WP-Safety

Online Course Content Selling Tool Security & Risk Analysis

wordpress.org/plugins/woo-installments

This is a great plugin to sell your products like courses and online classes with partial payments or deposits. Your audience will be really happy wit …

10 active installs v1.4.0 PHP 7.0+ WP 3.0+ Updated Nov 4, 2024
coursesinstallmentsonline-course-selling-toolstripe-checkoutstripe-payments
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Online Course Content Selling Tool Safe to Use in 2026?

Generally Safe

Score 92/100

Online Course Content Selling Tool has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "woo-installments" v1.4.0 plugin exhibits a mixed security posture. While it demonstrates good practices by not having any known CVEs or critical taint flows, and it implements nonce checks across all identified AJAX handlers, there are several areas of concern that warrant attention. The plugin has a significant number of AJAX handlers with missing authentication checks, posing a direct risk of unauthorized actions. Furthermore, the low percentage of properly escaped output suggests a high probability of cross-site scripting (XSS) vulnerabilities. The SQL query usage also indicates a potential for SQL injection if not carefully managed, as only a quarter of queries are prepared. The absence of any historical vulnerabilities is a positive sign, but it doesn't negate the risks identified in the current code. Overall, while the plugin avoids known critical flaws, the identified weaknesses in input validation and authorization could be exploited by attackers.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • SQL queries not using prepared statements
  • Flows with unsanitized paths (taint analysis)
Vulnerabilities
None known

Online Course Content Selling Tool Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Online Course Content Selling Tool Release Timeline

v1.4.0Current
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
Code Analysis
Analyzed Mar 17, 2026

Online Course Content Selling Tool Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
1 prepared
Unescaped Output
167
13 escaped
Nonce Checks
11
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

25% prepared4 total queries

Output Escaping

7% escaped180 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
woo_inst_save_package_meta (inc\functions-inner.php:317)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Online Course Content Selling Tool Attack Surface

Entry Points11
Unprotected4

AJAX Handlers 10

authwp_ajax_woo_inst_save_package_metainc\functions-inner.php:313
authwp_ajax_woo_inst_del_package_metainc\functions-inner.php:456
authwp_ajax_woo_inst_save_playlistinc\functions-inner.php:1389
authwp_ajax_woo_inst_delete_playlistinc\functions-inner.php:1823
authwp_ajax_woo_inst_get_paginated_tableinc\functions-inner.php:1982
authwp_ajax_woo_inst_save_items_per_pageinc\functions-inner.php:1983
authwp_ajax_woo_inst_api_publicinc\functions.php:2023
noprivwp_ajax_woo_inst_api_publicinc\functions.php:2024
authwp_ajax_woo_inst_add_demo_contentinc\functions.php:2073
authwp_ajax_woo_inst_remove_demo_contentinc\functions.php:2120

