Woo Button Text Security & Risk Analysis

wordpress.org/plugins/woo-button-text

Simple WooCommerce button text changer / Styler / add to cart text changer for WooCommerce.

600 active installs v6.0.3 PHP + WP 3.9+ Updated Apr 27, 2017
add-to-cartbuy-nowwoo-add-to-cartwoo-button-text-changerwoo-commence-custom
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Woo Button Text Safe to Use in 2026?

Generally Safe

Score 85/100

Woo Button Text has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "woo-button-text" plugin, version 6.0.3, exhibits a generally good security posture with no known vulnerabilities or critical issues identified in taint analysis. The plugin demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and avoids external HTTP requests and file operations, all of which are positive indicators. The absence of any CVEs in its history further suggests a commitment to security.

However, the static analysis reveals a significant concern: the presence of the `create_function` PHP function. This function is deprecated and can be a source of security vulnerabilities if not handled with extreme care, as it allows for the dynamic creation of functions from strings, potentially enabling code injection if user input is not strictly validated. Additionally, the plugin has a concerningly low percentage of properly escaped output (42%), meaning that a substantial portion of dynamic content displayed to users might be vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks, while not directly indicative of a vulnerability without an exposed attack vector, highlights a potential weakness that could be exploited if an entry point were to be introduced in the future.

In conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the use of `create_function` and the high proportion of unescaped output represent notable risks. Developers should prioritize refactoring the use of `create_function` and implementing robust output escaping to mitigate potential security threats, particularly XSS.

Key Concerns

  • Use of deprecated `create_function`
  • Low percentage of properly escaped output
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Woo Button Text Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Woo Button Text Release Timeline

v6.0.1
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.0.4
v4.0.2
v4.0.1
v3.0.3
v3.0.1
v2.0.3
v2.0.2
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Code Analysis
Analyzed Mar 16, 2026

Woo Button Text Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
25
18 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', '$exclutips_woo_button_text = new Exclutips_woo_bwoo-button-option.php:285

Output Escaping

42% escaped43 total outputs
Attack Surface

Woo Button Text Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actionadmin_menuexclutips-option.php:13
filterwoocommerce_product_add_to_cart_textinc\add-filters.php:7
filterwoocommerce_product_single_add_to_cart_textinc\add-filters.php:15
filteradd_to_cart_textinc\add-filters.php:22
filterwoocommerce_order_button_textinc\add-filters.php:31
filterwoocommerce_related_products_argsinc\add-filters.php:47
filtergettextinc\add-filters.php:55
actionwp_enqueue_scriptsstyles\woobuttonstyle.php:43
actioninitwoo-button-option.php:24
actionadmin_initwoo-button-option.php:25
actionadmin_initwoo-button-option.php:26
actionadmin_menuwoo-button-option.php:27
actionplugins_loadedwoo-button-option.php:285
actionadmin_enqueue_scriptswoo-button-text.php:32
Maintenance & Trust

Woo Button Text Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedApr 27, 2017
PHP min version
Downloads41K

Community Trust

Rating100/100
Number of ratings7
Active installs600
Developer Profile

Woo Button Text Developer Profile

Rupom Khondaker

1 plugin · 600 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Woo Button Text

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-button-text/styles/woobuttonstyle.php/wp-content/plugins/woo-button-text/js/exclutips-jquery.js
Script Paths
js/exclutips-jquery.js

HTML / DOM Fingerprints

CSS Classes
alt
FAQ

Frequently Asked Questions about Woo Button Text