WP-Safety

Document Preview For WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-document-preview

This will allow you to add document preview at single product page. Which helps to offer more better idea when you are selling ebooks, pdf or some doc …

100 active installs v1.5.0 PHP + WP 3.0.1+ Updated Jun 15, 2025
document-viewerebookproduct-demoproduct-samplewoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 13, 2022
Plugin page Download
Safety Verdict

Is Document Preview For WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Document Preview For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 13, 2022Updated 11mo ago
Risk Assessment

The 'woo-document-preview' v1.5.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of dangerous functions, external HTTP requests, and bundled libraries is also commendable. However, significant concerns arise from its attack surface, particularly the presence of two unprotected AJAX handlers. While the plugin has four nonces and six capability checks, the lack of authorization on these AJAX endpoints creates a clear avenue for potential unauthorized actions.

The taint analysis reveals two flows with unsanitized paths, which, while not reaching critical or high severity in this specific analysis, warrant attention. The vulnerability history shows one known medium-severity CVE related to missing authorization, reinforcing the concern highlighted by the static analysis. The fact that this CVE is no longer unpatched is positive, but the pattern of missing authorization vulnerabilities suggests a recurring weakness in the plugin's access control mechanisms that needs to be addressed.

In conclusion, 'woo-document-preview' v1.5.0 has strengths in its SQL handling and output escaping, but its security is significantly undermined by unprotected AJAX endpoints and past vulnerabilities related to authorization. The presence of unsanitized paths in taint flows, even without critical severity, adds another layer of risk. Users should be aware of the potential for unauthorized actions due to the unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Medium severity CVE (historical)
Vulnerabilities
1 published

Document Preview For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-previewmedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 1.4.0 (1057d)
Version History

Document Preview For WooCommerce Release Timeline

v1.6.0
v1.5.0Current
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
v1.2.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
v1.1.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
v1.0.21 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
v1.0.11 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
v1.0.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-woo-document-preview
Code Analysis
Analyzed Mar 16, 2026

Document Preview For WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
102 escaped
Nonce Checks
4
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped114 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
serve_local_preview (public\class-wc-document-preview-public.php:239)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Document Preview For WooCommerce Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 3

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:32
authwp_ajax_wcdp_delete_document_ajaxincludes\class-wc-document-preview.php:192
noprivwp_ajax_wcdp_delete_document_ajaxincludes\class-wc-document-preview.php:193

Shortcodes 1

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:29
WordPress Hooks 26
actionadmin_initadmin\class-wc-document-preview-admin-feedback.php:72
actionadmin_initadmin\class-wc-document-preview-admin-feedback.php:73
actionadmin_noticesadmin\class-wc-document-preview-admin-feedback.php:165
actionadmin_noticesadmin\class-wc-document-preview-admin.php:665
actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:30
actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:31
actionplugins_loadedincludes\class-wc-document-preview.php:173
actionadmin_enqueue_scriptsincludes\class-wc-document-preview.php:187
actionadmin_enqueue_scriptsincludes\class-wc-document-preview.php:188
actionadd_meta_boxesincludes\class-wc-document-preview.php:189
actionsave_postincludes\class-wc-document-preview.php:190
actionpost_edit_form_tagincludes\class-wc-document-preview.php:191
actionadmin_initincludes\class-wc-document-preview.php:194
actionadmin_menuincludes\class-wc-document-preview.php:195
actionadmin_initincludes\class-wc-document-preview.php:196
actionwp_enqueue_scriptsincludes\class-wc-document-preview.php:210
actionwp_enqueue_scriptsincludes\class-wc-document-preview.php:211
actionwoocommerce_after_add_to_cart_buttonincludes\class-wc-document-preview.php:212
actiontemplate_redirectincludes\class-wc-document-preview.php:213
actionwp_footerincludes\class-wc-document-preview.php:216
actioninitpublic\class-wc-document-preview-public.php:216
actiontemplate_redirectpublic\class-wc-document-preview-public.php:219
actionadmin_noticeswoo-product-document-preview.php:88
actionadmin_initwoo-product-document-preview.php:96
actionactivated_pluginwoo-product-document-preview.php:144
actionadmin_initwoo-product-document-preview.php:157
Maintenance & Trust

Document Preview For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 15, 2025
PHP min version
Downloads6K

Community Trust

Rating56/100
Number of ratings4
Active installs100
Alternatives

Document Preview For WooCommerce Alternatives

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

woo-product-feed-pro

A
92

Most popular WooCommerce product feed plugin supporting Google shopping feed, meta/facebook feed, bing product feed & more.

80K 8 CVEs
Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

webappick-product-feed-for-woocommerce

A
90

Create WooCommerce product feeds for Google Shopping, Facebook, TikTok & 220+ channels. 2026 compliant. 6 formats. Trusted by 70,000+ stores.

70K 5 CVEs
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Kliken: Ads + Pixel for Meta

Kliken: Ads + Pixel for Meta

kliken-ads-pixel-for-meta

A
100

Drive Sales on Facebook and Instagram in 5 minutes—upload your catalog, implement the Meta Pixel & Conversions API, and grow via Meta Advantage+ now.

40K No CVEs
Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

best-woocommerce-feed

A
99

Generate WooCommerce product feeds for 200+ marketplaces. Sell on Google Shopping, Facebook, Instagram, Amazon, eBay, TikTok and more.

10K 2 CVEs
Developer Profile

Document Preview For WooCommerce Developer Profile

wbcomdesigns

19 plugins · 10K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
807 days
View full developer profile
Detection Fingerprints

How We Detect Document Preview For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-document-preview/admin/css/wc-document-preview-admin.css/wp-content/plugins/woo-document-preview/admin/js/wc-document-preview-admin.js/wp-content/plugins/woo-document-preview/public/css/wc-document-preview-public.css/wp-content/plugins/woo-document-preview/public/js/wc-document-preview-public.js
Version Parameters
woo-document-preview/admin/css/wc-document-preview-admin.css?ver=woo-document-preview/admin/js/wc-document-preview-admin.js?ver=woo-document-preview/public/css/wc-document-preview-public.css?ver=woo-document-preview/public/js/wc-document-preview-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-document-preview-settings-pagewc-document-preview-welcome-pagewcdp-admin-noticewcdp-main-wrapper
HTML Comments
<!-- This file is read by WordPress to generate the plugin information in the plugin * admin area. This file also includes all of the dependencies used by the plugin, * registers the activation and deactivation functions, and defines a function * that starts the plugin. --><!-- If this file is called directly, abort. --><!-- Currently plugin version. --><!-- The code that runs during plugin activation. -->+13 more
Data Attributes
data-plugin-version="1.5.0"
JS Globals
window.wc_document_preview_vars
FAQ

Frequently Asked Questions about Document Preview For WooCommerce