WP-Safety

ShopExtra — WooCommerce Extras Security & Risk Analysis

wordpress.org/plugins/shop-extra

A lightweight plugin to enhance your WooCommerce & Business site. Floating WhatsApp Chat Widget , WhatsApp Order Button for WooCommerce, Hide/Disa …

30 active installs v1.0.9 PHP 7.4+ WP 5.8+ Updated Jan 8, 2024
click-to-chatwhatsappwhatsapp-chatwoocommercewoocommerce-whatsapp
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is ShopExtra — WooCommerce Extras Safe to Use in 2026?

Generally Safe

Score 85/100

ShopExtra — WooCommerce Extras has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "shop-extra" v1.0.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has a very high percentage of properly escaped output. The absence of any known vulnerabilities in its history is also a strong indicator of diligent development. However, significant concerns arise from its attack surface. Two AJAX handlers are present, and critically, both lack authentication checks, exposing them to potential unauthorized access and manipulation. While the taint analysis did not reveal critical or high severity issues, one flow with an unsanitized path warrants attention, even if its impact wasn't deemed severe in this analysis. The limited file operations and lack of external HTTP requests are positive signs, reducing the potential for certain attack vectors. The plugin's vulnerability history is a strength, but the presence of unprotected entry points represents a clear and immediate risk that outweighs the lack of past issues.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flow with unsanitized path
Vulnerabilities
None known

ShopExtra — WooCommerce Extras Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ShopExtra — WooCommerce Extras Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
23
384 escaped
Nonce Checks
4
Capability Checks
1
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

