WP-Safety

Stock Locations for WooCommerce Security & Risk Analysis

wordpress.org/plugins/stock-locations-for-woocommerce

This plugin will help you to manage WooCommerce Products stocks through locations.

1K active installs v3.1.0 PHP 7.2+ WP 4.9+ Updated Mar 12, 2026
simple-productstockstock-locationsvariable-productswoocommerce
98
A · Safe
CVEs total2
Unpatched0
Last CVEJun 7, 2025
Download
Safety Verdict

Is Stock Locations for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Stock Locations for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 7, 2025Updated 22d ago
Risk Assessment

The stock-locations-for-woocommerce plugin, version 3.1.0, presents a mixed security posture. While it demonstrates some good practices such as a lack of bundled libraries and external HTTP requests, and a decent number of nonce and capability checks, significant concerns arise from its attack surface and output escaping. The presence of 3 AJAX handlers without authentication checks is a notable weakness, providing potential entry points for unauthorized actions. Furthermore, only 16% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data could be rendered unsafely in the browser.

The vulnerability history reveals a past pattern of medium severity vulnerabilities, specifically citing Missing Authorization and Cross-site Scripting. This history, combined with the static analysis findings of unsanitized paths in taint analysis and a low percentage of proper output escaping, suggests a recurring tendency for inadequate input validation and authorization checks. Although there are currently no unpatched CVEs, the historical trend and static analysis findings warrant caution. The plugin has strengths in avoiding dangerous functions and has a reasonable percentage of prepared SQL statements, but the identified unprotected entry points and poor output escaping practices are serious security deficiencies.

Key Concerns

  • AJAX handlers without authorization checks
  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths
  • Past medium severity vulnerabilities (XSS, Missing Auth)
  • SQL queries with a significant percentage not prepared
Vulnerabilities
2

Stock Locations for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-47463medium · 4.3Missing Authorization

Stock Locations for WooCommerce <= 2.8.6 - Missing Authorization

Jun 7, 2025 Patched in 2.8.7 (4d)
CVE-2024-22153medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Jan 16, 2024 Patched in 2.6.0 (7d)
Code Analysis
Analyzed Mar 16, 2026

Stock Locations for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
7 prepared
Unescaped Output
273
52 escaped
Nonce Checks
15
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

44% prepared16 total queries

Output Escaping

16% escaped325 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths
admin_menu_page_callback (src\classes\class-slw-settings.php:82)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Stock Locations for WooCommerce Attack Surface

Entry Points26
Unprotected3

AJAX Handlers 20

authwp_ajax_slw_api_get_product_stock_datainc\functions-api.php:226
authwp_ajax_slw_location_assignmentinc\functions.php:165
authwp_ajax_slw_location_statusinc\functions.php:188
authwp_ajax_slw_map_statusinc\functions.php:207
authwp_ajax_slw_logs_statusinc\functions.php:226
authwp_ajax_slw_update_product_locations_stock_valuesinc\functions.php:267
authwp_ajax_slw_api_statusinc\functions.php:285
authwp_ajax_slw_crons_statusinc\functions.php:313
authwp_ajax_slw_widgets_settingsinc\functions.php:356
authwp_ajax_slw_validate_api_requestsinc\functions.php:388
authwp_ajax_slw_validate_cron_requestsinc\functions.php:421
authwp_ajax_slw_clear_debug_loginc\functions.php:454
authwp_ajax_update_cart_stock_locationssrc\classes\class-slw-cart.php:35
noprivwp_ajax_update_cart_stock_locationssrc\classes\class-slw-cart.php:36
authwp_ajax_slw_save_product_default_locationsrc\classes\class-slw-location-taxonomy.php:44
authwp_ajax_slw_remove_product_default_locationsrc\classes\class-slw-location-taxonomy.php:45
authwp_ajax_update_cart_stock_locationssrc\classes\frontend\class-slw-frontend-cart.php:46
noprivwp_ajax_update_cart_stock_locationssrc\classes\frontend\class-slw-frontend-cart.php:47
authwp_ajax_get_variation_locationssrc\classes\frontend\class-slw-frontend-product.php:66
noprivwp_ajax_get_variation_locationssrc\classes\frontend\class-slw-frontend-product.php:67

