommerce_order_status_refundedincludes\RafflePlayWoo_Plugin.php:477

actionwoocommerce_order_status_cancelledincludes\RafflePlayWoo_Plugin.php:478

actionwoocommerce_thankyouincludes\RafflePlayWoo_Plugin.php:482

actionwoocommerce_view_orderincludes\RafflePlayWoo_Plugin.php:483

actioninitincludes\RafflePlayWoo_Plugin.php:490

filterquery_varsincludes\RafflePlayWoo_Plugin.php:491

filterwoocommerce_account_menu_itemsincludes\RafflePlayWoo_Plugin.php:492

actionwoocommerce_account_raffle_endpointincludes\RafflePlayWoo_Plugin.php:493

filterwoocommerce_account_menu_itemsincludes\RafflePlayWoo_Plugin.php:494

filterwoocommerce_account_menu_itemsincludes\RafflePlayWoo_Plugin.php:495

actionadmin_footerincludes\RafflePlayWoo_Plugin.php:498

actionwp_trash_postincludes\RafflePlayWoo_Plugin.php:504

actiondelete_postincludes\RafflePlayWoo_Plugin.php:511

actionadmin_noticesraffle-play-woo.php:44

actioninitraffle-play-woo.php:59

Maintenance & Trust

Raffle Play Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 11, 2026

PHP min version7.2

Downloads21K

Community Trust

Rating100/100

Number of ratings21

Active installs900

Alternatives

Raffle Play Woocommerce Alternatives

Giveaway Lottery for WooCommerce

giveaway-lottery

100

Sell tickets, run giveaways, raffles, lotteries, and lucky draws in WooCommerce to boost engagement, sales, and customer loyalty.

200 No CVEs

Run Contests, Raffles, and Giveaways with ContestsWP

contest-code-checker

An easy to use WordPress plugin to do giveaways.

100 1 unpatched

SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests

sweepwidget

The best free WordPress contest tool to run giveaways, sweepstakes, photo contests, voting contests, raffles, and instant coupons.

100 1 CVE

Raffle for WooCommerce

raffle-for-woocommerce

100

Run raffles with WooCommerce. Sell tickets, draw winners, and let customers buy tickets for friends and family.

10 No CVEs

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

The best WordPress giveaway plugin. Grow your email list, website traffic, and social media followers with viral contests, giveaways, and sweepstakes.

30K 11 CVEs

Developer Profile

Raffle Play Woocommerce Developer Profile

dan009

5 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect Raffle Play Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/raffle-play-woo/assets/css/admin-style.css/wp-content/plugins/raffle-play-woo/assets/css/raffle-style.css/wp-content/plugins/raffle-play-woo/assets/js/admin-script.js/wp-content/plugins/raffle-play-woo/assets/js/raffle-script.js

Script Paths

/wp-content/plugins/raffle-play-woo/assets/js/admin-script.js/wp-content/plugins/raffle-play-woo/assets/js/raffle-script.js

Version Parameters

raffle-play-woo/assets/css/admin-style.css?ver=raffle-play-woo/assets/css/raffle-style.css?ver=raffle-play-woo/assets/js/admin-script.js?ver=raffle-play-woo/assets/js/raffle-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

raffle-play-woo-admin-dashboardraffle-play-woo-settings-pageraffle-play-woo-shortcode-wrapperraffle-play-woo-ticket-numberraffle-play-woo-winner-listraffle-play-woo-buy-tickets-button

HTML Comments

Data Attributes

data-raffle-product-iddata-raffle-ticket-pricedata-raffle-ticket-quantitydata-raffle-remaining-tickets

JS Globals

RafflePlayWooAdminRafflePlayWooFrontend

REST Endpoints

/wp-json/raffle-play-woo/v1/tickets/wp-json/raffle-play-woo/v1/winners

Shortcode Output

[raffle_play_woo_display_raffle_tickets][raffle_play_woo_winner_list][raffle_play_woo_buy_tickets]

FAQ