WP-Safety

WCBox Lite – Product Slider Plugin For Woocommerce Security & Risk Analysis

wordpress.org/plugins/wcbox-lite

WCBox – Woocommerce Plugin is help to display a list of products on WordPress Sidebar using Top Rated Products, Recent Products,Best Selling Products, …

10 active installs v1.1 PHP + WP 3.0.1+ Updated Aug 17, 2016
display-product-widgetwoocommerce-advance-sliderwoocommerce-category-sliderwoocommerce-featured-product-sliderwoocommerce-featured-products-slider
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WCBox Lite – Product Slider Plugin For Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

WCBox Lite – Product Slider Plugin For Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "wcbox-lite" v1.1 plugin exhibits a mixed security posture. While it has no recorded vulnerability history, indicating a potentially stable track record, the static analysis reveals several concerning areas. The presence of an unprotected AJAX handler represents a significant entry point that could be exploited without proper authentication. Furthermore, the taint analysis highlights two flows with unsanitized paths, both classified as high severity. This suggests a risk of malicious data being processed without adequate validation, potentially leading to code injection or other vulnerabilities.

The code analysis also points to the use of a dangerous function, `create_function`, which is known to have security implications. Coupled with the fact that none of the SQL queries use prepared statements and a very low percentage (2%) of outputs are properly escaped, the plugin appears to lack fundamental security best practices in handling data and user input. The limited attack surface and the presence of nonce and capability checks are positive signs, but they are overshadowed by the identified high-severity risks and the overall lack of robust input validation and output escaping.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flow with unsanitized path (x2)
  • Dangerous function used (create_function)
  • Raw SQL queries without prepared statements
  • Very low output escaping (2%)
Vulnerabilities
None known

WCBox Lite – Product Slider Plugin For Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WCBox Lite – Product Slider Plugin For Woocommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
278
7 escaped
Nonce Checks
4
Capability Checks
10
File Operations
5
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_filter( 'wp_default_editor', create_function('', 'return "tinymce";') );vafpress-framework\bootstrap.php:195

Bundled Libraries

Select2

SQL Query Safety

0% prepared1 total queries

Output Escaping

2% escaped285 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
vp_ajax_wrapper (vafpress-framework\bootstrap.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WCBox Lite – Product Slider Plugin For Woocommerce Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_vp_ajax_wrappervafpress-framework\bootstrap.php:71

Shortcodes 1

[wcbox_slider] public\shortcode\wcbox_shortcode.php:6
WordPress Hooks 45
actionplugins_loadedincludes\class-wc-box.php:136
actionadmin_enqueue_scriptsincludes\class-wc-box.php:151
actionadmin_enqueue_scriptsincludes\class-wc-box.php:152
filterposts_clausespublic\shortcode\wcbox_tab_shortcode.php:41
filterposts_clausespublic\shortcode\wcbox_tab_widget.php:64
actionafter_setup_themevafpress-framework\bootstrap.php:41
actiontgmpa_registervafpress-framework\bootstrap.php:47
actioninitvafpress-framework\bootstrap.php:112
actioncurrent_screenvafpress-framework\bootstrap.php:113
actionadmin_enqueue_scriptsvafpress-framework\bootstrap.php:114
actioncurrent_screenvafpress-framework\bootstrap.php:115
filterclean_urlvafpress-framework\bootstrap.php:116
actionadmin_footervafpress-framework\bootstrap.php:161
filterwp_default_editorvafpress-framework\bootstrap.php:195
actioninitvafpress-framework\classes\metabox.php:43
actionvp_option_first_activationvafpress-framework\classes\option.php:81
actionadmin_menuvafpress-framework\classes\option.php:100
actionadmin_noticesvafpress-framework\classes\option.php:162
actioncurrent_screenvafpress-framework\classes\shortcodegenerator.php:47
actionadmin_footervafpress-framework\classes\shortcodegenerator.php:58
filtermce_external_pluginsvafpress-framework\classes\shortcodegenerator.php:288
filtermce_buttonsvafpress-framework\classes\shortcodegenerator.php:289
filterwp_fullscreen_buttonsvafpress-framework\classes\shortcodegenerator.php:290
filteradmin_print_stylesvafpress-framework\classes\shortcodegenerator.php:291
actionadmin_enqueue_scriptsvafpress-framework\classes\wp\enqueuer.php:27
actionadmin_headvafpress-framework\includes\wpalchemy\MetaBox.php:22
actionadmin_footervafpress-framework\includes\wpalchemy\MetaBox.php:24
actionadmin_initvafpress-framework\includes\wpalchemy\MetaBox.php:506
actionimport_post_metavafpress-framework\includes\wpalchemy\MetaBox.php:509
filteroutputvafpress-framework\includes\wpalchemy\MetaBox.php:569
actionsave_postvafpress-framework\includes\wpalchemy\MetaBox.php:579
actionadmin_headvafpress-framework\includes\wpalchemy\MetaBox.php:619
actionadmin_footervafpress-framework\includes\wpalchemy\MetaBox.php:621
actionadmin_noticeswc-box.php:33
actionadmin_noticeswc-box.php:74
actionwp_enqueue_scriptswc-box.php:289
actionwp_enqueue_scriptswc-box.php:290
actioninitwc-box.php:291
actionedit_form_after_titlewc-box.php:292
actionmanage_posts_custom_columnwc-box.php:293
filtermanage_edit-wcbox_columnswc-box.php:295
filterenter_title_herewc-box.php:296
filtertemplate_includewc-box.php:297
filterpost_row_actionswc-box.php:299
actionadmin_menuwc-box.php:323
Maintenance & Trust

