WP-Safety

Variation Swatches for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-product-variation-swatches

Variation Swatches for WooCommerce change beautiful colors, images and buttons variation swatches for WooCommerce product attributes.

10K active installs v2.3.21 PHP 7.4+ WP 4.8+ Updated Dec 8, 2025
variation-swatcheswoocommercewoocommerce-attributeswoocommerce-variationwoocommerce-variation-swatches
100
A · Safe
CVEs total1
Unpatched0
Last CVEJul 12, 2023
Plugin page Download
Safety Verdict

Is Variation Swatches for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Variation Swatches for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 12, 2023Updated 3mo ago
Risk Assessment

The "woo-product-variation-swatches" plugin v2.3.21 exhibits a mixed security posture. While it demonstrates good practices in areas like output escaping and a lack of dangerous functions, there are notable concerns. The presence of 7 AJAX handlers, with 5 of them lacking explicit authentication checks, presents a significant attack surface. This means that without proper checks, unauthorized users could potentially interact with these handlers, leading to unintended actions or data exposure. The fact that 44% of SQL queries are not using prepared statements is also a concern, as it opens the door to potential SQL injection vulnerabilities if input is not meticulously sanitized.

The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability. While this is currently patched, it highlights a recurring pattern of input sanitization weaknesses. The last recorded vulnerability in July 2023 suggests that these issues are not entirely in the distant past. The plugin's strengths lie in its high percentage of properly escaped outputs and the absence of critical or high-severity taint flows and known CVEs. However, the combination of an exposed AJAX attack surface and potential SQL injection risks, alongside past XSS issues, suggests that further scrutiny and remediation are warranted to ensure robust security.

Key Concerns

  • 5 AJAX handlers without auth checks
  • 56% of SQL queries not using prepared statements
  • 1 medium severity CVE in vulnerability history
Vulnerabilities
1

Variation Swatches for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-37975medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Variation Swatches for WooCommerce <= 2.3.7 - Reflected Cross-Site Scripting

Jul 12, 2023 Patched in 2.3.8 (195d)
Code Analysis
Analyzed Mar 16, 2026

Variation Swatches for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
4 prepared
Unescaped Output
42
338 escaped
Nonce Checks
7
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

44% prepared9 total queries

Output Escaping

89% escaped380 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<Hooks> (app\Controllers\Hooks.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Variation Swatches for WooCommerce Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 7

