WP-Safety

Smart Variations Images & Swatches for WooCommerce Security & Risk Analysis

wordpress.org/plugins/smart-variations-images

Boost your WooCommerce sales by adding additional gallery images and swatches to variable products with ease.

2K active installs v5.2.25 PHP 7.4+ WP 4.9+ Updated Mar 13, 2026
ecommerceimage-galleryproduct-variationsswatcheswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Smart Variations Images & Swatches for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Smart Variations Images & Swatches for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "smart-variations-images" plugin v5.2.25 exhibits a mixed security posture. While it shows no historical vulnerabilities and has a reasonable rate of output escaping, several concerning aspects emerge from the static analysis. A significant portion of its AJAX handlers (6 out of 9) lack authentication checks, creating a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the plugin performs raw SQL queries without utilizing prepared statements, which is a common vector for SQL injection vulnerabilities. The presence of unsanitized paths in taint analysis, even if not classified as critical or high severity, warrants attention as it could lead to path traversal or other file-related exploits. The bundled Freemius library at v1.0 should also be reviewed for known vulnerabilities, although no specific information is provided here. Overall, the lack of proper authentication on many AJAX endpoints and the use of raw SQL queries are the most pressing concerns.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries without prepared statements
  • Unsanitized paths in taint analysis
  • Bundled library (Freemius v1.0)
Vulnerabilities
None known

Smart Variations Images & Swatches for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Smart Variations Images & Swatches for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
61
164 escaped
Nonce Checks
3
Capability Checks
5
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared4 total queries

Output Escaping

73% escaped225 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
woosvi_esc_html (admin\class-smart-variations-images-admin.php:269)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Smart Variations Images & Swatches for WooCommerce Attack Surface

Entry Points10
Unprotected6

AJAX Handlers 9

authwp_ajax_woosvi_esc_htmlincludes\class-smart-variations-images.php:217
authwp_ajax_woosvi_reloadselectincludes\class-smart-variations-images.php:218
authwp_ajax_woosvi_slugifyincludes\class-smart-variations-images.php:336
authwp_ajax_loadProductincludes\class-smart-variations-images.php:337
noprivwp_ajax_loadProductincludes\class-smart-variations-images.php:338
authwp_ajax_wcsvfs_add_new_attributeincludes\class-wcsvfs.php:212
authwp_ajax_wpsfsvi_export_settingsincludes\library\wp-settings-framework\wp-settings-framework.php:129
authwp_ajax_wpsfsvi_import_settingsincludes\library\wp-settings-framework\wp-settings-framework.php:130
authwp_ajax_svi_dismiss_noticesvi.php:210

Shortcodes 1

[svi_wcsc] includes\class-smart-variations-images.php:317
WordPress Hooks 59
actioncreated_termadmin\class-wcsvfs-admin.php:344
actionedit_termadmin\class-wcsvfs-admin.php:345
actionadmin_menuincludes\class-smart-variations-images.php:158
actionadmin_enqueue_scriptsincludes\class-smart-variations-images.php:205
actionadmin_enqueue_scriptsincludes\class-smart-variations-images.php:206
actionwoocommerce_variation_optionsincludes\class-smart-variations-images.php:207
filterwoocommerce_product_data_tabsincludes\class-smart-variations-images.php:214
actionwoocommerce_product_options_advancedincludes\class-smart-variations-images.php:219
actionwoocommerce_process_product_metaincludes\class-smart-variations-images.php:226
filterwoocommerce_product_import_process_item_dataincludes\class-smart-variations-images.php:228
filterwoocommerce_product_export_meta_valueincludes\class-smart-variations-images.php:230
actionwoocommerce_product_import_inserted_product_objectincludes\class-smart-variations-images.php:246
filterwoocommerce_admin_order_item_thumbnailincludes\class-smart-variations-images.php:254
actionwp_enqueue_scriptsincludes\class-smart-variations-images.php:278
filterwc_get_templateincludes\class-smart-variations-images.php:284
actionafter_setup_themeincludes\class-smart-variations-images.php:291
actionwoocommerce_before_single_productincludes\class-smart-variations-images.php:297
actionwoocommerce_before_single_product_summaryincludes\class-smart-variations-images.php:303
filteret_module_shortcode_outputincludes\class-smart-variations-images.php:310
actionwoocommerce_single_variationincludes\class-smart-variations-images.php:319
filterwoocommerce_product_get_imageincludes\class-smart-variations-images.php:328
actionsvi_before_imagesincludes\class-smart-variations-images.php:339
actionwoocommerce_before_shop_loop_item_titleincludes\class-smart-variations-images.php:352
filterwoocommerce_cart_item_thumbnailincludes\class-smart-variations-images.php:368
filterwoocommerce_store_api_cart_item_imagesincludes\class-smart-variations-images.php:375
filterwoocommerce_email_order_items_argsincludes\class-smart-variations-images.php:384
filterwoocommerce_order_item_thumbnailincludes\class-smart-variations-images.php:391
filterwoocommerce_order_item_nameincludes\class-smart-variations-images.php:400
actionyith_wcqv_product_imageincludes\class-smart-variations-images.php:410
actionwoocommerce_before_single_product_lightbox_summaryincludes\class-smart-variations-images.php:416
actionplugins_loadedincludes\class-wcsvfs.php:189
actionadmin_print_scriptsincludes\class-wcsvfs.php:203
actionadmin_print_scriptsincludes\class-wcsvfs.php:204
filterproduct_attributes_type_selectorincludes\class-wcsvfs.php:206
actionadmin_noticesincludes\class-wcsvfs.php:209
actionwoocommerce_product_option_termsincludes\class-wcsvfs.php:211
actionadmin_footerincludes\class-wcsvfs.php:213
actionadmin_initincludes\class-wcsvfs.php:214
actionwcsvfs_product_attribute_fieldincludes\class-wcsvfs.php:215
actionwp_enqueue_scriptsincludes\class-wcsvfs.php:231
filterwoocommerce_dropdown_variation_attribute_options_htmlincludes\class-wcsvfs.php:233
filterwcsvfs_swatch_htmlincludes\class-wcsvfs.php:234
filterplugin_iconincludes\freemius_conditions.php:14
filteris_submenu_visibleincludes\freemius_conditions.php:51
filterdefault_currencyincludes\freemius_conditions.php:61
filterwpsfsvi_register_settings_woosvi_optionsincludes\library\wp-settings-framework\settings\svi-settings.php:3
filterwpsfsvi_register_settings_clean_woosvi_optionsincludes\library\wp-settings-framework\settings\svi-settings.php:4
actionadmin_initincludes\library\wp-settings-framework\wp-settings-framework.php:112
actionadmin_noticesincludes\library\wp-settings-framework\wp-settings-framework.php:117
actionadmin_enqueue_scriptsincludes\library\wp-settings-framework\wp-settings-framework.php:119
filterrazzi_product_gallery_is_sliderpublic\class-smart-variations-images-public.php:531
filterwoocommerce_single_product_image_thumbnail_htmlpublic\class-smart-variations-images-public.php:565
filterwoocommerce_single_product_image_thumbnail_htmlpublic\class-smart-variations-images-public.php:574
filterwoocommerce_single_product_image_htmlpublic\class-smart-variations-images-public.php:580
filterget_termpublic\class-smart-variations-images-public.php:1762
actioninitsvi.php:181
actionbefore_woocommerce_initsvi.php:185
actionadmin_enqueue_scriptssvi.php:198
actionadmin_noticessvi.php:528
Maintenance & Trust

