WP-Safety

WCB | WP Configurator Builder – Product Configurators Made Simple Security & Risk Analysis

wordpress.org/plugins/wcb-configurator-builder

Create customizable products with ease; custom product fields, real-time updates, stackable image layers, and more!

60 active installs v1.4.1 PHP 7.4+ WP 6.0+ Updated Mar 2, 2026
product-addonsproduct-builderproduct-configuratorproduct-customizerwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WCB | WP Configurator Builder – Product Configurators Made Simple Safe to Use in 2026?

Generally Safe

Score 100/100

WCB | WP Configurator Builder – Product Configurators Made Simple has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin "wcb-configurator-builder" v1.4.1 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in output escaping, with 97% of outputs properly escaped, and the vast majority of SQL queries (78%) are secured with prepared statements. The absence of known vulnerabilities in its history is also a significant strength, suggesting a commitment to security by the developers or a lack of targeted discovery so far. However, there are several concerning areas that require attention.

The static analysis reveals a notable attack surface with 24 entry points, of which 6 are unprotected. Specifically, 10 AJAX handlers were identified, and a concerning 6 of these lack authentication checks, presenting a significant risk. While the taint analysis shows no critical or high-severity unsanitized flows, the fact that all 9 analyzed flows had unsanitized paths, even if of lower severity, is a potential area of concern that warrants further investigation. The use of the dangerous `unserialize` function, though not explicitly linked to a critical vulnerability in the provided data, always carries inherent risks.

Overall, the plugin has good foundational security practices in place, particularly concerning output handling and SQL query safety. The lack of a vulnerability history is encouraging. Nevertheless, the unprotected AJAX endpoints and the presence of unsanitized taint flows are critical weaknesses that could be exploited. Addressing these specific issues should be the priority to improve the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Taint flows with unsanitized paths
  • Bundled library: Freemius v1.0
Vulnerabilities
None known

WCB | WP Configurator Builder – Product Configurators Made Simple Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WCB | WP Configurator Builder – Product Configurators Made Simple Code Analysis

Dangerous Functions
4
Raw SQL Queries
2
7 prepared
Unescaped Output
37
1028 escaped
Nonce Checks
4
Capability Checks
4
File Operations
8
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$options = unserialize( $field_option['meta_value'] );admin\wpcb-admin-functions.php:215
unserialize$value = unserialize( $wpcb_field_meta[ $field_meta_key ][0] );includes\class-wpcb-formatter.php:491
unserialize$options = unserialize( $wpcb_field_meta['_options'][0] );includes\class-wpcb-formatter.php:535
unserialize$options = unserialize( $meta['_options'][0] );includes\class-wpcb-i18n.php:257

Bundled Libraries

Freemius1.0

SQL Query Safety

78% prepared9 total queries

Output Escaping

97% escaped1065 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths
action_woocommerce_admin_order_item_values (admin\class-wpcb-admin-order.php:60)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

WCB | WP Configurator Builder – Product Configurators Made Simple Attack Surface

Entry Points24
Unprotected6

AJAX Handlers 10

authwp_ajax_wpcb_update_analyticsadmin\class-wpcb-admin.php:86
noprivwp_ajax_wpcb_update_analyticsadmin\class-wpcb-admin.php:87
authwp_ajax_wpcb_update_statisticsadmin\class-wpcb-admin.php:89
noprivwp_ajax_wpcb_update_statisticsadmin\class-wpcb-admin.php:90
noprivwp_ajax_wpcb_get_configurator_image_linkadmin\wpcb-admin-functions.php:648
authwp_ajax_wpcb_get_configurator_image_linkadmin\wpcb-admin-functions.php:649
noprivwp_ajax_wpcb_get_configurator_attribute_valuesadmin\wpcb-admin-functions.php:665
authwp_ajax_wpcb_get_configurator_attribute_valuesadmin\wpcb-admin-functions.php:666
authwp_ajax_wpcb_get_configuration_visualsincludes\posts\class-wpcb-visual.php:46
noprivwp_ajax_wpcb_get_configuration_visualsincludes\posts\class-wpcb-visual.php:47

