WP-Safety

ShopXpert Security & Risk Analysis

wordpress.org/plugins/shopxpert

Short Description: An all-in-one WooCommerce solution for label customization, pre-orders, and more.

0 active installs v1.0.8 PHP 7.0+ WP 5.0+ Updated Jan 29, 2026
dynamic-searchlabel-customizationpre-ordersstock-on-holdwishlist
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ShopXpert Safe to Use in 2026?

Generally Safe

Score 100/100

ShopXpert has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The shopxpert v1.0.8 plugin presents a mixed security profile. On the positive side, its vulnerability history is clean, with no known CVEs, and the static analysis shows a robust implementation of security measures like prepared statements for SQL queries, adequate output escaping, and a healthy number of nonce and capability checks for its entry points. The absence of file operations and external HTTP requests also mitigates common attack vectors.

However, significant concerns arise from the taint analysis. Five identified flows with unsanitized paths, even if not classified as critical or high severity in this specific scan, represent potential avenues for attackers to inject malicious input that could lead to unintended consequences. The presence of the `unserialize` function, which is inherently risky if used with untrusted data, further amplifies this concern. While the overall attack surface is protected by authentication, the potential for unsanitized data to be processed through these flows remains a notable weakness.

In conclusion, while shopxpert v1.0.8 demonstrates good practices in many security areas and has a clean vulnerability history, the five unsanitized taint flows and the use of `unserialize` warrant attention. These findings suggest that while the plugin is generally well-secured against external threats, internal data handling might contain exploitable weaknesses. Further investigation into the specific nature of these unsanitized flows is recommended.

Key Concerns

  • Flows with unsanitized paths
  • Use of unserialize function
Vulnerabilities
None known

ShopXpert Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

ShopXpert Code Analysis

Dangerous Functions
2
Raw SQL Queries
5
24 prepared
Unescaped Output
151
388 escaped
Nonce Checks
14
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$products_list = isset( $_COOKIE[$cookie_name] ) ? unserialize( $_COOKIE[ $cookie_name ], ['allowedincs\helper-function.php:172
unserialize$products_list = isset( $_COOKIE[$cookie_name] ) ? unserialize( $_COOKIE[ $cookie_name ], ['allowed_incs\helper-function.php:222

Bundled Libraries

Select2

SQL Query Safety

83% prepared29 total queries

Output Escaping

72% escaped539 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
<admin-init> (incs\admin\admin-init.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ShopXpert Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 10

authwp_ajax_shopxpert_save_opt_dataincs\admin\admin-init.php:67
authwp_ajax_shopxpert_Feature_dataincs\admin\admin-init.php:68
authwp_ajax_wishlist_add_to_listincs\features\wishlist\incs\classes\Ajax.php:31
noprivwp_ajax_wishlist_add_to_listincs\features\wishlist\incs\classes\Ajax.php:32
authwp_ajax_wishlist_remove_from_listincs\features\wishlist\incs\classes\Ajax.php:35
noprivwp_ajax_wishlist_remove_from_listincs\features\wishlist\incs\classes\Ajax.php:36
authwp_ajax_wishlist_quick_variation_formincs\features\wishlist\incs\classes\Ajax.php:39
noprivwp_ajax_wishlist_quick_variation_formincs\features\wishlist\incs\classes\Ajax.php:40
authwp_ajax_wishlist_insert_to_cartincs\features\wishlist\incs\classes\Ajax.php:43
noprivwp_ajax_wishlist_insert_to_cartincs\features\wishlist\incs\classes\Ajax.php:44

