WP-Safety

Visual Product Configurator for Woocommerce Lite Security & Risk Analysis

wordpress.org/plugins/visual-products-configurator-for-woocommerce

A woocommerce product customizer for woocommerce that allows customers to build any composite product visually.

200 active installs v3.6 PHP 8.0+ WP 6.0+ Updated Oct 7, 2025
woocommerce-composite-productswoocommerce-product-builderwoocommerce-product-configuratorwoocommerce-product-customizerwoocommerce-product-designer
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Visual Product Configurator for Woocommerce Lite Safe to Use in 2026?

Generally Safe

Score 100/100

Visual Product Configurator for Woocommerce Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The plugin 'visual-products-configurator-for-woocommerce' v3.6 exhibits a mixed security posture. While it has a clean vulnerability history with no known CVEs, the static analysis reveals several concerning areas. A significant attack surface is exposed, with 6 out of 7 entry points lacking authentication checks, including all AJAX handlers. This makes them prime targets for unauthorized access and potential exploitation. The presence of the `unserialize` function is a red flag, especially when combined with flows with unsanitized paths. Although no critical taint flows were identified, one high-severity flow with unsanitized paths is a notable risk. The moderate use of prepared statements for SQL queries and a reasonable percentage of properly escaped outputs are positive signs, but these are overshadowed by the extensive unprotected entry points and the `unserialize` function. The plugin's history of no vulnerabilities might suggest either a lack of targeted exploitation or effective, albeit potentially unanalyzed, security measures in the past. However, the current static analysis findings highlight a need for immediate attention to secure the exposed entry points and carefully review the usage of `unserialize`.

Key Concerns

  • Multiple unprotected AJAX handlers
  • High severity taint flow with unsanitized paths
  • Use of dangerous function: unserialize
  • Significant attack surface without auth checks
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

Visual Product Configurator for Woocommerce Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Visual Product Configurator for Woocommerce Lite Code Analysis

Dangerous Functions
5
Raw SQL Queries
2
4 prepared
Unescaped Output
94
236 escaped
Nonce Checks
2
Capability Checks
5
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$original_config = unserialize( $item[ "vpc-original-config" ] );includes\functions.php:402
unserialize$config = unserialize( $config );public\class-vpc-public.php:548
unserialize$recap = unserialize( $item[ "vpc-cart-data" ] );public\class-vpc-public.php:595
unserialize$recap = unserialize( strip_tags( $item[ "vpc-cart-data" ] ) );public\class-vpc-public.php:624
unserialize$recap = unserialize( $cart_datas[ 0 ] );public\class-vpc-public.php:727

SQL Query Safety

67% prepared6 total queries

Output Escaping

72% escaped330 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
vpc_get_quantity_container (includes\functions.php:148)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Visual Product Configurator for Woocommerce Lite Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_add_vpc_configuration_to_cartincludes\class-vpc.php:210
noprivwp_ajax_add_vpc_configuration_to_cartincludes\class-vpc.php:211
authwp_ajax_get_vpc_editorincludes\class-vpc.php:227
noprivwp_ajax_get_vpc_editorincludes\class-vpc.php:228
authwp_ajax_get_vpc_product_qtyincludes\class-vpc.php:247
noprivwp_ajax_get_vpc_product_qtyincludes\class-vpc.php:248

