WP-Safety

VisualWP Collections Security & Risk Analysis

wordpress.org/plugins/visual-wp-collections-for-wc

Create collections of similar products based on categories, tags, product name etc for your WooCommerce store

10 active installs v1.0.5 PHP 7.4+ WP 5.9+ Updated Feb 23, 2026
ecommercegroupproduct-collectionrelated-productswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VisualWP Collections Safe to Use in 2026?

Generally Safe

Score 100/100

VisualWP Collections has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "visual-wp-collections-for-wc" plugin v1.0.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and ensuring almost all output is properly escaped. The absence of any recorded vulnerabilities in its history is also a strong indicator of a mature and well-maintained codebase. However, there are significant security concerns related to its attack surface. A substantial portion of its AJAX handlers (6 out of 7) lack authentication checks, creating a direct entry point for potential unauthorized actions. The complete absence of nonce checks further exacerbates this risk, as it allows for easy Cross-Site Request Forgery (CSRF) attacks against these unprotected AJAX endpoints. While taint analysis shows no critical or high-severity issues, the lack of broader security checks on entry points overshadows this. The plugin's strengths lie in its data handling, but its entry point security needs substantial improvement.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX
  • Large attack surface without auth
Vulnerabilities
None known

VisualWP Collections Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

VisualWP Collections Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
3
92 escaped
Nonce Checks
0
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

97% escaped95 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
<collection-preview> (admin\utilities\collection-preview.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

VisualWP Collections Attack Surface

Entry Points8
Unprotected6

AJAX Handlers 7

authwp_ajax_vwpwc_get_collection_result_setvisualwp-wc-collections.php:295
authwp_ajax_save_collectionvisualwp-wc-collections.php:493
authwp_ajax_cat_autosuggestvisualwp-wc-collections.php:526
authwp_ajax_update_collection_draftvisualwp-wc-collections.php:555
authwp_ajax_get_collectionvisualwp-wc-collections.php:568
authwp_ajax_add_new_collectionvisualwp-wc-collections.php:614
authwp_ajax_vwpwcc_update_collection_postvisualwp-wc-collections.php:628

Shortcodes 1

[collections] visualwp-wc-collections.php:603
WordPress Hooks 6
actioninitinc\class.collections.php:340
actionadd_meta_boxesinc\class.collections.php:343
actionsave_postinc\class.collections.php:344
filtersingle_templatevisualwp-wc-collections.php:39
actionadmin_menuvisualwp-wc-collections.php:74
actionadmin_enqueue_scriptsvisualwp-wc-collections.php:87
Maintenance & Trust

VisualWP Collections Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

VisualWP Collections Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
Mercado Pago payments for WooCommerce

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

A
98

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 3 CVEs
WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
91

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
Developer Profile

VisualWP Collections Developer Profile

sightfactory

8 plugins · 190 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VisualWP Collections

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/visual-wp-collections-for-wc/admin/css/vwp.css/wp-content/plugins/visual-wp-collections-for-wc/admin/css/vwp-wccol.css/wp-content/plugins/visual-wp-collections-for-wc/admin/js/vwp.js/wp-content/plugins/visual-wp-collections-for-wc/admin/js/vwp-wccol.js
Script Paths
https://fonts.googleapis.com/css2?family=Sen:wght@400;700&display=swap

HTML / DOM Fingerprints

CSS Classes
vwp-input-wrappercollection-titlevwp-post-titlevwpwcc-edit-titlevwp-pseudo-iconvwp-wrappervwp-header-wrappervwp-header+8 more
Data Attributes
contenteditableid="col-title"id="vwpwccol-save-collection"id="vwpwcc-add-new"id="vwp-wrapper"id="vwp-header-wrapper"+8 more
JS Globals
vwpwccol_admin_ajax
FAQ

Frequently Asked Questions about VisualWP Collections