WP-Safety

Quick View for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-quickview

Add a quick view button in the product loop so visitors can quickly view product information in a nice modal without opening the product page.

2K active installs v2.2.20 PHP + WP 4.8+ Updated Mar 12, 2026
product-quick-viewwoocommerce-lightboxwoocommerce-modalwoocommerce-popupwoocommerce-quick-view
98
A · Safe
CVEs total2
Unpatched0
Last CVENov 26, 2025
Plugin page Download
Safety Verdict

Is Quick View for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Quick View for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Nov 26, 2025Updated 2mo ago
Risk Assessment

The "woo-quickview" plugin v2.2.20 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, several areas raise concerns. The presence of two AJAX handlers without authentication checks creates a significant attack surface that could be exploited by unauthorized users. Furthermore, the use of the `unserialize` function, while not directly flagged as a taint flow risk in this analysis, is a known dangerous function that can lead to vulnerabilities if not handled with extreme caution and input validation.

The plugin's vulnerability history shows two previously disclosed medium-severity vulnerabilities, one related to information exposure and another to Cross-Site Scripting. While currently unpatched CVEs are zero, the pattern of past vulnerabilities, particularly XSS, combined with the statically identified risk of unescaped output, suggests a potential for new vulnerabilities to emerge if code quality is not maintained. The overall security is weakened by the unprotected entry points and the historical context, despite some strong defensive coding practices in other areas.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function (unserialize)
  • Past medium severity vulnerabilities
Vulnerabilities
2 published

Quick View for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-12584medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure

Nov 26, 2025 Patched in 2.2.18 (1d)
CVE-2025-58228medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick View for WooCommerce <= 2.2.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 2.2.17 (8d)
Version History

Quick View for WooCommerce Release Timeline

v2.2.20Current
v2.2.19
v2.2.18
v2.2.171 CVE
CVE-2025-12584
v2.2.162 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.152 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.142 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.132 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.122 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.112 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.102 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.92 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.82 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.72 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.62 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.52 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.42 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.32 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.22 CVEs
CVE-2025-58228 CVE-2025-12584
v2.2.12 CVEs
CVE-2025-58228 CVE-2025-12584
Code Analysis
Analyzed Mar 16, 2026

Quick View for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
59
457 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );admin\help-page\help.php:118

SQL Query Safety

100% prepared2 total queries

Output Escaping

89% escaped516 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
wqv_popup_content (class\popup.php:153)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Quick View for WooCommerce Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 5

authwp_ajax_shapedplugin_dismiss_offer_banneradmin\views\notices\offer-banner.php:33
authwp_ajax_sp-woo-quick-view-never-show-review-noticeadmin\views\notices\review.php:24
authwp_ajax_spqvp-get-iconsadmin\views\sp-framework\functions\actions.php:107
authwp_ajax_wqv_popup_contentclass\popup.php:52
noprivwp_ajax_wqv_popup_contentclass\popup.php:53