Shortcodes 1

[woo_inst_playlist] inc\functions-inner.php:1887
WordPress Hooks 54
actionadmin_initinc\functions-inner.php:83
actionsave_postinc\functions-inner.php:347
actionwoocommerce_before_add_to_cart_forminc\functions-inner.php:481
actionwoocommerce_after_add_to_cart_forminc\functions-inner.php:482
actionadmin_initinc\functions-inner.php:533
actioninitinc\functions-inner.php:601
actionwoo_inst_add_new_tab_forminc\functions-inner.php:724
filterwoocommerce_account_menu_itemsinc\functions-inner.php:775
actioninitinc\functions-inner.php:810
actionwoocommerce_account_woo-online-courses_endpointinc\functions-inner.php:1368
filterwoocommerce_product_data_store_cpt_get_products_queryinc\functions-inner.php:2192
actionadmin_noticesinc\functions.php:243
actionadmin_noticesinc\functions.php:275
actionadmin_noticesinc\functions.php:312
actionadmin_initinc\functions.php:320
actionpre_get_postsinc\functions.php:338
actioninitinc\functions.php:488
actioninitinc\functions.php:489
actionwpinc\functions.php:500
actionwoocommerce_before_add_to_cart_buttoninc\functions.php:514
actionwoocommerce_before_add_to_cart_forminc\functions.php:668
actionwoocommerce_before_cartinc\functions.php:679
filterwoocommerce_order_item_nameinc\functions.php:758
filterwoocommerce_cart_item_nameinc\functions.php:759
filterwoocommerce_email_order_item_quantityinc\functions.php:763
filterwoocommerce_checkout_cart_item_quantityinc\functions.php:764
filterwoocommerce_cart_item_quantityinc\functions.php:765
filterwoocommerce_order_item_quantityinc\functions.php:766
filterwoocommerce_order_item_quantity_htmlinc\functions.php:767
filterwoocommerce_checkout_fieldsinc\functions.php:792
actionwp_headinc\functions.php:870
actionwoocommerce_order_status_pendinginc\functions.php:874
actionwoocommerce_order_status_failedinc\functions.php:875
actionwoocommerce_order_status_on-holdinc\functions.php:876
actionwoocommerce_order_status_processinginc\functions.php:877
actionwoocommerce_order_status_completedinc\functions.php:878
actionwoocommerce_order_status_cancelledinc\functions.php:879
actionsave_postinc\functions.php:880
actionwoocommerce_before_order_itemmetainc\functions.php:914
filterwoocommerce_product_write_panel_tabsinc\functions.php:1102
filterwoocommerce_product_data_panelsinc\functions.php:1408
actionwoocommerce_process_product_metainc\functions.php:1431
actionadd_meta_boxesinc\functions.php:1453
actionsave_postinc\functions.php:1530
filterthe_contentinc\functions.php:1533
filterwoocommerce_cart_item_quantityinc\functions.php:1966
filterwoocommerce_cart_item_priceinc\functions.php:1976
actioninitinc\functions.php:1978
filterwoocommerce_cart_item_thumbnailinc\functions.php:2047
actionpre_get_postsinc\functions.php:2380
actionwp_enqueue_scriptsindex.php:86
actionadmin_menuindex.php:89
actionadmin_enqueue_scriptsindex.php:93
actionadmin_enqueue_scriptsindex.php:96
Maintenance & Trust

Online Course Content Selling Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedNov 4, 2024
PHP min version7.0
Downloads7K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Online Course Content Selling Tool Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
94

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

8K 4 CVEs
Simple Stripe

Simple Stripe

simple-stripe

B
70

Just register your Stripe API key and use the shortcode.You can easily make a payment page anywhere.

70 1 unpatched
WPFormify – Stripe Payments with Form and Checkout

WPFormify – Stripe Payments with Form and Checkout

wpformify

A
100

In a few simple steps you can start accepting credit card payments with Stripe Checkout on your WordPress site.

10 No CVEs
Developer Profile

Online Course Content Selling Tool Developer Profile

Fahad Mahmood

44 plugins · 33K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
228 days
View full developer profile
Detection Fingerprints

How We Detect Online Course Content Selling Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-installments/css/woo-installments.css/wp-content/plugins/woo-installments/js/woo-installments.js/wp-content/plugins/woo-installments/js/woo-installments.min.js
Script Paths
/wp-content/plugins/woo-installments/js/woo-installments.js/wp-content/plugins/woo-installments/js/woo-installments.min.js
Version Parameters
woo-installments/css/woo-installments.css?ver=woo-installments/js/woo-installments.js?ver=

HTML / DOM Fingerprints

CSS Classes
woo-inst-product-packagewoo-inst-product-planwoo-inst-product-pricewoo-inst-add-to-cartwoo-inst-package-btnwoo-inst-course-planwoo-inst-buy-now
HTML Comments
KBD END WILL REMOVE .DAT FILES
Data Attributes
data-product-iddata-package-iddata-plan-id
JS Globals
woo_inst_msgswoo_inst_settingswoo_inst_pro_settings
Shortcode Output
[woo_inst_packages][woo_inst_plans][woo_inst_buy_now]
FAQ

Frequently Asked Questions about Online Course Content Selling Tool