authwp_ajax_ajax_woobundle_noticeapp\Controllers\BlackFridayV2.php:120
noprivwp_ajax_rtwpvs_add_variation_to_cartapp\Controllers\Hooks.php:36
authwp_ajax_rtwpvs_add_variation_to_cartapp\Controllers\Hooks.php:37
authwp_ajax_rtwpvs_dismiss_admin_black_friday_noticeapp\Controllers\Offer.php:114
authwp_ajax_rtwpvs_dismiss_admin_noticeapp\Controllers\Offer.php:190
authwp_ajax_rtwpvs_save_product_attributesapp\Controllers\ProductMetaBox.php:16
authwp_ajax_rtwpvs_reset_product_attributesapp\Controllers\ProductMetaBox.php:17
WordPress Hooks 77
filterdefault_rtwpvs_variation_attribute_options_htmlapp\Controllers\AppliedHook.php:13
actionadmin_initapp\Controllers\BlackFridayV2.php:34
actionadmin_enqueue_scriptsapp\Controllers\BlackFridayV2.php:67
actionadmin_noticesapp\Controllers\BlackFridayV2.php:75
actionadmin_footerapp\Controllers\BlackFridayV2.php:95
filterproduct_attributes_type_selectorapp\Controllers\Hooks.php:11
actionadmin_initapp\Controllers\Hooks.php:12
actionwoocommerce_product_option_termsapp\Controllers\Hooks.php:13
actiondokan_product_option_termsapp\Controllers\Hooks.php:14
filterwoocommerce_dropdown_variation_attribute_options_htmlapp\Controllers\Hooks.php:15
filterwoocommerce_ajax_variation_thresholdapp\Controllers\Hooks.php:21
actionadmin_initapp\Controllers\Hooks.php:23
filterwp_get_attachment_image_attributesapp\Controllers\Hooks.php:25
filterwoocommerce_available_variationapp\Controllers\Hooks.php:30
filterpost_classapp\Controllers\Hooks.php:31
filterwoocommerce_loop_add_to_cart_argsapp\Controllers\Hooks.php:32
filterwoocommerce_product_add_to_cart_urlapp\Controllers\Hooks.php:33
filterwoocommerce_get_script_dataapp\Controllers\Hooks.php:34
filterscript_loader_tagapp\Controllers\Hooks.php:38
actionrtwpvs_save_product_attributesapp\Controllers\Hooks.php:39
actionrtwpvs_reset_product_attributesapp\Controllers\Hooks.php:43
actionwoocommerce_save_product_variationapp\Controllers\Hooks.php:47
actionwoocommerce_update_product_variationapp\Controllers\Hooks.php:51
actionwoocommerce_delete_product_transientsapp\Controllers\Hooks.php:55
actionwoocommerce_attribute_updatedapp\Controllers\Hooks.php:59
actionwoocommerce_attribute_deletedapp\Controllers\Hooks.php:60
actionwoocommerce_attribute_addedapp\Controllers\Hooks.php:61
filterpre_update_option_rtwpvsapp\Controllers\Hooks.php:63
actioninitapp\Controllers\Hooks.php:64
filterbody_classapp\Controllers\InitHooks.php:8
actionadmin_noticesapp\Controllers\Notifications.php:9
actionadmin_noticesapp\Controllers\Notifications.php:10
actionadmin_noticesapp\Controllers\Notifications.php:11
filterplugin_row_metaapp\Controllers\Notifications.php:12
actionadmin_initapp\Controllers\Offer.php:7
actionadmin_enqueue_scriptsapp\Controllers\Offer.php:56
actionadmin_noticesapp\Controllers\Offer.php:63
actionadmin_footerapp\Controllers\Offer.php:89
actionadmin_enqueue_scriptsapp\Controllers\Offer.php:131
actionadmin_noticesapp\Controllers\Offer.php:138
actionadmin_footerapp\Controllers\Offer.php:165
actionadmin_enqueue_scriptsapp\Controllers\ProductMetaBox.php:11
actionwoocommerce_process_product_metaapp\Controllers\ProductMetaBox.php:12
actionadmin_initapp\Controllers\Review.php:16
actionadmin_initapp\Controllers\Review.php:17
actionadmin_noticesapp\Controllers\Review.php:45
actionadmin_noticesapp\Controllers\Review.php:47
actionadmin_enqueue_scriptsapp\Controllers\ScriptLoader.php:16
actionwp_enqueue_scriptsapp\Controllers\ScriptLoader.php:17
actioninitapp\Controllers\SettingsAPI.php:17
filterwoocommerce_settings_tabs_arrayapp\Controllers\SettingsAPI.php:25
actionwp_before_admin_bar_renderapp\Controllers\SettingsAPI.php:30
actionadmin_footerapp\Controllers\SettingsAPI.php:34
actiondelete_termapp\Controllers\TermMeta.php:20
actioncreated_termapp\Controllers\TermMeta.php:25
actionedit_termapp\Controllers\TermMeta.php:26
actionadmin_enqueue_scriptsapp\Controllers\TermMeta.php:27
actioninitapp\Controllers\ThemeSupport.php:9
actioninitapp\Controllers\ThemeSupport.php:12
actioninitapp\Controllers\ThemeSupport.php:15
actioninitapp\Controllers\ThemeSupport.php:18
actionwp_enqueue_scriptsapp\Controllers\ThemeSupport.php:24
actioninitapp\Controllers\ThemeSupport.php:27
actioninitapp\Controllers\ThemeSupport.php:30
filterwp_get_attachment_image_attributesapp\Controllers\ThemeSupport.php:36
filterrtwpvs_archive_add_to_cart_select_optionsapp\Controllers\ThemeSupport.php:47
filterrtwpvs_archive_add_to_cart_textapp\Controllers\ThemeSupport.php:51
filterrtwpvs_archive_add_to_cart_select_optionsapp\Controllers\ThemeSupport.php:67
filterrtwpvs_archive_add_to_cart_textapp\Controllers\ThemeSupport.php:71
filterrtwpvs_archive_add_to_cart_select_optionsapp\Controllers\ThemeSupport.php:80
filterrtwpvs_archive_add_to_cart_textapp\Controllers\ThemeSupport.php:84
filterrtwpvs_archive_add_to_cart_select_optionsapp\Controllers\ThemeSupport.php:99
filterrtwpvs_archive_add_to_cart_textapp\Controllers\ThemeSupport.php:103
filterrtwpvs_archive_add_to_cart_textapp\Controllers\ThemeSupport.php:113
actioninitapp\WooProductVariationSwatches.php:56
actionplugins_loadedapp\WooProductVariationSwatches.php:226
actionbefore_woocommerce_initwoo-product-variation-swatches.php:35
Maintenance & Trust

