WP-Safety

Storelly Product Builder for WooCommerce Security & Risk Analysis

wordpress.org/plugins/storelly-product-builder-for-woocommerce

Storelly Product Builder allows customers to configure and personalize products. Ideal for customizable or made-to-order items.

0 active installs v1.2.5 PHP 7.0+ WP 4.7+ Updated Mar 12, 2026
product-builderproduct-customizeproduct-customizerwoocommerce-custom-product
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Storelly Product Builder for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Storelly Product Builder for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The storelly-product-builder-for-woocommerce plugin v1.2.5 exhibits a generally strong security posture with a clean vulnerability history and a robust application of security best practices. The static analysis reveals a large number of well-implemented security checks, including numerous nonce and capability checks, and a near-perfect rate of proper output escaping. Crucially, all SQL queries are executed using prepared statements, significantly mitigating the risk of SQL injection vulnerabilities. The plugin also has a limited attack surface as reported by the static analysis, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication or permission checks.

However, the presence of the `unserialize` function, even without explicit taint flows flagged as critical or high severity, represents a potential concern. While the taint analysis shows two flows with unsanitized paths, these were not categorized as critical or high, suggesting the risks might be contained or mitigated by other factors not detailed. The vulnerability history being completely clear is a strong positive indicator, suggesting the developers actively maintain security. Nevertheless, the identified dangerous function warrants attention as a potential point of exploitation if input reaches it in an uncontrolled manner.

In conclusion, the plugin is largely secure due to its adherence to many security best practices and lack of known vulnerabilities. The primary area for improvement lies in scrutinizing the usage of `unserialize` and ensuring all inputs leading to it are rigorously sanitized. The absence of known CVEs and a clean record are commendable strengths, but the identified code signals suggest a need for continued vigilance and potential code review around deserialization.

Key Concerns

  • Dangerous function found: unserialize
  • Flows with unsanitized paths found
Vulnerabilities
None known

Storelly Product Builder for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Storelly Product Builder for WooCommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
16 prepared
Unescaped Output
8
597 escaped
Nonce Checks
32
Capability Checks
21
File Operations
12
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$raw_options = unserialize($_options['fields']);includes\class-admin-options.php:395
unserialize$options = unserialize($_options['fields']);includes\class-frontend-options.php:131
unserialize$options = unserialize($_options['fields']);includes\class-frontend-options.php:327
unserialize$products = unserialize($item['product_ids']);includes\options\fields-list-table.php:298

SQL Query Safety

100% prepared16 total queries

Output Escaping

99% escaped605 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
spbwc_save_product_builder_design (includes\class-product-builder-frontend.php:103)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Storelly Product Builder for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 44
actionspbwc_pb_menuincludes\class-admin-options.php:24
actionspbwc_create_tablesincludes\class-admin-options.php:25
actionadmin_enqueue_scriptsincludes\class-admin-options.php:26
actionadd_meta_boxesincludes\class-admin-options.php:27
actionadd_meta_boxesincludes\class-admin-options.php:29
actionsave_postincludes\class-admin-options.php:30
filterwoocommerce_spbwc_admin_order_item_thumbnailincludes\class-admin-options.php:33
filterwoocommerce_hidden_order_itemmetaincludes\class-admin-options.php:35
filterdisplay_post_statesincludes\class-admin-options.php:37
filterupload_mimesincludes\class-frontend-options.php:35
filterwoocommerce_add_to_cart_validationincludes\class-frontend-options.php:38
actionwoocommerce_before_add_to_cart_buttonincludes\class-frontend-options.php:40
filterwoocommerce_get_item_dataincludes\class-frontend-options.php:43
filterwoocommerce_add_cart_item_dataincludes\class-frontend-options.php:45
filterwoocommerce_product_single_add_to_cart_textincludes\class-frontend-options.php:47
filterwoocommerce_add_to_cart_validationincludes\class-frontend-options.php:49
actionwoocommerce_add_to_cartincludes\class-frontend-options.php:51
filterwoocommerce_quantity_input_argsincludes\class-frontend-options.php:53
actionwoocommerce_cart_loaded_from_sessionincludes\class-frontend-options.php:55
actionwoocommerce_checkout_create_order_line_itemincludes\class-frontend-options.php:57
actionwoocommerce_cart_calculate_feesincludes\class-frontend-options.php:59
filterwoocommerce_order_again_cart_item_dataincludes\class-frontend-options.php:61
filterwoocommerce_cart_item_thumbnailincludes\class-frontend-options.php:63
filterwoocommerce_checkout_cart_item_quantityincludes\class-frontend-options.php:65
filterwoocommerce_cart_item_nameincludes\class-frontend-options.php:67
filterwoocommerce_get_cart_item_from_sessionincludes\class-frontend-options.php:69
filterwoocommerce_add_cart_itemincludes\class-frontend-options.php:71
actionwp_enqueue_scriptsincludes\class-frontend-options.php:73
filterupload_dirincludes\class-frontend-options.php:621
actionadmin_menuincludes\class-product-builder-backend.php:28
actionplugins_loadedincludes\class-product-builder-backend.php:29
actionwoocommerce_before_single_productincludes\class-product-builder-frontend.php:25
actionspbwc_template_redirectincludes\class-product-builder-frontend.php:29
actionspbwc_after_default_optionsincludes\class-product-builder-frontend.php:333
actionwp_footerincludes\class-product-builder-frontend.php:334
actionwp_enqueue_scriptsincludes\class-product-builder-frontend.php:340
actionactivated_pluginincludes\class-productbuilder-api.php:15
actionwoocommerce_checkout_order_processedincludes\class-productbuilder-api.php:18
actionwoocommerce_store_api_checkout_order_processedincludes\class-productbuilder-api.php:20
actionwoocommerce_order_item_meta_endincludes\class-productbuilder-api.php:23
actionspbwc_headincludes\class-script-hook.php:20
actionspbwc_footerincludes\class-script-hook.php:21
actionbefore_woocommerce_initstorelly-product-builder-for-woocommerce.php:76
actionwp_enqueue_scriptsviews\product-builder\index.php:255
Maintenance & Trust