Shortcodes 6

[slw_barcode] app\traits\trait-slw-shortcodes.php:80
[SLW-SHOW-PRODUCTS-STOCK-OVERVIEW] inc\functions.php:1792
[slw_product_locations] src\classes\class-slw-shortcodes.php:29
[slw_product_variations_locations] src\classes\class-slw-shortcodes.php:30
[slw_product_message] src\classes\class-slw-shortcodes.php:31
[slw_cart_message] src\classes\class-slw-shortcodes.php:32
WordPress Hooks 123
actioninitapp\class-slw-main.php:73
actioninitapp\class-slw-main.php:76
actionadmin_enqueue_scriptsapp\class-slw-main.php:79
filterwoocommerce_can_reduce_order_stockapp\class-slw-main.php:82
filterwoocommerce_product_data_tabsapp\class-slw-main.php:85
actionwoocommerce_product_data_panelsapp\class-slw-main.php:86
actionsave_postapp\class-slw-main.php:87
filterwoocommerce_product_data_tabsapp\class-slw-main.php:90
actionwoocommerce_product_data_panelsapp\class-slw-main.php:91
actionsave_postapp\class-slw-main.php:92
actionwoocommerce_admin_order_item_headersapp\class-slw-main.php:95
actionwoocommerce_admin_order_item_valuesapp\class-slw-main.php:96
actionsave_post_shop_orderapp\class-slw-main.php:97
filterwoocommerce_hidden_order_itemmetaapp\class-slw-main.php:98
filtermanage_edit-product_columnsapp\class-slw-main.php:101
actionrestrict_manage_postsapp\class-slw-main.php:102
actionadmin_noticesapp\class-slw-main.php:106
actionadmin_footerinc\addons.php:108
filterstock_location_selected_warninginc\filter-hooks.php:3
filterslw_notice_msginc\filter-hooks.php:13
filterslw-map-location-labelinc\filter-hooks.php:23
filterslw-map-location-nameinc\filter-hooks.php:33
filterslw_output_product_locations_for_shortcodeinc\filter-hooks.php:44
filterslw_location_selection_popup_displayinc\filter-hooks.php:54
filterallow_stock_allocation_notificationinc\filter-hooks.php:65
filterposts_requestinc\filter-hooks.php:74
actioninitinc\functions-api.php:3
filterwoocommerce_available_variationinc\functions.php:30
actionadmin_initinc\functions.php:572
actionwp_enqueue_scriptsinc\functions.php:573
actioninitinc\functions.php:1030
actionwc_os_parcels_meta_datainc\functions.php:1144
filteradmin_body_classinc\functions.php:1146
actionadmin_headinc\functions.php:1164
filtermanage_edit-location_columnsinc\functions.php:1183
filtermanage_location_custom_columninc\functions.php:1209
filterwoocommerce_product_is_in_stockinc\functions.php:1322
filterwoocommerce_get_availabilityinc\functions.php:1331
actionwoocommerce_product_import_before_importinc\functions.php:1395
filterwoocommerce_get_item_datainc\functions.php:1669
actionwoocommerce_thankyouinc\functions.php:1703
actionwp_insert_postinc\functions.php:1943
actionpmxi_saved_postinc\functions.php:2170
filtertemplate_includeinc\functions.php:2195
actionwoocommerce_process_product_metainc\functions.php:2233
actionwoocommerce_save_product_variationinc\functions.php:2236
actionwp_insert_postinc\functions.php:2239
actiontransition_post_statusinc\functions.php:2242
actionupdated_post_metainc\functions.php:2245
actionwoocommerce_product_import_inserted_product_objectinc\functions.php:2248
actionwoocommerce_rest_insert_product_objectinc\functions.php:2251
actionpmxi_saved_postinc\functions.php:2254
filterwoocommerce_product_data_tabssrc\classes\class-slw-barcodes-tab.php:31
actionwoocommerce_product_data_panelssrc\classes\class-slw-barcodes-tab.php:32
actionwoocommerce_process_product_metasrc\classes\class-slw-barcodes-tab.php:33
actionwoocommerce_after_cart_item_namesrc\classes\class-slw-cart.php:34
actionwoocommerce_checkout_create_order_line_itemsrc\classes\class-slw-cart.php:37
actionwp_footersrc\classes\class-slw-cart.php:42
actioninitsrc\classes\class-slw-location-taxonomy.php:33
actionlocation_edit_formsrc\classes\class-slw-location-taxonomy.php:34
actionlocation_add_formsrc\classes\class-slw-location-taxonomy.php:35
filtermanage_edit-location_columnssrc\classes\class-slw-location-taxonomy.php:36
actionlocation_edit_formsrc\classes\class-slw-location-taxonomy.php:37
actionlocation_add_form_fieldssrc\classes\class-slw-location-taxonomy.php:38
actionedited_locationsrc\classes\class-slw-location-taxonomy.php:39
actioncreated_locationsrc\classes\class-slw-location-taxonomy.php:40
actionadmin_footersrc\classes\class-slw-location-taxonomy.php:43
