WP-Safety

WC Booster Security & Risk Analysis

wordpress.org/plugins/wc-booster

WC Booster adds custom carts, quick previews, and streamlined checkout to enhance WooCommerce. Boost your eCommerce now!

900 active installs v2.9 PHP 7.3+ WP 6.1+ Updated Feb 28, 2025
ecommerceonlineshopstorestorefront
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WC Booster Safe to Use in 2026?

Generally Safe

Score 92/100

WC Booster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wc-booster" v2.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and shows a high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history is also a significant strength, suggesting a generally well-maintained codebase.

However, there are notable areas of concern. The plugin exposes a substantial attack surface with 39 AJAX handlers, a significant portion (27) lacking authentication checks. This creates a broad entry point for potential attackers. The taint analysis reveals 8 flows with unsanitized paths, 5 of which are classified as high severity. While no critical taint flows were found, these high-severity issues, combined with the reliance on the `unserialize` function (a known source of vulnerabilities when handling untrusted data), warrant careful attention.

In conclusion, while the plugin benefits from a clean vulnerability history and secure SQL practices, the high number of unprotected AJAX endpoints and the identified high-severity unsanitized taint flows are significant weaknesses. The use of `unserialize` further amplifies these risks. Addressing the unprotected AJAX handlers and thoroughly sanitizing the identified taint flows should be prioritized.

Key Concerns

  • 27 unprotected AJAX handlers found
  • 5 high severity unsanitized taint flows
  • Dangerous function 'unserialize' used
  • 8 total unsanitized taint flows
Vulnerabilities
None known

WC Booster Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WC Booster Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
76
642 escaped
Nonce Checks
9
Capability Checks
5
File Operations
15
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$wishlist = unserialize( stripslashes( $_COOKIE[ 'wc_booster_wishlist' ] ), [ 'allowed_classes' => fblocks\class\wish-list-button.php:221
unserialize$wishlist = unserialize(stripslashes( $_COOKIE[ 'wc_booster_wishlist' ]), [ 'allowed_classes' => falinc\wishlist.php:90
unserialize$wishlisted_items = unserialize( stripslashes( $_COOKIE['wc_booster_wishlist'] ), [ 'allowed_classesinc\wishlist.php:120

Bundled Libraries

Select2

Output Escaping

89% escaped718 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
do_settings_sections (custom-fields\class\setting.php:120)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
27 unprotected

WC Booster Attack Surface

Entry Points43
Unprotected27

AJAX Handlers 39

authwp_ajax_get_variation_stock_infoblocks\class\stock-progress-bar.php:52
noprivwp_ajax_get_variation_stock_infoblocks\class\stock-progress-bar.php:53
authwp_ajax_wc_booster_fetch_front_page_demoblocks\importer\ajax.php:17
noprivwp_ajax_wc_booster_fetch_front_page_demoblocks\importer\ajax.php:18
authwp_ajax_wc_booster_fetch_single_product_demoblocks\importer\ajax.php:20
noprivwp_ajax_wc_booster_fetch_single_product_demoblocks\importer\ajax.php:21
authwp_ajax_wc_booster_fetch_pattern_demoblocks\importer\ajax.php:23
noprivwp_ajax_wc_booster_fetch_pattern_demoblocks\importer\ajax.php:24
authwp_ajax_wc_booster_refresh_demo_datablocks\importer\ajax.php:26
authwp_ajax_wc_booster_nopriv_refresh_demo_datablocks\importer\ajax.php:27
authwp_ajax_wc_booster_fetch_user_favourite_demoblocks\importer\ajax.php:29
noprivwp_ajax_wc_booster_fetch_user_favourite_demoblocks\importer\ajax.php:30
authwp_ajax_wc_booster_update_user_favouritesblocks\init.php:27
noprivwp_ajax_wc_booster_update_user_favouritesblocks\init.php:28
authwp_ajax_wc_booster_custom_fields_get_navigationcustom-fields\class\ajax.php:9
noprivwp_ajax_wc_booster_custom_fields_get_navigationcustom-fields\class\ajax.php:10
authwp_ajax_wc_booster_custom_fields_get_pagescustom-fields\class\ajax.php:12
noprivwp_ajax_wc_booster_custom_fields_get_pagescustom-fields\class\ajax.php:13
authwp_ajax_wc_booster_fetch_demodemo-importer\ajax.php:17
authwp_ajax_wc_booster_install_themedemo-importer\ajax.php:18
authwp_ajax_wc_booster_import_postsdemo-importer\ajax.php:19
authwp_ajax_wc_booster_import_pagesdemo-importer\ajax.php:20
authwp_ajax_wc_booster_import_product_categoriesdemo-importer\ajax.php:22
authwp_ajax_wc_booster_import_product_attributesdemo-importer\ajax.php:23
authwp_ajax_wc_booster_import_productsdemo-importer\ajax.php:24
authwp_ajax_wc_booster_import_swatchesdemo-importer\ajax.php:26
authwp_ajax_wc_booster_clean_updemo-importer\ajax.php:27
authwp_ajax_wc_booster_favouritedemo-importer\ajax.php:29
authwp_ajax_wc_booster_favouritedemo-importer\ajax.php:30
authwp_ajax_wc_booster_empty_cartinc\mini-cart.php:47
noprivwp_ajax_wc_booster_empty_cartinc\mini-cart.php:48
authwp_ajax_wc_booster_ajax_quick_viewinc\quick-view.php:34
noprivwp_ajax_wc_booster_ajax_quick_viewinc\quick-view.php:35
authwp_ajax_wc_booster_get_productinc\search.php:24
noprivwp_ajax_wc_booster_get_productinc\search.php:25
authwp_ajax_wc_booster_ajax_wish_listinc\wishlist.php:30
noprivwp_ajax_wc_booster_ajax_wish_listinc\wishlist.php:31
authwp_ajax_wc_booster_ajax_wish_list_removeinc\wishlist.php:33
noprivwp_ajax_wc_booster_ajax_wish_list_removeinc\wishlist.php:34