94% escaped407 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<enable-block-editor-product> (includes\classes\parts\enable-block-editor-product.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ShopExtra — WooCommerce Extras Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_clear_cartincludes\functions\cart.php:339
noprivwp_ajax_clear_cartincludes\functions\cart.php:340
WordPress Hooks 113
actionadmin_menuincludes\classes\Core.php:12
filterplugin_row_metaincludes\classes\Core.php:15
actionadmin_enqueue_scriptsincludes\classes\Core.php:77
actioninitincludes\classes\Floating.php:23
actionwp_enqueue_scriptsincludes\classes\Floating.php:24
actionwp_print_footer_scriptsincludes\classes\Floating.php:25
actionadmin_noticesincludes\classes\Messages.php:58
actionwp_enqueue_scriptsincludes\classes\parts\cart.php:23
actionwp_print_footer_scriptsincludes\classes\parts\cart.php:24
actionwp_enqueue_scriptsincludes\classes\parts\checkout.php:23
actionwp_print_footer_scriptsincludes\classes\parts\checkout.php:24
actionwp_enqueue_scriptsincludes\classes\parts\customize-elements.php:27
filterwoocommerce_checkout_fieldsincludes\classes\parts\customize-elements.php:29
actionwoocommerce_single_product_summaryincludes\classes\parts\customize-elements.php:32
filteruse_block_editor_for_post_typeincludes\classes\parts\enable-block-editor-product.php:36
actionadmin_enqueue_scriptsincludes\classes\parts\enable-block-editor-product.php:38
actionenqueue_block_editor_assetsincludes\classes\parts\enable-block-editor-product.php:39
actionload-post.phpincludes\classes\parts\enable-block-editor-product.php:41
actionload-post-new.phpincludes\classes\parts\enable-block-editor-product.php:42
actionedit_form_after_titleincludes\classes\parts\enable-block-editor-product.php:43
actionedit_form_after_titleincludes\classes\parts\enable-block-editor-product.php:44
filteradmin_body_classincludes\classes\parts\enable-block-editor-product.php:47
actionadmin_print_footer_scriptsincludes\classes\parts\enable-block-editor-product.php:49
actionwp_enqueue_scriptsincludes\classes\parts\loops.php:23
actionwp_enqueue_scriptsincludes\classes\parts\single-product.php:26
actioninitincludes\classes\Products.php:12
actioninitincludes\classes\Products.php:13
actioninitincludes\classes\Products.php:14
actionplugins_loadedincludes\classes\Products.php:15
actioninitincludes\classes\Products.php:16
actioninitincludes\classes\Settings.php:14
actionshop_extra_after_bodyincludes\classes\Settings.php:15
filtergettextincludes\classes\Translations.php:20
filterwoocommerce_shipping_package_nameincludes\classes\Translations.php:21
filterwc_add_to_cart_message_htmlincludes\classes\Translations.php:22
filterwoocommerce_product_tabsincludes\classes\Translations.php:24
filterwoocommerce_checkout_fieldsincludes\classes\Translations.php:26
actionwoocommerce_product_data_tabsincludes\classes\Utilities.php:32
actionwoocommerce_product_data_panelsincludes\classes\Utilities.php:35
actionwoocommerce_admin_process_product_objectincludes\classes\Utilities.php:48
actionwoocommerce_before_add_to_cart_buttonincludes\classes\Utilities.php:55
actionwoocommerce_before_variations_formincludes\classes\Utilities.php:56
actionwoocommerce_review_order_before_paymentincludes\classes\Utilities.php:64
actionwoocommerce_checkout_processincludes\classes\Utilities.php:65
actionwoocommerce_before_add_to_cart_buttonincludes\classes\Utilities.php:69
actionwoocommerce_before_variations_formincludes\classes\Utilities.php:70
filterwoocommerce_add_cart_item_dataincludes\classes\Utilities.php:75
filterwoocommerce_get_item_dataincludes\classes\Utilities.php:78
actionwoocommerce_checkout_create_order_line_itemincludes\classes\Utilities.php:81
actionwp_enqueue_scriptsincludes\classes\Utilities.php:84
actionwoocommerce_checkout_update_order_metaincludes\classes\Utilities.php:87
actionwoocommerce_thankyouincludes\classes\Utilities.php:88
actionwoocommerce_admin_order_data_after_billing_addressincludes\classes\Utilities.php:89
actionwoocommerce_email_after_order_tableincludes\classes\Utilities.php:90
actionwoocommerce_process_product_metaincludes\classes\Utilities.php:97
filterwoocommerce_get_price_htmlincludes\classes\Utilities.php:100
actionadmin_enqueue_scriptsincludes\classes\Utilities.php:103
actionwoocommerce_product_data_tabsincludes\classes\Utilities.php:110
actionwoocommerce_product_data_panelsincludes\classes\Utilities.php:113
actionwoocommerce_process_product_metaincludes\classes\Utilities.php:116
actionadmin_enqueue_scriptsincludes\classes\Utilities.php:119
filterwoocommerce_product_tabsincludes\classes\Utilities.php:122
filterwoocommerce_product_export_product_default_columnsincludes\classes\Utilities.php:125
filterwoocommerce_product_export_product_column_custom_tab_titleincludes\classes\Utilities.php:128
filterwoocommerce_product_export_product_column_custom_tab_contentincludes\classes\Utilities.php:129
filterwoocommerce_product_import_pre_insert_product_objectincludes\classes\Utilities.php:132
filterwoocommerce_csv_product_import_mapping_optionsincludes\classes\Utilities.php:135
filterwoocommerce_csv_product_import_mapping_default_columnsincludes\classes\Utilities.php:138
actionwoocommerce_product_options_pricingincludes\classes\Utilities.php:144
actionwoocommerce_variation_options_pricingincludes\classes\Utilities.php:145
actionwoocommerce_process_product_metaincludes\classes\Utilities.php:146
actionwoocommerce_save_product_variationincludes\classes\Utilities.php:147
filterwoocommerce_quantity_input_argsincludes\classes\Utilities.php:148
filterwoocommerce_available_variationincludes\classes\Utilities.php:149
filterwoocommerce_dropdown_variation_attribute_options_argsincludes\classes\Utilities.php:151
actionwoocommerce_review_order_before_paymentincludes\classes\Utilities.php:186
filterwoocommerce_add_cart_item_dataincludes\classes\Utilities.php:189
actionwoocommerce_checkout_create_order_line_itemincludes\classes\Utilities.php:190
actionwoocommerce_checkout_update_order_metaincludes\classes\Utilities.php:191
actionwoocommerce_checkout_processincludes\classes\Utilities.php:194
actionwoocommerce_thankyouincludes\classes\Utilities.php:197
actionwoocommerce_admin_order_data_after_billing_addressincludes\classes\Utilities.php:200
actionwoocommerce_email_after_order_tableincludes\classes\Utilities.php:203
filterwoocommerce_checkout_cart_item_quantityincludes\classes\Utilities.php:209
actionwoocommerce_checkout_update_order_reviewincludes\classes\Utilities.php:210
actioninitincludes\classes\Utilities.php:212
actionwoocommerce_after_quantity_input_fieldincludes\classes\Utilities.php:1357
actionwoocommerce_before_quantity_input_fieldincludes\classes\Utilities.php:1358
actionwp_footerincludes\classes\Utilities.php:1359
actionwoocommerce_after_cart_totalsincludes\functions\cart.php:314
actionwoocommerce_after_cart_totalsincludes\functions\cart.php:318
actionwoocommerce_proceed_to_checkoutincludes\functions\cart.php:320
actionwoocommerce_before_cart_totalsincludes\functions\cart.php:325
actionwoocommerce_after_cart_totalsincludes\functions\cart.php:328
actioninitincludes\functions\cart.php:332
actionwoocommerce_initincludes\functions\checkout.php:9
actionwoocommerce_checkout_update_order_reviewincludes\functions\checkout.php:26
filterwoocommerce_checkout_get_valueincludes\functions\checkout.php:33
filterwoocommerce_ship_to_different_address_checkedincludes\functions\checkout.php:40
actionwoocommerce_review_order_after_submitincludes\functions\checkout.php:406
actionwp_footerincludes\functions\floating.php:146
actionwoocommerce_after_shop_loop_itemincludes\functions\loops.php:106
actionwoocommerce_after_shop_loop_itemincludes\functions\loops.php:109
actionwoocommerce_after_shop_loop_item_titleincludes\functions\loops.php:112
actionwoocommerce_after_shop_loop_itemincludes\functions\loops.php:115
actioninitincludes\functions\loops.php:119
actionwoocommerce_after_add_to_cart_buttonincludes\functions\single-product.php:107
actionwoocommerce_before_add_to_cart_formincludes\functions\single-product.php:110
actionwoocommerce_after_add_to_cart_formincludes\functions\single-product.php:113
actionwoocommerce_after_add_to_cart_buttonincludes\functions\single-product.php:116
actioninitincludes\functions\single-product.php:120
actionwoocommerce_product_meta_startincludes\functions\single-product.php:131
actionactivated_pluginplugin.php:65
Maintenance & Trust