Shortcodes 14

[wpcb_configuration] includes\class-wpcb-shortcodes.php:38
[wpcb_configuration_wrapper] includes\class-wpcb-shortcodes.php:40
[wpcb_configuration_wrapper_close] includes\class-wpcb-shortcodes.php:41
[wpcb_configuration_result] includes\class-wpcb-shortcodes.php:42
[wpcb_popup_button] includes\class-wpcb-shortcodes.php:44
[wpcb_gallery] includes\class-wpcb-shortcodes.php:45
[wpcb_gallery_nav] includes\class-wpcb-shortcodes.php:46
[wpcb_form_title] includes\class-wpcb-shortcodes.php:47
[wpcb_form] includes\class-wpcb-shortcodes.php:48
[wpcb_form_totals] includes\class-wpcb-shortcodes.php:49
[wpcb_form_actions] includes\class-wpcb-shortcodes.php:50
[wpcb_form_summary] includes\class-wpcb-shortcodes.php:51
[wpcb_step_buttons] includes\class-wpcb-shortcodes.php:52
[wpcb_step_nav] includes\class-wpcb-shortcodes.php:53
WordPress Hooks 151
actionwoocommerce_admin_order_item_headersadmin\class-wpcb-admin-order.php:38
actionwoocommerce_admin_order_item_valuesadmin\class-wpcb-admin-order.php:39
actionadmin_initadmin\class-wpcb-admin-order.php:41
actionin_admin_headeradmin\class-wpcb-admin.php:68
actionadmin_enqueue_scriptsadmin\class-wpcb-admin.php:69
filteruse_block_editor_for_post_typeadmin\class-wpcb-admin.php:71
filterwp_generate_attachment_metadataadmin\class-wpcb-admin.php:72
filterpost_row_actionsadmin\class-wpcb-admin.php:74
actionadmin_action_wpcb_duplicate_postadmin\class-wpcb-admin.php:75
actionadmin_noticesadmin\class-wpcb-admin.php:76
actionadmin_noticesadmin\class-wpcb-admin.php:77
actionadmin_initadmin\class-wpcb-admin.php:78
actionadmin_initadmin\class-wpcb-admin.php:79
actionadmin_menuadmin\class-wpcb-admin.php:80
actionadmin_menuadmin\class-wpcb-admin.php:82
actionadmin_bar_menuadmin\class-wpcb-admin.php:83
actioncurrent_screenadmin\class-wpcb-admin.php:84
filterupload_mimesadmin\class-wpcb-admin.php:92
filterwp_check_filetype_and_extadmin\class-wpcb-admin.php:93
filteradmin_footer_textadmin\class-wpcb-admin.php:353
filterupdate_footeradmin\class-wpcb-admin.php:354
actioncarbon_fields_register_fieldsadmin\class-wpcb-settings.php:41
actioncarbon_fields_register_fieldsincludes\class-wpcb-fields.php:35
actionafter_setup_themeincludes\class-wpcb-fields.php:44
actionplugins_loadedincludes\class-wpcb-i18n.php:34
filterpll_get_post_typesincludes\class-wpcb-i18n.php:36
actioncarbon_fields_container_settings_after_sidebarincludes\class-wpcb-i18n.php:37
actionadmin_initincludes\class-wpcb-i18n.php:39
actionadmin_post_do_wpcb_string_translation_actionincludes\class-wpcb-i18n.php:40
actionafter_setup_themeincludes\class-wpcb-shortcodes.php:29
actioninitincludes\posts\class-wpcb-choice.php:42
actioncarbon_fields_register_fieldsincludes\posts\class-wpcb-choice.php:43
actionsave_post_wpcb_choiceincludes\posts\class-wpcb-choice.php:44
actionsave_draft_wpcb_choiceincludes\posts\class-wpcb-choice.php:45
filtermanage_wpcb_choice_posts_columnsincludes\posts\class-wpcb-choice.php:47
actionmanage_wpcb_choice_posts_custom_columnincludes\posts\class-wpcb-choice.php:48
actioninitincludes\posts\class-wpcb-configuration.php:53
actioncarbon_fields_register_fieldsincludes\posts\class-wpcb-configuration.php:54
actioncarbon_fields_register_fieldsincludes\posts\class-wpcb-configuration.php:55
actionsave_post_wpcb_configurationincludes\posts\class-wpcb-configuration.php:57
filtermanage_wpcb_configuration_posts_columnsincludes\posts\class-wpcb-configuration.php:59
actionmanage_wpcb_configuration_posts_custom_columnincludes\posts\class-wpcb-configuration.php:60
filterallowed_block_types_allincludes\posts\class-wpcb-configuration.php:62
actionwpincludes\posts\class-wpcb-configuration.php:64
filterpost_row_actionsincludes\posts\class-wpcb-configuration.php:65
actioninitincludes\posts\class-wpcb-input.php:42
actioncarbon_fields_register_fieldsincludes\posts\class-wpcb-input.php:43
