Does Subaccounts for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Subaccounts for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subaccounts for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Subaccounts for WooCommerce 1.9.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Subaccounts for WooCommerce compatible with PHP 5.7+?

Subaccounts for WooCommerce requires PHP 5.7 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Subaccounts for WooCommerce updated?

Subaccounts for WooCommerce was last updated on Feb 21, 2026. Frequent updates are generally a positive security signal.

What is Subaccounts for WooCommerce's security score?

Subaccounts for WooCommerce has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subaccounts for WooCommerce Security & Risk Analysis

wordpress.org/plugins/subaccounts-for-woocommerce

The best subaccount management plugin for WooCommerce. Easily allow customers to create subaccounts or add users to their company accounts.

200 active installs v1.9.3 PHP 5.7+ WP 5.7+ Updated Feb 21, 2026

company-accountsmulti-usersub-accountuser-switchingwoocommerce-b2b

A · Safe

CVEs total2

Unpatched0

Last CVEMay 12, 2025

Plugin page Download

Safety Verdict

Is Subaccounts for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Subaccounts for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 12, 2025Updated 1mo ago

Risk Assessment

The 'subaccounts-for-woocommerce' plugin, version 1.9.3, demonstrates several positive security practices. The static analysis shows a complete absence of unprotected entry points (AJAX handlers, REST API routes, shortcodes) and a strong reliance on prepared statements for all SQL queries. Additionally, the presence of numerous nonce and capability checks suggests an awareness of common WordPress security vulnerabilities.

However, there are areas for improvement. While taint analysis found no critical or high-severity issues, a notable 24% of output operations are not properly escaped. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully during output. The plugin also bundles Freemius v1.0, an older version, which might contain known vulnerabilities.

The plugin's vulnerability history, with two known CVEs including a high and a medium severity issue, is a significant concern. While currently unpatched CVEs are reported as zero, the types of past vulnerabilities (Authorization Bypass and XSS) are serious and indicate a pattern that warrants vigilance. The presence of these past vulnerabilities, despite current good practices in the analyzed code, suggests that historical security issues have existed, and ongoing review and patching are crucial.

Key Concerns

Significant percentage of unescaped output
Bundled outdated library (Freemius v1.0)
Past high severity vulnerability
Past medium severity vulnerability

Vulnerabilities

Subaccounts for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-47461high · 8.8Authorization Bypass Through User-Controlled Key

Subaccounts for WooCommerce <= 1.6.6 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

May 12, 2025 Patched in 1.6.7 (9d)

CVE-2024-11370medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 1.6.1 (2d)

Code Analysis

Analyzed Mar 16, 2026

Subaccounts for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

122

393 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared56 total queries

Output Escaping

76% escaped515 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

sfwc_frontend_manage_subaccounts (admin\ajax.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Subaccounts for WooCommerce Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 4

authwp_ajax_sfwc_frontend_manage_subaccountsadmin\ajax.php:729

authwp_ajax_sfwc_frontend_edit_subaccountadmin\ajax.php:1230

authwp_ajax_frontend_populate_user_switcher_dropdown_with_subaccountsadmin\ajax.php:1416

authwp_ajax_frontend_populate_subaccount_orders_dropdown_with_subaccountsadmin\ajax.php:1592

Shortcodes 4

[sfwc_user_switcher] public\my-account.php:483

[sfwc_manage_subaccounts] public\my-account.php:1288

[sfwc_subaccount_orders] public\my-account.php:1600

[sfwc_add_subaccount] public\my-account.php:2066

WordPress Hooks 69

actionadmin_initadmin\admin.php:78

filterwoocommerce_screen_idsadmin\admin.php:96

filterplugin_action_linksadmin\admin.php:136

actionadmin_enqueue_scriptsadmin\admin.php:172

actionadd_meta_boxesadmin\admin.php:205

actionwoocommerce_new_orderadmin\admin.php:343

actionadmin_menuadmin\admin.php:388

actionadmin_initadmin\admin.php:588

actionadmin_initadmin\admin.php:1286

actionall_admin_noticesadmin\admin.php:1397

actionsfwc_settings_tabadmin\admin.php:1411

actionsfwc_settings_contentadmin\admin.php:1446

actionsfwc_settings_tabadmin\admin.php:1460

actionsfwc_settings_contentadmin\admin.php:1528

actionsfwc_dummy_html_markup_after_enabled_optionsadmin\admin.php:1688

filterwoocommerce_settings_pagesadmin\admin.php:1722

actionprofile_updateadmin\admin.php:1808

actioninitadmin\admin.php:1833

actionwp_enqueue_scriptspublic\my-account.php:40

actiontemplate_redirectpublic\my-account.php:139

actionwp_logoutpublic\my-account.php:188

actionwoocommerce_before_account_navigationpublic\my-account.php:484

actionwppublic\my-account.php:902

filterwoocommerce_get_query_varspublic\my-account.php:922

filterwoocommerce_account_menu_itemspublic\my-account.php:1045

actionwoocommerce_account_subaccounts_endpointpublic\my-account.php:1195

actionwppublic\my-account.php:1713

filteruser_has_cappublic\my-account.php:1714

actioninitpublic\my-account.php:1725

filterwoocommerce_account_orders_columnspublic\my-account.php:1750

actionwoocommerce_my_account_my_orders_column_sfwc-order-numberpublic\my-account.php:1768

