WP-Safety

Product Fields, Addons and Price Calculator for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-kalkulator

WooCommerce product fields, product addons and formula price calculator. Absolutely FREE - 23 different field types on your product and order page.

1K active installs v1.6.1 PHP 5.6+ WP 5.0+ Updated Apr 29, 2024
woocommerce-custom-fieldswoocommerce-custom-price-fieldwoocommerce-personalized-productwoocommerce-product-fieldswoocommerce-product-price
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Product Fields, Addons and Price Calculator for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Product Fields, Addons and Price Calculator for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'wc-kalkulator' v1.6.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history suggests a well-maintained codebase. The plugin effectively utilizes prepared statements for its SQL queries and implements robust nonce and capability checks for its entry points. A high percentage of properly escaped output further mitigates the risk of cross-site scripting vulnerabilities. The limited attack surface, consisting of a single AJAX handler, is also protected by authentication checks. There are no critical or high-severity findings from the taint analysis, and no unsanitized paths were detected, indicating a good effort in preventing common injection vulnerabilities.

However, while the overall picture is positive, there are a few minor areas that could be improved. The static analysis did not flag any dangerous functions, but the presence of file operations, although not inherently risky, could be a point of concern if not handled with extreme care. The 88% proper output escaping, while good, means that 12% of outputs are not properly escaped. This could potentially lead to low-severity cross-site scripting issues if user-supplied data is involved in those unescaped outputs. The plugin also doesn't bundle any libraries, which is a strength, but it means there's no indication of how external dependencies are managed or if they are kept up-to-date.

In conclusion, 'wc-kalkulator' v1.6.1 appears to be a secure plugin with a proactive approach to security. The strengths significantly outweigh the minor weaknesses. The lack of known vulnerabilities and the good use of security best practices like prepared statements and nonce checks are commendable. Focusing on ensuring the remaining 12% of output is properly escaped would further enhance its security profile.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

Product Fields, Addons and Price Calculator for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Product Fields, Addons and Price Calculator for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
77
580 escaped
Nonce Checks
8
Capability Checks
10
File Operations
8
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

88% escaped657 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wckalkulator_calculate_price (src\Ajax.php:97)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Product Fields, Addons and Price Calculator for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wck_notice_dismisssrc\AdminNotice.php:33
WordPress Hooks 40
actioninitsrc\AdminNotice.php:27
filtercron_schedulessrc\AdminNotice.php:28
actionadmin_noticessrc\AdminNotice.php:31
actionadmin_enqueue_scriptssrc\AdminNotice.php:34
actionwp_enqueue_scriptssrc\Ajax.php:49
filtercron_schedulessrc\Cron.php:43
actioninitsrc\Cron.php:44
actioninitsrc\FieldsetPostType.php:59
filterwoocommerce_screen_idssrc\FieldsetPostType.php:63
actionadmin_enqueue_scriptssrc\FieldsetPostType.php:64
filterwoocommerce_json_search_found_categoriessrc\FieldsetPostType.php:66
filterpost_row_actionssrc\FieldsetPostType.php:68
actionadmin_action_wck_duplicate_postsrc\FieldsetPostType.php:69
filteradmin_body_classsrc\FieldsetPostType.php:70
filterwck_admin_navigationsrc\FieldsetPostType.php:72
actionwoocommerce_before_add_to_cart_buttonsrc\FieldsetProduct.php:926
actionwoocommerce_after_add_to_cart_buttonsrc\FieldsetProduct.php:928
actioninitsrc\GlobalParametersPostType.php:33
actionload-edit.phpsrc\GlobalParametersPostType.php:39
filterwck_admin_navigationsrc\GlobalParametersPostType.php:42
actionadmin_initsrc\Settings.php:26
actionadmin_menusrc\Settings.php:27
filterwck_admin_navigationsrc\Settings.php:66
actionwoocommerce_loadedsrc\Woocommerce\Attribute.php:28
actionwoocommerce_cart_loaded_from_sessionsrc\Woocommerce\Cart.php:29
filterwoocommerce_widget_cart_item_quantitysrc\Woocommerce\Cart.php:30
filterwoocommerce_get_price_htmlsrc\Woocommerce\PriceFilter.php:27
actionwoocommerce_before_add_to_cart_buttonsrc\Woocommerce\Product.php:31
filterwoocommerce_add_to_cart_validationsrc\Woocommerce\Product.php:32
filterwoocommerce_add_cart_item_datasrc\Woocommerce\Product.php:33
actionwoocommerce_before_calculate_totalssrc\Woocommerce\Product.php:34
filterwoocommerce_cart_item_namesrc\Woocommerce\Product.php:35
actionwoocommerce_checkout_create_order_line_itemsrc\Woocommerce\Product.php:36
filterwoocommerce_order_item_quantitysrc\Woocommerce\Product.php:41
actionwp_enqueue_scriptssrc\Woocommerce\Product.php:42
actionwoocommerce_before_order_itemmetasrc\Woocommerce\Product.php:43
filterwoocommerce_hidden_order_itemmetasrc\Woocommerce\Product.php:44
actionplugins_loadedwc-kalkulator.php:107
actioncurrent_screenwc-kalkulator.php:108
actionin_admin_headerwc-kalkulator.php:141
Maintenance & Trust