Shortcodes 3

[wishlist_button] incs\features\wishlist\incs\classes\Frontend\Shortcode.php:38
[wishlist_table] incs\features\wishlist\incs\classes\Frontend\Shortcode.php:39
[wishlist_counter] incs\features\wishlist\incs\classes\Frontend\Shortcode.php:40
WordPress Hooks 112
actionwp_enqueue_scriptsclasses\class.assest_management.php:45
actionadmin_enqueue_scriptsclasses\class.assest_management.php:46
actionwp_enqueue_scriptsclasses\class.assest_management.php:50
filterbody_classclasses\class.assest_management.php:52
actionadmin_enqueue_scriptsclasses\class.assest_management.php:54
filterscript_loader_tagclasses\class.assest_management.php:160
actioninitclasses\class.default_data.php:37
filterbody_classclasses\class.default_data.php:46
filterpost_classclasses\class.default_data.php:47
actionwp_enqueue_scriptsclasses\data-class.assest_management.php:42
actionadmin_enqueue_scriptsclasses\data-class.assest_management.php:43
actionwp_enqueue_scriptsclasses\data-class.assest_management.php:45
filterbody_classclasses\data-class.assest_management.php:46
actionadmin_menuincs\admin\admin-init.php:61
actionadmin_enqueue_scriptsincs\admin\admin-init.php:62
actionadmin_footerincs\admin\admin-init.php:65
actionadmin_menuincs\admin\admin-init.php:71
actionadmin_initincs\admin\admin-init.php:72
actionadmin_initincs\admin\admin-init.php:74
actionadmin_noticesincs\admin\admin-init.php:223
actionadmin_noticesincs\admin\admin-init.php:234
actionadmin_enqueue_scriptsincs\admin\inc\settings_field_manager_default.php:24
actionadmin_enqueue_scriptsincs\admin\inc\Shopxpert_Admin_Fields_Manager.php:27
actionadmin_noticesincs\class-shopxpert-woocommerce-check.php:8
filterwoocommerce_product_data_tabsincs\custom-metabox.php:30
actionwoocommerce_product_data_panelsincs\custom-metabox.php:31
actionwoocommerce_process_product_metaincs\custom-metabox.php:32
actionproduct_cat_add_form_fieldsincs\custom-metabox.php:35
actionproduct_cat_edit_form_fieldsincs\custom-metabox.php:36
actionedited_product_catincs\custom-metabox.php:37
actioncreate_product_catincs\custom-metabox.php:38
actionwp_enqueue_scriptsincs\features\backorder\class.backorder.php:27
actionadmin_enqueue_scriptsincs\features\backorder\class.backorder.php:30
actionwoocommerce_checkout_create_order_line_itemincs\features\backorder\class.backorder.php:33
filterwoocommerce_add_cart_item_dataincs\features\backorder\class.backorder.php:36
actionwoocommerce_check_cart_itemsincs\features\backorder\class.backorder.php:39
actionwoocommerce_product_options_stock_statusincs\features\backorder\class.backorder.php:42
actionwoocommerce_process_product_metaincs\features\backorder\class.backorder.php:43
filterwoocommerce_get_availability_textincs\features\backorder\class.backorder.php:46
filterwoocommerce_get_item_dataincs\features\backorder\class.backorder.php:51
filterwoocommerce_order_item_get_formatted_meta_dataincs\features\backorder\class.backorder.php:54
actionwoocommerce_order_item_meta_endincs\features\backorder\class.backorder.php:57
actionadmin_noticesincs\features\class.feature-manager.php:74
actionwoocommerce_checkout_processincs\features\fake-order-detection\class.fake-order-detection.php:13
filteradmin_action_shopxpert_duplicate_post_as_draftincs\features\post-duplicator\class.post-duplicator.php:30
filterpost_row_actionsincs\features\post-duplicator\class.post-duplicator.php:31
filterpage_row_actionsincs\features\post-duplicator\class.post-duplicator.php:32
filtermanage_edit-product_columnsincs\features\pre-orders\admin\class.admin-pre-order.php:29
actionmanage_product_posts_custom_columnincs\features\pre-orders\admin\class.admin-pre-order.php:30
filtermanage_edit-shop_order_columnsincs\features\pre-orders\admin\class.admin-pre-order.php:33
actionmanage_shop_order_posts_custom_columnincs\features\pre-orders\admin\class.admin-pre-order.php:34
actionwoocommerce_after_order_itemmetaincs\features\pre-orders\admin\class.admin-pre-order.php:37
filterwoocommerce_product_single_add_to_cart_textincs\features\pre-orders\includes\class.pre-order-add-to-cart.php:27
actionwoocommerce_product_add_to_cart_textincs\features\pre-orders\includes\class.pre-order-add-to-cart.php:30
filterwoocommerce_add_cart_item_dataincs\features\pre-orders\includes\class.pre-order-add-to-cart.php:33
actionwoocommerce_before_add_to_cart_buttonincs\features\pre-orders\includes\class.pre-order-content.php:27
filterwoocommerce_get_item_dataincs\features\pre-orders\includes\class.pre-order-content.php:30
actionwoocommerce_order_item_meta_endincs\features\pre-orders\includes\class.pre-order-content.php:33
filterwoocommerce_checkout_create_orderincs\features\pre-orders\includes\class.pre-order-place.php:25
filterwoocommerce_get_price_htmlincs\features\pre-orders\includes\class.pre-order-price.php:27
filterwoocommerce_product_get_priceincs\features\pre-orders\includes\class.pre-order-price.php:30
filterwoocommerce_product_get_sale_priceincs\features\pre-orders\includes\class.pre-order-price.php:31
actionwoocommerce_product_variation_get_priceincs\features\pre-orders\includes\class.pre-order-price.php:34
filterwoocommerce_product_variation_get_sale_priceincs\features\pre-orders\includes\class.pre-order-price.php:35
filterwoocommerce_variation_prices_priceincs\features\pre-orders\includes\class.pre-order-price.php:36
filterwoocommerce_variation_prices_sale_priceincs\features\pre-orders\includes\class.pre-order-price.php:37
filterwoocommerce_available_variationincs\features\pre-orders\includes\class.pre-order-price.php:39
actionadmin_enqueue_scriptsincs\features\pre-orders\pre-orders.php:30
actionwp_enqueue_scriptsincs\features\pre-orders\pre-orders.php:32
action_shopxpert_pre_order_schedule_date_cronincs\features\pre-orders\pre-orders.php:54
actionadmin_initincs\features\product-comparison\Admin_Fields.php:21
actionwp_enqueue_scriptsincs\features\product-comparison\Frontend.php:36
actionadmin_enqueue_scriptsincs\features\product-comparison\Frontend.php:37
actionwp_footerincs\features\product-comparison\Frontend.php:38
filterwoocommerce_product_add_to_cart_textincs\features\rename-label\rename_label.php:32
filterwoocommerce_product_single_add_to_cart_textincs\features\rename-label\rename_label.php:80
filterwoocommerce_product_description_tab_titleincs\features\rename-label\rename_label.php:124
filterwoocommerce_product_description_headingincs\features\rename-label\rename_label.php:143
filterwoocommerce_product_additional_information_tab_titleincs\features\rename-label\rename_label.php:153
filterwoocommerce_product_additional_information_headingincs\features\rename-label\rename_label.php:172
filterwoocommerce_product_reviews_tab_titleincs\features\rename-label\rename_label.php:182
filterwoocommerce_order_button_textincs\features\rename-label\rename_label.php:202
filterwoocommerce_order_button_htmlincs\features\rename-label\rename_label.php:221
filterwoocommerce_loop_add_to_cart_linkincs\features\rename-label\rename_label.php:245
actionadmin_initincs\features\wishlist\incs\classes\Admin\Admin_Fields.php:33
actionadmin_menuincs\features\wishlist\incs\classes\Admin\Dashboard.php:53
filterdisplay_post_statesincs\features\wishlist\incs\classes\Admin\Dashboard.php:56
actionadmin_enqueue_scriptsincs\features\wishlist\incs\classes\Admin\Dashboard.php:83
actionwp_enqueue_scriptsincs\features\wishlist\incs\classes\Assets.php:32
actionadmin_enqueue_scriptsincs\features\wishlist\incs\classes\Assets.php:33
actioninitincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:32
actionwoocommerce_add_to_cartincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:35
actionwoocommerce_after_shop_loop_itemincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:146
actionwoocommerce_before_shop_loop_itemincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:150
actionwoocommerce_after_shop_loop_itemincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:162
actionwoocommerce_before_add_to_cart_buttonincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:171
actionwoocommerce_product_thumbnailsincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:175
actionwoocommerce_after_single_product_summaryincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:179
actionwoocommerce_single_product_summaryincs\features\wishlist\incs\classes\Frontend\Manage_Wishlist.php:191
filtershopxpert_block_listincs\features\wishlist\incs\classes\Widgets_And_Blocks.php:34
actionwp_loadedincs\features\wishlist\init.php:39
filterwoocommerce_get_image_size_wishlist-imageincs\features\wishlist\init.php:82
filterwishlist_button_argincs\helper-function.php:1326
actionplugins_loadedincs\main.php:26
actionplugins_loadedincs\main.php:29
actionupdate_option_shopxpert_others_tabsincs\main.php:41
actionupdate_option_shopxpert_pre_order_settingsincs\main.php:42
actionupdate_option_shopxpert_backorder_settingsincs\main.php:43
actionupdate_option_shopxpert_product_comparison_settingsincs\main.php:44
actionupdate_option_shopxpert_fake_order_detection_settingsincs\main.php:45
actionupdate_option_shopxpert_partial_payment_settingsincs\main.php:46
actionupdate_option_shopxpert_product_filter_settingsincs\main.php:47
Maintenance & Trust