Variation Swatches for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version7.4
Downloads377K

Community Trust

Rating94/100
Number of ratings55
Active installs10K
Alternatives

Variation Swatches for WooCommerce Alternatives

Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

woo-variation-swatches

A
100

Beautiful Color, Image and Buttons Variation Swatches For WooCommerce Product Attributes

300K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

product-variation-swatches-for-woocommerce

A
100

Variation Swatches for WooCommerce plugin adds button, Image, radio, and color swatches to your product attribute & enhance the product selection.

10K 1 CVE
Variation Swatches for WooCommerce

Variation Swatches for WooCommerce

th-variation-swatches

A
99

Variation Swatches for WooCommerce plugin will replace default swatches to professionally styled and colourful swatches.

3K 2 CVEs
Product Variation Swatches for WooCommerce – Smart Swatches

Product Variation Swatches for WooCommerce – Smart Swatches

smart-swatches

A
100

Appealing color, image, and button variation swatches on your WooCommerce Shop and Product pages in minutes to increase sales.

800 No CVEs
Product Variation Swatches for WooCommerce – Enhance Your Product Attributes with Elegant Color, Image, and Label Swatches

Product Variation Swatches for WooCommerce – Enhance Your Product Attributes with Elegant Color, Image, and Label Swatches

wc-variation-swatches

A
100

Replace dropdowns with color, image, and label swatches for WooCommerce variations. Improve user experience and drive more conversions.

100 No CVEs
Developer Profile

Variation Swatches for WooCommerce Developer Profile

RadiusTheme

16 plugins · 213K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Variation Swatches for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-product-variation-swatches/assets/css/public/style.css/wp-content/plugins/woo-product-variation-swatches/assets/css/admin/admin.css/wp-content/plugins/woo-product-variation-swatches/assets/js/public/variation-swatches.js/wp-content/plugins/woo-product-variation-swatches/assets/js/admin/variation-swatches-admin.js
Script Paths
assets/js/public/variation-swatches.jsassets/js/admin/variation-swatches-admin.js
Version Parameters
woo-product-variation-swatches/assets/css/public/style.css?ver=woo-product-variation-swatches/assets/css/admin/admin.css?ver=woo-product-variation-swatches/assets/js/public/variation-swatches.js?ver=woo-product-variation-swatches/assets/js/admin/variation-swatches-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
rt-swatches-wrapperrt-color-swatchesrt-image-swatchesrt-button-swatchesrtwpvs-variation-wraprtwpvs-variation-attributertwpvs-attribute-headingrtsb-black-friday-notice+1 more
HTML Comments
Black Friday promotional notice controller.Black Friday promotional notice class.Displays a dismissible Black Friday promotional banner in WordPress adminInitialize the Black Friday notice.+16 more
Data Attributes
data-rtsb-dismissabledata-woobundlebfdismissable
JS Globals
ajaxurlrtwpvs
FAQ

Frequently Asked Questions about Variation Swatches for WooCommerce