WP-Safety

Swatchly – Product Variation Swatches for WooCommerce Security & Risk Analysis

wordpress.org/plugins/swatchly

Product Variation Swatches For WooCommerce Products.

6K active installs v1.4.12 PHP 5.4+ WP 4.0+ Updated Feb 26, 2026
color-swatchproduct-attributesvariation-swatcheswoocommerce-attributeswoocommerce-variation
98
A · Safe
CVEs total2
Unpatched0
Last CVEApr 9, 2025
Plugin page Download
Safety Verdict

Is Swatchly – Product Variation Swatches for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Swatchly – Product Variation Swatches for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 9, 2025Updated 1mo ago
Risk Assessment

The Swatchly plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a significant majority of its output is properly escaped. It also includes a respectable number of nonce and capability checks, indicating an effort to secure its functionalities. However, there are notable areas of concern that warrant attention. The presence of one AJAX handler without authentication checks presents a direct and exploitable entry point for attackers. Furthermore, the taint analysis reveals five high-severity flows with unsanitized paths, suggesting potential vulnerabilities that could allow for data manipulation or unauthorized access if exploited. The plugin's vulnerability history shows two past medium-severity CVEs, one of which was a missing authorization vulnerability, further highlighting the importance of the identified authentication and authorization weaknesses. While the plugin currently has no unpatched CVEs, the recurring pattern of authorization-related issues and the current high-severity taint flows suggest an ongoing risk that requires mitigation.

Key Concerns

  • AJAX handler without authentication check
  • High severity taint flows with unsanitized paths
  • Two past medium severity CVEs (incl. missing auth)
Vulnerabilities
2

Swatchly – Product Variation Swatches for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-2719medium · 6.5Missing Authorization

Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Apr 9, 2025 Patched in 1.4.1 (2d)
CVE-2023-23792medium · 4.3Cross-Site Request Forgery (CSRF)

Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation

Mar 30, 2023 Patched in 1.2.1 (299d)
Code Analysis
Analyzed Mar 16, 2026

Swatchly – Product Variation Swatches for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
53
301 escaped
Nonce Checks
7
Capability Checks
10
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped354 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths
__construct (includes\Admin\Diagnostic_Data.php:81)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Swatchly – Product Variation Swatches for WooCommerce Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 7

authwp_ajax_swatchly_diagnostic_dataincludes\Admin\Diagnostic_Data.php:101
authwp_ajax_htim_activate_pluginincludes\Admin\Install_Manager\Install_Manager.php:46
authwp_ajax_swatchly_noticesincludes\Admin\Notices.php:51
authwp_ajax_swatchly_ajax_plugin_activationincludes\Admin\recommendations\Recommended_Plugins.php:84
authwp_ajax_swatchly_ajax_reload_metabox_panelincludes\ajax-actions.php:35
authwp_ajax_swatchly_ajax_save_product_metaincludes\ajax-actions.php:73
authwp_ajax_swatchly_ajax_reset_product_metaincludes\ajax-actions.php:103

Shortcodes 1

[swatchly_pl_swatches] includes\Frontend\Woo_Config.php:95
WordPress Hooks 57
actioncsf_loadedincludes\Admin\Attribute_Taxonomy_Metabox.php:13
actionadmin_noticesincludes\Admin\Diagnostic_Data.php:97
actioninitincludes\Admin\Diagnostic_Data.php:111
actioncsf_loadedincludes\Admin\Global_Settings.php:13
actionadmin_enqueue_scriptsincludes\Admin\Install_Manager\Install_Manager.php:43
actionadmin_noticesincludes\Admin\Notices.php:49
actionadmin_footerincludes\Admin\Notices.php:50
filterwoocommerce_product_data_tabsincludes\Admin\Product_Metabox.php:14
actionwoocommerce_product_data_panelsincludes\Admin\Product_Metabox.php:17
actionwoocommerce_process_product_meta_variableincludes\Admin\Product_Metabox.php:20
actioninitincludes\Admin\recommendations\init.php:17
actionadmin_menuincludes\Admin\recommendations\Recommended_Plugins.php:80
actionadmin_enqueue_scriptsincludes\Admin\recommendations\Recommended_Plugins.php:81
actionadmin_enqueue_scriptsincludes\Admin\Swatchly_Trial.php:70
actionadmin_initincludes\Admin\Swatchly_Trial.php:71
actionadmin_print_scriptsincludes\Admin\Swatchly_Trial.php:343
actionadmin_print_footer_scriptsincludes\Admin\Swatchly_Trial.php:344
actionadmin_noticesincludes\Admin\Swatchly_Trial.php:348
actionadmin_footerincludes\Admin\Swatchly_Trial.php:352
actionadmin_footerincludes\Admin\Swatchly_Trial.php:353
filterproduct_attributes_type_selectorincludes\Admin\Woo_Config.php:14
actionadmin_menuincludes\Admin.php:26
actionadmin_menuincludes\Admin.php:27
actionadmin_menuincludes\Admin.php:28
actionadmin_footerincludes\Admin.php:29
filterplugin_action_links_swatchly/swatchly.phpincludes\Admin.php:32
actionadmin_enqueue_scriptsincludes\Admin.php:35
actionadmin_footerincludes\Admin.php:37
actionadmin_headincludes\Admin.php:38
actionadmin_headincludes\Admin.php:39
filterwp_kses_allowed_htmlincludes\Compatibility\Elementor.php:11
filterwoocommerce_dropdown_variation_attribute_options_htmlincludes\Frontend\Woo_Config.php:29
actionastra_woo_shop_title_beforeincludes\Frontend\Woo_Config.php:37
actionwoocommerce_shop_loop_item_titleincludes\Frontend\Woo_Config.php:39
actionwoolentor_universal_before_titleincludes\Frontend\Woo_Config.php:43
actionastra_woo_shop_title_afterincludes\Frontend\Woo_Config.php:49
actionwoocommerce_shop_loop_item_titleincludes\Frontend\Woo_Config.php:51
actionwoolentor_universal_after_titleincludes\Frontend\Woo_Config.php:55
actionastra_woo_shop_price_beforeincludes\Frontend\Woo_Config.php:61
actionwoocommerce_after_shop_loop_item_titleincludes\Frontend\Woo_Config.php:63
actionwoolentor_universal_before_priceincludes\Frontend\Woo_Config.php:67
actionastra_woo_shop_price_afterincludes\Frontend\Woo_Config.php:73
actionwoocommerce_after_shop_loop_item_titleincludes\Frontend\Woo_Config.php:75
actionwoolentor_universal_after_priceincludes\Frontend\Woo_Config.php:79
filterwoocommerce_loop_add_to_cart_linkincludes\Frontend\Woo_Config.php:84
filterwoocommerce_loop_add_to_cart_argsincludes\Frontend\Woo_Config.php:99
filterwoocommerce_ajax_variation_thresholdincludes\Frontend\Woo_Config.php:102
actionwp_enqueue_scriptsincludes\Frontend\Woo_Config.php:106
filterswatchly_force_load_add_to_cart_variation_js_file_in_shopincludes\Frontend\Woo_Config.php:114
actionwp_enqueue_scriptsincludes\Frontend.php:22
actionwp_footerincludes\Frontend.php:26
filterbody_classincludes\Frontend.php:30
actionadmin_noticesswatchly.php:126
actioninitswatchly.php:129
actionplugins_loadedswatchly.php:132
actionadmin_initswatchly.php:135
actionupdate_option_active_pluginsswatchly.php:147
Maintenance & Trust

