WP-Safety

Cart Weight for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-cart-weight

Display product weight at WooCommerce cart and checkout. No configuration needed — just activate the plugin and see total weight automatically!

1K active installs v1.9.17 PHP 7.4+ WP 6.4+ Updated Mar 31, 2026
cart-weightorder-total-weightproduct-weighttotal-weightweight
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 30, 2025
Plugin page Download
Safety Verdict

Is Cart Weight for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Cart Weight for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 30, 2025Updated 1mo ago
Risk Assessment

The 'woo-cart-weight' plugin version 1.9.16 exhibits a mixed security posture. While the static analysis reveals a very small attack surface with no unprotected entry points and a good number of nonce and capability checks, there are significant concerns in its code quality and historical vulnerability patterns. The presence of dangerous functions like 'proc_open' and 'shell_exec' is a serious red flag, suggesting the potential for code execution vulnerabilities, even if current taint analysis doesn't show immediate exploitable flows. Furthermore, the complete lack of prepared statements for SQL queries significantly increases the risk of SQL injection attacks.

The plugin's vulnerability history, despite having no currently unpatched CVEs, shows a past medium-severity vulnerability specifically related to missing authorization. This pattern, combined with the observed code signals, suggests a recurring theme of insecure coding practices related to input validation and access control. While the plugin has a low overall attack surface and generally attempts to implement security checks, the identified dangerous functions and raw SQL queries present substantial risks that outweigh the positive aspects of its limited entry points.

Key Concerns

  • Dangerous functions found (proc_open, shell_exec)
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • 1 medium CVE in vulnerability history
Vulnerabilities
1 published

Cart Weight for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-66109medium · 5.3Missing Authorization

Cart Weight for WooCommerce <= 1.9.11 - Missing Authorization

Nov 30, 2025 Patched in 1.9.12 (12d)
Version History

Cart Weight for WooCommerce Release Timeline

v1.9.17Current
v1.9.16
v1.9.15
v1.9.14
v1.9.13
v1.9.12
v1.9.111 CVE
CVE-2025-66109
v1.9.101 CVE
CVE-2025-66109
v1.9.91 CVE
CVE-2025-66109
v1.9.81 CVE
CVE-2025-66109
v1.9.71 CVE
CVE-2025-66109
v1.9.51 CVE
CVE-2025-66109
v1.9.41 CVE
CVE-2025-66109
v1.9.31 CVE
CVE-2025-66109
v1.9.21 CVE
CVE-2025-66109
v1.9.11 CVE
CVE-2025-66109
v1.9.01 CVE
CVE-2025-66109
v1.8.131 CVE
CVE-2025-66109
v1.8.121 CVE
CVE-2025-66109
v1.8.111 CVE
CVE-2025-66109
Code Analysis
Analyzed Mar 16, 2026

Cart Weight for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
2
0 prepared
Unescaped Output
53
46 escaped
Nonce Checks
5
Capability Checks
4
File Operations
18
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
shell_exec$branches = shell_exec('git branch -v --no-abbrev');vendor_prefixed\monolog\monolog\src\Monolog\Processor\GitProcessor.php:60
shell_exec$result = explode(' ', trim((string) shell_exec('hg id -nb')));vendor_prefixed\monolog\monolog\src\Monolog\Processor\MercurialProcessor.php:59

SQL Query Safety

0% prepared2 total queries

Output Escaping

46% escaped99 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cart Weight for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 35
filteroctolize-checkout-block-integration-woo-cart-weight-datasrc\Block\StoreEndpointData.php:11
actionwoocommerce_initsrc\Plugin.php:147
actionwoocommerce_blocks_checkout_block_registrationvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\Registrator.php:25
actionwoocommerce_blocks_cart_block_registrationvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\Registrator.php:28
actionwoocommerce_blocks_loadedvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\StoreEndpoint.php:24
actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41
actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55
filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82
actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37
filteroctolize/shipping-extensions/header-promovendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:15
filteroctolize/shipping-extensions/should-add-badgevendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:16
actionoctolize/shipping-extensions/view-trackingvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:17
actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40
actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29
actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29
actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
actionbefore_woocommerce_initwoocommerce-cart-weight.php:62
Maintenance & Trust

Cart Weight for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version7.4
Downloads105K

Community Trust

Rating100/100
Number of ratings13
Active installs1K
Alternatives

Cart Weight for WooCommerce Alternatives

Product Weight – Price Per Weight

Product Weight – Price Per Weight

product-weight

A
85

Show Product Weight and Product Price Per weight on WooCommerce single category and product page. Show Price per 100g and 1kg. 100% FREE PLUGIN - compatible with WooCommerce products, show support, rate 5 stars and share :).

0 No CVEs
WC Weight Meter

WC Weight Meter

wc-weight-meter

A
92

A WooCommerce weight meter plugin that allows customers to view the total weight of their cart in real-time with a customizable progress bar.

0 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Weight Based Shipping for WooCommerce

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

A
100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE
WC – APG Weight Shipping

WC – APG Weight Shipping

woocommerce-apg-weight-and-postcodestatecountry-shipping

A
100

Add to WooCommerce shipping costs calculating based on weight, size and post code, state (province) and/or customer’s country.

6K No CVEs
Developer Profile

Cart Weight for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect Cart Weight for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-cart-weight/src/Blocks/style-index.css/wp-content/plugins/woo-cart-weight/src/Blocks/index.js/wp-content/plugins/woo-cart-weight/src/Blocks/style-index.asset.php/wp-content/plugins/woo-cart-weight/src/Blocks/index.asset.php/wp-content/plugins/woo-cart-weight/src/Blocks/style-index.css/wp-content/plugins/woo-cart-weight/src/Blocks/style-index.asset.php/wp-content/plugins/woo-cart-weight/src/Blocks/index.js/wp-content/plugins/woo-cart-weight/src/Blocks/index.asset.php+8 more
Script Paths
/wp-content/plugins/woo-cart-weight/src/Blocks/index.js/wp-content/plugins/woo-cart-weight/src/Blocks/index.js/wp-content/plugins/woo-cart-weight/src/Blocks/block.js/wp-content/plugins/woo-cart-weight/src/Blocks/frontend.js
Version Parameters
woo-cart-weight/style.css?ver=woo-cart-weight/index.js?ver=woo-cart-weight/block.js?ver=woo-cart-weight/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-cart-weight-shipping-method
JS Globals
wc_cart_weight_params
FAQ

Frequently Asked Questions about Cart Weight for WooCommerce