actionsave_post_wpcb_inputincludes\posts\class-wpcb-input.php:44
filtermanage_wpcb_input_posts_columnsincludes\posts\class-wpcb-input.php:46
actionmanage_wpcb_input_posts_custom_columnincludes\posts\class-wpcb-input.php:47
actioninitincludes\posts\class-wpcb-visual.php:42
actioncarbon_fields_register_fieldsincludes\posts\class-wpcb-visual.php:43
filtermanage_wpcb_visual_posts_columnsincludes\posts\class-wpcb-visual.php:49
actionmanage_wpcb_visual_posts_custom_columnincludes\posts\class-wpcb-visual.php:50
filterwoocommerce_loop_add_to_cart_linkincludes\woocommerce\class-wpcb-cart.php:30
filterwoocommerce_add_to_cart_fragmentsincludes\woocommerce\class-wpcb-cart.php:31
filterwoocommerce_add_cart_item_dataincludes\woocommerce\class-wpcb-cart.php:32
filterwoocommerce_get_item_dataincludes\woocommerce\class-wpcb-cart.php:33
filterwoocommerce_cart_item_nameincludes\woocommerce\class-wpcb-cart.php:34
filterwoocommerce_cart_item_permalinkincludes\woocommerce\class-wpcb-cart.php:35
filterwoocommerce_cart_item_thumbnailincludes\woocommerce\class-wpcb-cart.php:36
filterwoocommerce_store_api_cart_item_imagesincludes\woocommerce\class-wpcb-cart.php:37
filterwoocommerce_cart_shipping_packagesincludes\woocommerce\class-wpcb-cart.php:38
filterwoocommerce_cart_get_taxesincludes\woocommerce\class-wpcb-cart.php:39
filterwoocommerce_add_cart_itemincludes\woocommerce\class-wpcb-cart.php:41
filterwoocommerce_add_to_cart_redirectincludes\woocommerce\class-wpcb-cart.php:42
filterwoocommerce_cart_redirect_after_errorincludes\woocommerce\class-wpcb-cart.php:43
filterwoocommerce_order_again_cart_item_dataincludes\woocommerce\class-wpcb-cart.php:45
actionwoocommerce_add_to_cartincludes\woocommerce\class-wpcb-cart.php:47
actionwoocommerce_before_calculate_totalsincludes\woocommerce\class-wpcb-cart.php:48
actionwoocommerce_remove_cart_itemincludes\woocommerce\class-wpcb-cart.php:49
filterwoocommerce_cart_item_priceincludes\woocommerce\class-wpcb-cart.php:51
actionwoocommerce_add_to_cartincludes\woocommerce\class-wpcb-cart.php:483
actionwoocommerce_remove_cart_itemincludes\woocommerce\class-wpcb-cart.php:906
actionwoocommerce_checkout_create_order_line_itemincludes\woocommerce\class-wpcb-order.php:29
actionwoocommerce_checkout_update_order_metaincludes\woocommerce\class-wpcb-order.php:30
filterwoocommerce_cart_item_nameincludes\woocommerce\class-wpcb-order.php:32
filterwoocommerce_order_item_nameincludes\woocommerce\class-wpcb-order.php:33
filterwoocommerce_email_order_items_argsincludes\woocommerce\class-wpcb-order.php:34
filterwoocommerce_order_item_thumbnailincludes\woocommerce\class-wpcb-order.php:35
filterwoocommerce_admin_order_item_thumbnailincludes\woocommerce\class-wpcb-order.php:37
filterwoocommerce_hidden_order_itemmetaincludes\woocommerce\class-wpcb-order.php:38
actionwpincludes\woocommerce\class-wpcb-product.php:39
filterwoocommerce_get_price_htmlincludes\woocommerce\class-wpcb-product.php:41
filterwoocommerce_product_add_to_cart_urlincludes\woocommerce\class-wpcb-product.php:42
filterwoocommerce_product_add_to_cart_textincludes\woocommerce\class-wpcb-product.php:43
actioninitincludes\woocommerce\class-wpcb-product.php:45
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:138
filterwoocommerce_product_single_add_to_cart_textincludes\woocommerce\class-wpcb-product.php:146
filterwoocommerce_quantity_input_argsincludes\woocommerce\class-wpcb-product.php:147
actionwoocommerce_quantity_input_minincludes\woocommerce\class-wpcb-product.php:149
actionwoocommerce_quantity_input_maxincludes\woocommerce\class-wpcb-product.php:150
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:160
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:167
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:175
actionwoocommerce_after_single_productincludes\woocommerce\class-wpcb-product.php:176
