WP-Safety

Confetti for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-confetti

You can "start a confetti rain and display a message" according to WooCommerce cart amount with Confetti for WooCommerce.

20 active installs v1.2.0 PHP + WP 3.0.1+ Updated Jul 14, 2024
cartconfettiwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Confetti for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Confetti for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wc-confetti" plugin, version 1.2.0, demonstrates several good security practices, including the complete absence of raw SQL queries, no file operations, and no external HTTP requests. The plugin also shows a strong effort towards output escaping, with 83% of identified outputs being properly escaped. Furthermore, the lack of any recorded vulnerabilities or CVEs in its history is a positive indicator of its development and maintenance quality.

However, the plugin's security posture is significantly weakened by its attack surface. It exposes two AJAX handlers, both of which lack authentication checks. This is a critical concern, as it allows unauthenticated users to trigger potentially sensitive functionality. While taint analysis shows no critical or high-severity issues, the unprotected AJAX endpoints represent a substantial risk that could be exploited if malicious input is passed through these handlers.

In conclusion, while "wc-confetti" v1.2.0 excels in areas like data sanitization and preventing common vulnerabilities, the presence of unprotected AJAX endpoints is a major security flaw. Developers should prioritize implementing proper authentication and capability checks for these entry points to mitigate the risk of unauthorized access and potential exploitation.

Key Concerns

  • AJAX handlers without authentication checks
  • Large attack surface without auth
  • Some output not properly escaped
Vulnerabilities
None known

Confetti for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Confetti for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
10 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

83% escaped12 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wc_confetti_admin_panel (admin\class-wc-confetti-admin.php:108)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Confetti for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wc_confetti_cart_checkincludes\class-wc-confetti.php:176
noprivwp_ajax_wc_confetti_cart_checkincludes\class-wc-confetti.php:177
WordPress Hooks 8
actionplugins_loadedincludes\class-wc-confetti.php:142
actionadmin_enqueue_scriptsincludes\class-wc-confetti.php:157
actionadmin_enqueue_scriptsincludes\class-wc-confetti.php:158
actionadmin_menuincludes\class-wc-confetti.php:159
actionwp_enqueue_scriptsincludes\class-wc-confetti.php:174
actionwp_enqueue_scriptsincludes\class-wc-confetti.php:175
actionadmin_noticesincludes\class-wc-confetti.php:195
actionbefore_woocommerce_initwc-confetti.php:71
Maintenance & Trust

Confetti for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 14, 2024
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Confetti for WooCommerce Alternatives

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

woo-cart-abandonment-recovery

A
100

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K 1 CVE
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

A
96

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter …

90K 4 CVEs
Side Cart Woocommerce | Woocommerce Cart

Side Cart Woocommerce | Woocommerce Cart

side-cart-woocommerce

A
98

Manage your cart from just a click away with an interactive design

80K 3 CVEs
Direct Checkout for WooCommerce

Direct Checkout for WooCommerce

woocommerce-direct-checkout

A
100

Formerly "WooCommerce Direct Checkout". This plugin simplifies the entire WooCommerce checkout process to improve your sales rate.

80K No CVEs
Menu Cart for WooCommerce

Menu Cart for WooCommerce

woocommerce-menu-bar-cart

A
100

Automatically displays a shopping cart in your menu bar. Works with WooCommerce and Easy Digital Downloads (EDD)

80K 1 CVE
Developer Profile

Confetti for WooCommerce Developer Profile

emreguler

2 plugins · 1K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Confetti for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-confetti/css/wc-confetti-admin.css/wp-content/plugins/wc-confetti/js/wc-confetti-admin.js/wp-content/plugins/wc-confetti/js/wc-confetti.js/wp-content/plugins/wc-confetti/css/wc-confetti.css
Script Paths
/wp-content/plugins/wc-confetti/js/wc-confetti.js/wp-content/plugins/wc-confetti/js/wc-confetti-admin.js
Version Parameters
wc-confetti/css/wc-confetti-admin.css?ver=wc-confetti/js/wc-confetti-admin.js?ver=wc-confetti/js/wc-confetti.js?ver=wc-confetti/css/wc-confetti.css?ver=

HTML / DOM Fingerprints

CSS Classes
wcc-confetti-container
HTML Comments
<!-- Confetti for WooCommerce -->
Data Attributes
data-wcc-delaydata-wcc-durationdata-wcc-amountdata-wcc-textdata-wcc-fontdata-wcc-size+5 more
JS Globals
wcConfetti
Shortcode Output
[wc_confetti]
FAQ

Frequently Asked Questions about Confetti for WooCommerce