Product Fields, Addons and Price Calculator for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 29, 2024
PHP min version5.6
Downloads13K

Community Trust

Rating98/100
Number of ratings46
Active installs1K
Alternatives

Product Fields, Addons and Price Calculator for WooCommerce Alternatives

Product Addons for Woocommerce – Product Options with Custom Fields

Product Addons for Woocommerce – Product Options with Custom Fields

woo-custom-product-addons

A
97

WooCommerce Product Addons Add custom fields to your WooCommerce product page. With an easy-to-use Custom Form Builder.

30K 1 CVE
YITH WooCommerce Product Add-Ons

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

A
96

Increase average order value by letting your customers purchase additional options on your products.

20K 7 CVEs
Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

Custom Product Type for WooCommerce – Add-Ons, Data, Options, Layouts, Booking & Appointments

custom-product-type-for-woocommerce

A
100

Create WooCommerce Add-Ons, Data, Options, Booking, Layouts, and Appointments as custom product types. Revolutionize store's possibilities!

70 No CVEs
Extra Product Data for WooCommerce

Extra Product Data for WooCommerce

extra-product-data-for-woocommerce

A
100

A WooCommerce plugin that collects additional user data for products and displays it in the order summary.

0 No CVEs
Extra Product Options For WooCommerce | Custom Product Addons and Fields

Extra Product Options For WooCommerce | Custom Product Addons and Fields

woo-extra-product-options

A
100

WooCommerce Extra Product Options plugin lets you add product addons (custom products field) of 20 different field types to your product page.

30K No CVEs
Developer Profile

Product Fields, Addons and Price Calculator for WooCommerce Developer Profile

Krzysztof Piątkowski

2 plugins · 1K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Product Fields, Addons and Price Calculator for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-kalkulator/assets/css/admin.nav.min.css/wp-content/plugins/wc-kalkulator/assets/js/wck.min.js
Script Paths
/wp-content/plugins/wc-kalkulator/assets/js/wck.min.js
Version Parameters
wc-kalkulator/assets/css/admin.nav.min.css?ver=wc-kalkulator/assets/js/wck.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wck-product-settings-tabswck-settings-pagewck-fieldset-settingswck-global-parameters-settings
HTML Comments
<!-- WC Kalkulator admin navigation -->
Data Attributes
data-wck-calculator-id
JS Globals
WCKalkulator
REST Endpoints
/wp-json/wckalkulator/v1/product/settings
FAQ

Frequently Asked Questions about Product Fields, Addons and Price Calculator for WooCommerce