WP-Safety

Single Product Total for WooCommerce Security & Risk Analysis

wordpress.org/plugins/single-product-total

Quickest and lightest way to show total price on product pages. A simple step for a better UX.

100 active installs v3.0.0 PHP 7.0+ WP 4.9+ Updated Mar 30, 2026
product-totalsingle-product-totalwoocommerce-product-total
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Single Product Total for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Single Product Total for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "single-product-total" plugin v2.4.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, coupled with a clean taint analysis showing no unsanitized paths, is highly positive. The code also demonstrates good practices in its use of prepared statements for all SQL queries and includes nonce and capability checks, albeit limited in number. A significant strength is the extremely small attack surface, with no discovered AJAX handlers, REST API routes, shortcodes, or cron events, which minimizes potential entry points for attackers.

However, a notable concern arises from the output escaping. With 91 total outputs and only 67% properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This means a substantial portion of user-generated or dynamically generated content displayed by the plugin might not be adequately sanitized, potentially allowing malicious scripts to be injected and executed in the user's browser. While the plugin has no known vulnerabilities historically and a very limited attack surface, the high percentage of unescaped output represents a tangible and potentially exploitable risk that should be addressed.

Key Concerns

  • High percentage of unescaped output
Vulnerabilities
None known

Single Product Total for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Single Product Total for WooCommerce Release Timeline

v3.0.0Current
v2.4.0
v2.3.4
v2.3.2
v2.3.1
v2.2.2
v2.2.1
v2.1.0
v1.2
Code Analysis
Analyzed Mar 16, 2026

Single Product Total for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
30
61 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

67% escaped91 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
feedback_notice (includes\class\admin\class-sptotal-loader.php:406)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Single Product Total for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actioninitincludes\class\admin\class-sptotal-loader.php:24
actionbefore_woocommerce_initincludes\class\admin\class-sptotal-loader.php:25
filterplugin_row_metaincludes\class\admin\class-sptotal-loader.php:64
actionadmin_headincludes\class\admin\class-sptotal-loader.php:69
actionadmin_menuincludes\class\admin\class-sptotal-loader.php:70
actionadmin_enqueue_scriptsincludes\class\admin\class-sptotal-loader.php:73
actionwp_enqueue_scriptsincludes\class\admin\class-sptotal-loader.php:74
actionadmin_noticesincludes\class\admin\class-sptotal-loader.php:101
actionadmin_noticesincludes\class\admin\class-sptotal-loader.php:397
actionadmin_initincludes\class\admin\class-sptotal-settings.php:21
actionwoocommerce_single_product_summaryincludes\class\class-sptotal.php:56
actionwoocommerce_single_product_summaryincludes\class\class-sptotal.php:58
actionwoocommerce_after_add_to_cart_buttonincludes\class\class-sptotal.php:60
actionwoocommerce_before_add_to_cart_buttonincludes\class\class-sptotal.php:62
actionwp_footerincludes\class\class-sptotal.php:64
Maintenance & Trust

Single Product Total for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.0
Downloads4K

Community Trust

Rating86/100
Number of ratings3
Active installs100
Alternatives

Single Product Total for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

Single Product Total for WooCommerce Developer Profile

WebFix Lab

6 plugins · 720 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Single Product Total for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/single-product-total/assets/admin/admin.css/wp-content/plugins/single-product-total/assets/admin/admin.js/wp-content/plugins/single-product-total/assets/frontend.css/wp-content/plugins/single-product-total/assets/frontend.js
Script Paths
/wp-content/plugins/single-product-total/assets/admin/admin.js/wp-content/plugins/single-product-total/assets/frontend.js
Version Parameters
single-product-total/assets/admin/admin.css?ver=single-product-total/assets/admin/admin.js?ver=single-product-total/assets/frontend.css?ver=single-product-total/assets/frontend.js?ver=

HTML / DOM Fingerprints

JS Globals
sptotal_admin_data
FAQ

Frequently Asked Questions about Single Product Total for WooCommerce