Shortcodes 4

[wc_booster_checkout] inc\checkout.php:24
[wc_booster_mini_cart] inc\mini-cart.php:33
[wc_booster_popup] inc\product.php:174
[wc_booster_search] inc\search.php:22
WordPress Hooks 74
actioninitblocks\base-block.php:72
actionwp_enqueue_scriptsblocks\base-block.php:74
actionwp_headblocks\base-block.php:77
actionwp_enqueue_scriptsblocks\base-block.php:78
actionwc_booster_prepare_scriptsblocks\class\quick-view.php:54
filteroption_woocommerce_tax_display_shopblocks\class\tax-toggler.php:49
filteroption_woocommerce_tax_display_cartblocks\class\tax-toggler.php:50
actionwc_booster_prepare_scriptsblocks\class\wish-list-button.php:50
actionenqueue_block_assetsblocks\init.php:22
actionrest_api_initblocks\init.php:23
filterblock_categories_allblocks\init.php:24
actionplugins_loadedblocks\init.php:25
actionwp_enqueue_scriptsclass\slide\slide-out.php:23
actioninitcustom-fields\class\post-type.php:42
actionsave_postcustom-fields\class\post-type.php:46
actioninitcustom-fields\class\post-type.php:157
actionadmin_enqueue_scriptscustom-fields\class\script.php:14
actionadmin_initcustom-fields\class\setting.php:20
actionplugins_loadedcustom-fields\main.php:22
filterwp_check_filetype_and_extcustom-fields\main.php:23
actionadmin_menudemo-importer\admin-page.php:19
filterhttp_request_timeoutdemo-importer\ajax.php:32
filterwc_booster_admin_fieldsinc\admin-fields.php:15
actioninitinc\category.php:27
actioninitinc\checkout.php:23
filterthe_titleinc\checkout.php:32
actionwoocommerce_after_cartinc\checkout.php:34
actionbody_classinc\checkout.php:35
actioninitinc\mini-cart.php:25
filterwoocommerce_add_to_cart_fragmentsinc\mini-cart.php:26
filterrender_block_woocommerce/mini-cart-title-label-blockinc\mini-cart.php:27
actionslide_out_contentinc\mini-cart.php:43
filterslide_out_togglerinc\mini-cart.php:45
filterslide_out_close_textinc\mini-cart.php:50
filterwp_nav_menuinc\mini-cart.php:52
filterwoocommerce_cart_item_quantityinc\mini-cart.php:55
actionplugins_loadedinc\plugin-page.php:20
actionadmin_menuinc\plugin-page.php:21
actioninitinc\product.php:27
actionwpinc\product.php:28
filterpost_classinc\product.php:29
actionbody_classinc\product.php:30
actiontemplate_redirectinc\product.php:32
filterwoocommerce_quantity_input_typeinc\product.php:33
actionwoocommerce_before_quantity_input_fieldinc\product.php:85
actionwoocommerce_after_quantity_input_fieldinc\product.php:89
actionwoocommerce_after_single_productinc\product.php:96
actionwoocommerce_before_add_to_cart_forminc\product.php:100
filterwoocommerce_product_tabsinc\product.php:101
filterrender_block_woocommerce/add-to-cart-forminc\product.php:105
actionwoocommerce_before_shop_loop_item_titleinc\product.php:108
actionslide_out_contentinc\product.php:173
filterwoocommerce_product_single_add_to_cart_textinc\product.php:176
filterwoocommerce_product_add_to_cart_textinc\product.php:177
actionwoocommerce_after_shop_loop_iteminc\product.php:324
actionafter_setup_themeinc\quick-view.php:20
actioninitinc\quick-view.php:21
actionwp_enqueue_scriptsinc\quick-view.php:36
actionwoocommerce_before_shop_loop_item_titleinc\quick-view.php:40
actionwoocommerce_before_shop_loop_item_titleinc\quick-view.php:43
actionwoocommerce_after_add_to_cart_buttoninc\quick-view.php:46
filterslide_out_close_textinc\quick-view.php:47
actioninitinc\script-loader.php:21
actionwp_enqueue_scriptsinc\script-loader.php:22
actioninitinc\search.php:17
actioninitinc\template.php:21
filterwoocommerce_locate_templateinc\template.php:25
actioninitinc\text-domain.php:23
actionwp_logininc\wishlist.php:25
actionwoocommerce_order_status_completedinc\wishlist.php:28
actionwoocommerce_loadedwc-booster.php:78
filterbody_classwc-booster.php:87
actionadmin_noticeswc-booster.php:104
actionbefore_woocommerce_initwc-booster.php:106
Maintenance & Trust