actiontemplate_redirectpublic\my-account.php:2406

actiontemplate_redirectpublic\my-account.php:2904

actiontemplate_redirectpublic\my-account.php:2931

filterwoocommerce_get_endpoint_urlpublic\my-account.php:3030

actionwoocommerce_checkout_create_orderpublic\my-account.php:3349

actionwoocommerce_store_api_checkout_update_order_metapublic\my-account.php:3350

actionwoocommerce_thankyoupublic\my-account.php:3413

filterwoocommerce_account_orders_columnspublic\my-account.php:3449

actionwoocommerce_my_account_my_orders_column_order-accountpublic\my-account.php:3491

actionwoocommerce_my_account_my_orders_column_order-placed-bypublic\my-account.php:3793

actionwoocommerce_before_account_orderspublic\my-account.php:3936

filterwoocommerce_my_account_my_orders_querypublic\my-account.php:4146

actiontemplate_redirectpublic\my-account.php:4235

filterwoocommerce_my_account_my_orders_actionspublic\my-account.php:4269

actionwoocommerce_order_details_before_order_tablepublic\my-account.php:4789

filterwoocommerce_checkout_fieldspublic\my-account.php:4978

actionwp_footerpublic\my-account.php:5122

filterwoocommerce_checkout_initpublic\my-account.php:5171

actionwoocommerce_store_api_checkout_order_processedpublic\my-account.php:5210

filterwoocommerce_checkout_fieldspublic\my-account.php:5317

filterwoocommerce_checkout_update_customer_datapublic\my-account.php:5399

actioninitpublic\my-account.php:5404

actionwoocommerce_thankyoupublic\my-account.php:5524

filterwoocommerce_my_account_my_orders_querypublic\my-account.php:6021

filteruser_has_cappublic\my-account.php:6168

filterwp_mailpublic\my-account.php:6229

filterwoocommerce_email_recipient_customer_on_hold_orderpublic\my-account.php:6238

filterwoocommerce_email_recipient_customer_processing_orderpublic\my-account.php:6239

filterwoocommerce_email_recipient_customer_completed_orderpublic\my-account.php:6240

filterwoocommerce_email_recipient_customer_partially_refunded_orderpublic\my-account.php:6241

filterwoocommerce_email_recipient_customer_invoicepublic\my-account.php:6242

filterwoocommerce_email_recipient_customer_notepublic\my-account.php:6243

filterwoocommerce_email_headerspublic\my-account.php:6349

filterenable_cpt_advanced_menu_logicsubaccounts-for-woocommerce.php:94

actionbefore_woocommerce_initsubaccounts-for-woocommerce.php:112

actionbefore_woocommerce_initsubaccounts-for-woocommerce.php:126

actionadmin_noticessubaccounts-for-woocommerce.php:204

actioninitsubaccounts-for-woocommerce.php:235

Maintenance & Trust

Subaccounts for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 21, 2026

PHP min version5.7

Downloads12K

Community Trust

Rating100/100

Number of ratings25

Active installs200

Alternatives

Subaccounts for WooCommerce Alternatives

User Switching

user-switching

100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs

B2BKing — Ultimate WooCommerce B2B and Wholesale Solution — Dynamic Pricing, Wholesale Order Form & More

b2bking-wholesale-for-woocommerce

B2BKing is the complete solution for running a Wholesale, B2B or B2B + B2C hybrid store with WooCommerce.

10K 2 CVEs

Admin Bar User Switching

admin-bar-user-switching

Extends the excellent User Switching plugin by John Blackbourn by adding a User Switching to the admin bar for quick and easy user switching.

2K No CVEs

Authors Widget

authors

Authors Widget shows the list or cloud of the authors in the sidemenu.

1K No CVEs

Whols – Wholesale Prices and B2B Store Solution for WooCommerce

whols

100

WooCommerce Wholesale plugin for WooCommerce wholesale pricing. It is a b2b plugin for WooCommerce. WooCommerce B2B or B2B + B2C hybrid Store Solution

1K No CVEs

Developer Profile

Subaccounts for WooCommerce Developer Profile

mediaticus

1 plugin · 200 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Subaccounts for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subaccounts-for-woocommerce/assets/css/admin-style.css/wp-content/plugins/subaccounts-for-woocommerce/assets/css/public-style.css/wp-content/plugins/subaccounts-for-woocommerce/assets/js/admin-script.js/wp-content/plugins/subaccounts-for-woocommerce/assets/js/public-script.js

Script Paths

/wp-content/plugins/subaccounts-for-woocommerce/freemius/start.php

Version Parameters

subaccounts-for-woocommerce/assets/css/admin-style.css?ver=subaccounts-for-woocommerce/assets/css/public-style.css?ver=subaccounts-for-woocommerce/assets/js/admin-script.js?ver=subaccounts-for-woocommerce/assets/js/public-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

sfwc-admin-wrapsfwc-tabs-navsfwc-tabs-contentsfwc-subaccount-list-tablesfwc-subaccount-details-sectionsfwc-parent-account-infosfwc-add-subaccount-formsfwc-subaccount-roles-select+1 more

HTML Comments

+6 more

Data Attributes

data-sfwc-tabdata-sfwc-subaccount-iddata-sfwc-user-id

JS Globals

sfwc_admin_paramssfwc_public_paramsSubaccountsForWooCommercesfwc_localize

REST Endpoints

/wp-json/sfwc/v1/subaccounts/wp-json/sfwc/v1/subaccounts/(?P<id>[\d]+)/wp-json/sfwc/v1/permissions/wp-json/sfwc/v1/users

Shortcode Output

[sfwc_subaccount_dashboard][sfwc_subaccount_login][sfwc_subaccount_list]

FAQ