WP-Safety

Wonder WC Checkout Review Security & Risk Analysis

wordpress.org/plugins/wonder-wc-checkout-review

Eliminate ordering mistakes from your WooCommerce store. Present your customers with a clean and comprehensive checkout review and summary.

0 active installs v0.1 PHP 7.0+ WP 5.6+ Updated Unknown
checkoutconfirmationorderreiviewwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wonder WC Checkout Review Safe to Use in 2026?

Generally Safe

Score 100/100

Wonder WC Checkout Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wonder-wc-checkout-review" v0.1 plugin exhibits a concerning security posture, primarily due to its exposed AJAX endpoints lacking any authentication or authorization checks. While the code demonstrates good practices in other areas, such as the absence of dangerous functions, SQL injection vulnerabilities, and external HTTP requests, the unprotected AJAX handlers represent a significant attack surface. These two entry points could potentially be exploited by unauthenticated users to trigger unintended actions or access sensitive information if they are not properly secured within the plugin's logic.

The taint analysis revealing "flows with unsanitized paths" is also a red flag, even though no critical or high severity issues were identified. This suggests potential avenues for data manipulation if these paths are indeed exposed through the AJAX handlers. The lack of vulnerability history is positive, but it doesn't negate the risks identified in the static analysis, especially for a version this early in its development cycle. The plugin has strengths in its structured coding practices, but the critical oversight in securing its entry points necessitates immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Lack of capability checks on entry points
  • Lack of nonce checks on AJAX handlers
Vulnerabilities
None known

Wonder WC Checkout Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Wonder WC Checkout Review Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
28
62 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

69% escaped90 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
admin_process_options (includes\class-wwcr-admin.php:140)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Wonder WC Checkout Review Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wwcr_show_review_order_page_ajaxincludes\wwcr-functions.php:17
noprivwp_ajax_wwcr_show_review_order_page_ajaxincludes\wwcr-functions.php:18
WordPress Hooks 8
actionadmin_menuincludes\class-wwcr-admin.php:36
actionadmin_headincludes\class-wwcr-admin.php:39
actionwwcr_admin_before_main_contentincludes\class-wwcr-admin.php:40
actionwwcr_admin_main_contentincludes\class-wwcr-admin.php:41
actionwp_headincludes\class-wwcr-public.php:40
actionwp_enqueue_scriptsincludes\class-wwcr-public.php:42
actionwp_enqueue_scriptsincludes\class-wwcr-public.php:46
filterwoocommerce_order_button_htmlincludes\class-wwcr-public.php:49
Maintenance & Trust

Wonder WC Checkout Review Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedUnknown
PHP min version7.0
Downloads616

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Wonder WC Checkout Review Alternatives

WC Order Test

WC Order Test

woo-order-test

A
100

Test your WooCommerce order process in seconds to ensure your checkout works correctly.

7K No CVEs
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

wpfunnels

A
89

WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c …

6K 12 CVEs
Custom Thank You Page for WooCommerce

Custom Thank You Page for WooCommerce

wc-custom-thank-you

A
100

Replace the default WooCommerce Thank You page (order received page) with a custom Thank You page.

2K No CVEs
Checkout Upsell Funnel for WooCommerce

Checkout Upsell Funnel for WooCommerce

checkout-upsell-funnel-for-woo

A
100

Elevate your checkout experience with enticing product suggestions and smart order bumps, all featuring attractive discounts

700 No CVEs
Custom Thank You for WooCommerce

Custom Thank You for WooCommerce

custom-thank-you-for-woocommerce

A
100

A popular WooCommerce extension that redirects a buyer to a custom WordPress thank you page that includes social share features.

400 No CVEs
Developer Profile

Wonder WC Checkout Review Developer Profile

edigermatthew

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wonder WC Checkout Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wonder-wc-checkout-review/assets/css/wwcr-public.css/wp-content/plugins/wonder-wc-checkout-review/assets/js/wwcr-public.js
Script Paths
/wp-content/plugins/wonder-wc-checkout-review/assets/js/wwcr-public.js
Version Parameters
wonder-wc-checkout-review/assets/css/wwcr-public.css?ver=0.1

HTML / DOM Fingerprints

CSS Classes
clip-hidewwcr-review-rowwc-review-pagecol-setreturn-checkout-linkreset-checkout-link
Data Attributes
data-wwcr-ajaxurldata-wwcr-content-wrapper-selectordata-wwcr-checkout-fields
JS Globals
inlineObj
FAQ

Frequently Asked Questions about Wonder WC Checkout Review