Does WC Tabs and Custom Fields have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Tabs and Custom Fields have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Tabs and Custom Fields compatible with WordPress 4.5.33?

According to WordPress.org data, WC Tabs and Custom Fields 0.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is WC Tabs and Custom Fields updated?

WC Tabs and Custom Fields was last updated on May 10, 2016. Frequent updates are generally a positive security signal.

What is WC Tabs and Custom Fields's security score?

WC Tabs and Custom Fields has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Tabs and Custom Fields Security & Risk Analysis

wordpress.org/plugins/wc-tabs-and-custom-fields

Create custom fields, new product page tabs and re-arrange tabs, including the default WooCommerce ones

10 active installs v0.1 PHP + WP 4.4.0+ Updated May 10, 2016

woocommerce-tabs

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WC Tabs and Custom Fields Safe to Use in 2026?

Generally Safe

Score 85/100

WC Tabs and Custom Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "wc-tabs-and-custom-fields" plugin version 0.1 exhibits a concerning security posture due to a significant number of unprotected entry points. All three identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionality. This, combined with the complete absence of nonce checks, dramatically increases the risk of unauthorized actions. While the plugin's SQL queries are correctly prepared, the output escaping is entirely absent across all identified outputs, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The taint analysis indicates flows with unsanitized paths, further reinforcing the XSS risk. The plugin's vulnerability history is clean, showing no recorded CVEs. This is positive, but it does not mitigate the immediate risks identified in the current code. In conclusion, while the plugin demonstrates good practices in SQL query handling and has no known historical vulnerabilities, the severe lack of authorization on AJAX endpoints and complete absence of output escaping pose critical security risks that require immediate attention.

Key Concerns

AJAX handlers without auth checks
No nonce checks on AJAX handlers
Output escaping not implemented
Unsanitized paths in taint flows

Vulnerabilities

None known

WC Tabs and Custom Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WC Tabs and Custom Fields Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped28 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

EWD_WCTCF_UpdateOptions (Functions\Update_EWD_WCTCF_Admin_Databases.php:80)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WC Tabs and Custom Fields Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_ewd_wctcf_tabs_update_orderFunctions\EWD_WCTCF_Process_Ajax.php:12

authwp_ajax_ewd_wctcf_tabs_update_visbilityFunctions\EWD_WCTCF_Process_Ajax.php:20

authwp_ajax_ewd_wctcf_save_cf_dataFunctions\EWD_WCTCF_Process_Ajax.php:37

WordPress Hooks 26

filterparse_queryFunctions\EWD_WCTCF_Add_Tabs_Columns.php:54

actionrestrict_manage_postsFunctions\EWD_WCTCF_Add_Tabs_Columns.php:68

filtermanage_wc_tab_posts_columnsFunctions\EWD_WCTCF_Add_Tabs_Columns.php:85

actionmanage_wc_tab_posts_custom_columnFunctions\EWD_WCTCF_Add_Tabs_Columns.php:86

filtermanage_edit-wc_tab_sortable_columnsFunctions\EWD_WCTCF_Add_Tabs_Columns.php:88

filterrequestFunctions\EWD_WCTCF_Add_Tabs_Columns.php:89

filterwoocommerce_product_data_tabsFunctions\EWD_WCTCF_Add_WC_Admin_Product_Tabs.php:13

filterwoocommerce_product_data_tabsFunctions\EWD_WCTCF_Add_WC_Admin_Product_Tabs.php:26

actionwoocommerce_product_data_panelsFunctions\EWD_WCTCF_Add_WC_Admin_Product_Tabs.php:33

actionwoocommerce_product_data_panelsFunctions\EWD_WCTCF_Add_WC_Admin_Product_Tabs.php:123

filterwoocommerce_product_tabsFunctions\EWD_WCTCF_Create_WC_Product_Page_Tabs.php:3

actionsave_postFunctions\EWD_WCTCF_Save_Post_Meta.php:3

actioninitFunctions\Register_EWD_WCTCF_Posts_Taxonomies.php:2

actionmanage_edit-wc_tab_columnsFunctions\Register_EWD_WCTCF_Posts_Taxonomies.php:42

actionmanage_wc_tab_posts_custom_columnFunctions\Register_EWD_WCTCF_Posts_Taxonomies.php:54

actionpre_get_postsFunctions\Register_EWD_WCTCF_Posts_Taxonomies.php:63

actionadmin_headMain.php:28

actionwidgets_initMain.php:29

actionadmin_noticesMain.php:30

actionadmin_menuMain.php:37

actionafter_setup_themeMain.php:43

actionadmin_enqueue_scriptsMain.php:45

actionwp_enqueue_scriptsMain.php:64

actionwp_enqueue_scriptsMain.php:71

actionactivated_pluginMain.php:84

actionadmin_initMain.php:98

Maintenance & Trust

WC Tabs and Custom Fields Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedMay 10, 2016

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WC Tabs and Custom Fields Alternatives

Product Tabs for WooCommerce

woocommerce-product-tabs

100

Discover the easy way to add extra tabs to your WooCommerce product pages.

10K No CVEs

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs

wp-expand-tabs-free

A customizable plugin to create and manage WooCommerce product tabs and WordPress tabs to organize content.

10K 5 CVEs

Product Tabs Manager for WooCommerce

product-tabs-manager-for-woocommerce

100

With Product Tabs Manager for WooCommerce You can create any tabs for products that you want

2K No CVEs

Product Tabs Manager – Custom WooCommerce Product Tabs, Extra Tabs, Tab Editor & Tab Customizer

product-tabs-manager

100

Create unlimited custom WooCommerce product tabs, manage default tabs, exclude tabs by product or category, add specifications, FAQs & more – 100% …

10 No CVEs

Dynamic Product Tabs Builder for WooCommerce

dynamic-product-tabs-builder-for-woocommerce

100

Create custom product tabs with custom content for clearer WooCommerce product pages - Defined sitewide or per product.

0 No CVEs

Developer Profile

WC Tabs and Custom Fields Developer Profile

Rustaurius

21 plugins · 66K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

716 days

View full developer profile

Detection Fingerprints

How We Detect WC Tabs and Custom Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-tabs-and-custom-fields/js/ewd-wctcf-admin-js.js/wp-content/plugins/wc-tabs-and-custom-fields/js/spectrum.js/wp-content/plugins/wc-tabs-and-custom-fields/js/ewd-wctcf-wc-product-admin-js.js/wp-content/plugins/wc-tabs-and-custom-fields/js/ewd-wctcf-js.js/wp-content/plugins/wc-tabs-and-custom-fields/css/ewd-wctcf-product-page.css/wp-content/plugins/wc-tabs-and-custom-fields/css/Admin.css/wp-content/plugins/wc-tabs-and-custom-fields/css/spectrum.css

Script Paths

js/ewd-wctcf-admin-js.jsjs/spectrum.jsjs/ewd-wctcf-wc-product-admin-js.jsjs/ewd-wctcf-js.js

HTML / DOM Fingerprints

CSS Classes

ewd-wctcf-visibility-toggle

Data Attributes

data-visibilityvaluedata-postid

JS Globals

ewd_wctcf_messageWCTCF_Full_VersionEWD_WCTCF_Version

FAQ