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:178
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:189
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:205
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:212
filterwoocommerce_product_tabsincludes\woocommerce\class-wpcb-product.php:221
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:222
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:225
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:236
filterwoocommerce_single_product_image_thumbnail_htmlincludes\woocommerce\class-wpcb-product.php:252
actionwoocommerce_product_thumbnailsincludes\woocommerce\class-wpcb-product.php:253
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:256
actionwoocommerce_before_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:257
actionwoocommerce_after_add_to_cart_buttonincludes\woocommerce\class-wpcb-product.php:259
actionwoocommerce_after_add_to_cart_formincludes\woocommerce\class-wpcb-product.php:260
actionwoocommerce_before_single_product_summaryincludes\woocommerce\class-wpcb-product.php:263
actionwoocommerce_after_single_product_summaryincludes\woocommerce\class-wpcb-product.php:264
actionywraq_before_request_quote_view_itemincludes\woocommerce\class-wpcb-quote.php:32
actionywraq_from_cart_to_order_itemincludes\woocommerce\class-wpcb-quote.php:36
actionywraq_quote_adjust_priceincludes\woocommerce\class-wpcb-quote.php:37
filterywraq_add_itemincludes\woocommerce\class-wpcb-quote.php:39
filterywraq_item_dataincludes\woocommerce\class-wpcb-quote.php:40
filterywraq_request_quote_view_item_dataincludes\woocommerce\class-wpcb-quote.php:41
filterywraq_product_imageincludes\woocommerce\class-wpcb-quote.php:42
filterywraq_quote_item_thumbnailincludes\woocommerce\class-wpcb-quote.php:43
actionywraq_request_quote_email_view_item_after_titleincludes\woocommerce\class-wpcb-quote.php:44
filterwoocommerce_admin_order_item_thumbnailincludes\woocommerce\class-wpcb-quote.php:45
filteraddify_quote_item_thumbnailincludes\woocommerce\class-wpcb-quote.php:47
filterwoocommerce_admin_order_item_thumbnailincludes\woocommerce\class-wpcb-quote.php:48
filteraddify_add_quote_item_dataincludes\woocommerce\class-wpcb-quote.php:50
filteraddify_quote_item_productincludes\woocommerce\class-wpcb-quote.php:51
filterwoocommerce_get_item_dataincludes\woocommerce\class-wpcb-quote.php:52
actionwp_enqueue_scriptspublic\class-wpcb-public.php:65
actionwpcb_public_output_scriptspublic\class-wpcb-public.php:66
actionafter_setup_themepublic\class-wpcb-public.php:67
actionwp_footerpublic\class-wpcb-public.php:68
filterscript_loader_tagpublic\class-wpcb-public.php:70
filterbody_classpublic\class-wpcb-public.php:71
actionwpcb_before_templatepublic\wpcb-template-hooks.php:17
actionwpcb_before_templatepublic\wpcb-template-hooks.php:18
actionwpcb_template_visualspublic\wpcb-template-hooks.php:24
actionwpcb_template_visualspublic\wpcb-template-hooks.php:25
actionwpcb_template_visualspublic\wpcb-template-hooks.php:26
actionwpcb_template_visualspublic\wpcb-template-hooks.php:27
actionwpcb_template_visualspublic\wpcb-template-hooks.php:28
actionwpcb_template_form_headerpublic\wpcb-template-hooks.php:34
actionwpcb_template_form_headerpublic\wpcb-template-hooks.php:35
actionwpcb_template_form_optionspublic\wpcb-template-hooks.php:37
actionwpcb_template_form_footerpublic\wpcb-template-hooks.php:39
actionwpcb_template_form_footerpublic\wpcb-template-hooks.php:40
actionwpcb_template_form_footerpublic\wpcb-template-hooks.php:41
actionwpcb_before_form_summary_displaypublic\wpcb-template-hooks.php:47
actionwpcb_after_input_fieldpublic\wpcb-template-hooks.php:53
actionwpcb_after_input_field_contentpublic\wpcb-template-hooks.php:54
actionwpcb_model_viewer_contentspublic\wpcb-template-hooks.php:56
filtercontact_urlwcb-configurator-builder.php:75
Maintenance & Trust