Smart Variations Images & Swatches for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads268K

Community Trust

Rating94/100
Number of ratings140
Active installs2K
Alternatives

Smart Variations Images & Swatches for WooCommerce Alternatives

Product Variations Swatches for WooCommerce

Product Variations Swatches for WooCommerce

product-variations-swatches-for-woocommerce

A
100

Showcase variations and impress your customers with beautiful swatches such as color, button, image, and more.

10K No CVEs
QODE Variation Swatches for WooCommerce

QODE Variation Swatches for WooCommerce

qode-variation-swatches-for-woocommerce

A
100

QODE Variation Swatches for WooCommerce provides you with a clear-cut way to present shoppers with detailed item variations alongside your products.

1K No CVEs
Variation Dropdown to Radio Buttons for WooCommerce

Variation Dropdown to Radio Buttons for WooCommerce

gm-variations-radio-buttons-for-woocommerce

A
100

Replace the default WooCommerce variation dropdown with radio buttons, switch boxes, or a styled Select2 — boosting conversions and user experience on …

100 No CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-variation-swatches

A
100

Beautiful Color, Image and Buttons Variation Swatches For WooCommerce Product Attributes

300K 1 CVE
Developer Profile

Smart Variations Images & Swatches for WooCommerce Developer Profile

RosendoLabs

1 plugin · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Variations Images & Swatches for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-variations-images/admin/images/svi.png/wp-content/plugins/smart-variations-images/admin/css/admin.css/wp-content/plugins/smart-variations-images/includes/library/assets/css/select2.min.css/wp-content/plugins/smart-variations-images/includes/library/assets/js/select2.min.js/wp-content/plugins/smart-variations-images/assets/js/frontend.js/wp-content/plugins/smart-variations-images/assets/js/admin.js/wp-content/plugins/smart-variations-images/assets/css/frontend.css
Script Paths
/wp-content/plugins/smart-variations-images/admin/images/svi.png/wp-content/plugins/smart-variations-images/admin/css/admin.css/wp-content/plugins/smart-variations-images/includes/library/assets/css/select2.min.css/wp-content/plugins/smart-variations-images/includes/library/assets/js/select2.min.js/wp-content/plugins/smart-variations-images/assets/js/frontend.js/wp-content/plugins/smart-variations-images/assets/js/admin.js+1 more
Version Parameters
smart-variations-images/admin/css/admin.css?ver=smart-variations-images/includes/library/assets/css/select2.min.css?ver=smart-variations-images/includes/library/assets/js/select2.min.js?ver=smart-variations-images/assets/js/frontend.js?ver=smart-variations-images/assets/js/admin.js?ver=smart-variations-images/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpsfsvi-labelsvi-notice-contentsvi-headersvi-review-notice
HTML Comments
<!-- Smart Variations Images & Swatches for WooCommerce --><!-- If this file is called directly, abort. --><!-- Current plugin version. --><!-- Plugin directory URL. -->+25 more
Data Attributes
svi-notice-contentsvi-headersvi-review-noticesvi_notice_dismissed_2
JS Globals
ajaxurlsvi_fs
FAQ

Frequently Asked Questions about Smart Variations Images & Swatches for WooCommerce