ShopExtra — WooCommerce Extras Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 8, 2024
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs30
Alternatives

ShopExtra — WooCommerce Extras Alternatives

Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Social Chat – Click To Chat App Button

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A
100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE
WP Chat App

WP Chat App

wp-whatsapp

A
97

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs
OneClick Chat to Order

OneClick Chat to Order

oneclick-whatsapp-order

A
92

Transform your WooCommerce store with seamless WhatsApp integration. Enable customers to order products instantly via WhatsApp with enhanced features.

40K 6 CVEs
Contact Form to Chat Apps | Click to Chat to Order – FormyChat

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

social-contact-form

A
100

Connect contact forms and WooCommerce to WhatsApp by live click to chat. Send form data to WhatsApp Business for instant customer engagement

3K No CVEs
Developer Profile

ShopExtra — WooCommerce Extras Developer Profile

Arya Dhiratara

6 plugins · 4K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ShopExtra — WooCommerce Extras

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shop-extra/assets/js/admin-settings.js/wp-content/plugins/shop-extra/assets/js/ays-beforeunload-shim.js/wp-content/plugins/shop-extra/assets/js/jquery-areyousure.js/wp-content/plugins/shop-extra/assets/css/admin-settings.css/wp-content/plugins/shop-extra/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/shop-extra/assets/js/wp-color-picker-init.js
Script Paths
/wp-content/plugins/shop-extra/assets/js/admin-settings.js/wp-content/plugins/shop-extra/assets/js/ays-beforeunload-shim.js/wp-content/plugins/shop-extra/assets/js/jquery-areyousure.js/wp-content/plugins/shop-extra/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/shop-extra/assets/js/wp-color-picker-init.js
Version Parameters
shop-extra/assets/js/admin-settings.js?ver=shop-extra/assets/js/ays-beforeunload-shim.js?ver=shop-extra/assets/js/jquery-areyousure.js?ver=shop-extra/assets/css/admin-settings.css?ver=shop-extra/assets/js/wp-color-picker-alpha.min.js?ver=shop-extra/assets/js/wp-color-picker-init.js?ver=

HTML / DOM Fingerprints

JS Globals
window.shop_extra_settings
FAQ

Frequently Asked Questions about ShopExtra — WooCommerce Extras