ShopXpert Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.0
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

ShopXpert Alternatives

YITH WooCommerce Wishlist

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

A
92

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
WPC Smart Wishlist for WooCommerce

WPC Smart Wishlist for WooCommerce

woo-smart-wishlist

A
95

WPC Smart Wishlist is a simple but powerful tool that can help your customer save products for buying later.

100K 5 CVEs
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs
Pre-Orders, Product Labels, Buy Now, Quick View, Discount Rules and More for WooCommerce – Merchant

Pre-Orders, Product Labels, Buy Now, Quick View, Discount Rules and More for WooCommerce – Merchant

merchant

A
100

Enhance your WooCommerce store with 40+ modules including Pre-Orders, Product Labels, Buy Now, Quick View & more

10K No CVEs
Developer Profile

ShopXpert Developer Profile

NF Tushar

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ShopXpert

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shopxpert/incs/admin/assets/css/shopxpert-admin.css/wp-content/plugins/shopxpert/incs/admin/assets/js/shopxpert-condition.js/wp-content/plugins/shopxpert/incs/admin/assets/js/jquery.serializejson.js/wp-content/plugins/shopxpert/incs/admin/assets/js/shopxpert-admin.js
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.css
Version Parameters
shopxpert-admin.css?ver=shopxpert-condition.js?ver=jquery.serializejson.js?ver=shopxpert-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
shopxpert_current_theme_
Data Attributes
data-shopxpert-id
JS Globals
shopxper_addons
FAQ

Frequently Asked Questions about ShopXpert