Swatchly – Product Variation Swatches for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version5.4
Downloads157K

Community Trust

Rating88/100
Number of ratings27
Active installs6K
Alternatives

Swatchly – Product Variation Swatches for WooCommerce Alternatives

Product Variation Swatches for WooCommerce – Smart Swatches

Product Variation Swatches for WooCommerce – Smart Swatches

smart-swatches

A
100

Appealing color, image, and button variation swatches on your WooCommerce Shop and Product pages in minutes to increase sales.

800 No CVEs
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-variation-swatches

A
100

Beautiful Color, Image and Buttons Variation Swatches For WooCommerce Product Attributes

300K 1 CVE
Variation Swatches for WooCommerce – Color, Image & Size Swatches

Variation Swatches for WooCommerce – Color, Image & Size Swatches

variation-swatches-woo

A
100

Variation Swatches for WooCommerce replaces dropdowns with color, image & size swatches, helping shoppers decide faster and buy with confidence.

200K No CVEs
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

product-variation-swatches-for-woocommerce

A
100

Variation Swatches for WooCommerce plugin adds button, Image, radio, and color swatches to your product attribute & enhance the product selection.

10K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-product-variation-swatches

A
100

Variation Swatches for WooCommerce change beautiful colors, images and buttons variation swatches for WooCommerce product attributes.

10K 1 CVE
Developer Profile

Swatchly – Product Variation Swatches for WooCommerce Developer Profile

HasThemes

14 plugins · 16K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
179 days
View full developer profile
Detection Fingerprints

How We Detect Swatchly – Product Variation Swatches for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/swatchly/assets/css/frontend.css/wp-content/plugins/swatchly/assets/js/frontend.js/wp-content/plugins/swatchly/assets/css/backend.css/wp-content/plugins/swatchly/assets/js/backend.js/wp-content/plugins/swatchly/libs/codestar-framework/assets/css/codestar-framework.css/wp-content/plugins/swatchly/libs/codestar-framework/assets/js/codestar-framework.js/wp-content/plugins/swatchly/assets/css/select2.min.css/wp-content/plugins/swatchly/assets/js/select2.min.js+5 more
Script Paths
/wp-content/plugins/swatchly/assets/js/frontend.js/wp-content/plugins/swatchly/assets/js/backend.js/wp-content/plugins/swatchly/libs/codestar-framework/assets/js/codestar-framework.js/wp-content/plugins/swatchly/assets/js/select2.min.js/wp-content/plugins/swatchly/assets/js/magnific-popup.js/wp-content/plugins/swatchly/assets/js/perfect-scrollbar.js
Version Parameters
swatchly/assets/css/frontend.css?ver=swatchly/assets/js/frontend.js?ver=swatchly/assets/css/backend.css?ver=swatchly/assets/js/backend.js?ver=swatchly/libs/codestar-framework/assets/css/codestar-framework.css?ver=swatchly/libs/codestar-framework/assets/js/codestar-framework.js?ver=swatchly/assets/css/select2.min.css?ver=swatchly/assets/js/select2.min.js?ver=swatchly/assets/css/magnific-popup.css?ver=swatchly/assets/js/magnific-popup.js?ver=swatchly/assets/css/perfect-scrollbar.css?ver=swatchly/assets/js/perfect-scrollbar.js?ver=swatchly/assets/css/swatchly-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
swatchly-frontendswatchly-backend
HTML Comments
<!-- Main class --><!-- Single instance --><!-- Main Instance --><!-- Constructor -->+15 more
Data Attributes
data-swatchly-option
JS Globals
swatchly_admin_optionsswatchly_frontend_optionsswatchly_var
FAQ

Frequently Asked Questions about Swatchly – Product Variation Swatches for WooCommerce