WCBox Lite – Product Slider Plugin For Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedAug 17, 2016
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

WCBox Lite – Product Slider Plugin For Woocommerce Alternatives

Product Category Slider & Grid for WooCommerce – WooCategory

Product Category Slider & Grid for WooCommerce – WooCategory

woo-category-slider-grid

A
100

Display product categories in responsive sliders or grids to showcase them effectively on your WooCommerce store and improve shoppers' navigation.

10K 1 CVE
Product Category Showcase for WooCommerce

Product Category Showcase for WooCommerce

wc-category-showcase

A
99

Showcase WooCommerce product categories in sliders, grids, or blocks with styling control, responsive layouts, and shortcode support

1K 2 CVEs
WPB Category Slider for WooCommerce – Product Categories Carousel & Grid

WPB Category Slider for WooCommerce – Product Categories Carousel & Grid

wpb-woocommerce-category-slider

B
76

Display WooCommerce product categories in responsive sliders and grids to boost navigation, engagement, and product discovery.

800 1 unpatched
Dynamic Product Category Grid, Slider for WooCommerce

Dynamic Product Category Grid, Slider for WooCommerce

dynamic-product-categories-design

A
98

Show woocommerce categories in slider and grid layout with shortcode builder and Elementor widget.

200 1 CVE
Product Category Slider for Elementor

Product Category Slider for Elementor

woo-category-slider-for-elementor

A
85

Display Product Category Slider For Elementor aesthetically in a slider to your store and boost conversion rate! Highly customizable.

100 No CVEs
Developer Profile

WCBox Lite – Product Slider Plugin For Woocommerce Developer Profile

Niloy - Codeixer

7 plugins · 29K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
856 days
View full developer profile
Detection Fingerprints

How We Detect WCBox Lite – Product Slider Plugin For Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wcbox-lite/assets/css/animate.min.css/wp-content/plugins/wcbox-lite/assets/css/font-awesome.min.css/wp-content/plugins/wcbox-lite/assets/css/turbotabs.css/wp-content/plugins/wcbox-lite/assets/css/owl.carousel.css/wp-content/plugins/wcbox-lite/assets/css/wc-box-public.css/wp-content/plugins/wcbox-lite/assets/js/prettyPhoto/jquery.prettyPhoto.js/wp-content/plugins/wcbox-lite/assets/js/prettyPhoto/jquery.prettyPhoto.init.js/wp-content/plugins/wcbox-lite/assets/js/owl.carousel.min.js+3 more
Script Paths
/wp-content/plugins/wcbox-lite/assets/js/prettyPhoto/jquery.prettyPhoto.js/wp-content/plugins/wcbox-lite/assets/js/prettyPhoto/jquery.prettyPhoto.init.js/wp-content/plugins/wcbox-lite/assets/js/owl.carousel.min.js/wp-content/plugins/wcbox-lite/assets/js/turbotabs.js/wp-content/plugins/wcbox-lite/assets/js/wc-box-public.js/wp-content/plugins/wcbox-lite/assets/js/modernizr.custom.js
Version Parameters
wcbox-animatewcbox-font-awesomewcbox-turbotabswcbox-owl-carouselwcbox_prettyPhoto_csspublic-csswcbox_prettyPhotowcbox_prettyPhoto-initwcbox-owl-carouselturbotabspublic-jsmodernizr.custom

HTML / DOM Fingerprints

CSS Classes
wcbox_slider
Data Attributes
wcbox_dynamic_code
Shortcode Output
[wcbox_slider id=
FAQ

Frequently Asked Questions about WCBox Lite – Product Slider Plugin For Woocommerce