WP-Safety

Terms and Conditions Popup for WooCommerce Security & Risk Analysis

wordpress.org/plugins/terms-and-conditions-popup-for-woocommerce

Allows your customers to see the terms and conditions without leaving the checkout page

1K active installs v3.6.2.3 PHP 7.0+ WP 5.0+ Updated Mar 12, 2026
custom-terms-and-conditionsforce-terms-and-conditionsimproved-terms-and-conditionsprivacy-popupterms-and-conditions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Terms and Conditions Popup for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Terms and Conditions Popup for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "terms-and-conditions-popup-for-woocommerce" plugin, version 3.6.2.3, exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin demonstrates strong adherence to best practices, particularly in its handling of database queries, with all SQL queries utilizing prepared statements. Furthermore, the absence of known CVEs and a clean vulnerability history suggest a well-maintained and secure codebase over time. The plugin also implements a robust number of capability checks and nonce checks across its entry points, which are crucial for preventing unauthorized access and actions.

However, there are a few areas that warrant attention. The presence of the `unserialize` function, even if not directly tied to an observable taint flow in this analysis, represents a potential risk if user-controlled data were to be passed to it without proper sanitization. While the static analysis indicates no unsanitized paths in taint flows, this function remains a known vector for deserialization vulnerabilities. Additionally, a significant portion (57%) of output operations are not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly in the output without appropriate sanitization, especially in contexts where it might be interpreted as HTML or JavaScript. The large number of file operations and external HTTP requests, while not immediately indicating a vulnerability, contribute to a broader attack surface that requires careful scrutiny.

In conclusion, the plugin has a solid foundation with its secure database practices and lack of historical vulnerabilities. The primary areas for improvement lie in the diligent sanitization of data passed to `unserialize` and, more critically, in ensuring all output is properly escaped to mitigate XSS risks. Addressing these points would further enhance the plugin's overall security, making it a more robust and trustworthy component for WooCommerce sites.

Key Concerns

  • Potential risk with unserialize function
  • Significant unescaped output detected
Vulnerabilities
None known

Terms and Conditions Popup for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Terms and Conditions Popup for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
126
96 escaped
Nonce Checks
14
Capability Checks
23
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

Output Escaping

43% escaped222 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
<framework> (berocket\framework.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Terms and Conditions Popup for WooCommerce Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 12

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47

Shortcodes 1

[br_terms_and_conditions] main.php:95
WordPress Hooks 98
filterberocket_terms_cond_pages_contentsaddons\concat_content\concat_content_include.php:4
actionwp_headaddons\deprecated_old_popup\popup.php:22
filterberocket_terms_cond_add_popupaddons\deprecated_old_popup\popup.php:23
filterwoocommerce_privacy_policy_page_idaddons\policy_pages\custom_post_policy.php:42
filterberocket_terms_cond_pages_contentsaddons\show_popup_variants\variants_add.php:17
filterwoocommerce_get_terms_page_idaddons\terms_pages\custom_post_terms.php:42
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
filterBeRocket_updater_menu_order_custom_postmain.php:93
actionwp_enqueue_scriptsmain.php:94
actionwp_footermain.php:96
filterberocket_terms_cond_pages_contentsmain.php:97
filterberocket_terms_cond_pages_contentsmain.php:98
filterBeRocket_updater_error_logmain.php:105
filterberocket_display_additional_noticesmain.php:108
Maintenance & Trust

Terms and Conditions Popup for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.0
Downloads61K

Community Trust

Rating98/100
Number of ratings28
Active installs1K
Alternatives

Terms and Conditions Popup for WooCommerce Alternatives

Complianz – Terms and Conditions

Complianz – Terms and Conditions

complianz-terms-conditions

A
100

Configure your own Terms and Conditions specific to your service or webshop.

300K No CVEs
iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda-cookie-law-solution

A
97

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K 4 CVEs
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

legal-pages

A
95

The best WordPress legal pages generator that comes with pre-made templates for GDPR, CCPA, DMCA, Privacy Policy, Terms & Conditions, Cookie Polic &hellip;

10K 7 CVEs
Privacy Policy Generator – WPLP Legal Pages

Privacy Policy Generator – WPLP Legal Pages

wplegalpages

A
92

Create and manage legal pages for WordPress websites using ready-made policy templates that support common privacy and compliance requirements.

10K 7 CVEs
WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups

WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups

wp-terms-popup

A
100

Use WP Terms Popup to ask visitors to agree to your terms and conditions or privacy policy before they are allowed to view your site.

3K 1 CVE
Developer Profile

Terms and Conditions Popup for WooCommerce Developer Profile

BeRocket

22 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
381 days
View full developer profile
Detection Fingerprints

How We Detect Terms and Conditions Popup for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/css/terms-and-conditions-popup.css/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/admin.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/frontend.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup-free.js
Script Paths
/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/admin.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/frontend.js/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup-free.js
Version Parameters
terms-and-conditions-popup-for-woocommerce/css/terms-and-conditions-popup.css?ver=terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup.js?ver=terms-and-conditions-popup-for-woocommerce/js/admin.js?ver=terms-and-conditions-popup-for-woocommerce/js/frontend.js?ver=terms-and-conditions-popup-for-woocommerce/js/terms-and-conditions-popup-free.js?ver=

HTML / DOM Fingerprints

CSS Classes
br_terms_cond_popup_windowbr_terms_cond_popup_window_bgbr_terms_cond_popup_titlebr_terms_cond_popup_contentbr_terms_cond_popup_close
Data Attributes
data-br-terms-cond-popup-settings
JS Globals
BeRocket_terms_cond_popup_params
FAQ

Frequently Asked Questions about Terms and Conditions Popup for WooCommerce