actionwoocommerce_admin_order_item_headerssrc\classes\class-slw-order-item.php:38
actionwoocommerce_admin_order_item_valuessrc\classes\class-slw-order-item.php:39
actionwoocommerce_process_shop_order_metasrc\classes\class-slw-order-item.php:40
actionwoocommerce_before_save_order_itemsrc\classes\class-slw-order-item.php:41
filterwoocommerce_hidden_order_itemmetasrc\classes\class-slw-order-item.php:42
actionwoocommerce_new_order_itemsrc\classes\class-slw-order-item.php:43
filterwoocommerce_order_item_get_formatted_meta_datasrc\classes\class-slw-order-item.php:59
filterwoocommerce_email_headerssrc\classes\class-slw-order-item.php:69
actionwoocommerce_reduce_order_stocksrc\classes\class-slw-order-item.php:76
actionwoocommerce_restore_order_stocksrc\classes\class-slw-order-item.php:77
actionwoocommerce_payment_completesrc\classes\class-slw-order-item.php:80
actionwoocommerce_order_status_completedsrc\classes\class-slw-order-item.php:81
actionwoocommerce_order_status_processingsrc\classes\class-slw-order-item.php:82
actionwoocommerce_order_status_on-holdsrc\classes\class-slw-order-item.php:83
actionwoocommerce_order_status_changedsrc\classes\class-slw-order-item.php:89
filterwoocommerce_prevent_adjust_line_item_product_stocksrc\classes\class-slw-order-item.php:207
filterwoocommerce_hold_stock_for_checkoutsrc\classes\class-slw-order-item.php:915
filtermanage_edit-product_columnssrc\classes\class-slw-product-listing.php:38
actionmanage_posts_custom_columnsrc\classes\class-slw-product-listing.php:39
actionrestrict_manage_postssrc\classes\class-slw-product-listing.php:41
actionadmin_head-post-new.phpsrc\classes\class-slw-product-listing.php:42
actioninitsrc\classes\class-slw-product-taxonomy.php:28
actionlocation_edit_formsrc\classes\class-slw-product-taxonomy.php:29
actionlocation_add_formsrc\classes\class-slw-product-taxonomy.php:30
filtermanage_edit-location_columnssrc\classes\class-slw-product-taxonomy.php:31
actionlocation_edit_formsrc\classes\class-slw-product-taxonomy.php:32
actionlocation_add_form_fieldssrc\classes\class-slw-product-taxonomy.php:33
actionedited_locationsrc\classes\class-slw-product-taxonomy.php:34
actioncreated_locationsrc\classes\class-slw-product-taxonomy.php:35
actionrest_api_initsrc\classes\class-slw-rest.php:28
actionadmin_menusrc\classes\class-slw-settings.php:27
actionadmin_initsrc\classes\class-slw-settings.php:28
filterwoocommerce_product_data_tabssrc\classes\class-slw-stock-locations-tab.php:35
actionwoocommerce_product_data_panelssrc\classes\class-slw-stock-locations-tab.php:36
actionsave_postsrc\classes\class-slw-stock-locations-tab.php:37
actiondo_meta_boxessrc\classes\class-slw-stock-locations-tab.php:38
actioninitsrc\classes\class-slw-stock-locations-tab.php:43
actionslw_delete_unused_product_locations_metasrc\classes\class-slw-stock-locations-tab.php:44
actionwoocommerce_after_cart_item_namesrc\classes\frontend\class-slw-frontend-cart.php:37
filterwoocommerce_get_item_datasrc\classes\frontend\class-slw-frontend-cart.php:39
actionwoocommerce_checkout_create_order_line_itemsrc\classes\frontend\class-slw-frontend-cart.php:48
actionwoocommerce_checkout_create_order_line_itemsrc\classes\frontend\class-slw-frontend-cart.php:51
actionwp_footersrc\classes\frontend\class-slw-frontend-cart.php:57
actioninitsrc\classes\frontend\class-slw-frontend-product.php:30
filterwoocommerce_add_cart_item_datasrc\classes\frontend\class-slw-frontend-product.php:64
filterwp_mail_content_typesrc\helpers\helper-slw-mail.php:49
actionslw_product_wc_stock_statussrc\helpers\helper-slw-product.php:81
actionslw_product_wc_stock_statussrc\helpers\helper-slw-product.php:92
actioninitstock-locations-for-woocommerce.php:102
actionadmin_enqueue_scriptsstock-locations-for-woocommerce.php:209
actionwp_enqueue_scriptsstock-locations-for-woocommerce.php:211
filterwoocommerce_can_reduce_order_stockstock-locations-for-woocommerce.php:214
actionadmin_noticesstock-locations-for-woocommerce.php:217
filterwoocommerce_stock_amountstock-locations-for-woocommerce.php:222
actionplugins_loadedstock-locations-for-woocommerce.php:601
actionbefore_woocommerce_initstock-locations-for-woocommerce.php:646
Maintenance & Trust