Shortcodes 1

[woo_quick_view] public\views\shortcode.php:52
WordPress Hooks 34
actionadmin_noticesadmin\views\notices\offer-banner.php:32
actionadmin_noticesadmin\views\notices\review.php:23
actionwp_enqueue_scriptsadmin\views\sp-framework\classes\abstract.class.php:47
actionadmin_menuadmin\views\sp-framework\classes\admin-options.class.php:185
actionadmin_bar_menuadmin\views\sp-framework\classes\admin-options.class.php:186
actionnetwork_admin_menuadmin\views\sp-framework\classes\admin-options.class.php:190
actionafter_setup_themeadmin\views\sp-framework\classes\setup.class.php:143
actioninitadmin\views\sp-framework\classes\setup.class.php:144
actionswitch_themeadmin\views\sp-framework\classes\setup.class.php:145
actionadmin_enqueue_scriptsadmin\views\sp-framework\classes\setup.class.php:146
actionadmin_footeradmin\views\sp-framework\functions\actions.php:159
actioncustomize_controls_print_footer_scriptsadmin\views\sp-framework\functions\actions.php:160
actionwc_ajax_sp_ajax_add_cartclass\popup.php:55
actionwqv_product_contentclass\popup.php:66
actionwqv_product_contentclass\popup.php:69
actionwqv_product_contentclass\popup.php:72
actionwqv_product_contentclass\popup.php:75
actionwqv_product_contentclass\popup.php:78
actionwqv_product_contentclass\popup.php:81
filterwoocommerce_add_to_cart_form_actionclass\popup.php:85
actionplugins_loadedincludes\class-woo-quick-view-updates.php:43
filteradmin_footer_textincludes\functions.php:24
filterupdate_footerincludes\functions.php:25
actionadmin_enqueue_scriptsincludes\functions.php:26
actionsp_wqv_enqueueincludes\functions.php:27
actionwp_enqueue_scriptspublic\views\scripts.php:49
actioninitwoo-quick-view.php:140
actionbefore_woocommerce_initwoo-quick-view.php:141
filterwoocommerce_loop_add_to_cart_linkwoo-quick-view.php:152
actionwoocommerce_after_shop_loop_itemwoo-quick-view.php:156
actionsp_wps_after_product_details_innerwoo-quick-view.php:158
filterplugin_action_linkswoo-quick-view.php:182
filterthwepof_hook_names_before_single_productwoo-quick-view.php:184
actionactivated_pluginwoo-quick-view.php:267
Maintenance & Trust

Quick View for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version
Downloads133K

Community Trust

Rating96/100
Number of ratings32
Active installs2K
Alternatives

Quick View for WooCommerce Alternatives

QODE Quick View for WooCommerce

QODE Quick View for WooCommerce

qode-quick-view-for-woocommerce

A
100

QODE Quick View for WooCommerce helps you boost conversions & sales by providing visitors with handy pop-up product previews on product list pages.

10K No CVEs
XT Quick View for WooCommerce

XT Quick View for WooCommerce

xt-woo-quick-view-lite

A
100

An interactive product quick view modal for WooCommerce that provides the user a quick access to main product information with smooth animation.

400 No CVEs
QuickSwish – WooCommerce Product Quick View

QuickSwish – WooCommerce Product Quick View

quickswish

A
100

QuickSwish is an ultimate and exclusive WooCommerce plugin that allows you to create stunning quickview button for your WooCommerce store.

300 1 CVE
Bears WooCommerce Product Quick View

Bears WooCommerce Product Quick View

bears-woocommerce-product-quick-view

A
85

This plugin is a addon of WooCommerce. Display button quick view on shop page allows users to get a quick look of products without opening the product &hellip;

10 No CVEs
ASPL Quick View for WooCommerce

ASPL Quick View for WooCommerce

aspl-quick-view-for-woocommerce

A
85

ASPL Quick View for WooCommerce makes it easier than ever for customers to browse through your woocmmerce products and make it Add-to-cart.

0 No CVEs
Developer Profile

Quick View for WooCommerce Developer Profile

ShapedPlugin LLC

18 plugins · 315K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
361 days
View full developer profile
Detection Fingerprints

How We Detect Quick View for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-quickview/assets/css/woo-quickview.css/wp-content/plugins/woo-quickview/assets/js/woo-quickview.js/wp-content/plugins/woo-quickview/assets/js/woo-quickview-frontend.js/wp-content/plugins/woo-quickview/assets/js/magnific-popup/jquery.magnific-popup.min.js
Version Parameters
woo-quickview/assets/css/woo-quickview.css?ver=woo-quickview/assets/js/woo-quickview.js?ver=woo-quickview/assets/js/woo-quickview-frontend.js?ver=woo-quickview/assets/js/magnific-popup/jquery.magnific-popup.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
sp-wqv-view-buttonsp-wqv-view-button-wrappersp-wqv-quick-view-button
HTML Comments
Quick view buttonQuick View button
Data Attributes
data-quickviewdata-product_id
JS Globals
sp_woo_quick_view_params
FAQ

Frequently Asked Questions about Quick View for WooCommerce