Shortcodes 1

[wpb_builder] public\class-vpc-public.php:78
WordPress Hooks 46
actionadmin_action_duplicate_vpc-configadmin\class-vpc-duplicate.php:27
filterpost_row_actionsadmin\class-vpc-duplicate.php:28
filterpage_row_actionsadmin\class-vpc-duplicate.php:29
actionpost_submitbox_startadmin\class-vpc-duplicate.php:30
filterimage_resize_dimensionsincludes\aq_resizer.php:67
actionplugins_loadedincludes\class-vpc.php:142
actionadmin_enqueue_scriptsincludes\class-vpc.php:156
actionadmin_enqueue_scriptsincludes\class-vpc.php:157
actionadmin_initincludes\class-vpc.php:158
filterscreen_layout_columnsincludes\class-vpc.php:159
filterget_user_option_screen_layout_vpc-configincludes\class-vpc.php:160
filterget_user_option_meta-box-order_vpc-configincludes\class-vpc.php:161
actionadmin_menuincludes\class-vpc.php:162
filtermanage_edit-product_columnsincludes\class-vpc.php:163
actionmanage_product_posts_custom_columnincludes\class-vpc.php:164
actionadmin_noticesincludes\class-vpc.php:165
actionadmin_noticesincludes\class-vpc.php:167
actioninitincludes\class-vpc.php:170
actionadd_meta_boxesincludes\class-vpc.php:171
actionsave_post_vpc-configincludes\class-vpc.php:172
actionsave_post_productincludes\class-vpc.php:173
actionwoocommerce_save_product_variationincludes\class-vpc.php:174
actionsave_post_vpc-templateincludes\class-vpc.php:175
actionwoocommerce_product_options_general_product_dataincludes\class-vpc.php:178
actionwoocommerce_product_after_variable_attributesincludes\class-vpc.php:180
actionwp_enqueue_scriptsincludes\class-vpc.php:194
actionwp_enqueue_scriptsincludes\class-vpc.php:195
actioninitincludes\class-vpc.php:196
actioninitincludes\class-vpc.php:197
filterquery_varsincludes\class-vpc.php:199
filterinitincludes\class-vpc.php:200
actionwoocommerce_after_add_to_cart_buttonincludes\class-vpc.php:202
actioninitincludes\class-vpc.php:205
filterwoocommerce_cart_item_nameincludes\class-vpc.php:213
actionwoocommerce_before_calculate_totalsincludes\class-vpc.php:214
filterwoocommerce_cart_item_thumbnailincludes\class-vpc.php:215
filterwoocommerce_order_item_quantity_htmlincludes\class-vpc.php:218
actionwoocommerce_before_order_itemmetaincludes\class-vpc.php:219
actionwoocommerce_checkout_create_order_line_itemincludes\class-vpc.php:220
actionwoocommerce_order_item_meta_startincludes\class-vpc.php:224
filterbody_classincludes\class-vpc.php:234
filterwoocommerce_order_again_cart_item_dataincludes\class-vpc.php:237
filterwoocommerce_cart_item_removedincludes\class-vpc.php:242
filterwoocommerce_remove_cart_itemincludes\class-vpc.php:245
filtersafe_style_cssincludes\functions.php:676
filterthe_contentpublic\class-vpc-public.php:312
Maintenance & Trust

Visual Product Configurator for Woocommerce Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 7, 2025
PHP min version8.0
Downloads42K

Community Trust

Rating68/100
Number of ratings33
Active installs200
Alternatives

Visual Product Configurator for Woocommerce Lite Alternatives

PickPlugins Product Designer for WooCommerce

PickPlugins Product Designer for WooCommerce

product-designer

A
95

Ready product designer plugin for WooCommerce

600 3 CVEs
Custom Product Builder for WooCommerce – Product Designer and Customizer

Custom Product Builder for WooCommerce – Product Designer and Customizer

custom-product-builder-for-woocommerce

A
100

The WooCommerce product designer plugin trusted by 200+ stores. Let customers design custom t-shirts, mugs, phone cases, jewelry and more with an intu …

300 No CVEs
Kickflip product configurators

Kickflip product configurators

mycustomizer-woocommerce-connector

A
100

Give your customers a premium way to personalize your products.

300 No CVEs
Pixobe Product Designer – WooCommerce Product Customizer

Pixobe Product Designer – WooCommerce Product Customizer

pixobe-product-designer

A
100

A WooCommerce product designer and product customizer that lets customers personalize products with text, images, optional AI-generated designs, and r …

0 No CVEs
WC Contour – Product Bundles Builder for WooCommerce

WC Contour – Product Bundles Builder for WooCommerce

wccontour

A
100

Product Bundles Builder. Create and save customer's bundles.

0 No CVEs
Developer Profile

Visual Product Configurator for Woocommerce Lite Developer Profile

Hermann LAHAMI

3 plugins · 10K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Visual Product Configurator for Woocommerce Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/css/vpc-admin.css/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/css/vpc-admin.min.css/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/css/flexiblegs.css/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/css/UI.css/wp-content/plugins/visual-products-configurator-for-woocommerce/public/css/tooltip.min.css/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/js/modal/modal.min.css/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/js/vpc-admin.min.js/wp-content/plugins/visual-products-configurator-for-woocommerce/admin/js/o-admin.min.js+3 more
Version Parameters
vpc-admin.min.css?ver=flexiblegs.css?ver=UI.css?ver=tooltip.min.css?ver=modal.min.css?ver=vpc-admin.min.js?ver=o-admin.min.js?ver=tooltip.min.js?ver=modal.min.js?ver=jquery.serializejson.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
vpc-admin-wrapper
HTML Comments
<!-- This file is read by WordPress to generate the plugin information in the plugin admin area -->
Data Attributes
data-vpc-setting
JS Globals
VPC_URLstring_translationsOrion_Library
FAQ

Frequently Asked Questions about Visual Product Configurator for Woocommerce Lite