WCB | WP Configurator Builder – Product Configurators Made Simple Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs60
Alternatives

WCB | WP Configurator Builder – Product Configurators Made Simple Alternatives

Visual Product Configurator for Woocommerce Lite

Visual Product Configurator for Woocommerce Lite

visual-products-configurator-for-woocommerce

A
100

A woocommerce product customizer for woocommerce that allows customers to build any composite product visually.

200 No CVEs
Product Configurator for WooCommerce

Product Configurator for WooCommerce

product-configurator-for-woocommerce

A
99

Allow your customers to create configurable products with a live preview of the result. Works using a layer-based system.

3K 1 CVE
YayExtra – WooCommerce Extra Product Options

YayExtra – WooCommerce Extra Product Options

yayextra

A
93

YayExtra – Product Options for WooCommerce lets you add customizable options and extra fields to your products.

1K 3 CVEs
Custom Product Builder or Configurator for WooCommerce

Custom Product Builder or Configurator for WooCommerce

wpappsdev-pcbuilder

A
100

Product Builder or Configurator: Complete PC Components Selling Solution For WooCommerce.

50 No CVEs
All Signs Options Free

All Signs Options Free

all-signs-options-free

A
100

Allow WooCommerce stores to sell customizable signs with dynamic product options and a simple, user-friendly configuration interface.

0 No CVEs
Developer Profile

WCB | WP Configurator Builder – Product Configurators Made Simple Developer Profile

Dons Digital

1 plugin · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WCB | WP Configurator Builder – Product Configurators Made Simple

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wcb-configurator-builder/assets/css/wcb-admin-style.css/wp-content/plugins/wcb-configurator-builder/assets/css/wcb-frontend.css/wp-content/plugins/wcb-configurator-builder/assets/js/wcb-admin.js/wp-content/plugins/wcb-configurator-builder/assets/js/wcb-frontend.js
Script Paths
/wp-content/plugins/wcb-configurator-builder/assets/js/wcb-admin.js/wp-content/plugins/wcb-configurator-builder/assets/js/wcb-frontend.js
Version Parameters
wcb-configurator-builder/assets/css/wcb-admin-style.css?ver=wcb-configurator-builder/assets/css/wcb-frontend.css?ver=wcb-configurator-builder/assets/js/wcb-admin.js?ver=wcb-configurator-builder/assets/js/wcb-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcb-admin-pagewcb-frontend-wrapperwcb-product-configurator
HTML Comments
<!-- START WCB Configurations --><!-- END WCB Configurations --><!-- WCB Admin Script -->
Data Attributes
data-wcb-product-iddata-wcb-config-id
JS Globals
wcb_configurator_paramswcbAdminConfig
REST Endpoints
/wp-json/wcb-configurator-builder/v1/get_configuration/wp-json/wcb-configurator-builder/v1/save_configuration
Shortcode Output
[wcb_configurator id=[wcb_product_configurator id=
FAQ

Frequently Asked Questions about WCB | WP Configurator Builder – Product Configurators Made Simple