Stock Locations for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.2
Downloads99K

Community Trust

Rating96/100
Number of ratings52
Active installs1K
Alternatives

Stock Locations for WooCommerce Alternatives

Ajaxify Cart

Ajaxify Cart

wc-cart-ajax-simple-and-variation

A
100

Ajaxify Cart is a plugin that allows you to transform the default behavior of the WooCommerce Add to Cart button to make it ajax instead of sending al &hellip;

10 No CVEs
WCBoost – Variation Swatches

WCBoost – Variation Swatches

wcboost-variation-swatches

A
100

WCBoost – Variation Swatches is the ultimate plugin to display WooCommerce product variations in style.

40K No CVEs
Stock Manager for WooCommerce

Stock Manager for WooCommerce

woocommerce-stock-manager

A
92

WooCommerce stock management plugin to manage and edit product stock and their variables from a single dashboard. Stock log, import/export, filters!

20K 4 CVEs
ATUM WooCommerce Inventory Management and Stock Tracking

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

A
100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs
Search by SKU for Woocommerce

Search by SKU for Woocommerce

search-by-sku-for-woocommerce

A
85

Extend the search functionality of woocommerce to include searching of sku

10K No CVEs
Developer Profile

Stock Locations for WooCommerce Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
237 days
View full developer profile
Detection Fingerprints

How We Detect Stock Locations for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stock-locations-for-woocommerce/inc/js/slw-admin-script.js/wp-content/plugins/stock-locations-for-woocommerce/inc/js/slw-frontend-script.js/wp-content/plugins/stock-locations-for-woocommerce/inc/css/slw-admin-style.css/wp-content/plugins/stock-locations-for-woocommerce/inc/css/slw-frontend-style.css/wp-content/plugins/stock-locations-for-woocommerce/inc/css/slw-admin-icons.css
Version Parameters
stock-locations-for-woocommerce/inc/js/slw-admin-script.js?ver=stock-locations-for-woocommerce/inc/js/slw-frontend-script.js?ver=stock-locations-for-woocommerce/inc/css/slw-admin-style.css?ver=stock-locations-for-woocommerce/inc/css/slw-frontend-style.css?ver=stock-locations-for-woocommerce/inc/css/slw-admin-icons.css?ver=

HTML / DOM Fingerprints

CSS Classes
slw-api-id-inputslw-api-id-tryslw_map_containerslw-map-search-fieldslw-map-locations-listslw-map-mapslw-map-shop-buttonslw-map-directions-button
HTML Comments
This plugin will help you to manage WooCommerce Products stocks through locations.If this file is called directly, abort.When you need to update just one product.When item is a location, so ID is location_id and when item is product so ID is considered as a product_id.+9 more
Data Attributes
slw-api-id-inputslw-api-id-tryslw-map-search-fieldslw-map-locations-listslw-map-mapslw-map-shop-button+1 more
JS Globals
slw_woocommerce_product_form_hooksslw_api_valid_keysslw_widgets_arrslw_wc_hide_out_of_stockslw_logs_statusslw_wc_stock_format+12 more
Shortcode Output
[SLW-MAP search-field="yes" locations-list="yes" map="yes" map-width="68%" list-width="400px" diameter-range="100" distance-unit="km" zoom="13" search-field-placeholder="" shop-button-text="Shop This Location" directions-button-text="Directions" shop-location-link="default|shop|previous|store-link"]
FAQ

Frequently Asked Questions about Stock Locations for WooCommerce