User Collections for WooCommerce Security & Risk Analysis

wordpress.org/plugins/user-collections-for-woocommerce

A lightweight WooCommerce extension that helps store admins and customers explore purchased products as a “collection.”

0 active installs v1.0.1 PHP 7.0+ WP 6.0+ Updated Mar 3, 2026
collectionscustomermembershipuserswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is User Collections for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

User Collections for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'user-collections-for-woocommerce' plugin v1.0.1 exhibits a mixed security posture. While the code demonstrates good practices in areas like SQL query sanitization, output escaping, and the absence of dangerous functions or file operations, significant concerns arise from its attack surface. Two AJAX handlers lack authentication checks, presenting a direct entry point for potential unauthorized actions. The presence of only one nonce check across the analyzed code further exacerbates this risk, as it doesn't adequately cover the unprotected AJAX endpoints. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a potentially stable codebase or a lack of in-depth historical analysis. However, the static analysis reveals immediate security weaknesses that outweigh the positive indicators of secure coding practices, necessitating immediate attention and remediation.

Key Concerns

  • 2 AJAX handlers without auth checks
  • Only 1 nonce check found
Vulnerabilities
None known

User Collections for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

User Collections for WooCommerce Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

User Collections for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
47 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped47 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<fetch-collection> (src/includes/fetch-collection.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

User Collections for WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

noprivwp_ajax_gf_usercollections_wcsrc/classes/init.php:16
authwp_ajax_gf_usercollections_wcsrc/classes/init.php:17

Shortcodes 1

[ucforwc_collection] src/classes/shortcode.php:11
WordPress Hooks 15
actioninitsrc/classes/init.php:9
actionplugins_loadedsrc/classes/init.php:10
actionplugins_loadedsrc/classes/init.php:11
actionbefore_woocommerce_initsrc/classes/init.php:12
actionadmin_enqueue_scriptssrc/classes/init.php:13
actionadmin_enqueue_scriptssrc/classes/init.php:14
actionadmin_menusrc/classes/init.php:15
actionadmin_noticessrc/classes/init.php:147
actioninitsrc/classes/my-account.php:16
filterwoocommerce_account_menu_itemssrc/classes/my-account.php:17
actionwoocommerce_account_collection_endpointsrc/classes/my-account.php:18
filterthe_titlesrc/classes/my-account.php:19
filterwoocommerce_endpoint_collection_titlesrc/classes/my-account.php:20
filterthe_titlesrc/classes/my-account.php:21
filterrender_blocksrc/classes/my-account.php:22
Maintenance & Trust

User Collections for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.0
Downloads256

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

User Collections for WooCommerce Developer Profile

Greyforest

4 plugins · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect User Collections for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-collections-for-woocommerce/assets/css/css.css/wp-content/plugins/user-collections-for-woocommerce/assets/css/fonts.css/wp-content/plugins/user-collections-for-woocommerce/assets/css/greyforest-plugins.css/wp-content/plugins/user-collections-for-woocommerce/assets/js/js.js
Script Paths
/wp-content/plugins/user-collections-for-woocommerce/assets/js/js.js
Version Parameters
user-collections-for-woocommerce/assets/css/css.css?ver=user-collections-for-woocommerce/assets/css/fonts.css?ver=user-collections-for-woocommerce/assets/css/greyforest-plugins.css?ver=user-collections-for-woocommerce/assets/js/js.js?ver=

HTML / DOM Fingerprints

CSS Classes
gf-plugin-wrappergf-usercollections-wrapper
HTML Comments
<!-- BEGIN USER COLLECTIONS WRAPPER --><!-- END USER COLLECTIONS WRAPPER -->
FAQ

Frequently Asked Questions about User Collections for WooCommerce