Storelly Product Builder for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.0
Downloads153

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Storelly Product Builder for WooCommerce Alternatives

Zakeke Interactive Product Designer for WooCommerce

Zakeke Interactive Product Designer for WooCommerce

zakeke-interactive-product-designer

A
100

Let your buyers customize and view their personalized product before purchasing. Get happy customers buying from you and coming back for more.

2K No CVEs
Visual Product Configurator for Woocommerce Lite

Visual Product Configurator for Woocommerce Lite

visual-products-configurator-for-woocommerce

A
100

A woocommerce product customizer for woocommerce that allows customers to build any composite product visually.

200 No CVEs
WCB | WP Configurator Builder – Product Configurators Made Simple

WCB | WP Configurator Builder – Product Configurators Made Simple

wcb-configurator-builder

A
100

Create customizable products with ease; custom product fields, real-time updates, stackable image layers, and more!

60 No CVEs
YayExtra – WooCommerce Extra Product Options

YayExtra – WooCommerce Extra Product Options

yayextra

A
93

YayExtra – Product Options for WooCommerce lets you add customizable options and extra fields to your products.

1K 3 CVEs
PickPlugins Product Designer for WooCommerce

PickPlugins Product Designer for WooCommerce

product-designer

A
95

Ready product designer plugin for WooCommerce

600 3 CVEs
Developer Profile

Storelly Product Builder for WooCommerce Developer Profile

storelly

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Storelly Product Builder for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/storelly-product-builder-for-woocommerce/static/css/spbwc-styles.css/wp-content/plugins/storelly-product-builder-for-woocommerce/static/css/spbwc-frontend.css/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-backend.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-frontend.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-main.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-builder.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-editor.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-preview.js+9 more
Script Paths
/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-backend.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-frontend.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-main.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-builder.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-editor.js/wp-content/plugins/storelly-product-builder-for-woocommerce/static/js/spbwc-product-preview.js+3 more
Version Parameters
storelly-product-builder-for-woocommerce/static/css/spbwc-styles.css?ver=storelly-product-builder-for-woocommerce/static/css/spbwc-frontend.css?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-backend.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-frontend.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-main.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-product-builder.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-product-editor.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-product-preview.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-product-preview-frontend.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-product-preview-modal.js?ver=storelly-product-builder-for-woocommerce/static/js/spbwc-util.js?ver=storelly-product-builder-for-woocommerce/storage/css/spbwc-pb-front.css?ver=storelly-product-builder-for-woocommerce/storage/css/spbwc-pb-styles.css?ver=storelly-product-builder-for-woocommerce/storage/js/spbwc-pb-frontend.js?ver=storelly-product-builder-for-woocommerce/storage/js/spbwc-pb-main.js?ver=storelly-product-builder-for-woocommerce/storage/js/spbwc-pb-product-editor.js?ver=storelly-product-builder-for-woocommerce/storage/js/spbwc-pb-product-preview.js?ver=

HTML / DOM Fingerprints

CSS Classes
spbwc-product-builder-wrapspbwc-pb-customizer-wrap
Data Attributes
data-spbwc-product-id
JS Globals
SPBWC_PB_VERSIONSPBWC_PB_NUMBER_VERSIONSPBWC_PB_PLUGIN_URLSPBWC_PB_PLUGIN_DIRSPBWC_PB_DATA_DIRSPBWC_PB_DATA_URL+18 more
FAQ

Frequently Asked Questions about Storelly Product Builder for WooCommerce