WC Booster Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 28, 2025
PHP min version7.3
Downloads28K

Community Trust

Rating84/100
Number of ratings5
Active installs900
Alternatives

WC Booster Alternatives

Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
WooCommerce

WooCommerce

woocommerce

A
87

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs
BigCommerce For WordPress

BigCommerce For WordPress

bigcommerce

B
71

Scale your ecommerce business with WordPress on the front-end and BigCommerce on the back end. Free up server resources from things like catalog manag …

300 1 unpatched
CT Commerce Lite 🛒 | Fast & Flexible WordPress eCommerce Plugin

CT Commerce Lite 🛒 | Fast & Flexible WordPress eCommerce Plugin

ctc-lite

A
100

CT Commerce Lite** is an ultra-lightweight, block-based eCommerce plugin for WordPress

200 No CVEs
Prodigy Commerce

Prodigy Commerce

prodigy-commerce

A
92

A powerful alternative to self-hosted eCommerce solutions. Combine WordPress with a full-featured, PCI-compliant platform.

100 3 CVEs
Developer Profile

WC Booster Developer Profile

Eagle Vision IT

11 plugins · 2K total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WC Booster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-booster/blocks/build/blocks/carousel-product//wp-content/plugins/wc-booster/blocks/build/blocks/product//wp-content/plugins/wc-booster/blocks/build/blocks/quick-view//wp-content/plugins/wc-booster/blocks/build/blocks/search//wp-content/plugins/wc-booster/blocks/build/blocks/slide-out//wp-content/plugins/wc-booster/blocks/build/blocks/wishlist/
Script Paths
/wp-content/plugins/wc-booster/blocks/build/blocks/carousel-product/index.js/wp-content/plugins/wc-booster/blocks/build/blocks/product/index.js/wp-content/plugins/wc-booster/blocks/build/blocks/quick-view/index.js/wp-content/plugins/wc-booster/blocks/build/blocks/search/index.js/wp-content/plugins/wc-booster/blocks/build/blocks/slide-out/index.js/wp-content/plugins/wc-booster/blocks/build/blocks/wishlist/index.js
Version Parameters
wc-booster/style.css?ver=wc-booster/script.js?ver=wc-booster/blocks/build/blocks/carousel-product/index.js?ver=wc-booster/blocks/build/blocks/product/index.js?ver=wc-booster/blocks/build/blocks/quick-view/index.js?ver=wc-booster/blocks/build/blocks/search/index.js?ver=wc-booster/blocks/build/blocks/slide-out/index.js?ver=wc-booster/blocks/build/blocks/wishlist/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-booster-product-carouselwc-booster-quick-view-buttonwc-booster-search-formwc-booster-wishlist-buttonwc-booster-slide-out-cart
Data Attributes
data-wc-booster-blockdata-wc-booster-product-iddata-wc-booster-block-id
JS Globals
wc_booster_paramsWC_Booster_Blocks
REST Endpoints
/wp-json/wc-booster/v1/quick-view/wp-json/wc-booster/v1/wishlist
FAQ

Frequently Asked Questions about WC Booster