WP-Safety

Quantity Plus Minus Button for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-quantity-plus-minus-button

Easily add plus, minus button for WooCommerce Quantity Input box in everywhere. Such: Single Page, In Loop Quantity input, Cart page , everywhere.

10K active installs v2.0.5 PHP 5.4+ WP 4.0.0+ Updated Feb 24, 2026
plus-minus-buttonqty-buttonquantitywoocommerce-quantity
100
A · Safe
CVEs total1
Unpatched0
Last CVENov 28, 2023
Plugin page Download
Safety Verdict

Is Quantity Plus Minus Button for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Quantity Plus Minus Button for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 28, 2023Updated 1mo ago
Risk Assessment

The wc-quantity-plus-minus-button plugin v2.0.5 presents a mixed security posture. While it demonstrates good practices in areas like prepared SQL statements and a high percentage of output escaping, there are significant concerns that impact its overall security. The primary area of weakness lies in its attack surface, with all three identified AJAX handlers lacking authentication checks. This means any authenticated user could potentially trigger these functions, leading to unintended actions or data manipulation. The taint analysis also revealed two flows with unsanitized paths, although they did not reach critical or high severity, this still indicates a potential for injection vulnerabilities that were not fully mitigated.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Vulnerability history includes CSRF
Vulnerabilities
1

Quantity Plus Minus Button for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-48768medium · 6.5Cross-Site Request Forgery (CSRF)

Quantity Plus Minus Button for WooCommerce by CodeAstrology <= 1.1.9 - Cross-Site Request Forgery via wqpmb_form_submit

Nov 28, 2023 Patched in 1.2.0 (56d)
Code Analysis
Analyzed Mar 16, 2026

Quantity Plus Minus Button for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
36
216 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

86% escaped252 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
update_notice_status (framework\ca-framework\app\base\notice-base.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Quantity Plus Minus Button for WooCommerce Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_update_notice_statusframework\ca-framework\app\base\notice-base.php:14
authwp_ajax_woocommerce_ajax_add_to_cartincludes\features\quantiy-archive.php:33
noprivwp_ajax_woocommerce_ajax_add_to_cartincludes\features\quantiy-archive.php:34
WordPress Hooks 25
actionadmin_menuadmin\page-loader.php:53
actionadmin_enqueue_scriptsadmin\page-loader.php:54
filteradmin_footer_textadmin\page-loader.php:95
actionwqpmb_bottom_paneladmin\premium-placeholder.php:20
actionadmin_noticesadmin\tracker.php:125
filteradmin_body_classadmin\tracker.php:126
actionadmin_headadmin\tracker.php:130
actionadmin_enqueue_scriptsframework\ca-framework\app\base\notice-base.php:13
actionadmin_noticesframework\ca-framework\app\notice.php:222
actionadmin_noticesframework\ca-framework\app\require-control.php:123
filterplugin_row_metaincludes\admin-menu.php:37
filterwqpmb_show_validationincludes\code-snippet-for-help.php:30
actionwoocommerce_before_shop_loopincludes\features\quantiy-archive.php:29
actionwp_enqueue_scriptsincludes\features\quantiy-archive.php:31
filterwoocommerce_loop_add_to_cart_linkincludes\features\quantiy-archive.php:47
filterwoocommerce_locate_templateincludes\functions.php:147
filteradmin_body_classincludes\functions.php:174
filterwqpmb_save_dataincludes\functions.php:260
filterwp_headincludes\functions.php:308
actionwp_enqueue_scriptsincludes\load-scripts.php:13
actionbefore_woocommerce_initinit.php:210
actionadmin_noticesinit.php:217
actionadmin_noticesinit.php:222
actionplugins_loadedinit.php:225
actioninitinit.php:343
Maintenance & Trust

Quantity Plus Minus Button for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 24, 2026
PHP min version5.4
Downloads205K

Community Trust

Rating88/100
Number of ratings30
Active installs10K
Alternatives

Quantity Plus Minus Button for WooCommerce Alternatives

TG Product Quantity Plus Minus Button

TG Product Quantity Plus Minus Button

product-quantity-updater

A
92

This plugin will add quantity increment and decrement buttons with the product quantity input control.

200 No CVEs
Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin

Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin

woo-advanced-discounts

A
92

A powerful WooCommerce dynamic pricing plugin for bulk discounts, free gifts, BOGOs, customer role or groups based deals and much more.

10K No CVEs
Min Max Control – Min Max Quantity & Step Control for WooCommerce

Min Max Control – Min Max Quantity & Step Control for WooCommerce

woo-min-max-quantity-step-control-single

A
100

Min Max Control plugin offers to set product's minimum, maximum quantity and step of each product individually.

10K 1 CVE
SMNTCS Quantity Increment Buttons for WooCommerce

SMNTCS Quantity Increment Buttons for WooCommerce

smntcs-woocommerce-quantity-buttons

A
92

Display the quantity increment buttons on the WooCommerce product page and the WooCommerce cart page.

3K No CVEs
Default Quantity for WooCommerce

Default Quantity for WooCommerce

default-quantity-for-woocommerce

A
100

Discover the simplest method to establish default quantities for your WooCommerce store effortlessly.

100 No CVEs
Developer Profile

Quantity Plus Minus Button for WooCommerce Developer Profile

CodeAstrology IT Firm

1 plugin · 10K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
56 days
View full developer profile
Detection Fingerprints

How We Detect Quantity Plus Minus Button for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-quantity-plus-minus-button/assets/css/frontend.css/wp-content/plugins/wc-quantity-plus-minus-button/assets/js/frontend.js/wp-content/plugins/wc-quantity-plus-minus-button/assets/js/quantity-input.js
Script Paths
/wp-content/plugins/wc-quantity-plus-minus-button/assets/js/frontend.js/wp-content/plugins/wc-quantity-plus-minus-button/assets/js/quantity-input.js
Version Parameters
/wc-quantity-plus-minus-button/assets/css/frontend.css?ver=/wc-quantity-plus-minus-button/assets/js/frontend.js?ver=/wc-quantity-plus-minus-button/assets/js/quantity-input.js?ver=

HTML / DOM Fingerprints

CSS Classes
qib-button-wrapperqib-buttonquantity-plus-minus-button-wrapperquantity-plus-minus-button
Data Attributes
data-wqpmb-id
JS Globals
WQPMB_Frontend
FAQ

Frequently Asked Questions about Quantity Plus Minus Button for WooCommerce