WP-Safety

Call for Price for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-call-for-price

Allow customers to "Request a quote" or "Call for price" for WooCommerce products. You can show or hide the product price globally or per product.

8K active installs v4.2.0 PHP 7.4+ WP 4.4+ Updated Mar 2, 2026
call-for-pricerequest-a-quotewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Call for Price for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Call for Price for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "woocommerce-call-for-price" plugin version 4.2.0 exhibits a generally strong security posture based on the provided static analysis. The plugin has a minimal attack surface, with only two AJAX handlers identified and importantly, none are reported as unprotected. The use of prepared statements for all SQL queries and a high percentage of properly escaped outputs are excellent security practices that mitigate common web vulnerabilities. Furthermore, the plugin demonstrates good security hygiene with a sufficient number of nonce checks and capability checks in place, and no detected file operations or bundled outdated libraries.

While the static analysis reveals no critical or high severity issues in taint flows, and the plugin has no recorded vulnerability history, there are a few areas that warrant attention for further improvement. The presence of external HTTP requests, though not inherently a vulnerability, could potentially be a vector if the external endpoints are compromised or if data sent is not properly sanitized. The limited number of capability checks (1) for its entry points might suggest that some functionalities could be accessible with fewer privileges than ideal, though the absence of unprotected AJAX handlers mitigates immediate risk.

Overall, "woocommerce-call-for-price" v4.2.0 appears to be a securely developed plugin with robust defenses against common attack vectors. Its proactive use of prepared statements and output escaping, coupled with a clean vulnerability history, inspires confidence. However, vigilance regarding external HTTP requests and a review of capability checks for all functionalities would further enhance its already commendable security.

Key Concerns

  • External HTTP requests present potential risk
  • Limited capability checks for entry points
Vulnerabilities
None known

Call for Price for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Call for Price for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
3
53 escaped
Nonce Checks
5
Capability Checks
1
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

95% escaped56 total outputs
Attack Surface

Call for Price for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_tyche_plugin_deactivation_submit_actionincludes\class-tyche-plugin-deactivation.php:86
authwp_ajax_tyche_plugin_deactivation_submit_actionincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:93
WordPress Hooks 49
actioninitincludes\admin\class-wc-call-for-price-settings-general.php:47
filterwoocommerce_get_sections_alg_call_for_priceincludes\admin\class-wc-call-for-price-settings-general.php:49
actionadd_meta_boxesincludes\admin\class-wc-call-for-price-settings-per-product.php:32
actionsave_postincludes\admin\class-wc-call-for-price-settings-per-product.php:33
filterwoocommerce_get_sections_alg_call_for_priceincludes\admin\class-wc-call-for-price-settings-product-types.php:39
actioninitincludes\admin\class-wc-call-for-price-settings-product-types.php:40
actionwoocommerce_admin_field_alg_wc_call_for_price_textareaincludes\admin\class-wc-call-for-price-settings-product-types.php:41
filterwoocommerce_admin_settings_sanitize_optionincludes\admin\class-wc-call-for-price-settings-product-types.php:42
filtercfp_lite_ts_tracker_dataincludes\class-cfp-lite-data-tracking.php:30
actionadmin_footerincludes\class-cfp-lite-data-tracking.php:31
actioncfp_lite_init_tracker_completedincludes\class-cfp-lite-data-tracking.php:33
filtercfp_lite_ts_tracker_display_noticeincludes\class-cfp-lite-data-tracking.php:34
actionadmin_print_scripts-plugins.phpincludes\class-tyche-plugin-deactivation.php:85
actionwoocommerce_before_single_productincludes\class-wc-call-for-price-compatibility.php:34
actionwoocommerce_after_single_productincludes\class-wc-call-for-price-compatibility.php:35
actionwoocommerce_before_shop_loop_itemincludes\class-wc-call-for-price-compatibility.php:36
actionwoocommerce_after_shop_loop_itemincludes\class-wc-call-for-price-compatibility.php:37
actionwoocommerce_single_product_summaryincludes\class-wc-call-for-price-compatibility.php:60
actionwoocommerce_single_product_summaryincludes\class-wc-call-for-price-compatibility.php:61
actionwoocommerce_after_shop_loop_item_titleincludes\class-wc-call-for-price-compatibility.php:86
actionwoocommerce_after_shop_loop_item_titleincludes\class-wc-call-for-price-compatibility.php:87
actioninitincludes\class-wc-call-for-price.php:43
filterwoocommerce_sale_flashincludes\class-wc-call-for-price.php:45
filterwoocommerce_variation_is_visibleincludes\class-wc-call-for-price.php:49
actionadmin_headincludes\class-wc-call-for-price.php:50
actionwp_headincludes\class-wc-call-for-price.php:53
filterwoocommerce_get_price_htmlincludes\class-wc-call-for-price.php:75
filterwoocommerce_is_purchasableincludes\class-wc-call-for-price.php:77
filterwoocommerce_get_variation_prices_hashincludes\class-wc-call-for-price.php:84
filterwoocommerce_product_add_to_cart_textincludes\class-wc-call-for-price.php:87
filterwoocommerce_loop_add_to_cart_linkincludes\class-wc-call-for-price.php:91
filterwoocommerce_variable_price_htmlincludes\class-wc-call-for-price.php:97
filterwp_headincludes\class-wc-call-for-price.php:99
filterwoocommerce_show_variation_priceincludes\class-wc-call-for-price.php:103
actionadmin_enqueue_scriptsincludes\class-wc-call-for-price.php:106
filterwoocommerce_variation_prices_priceincludes\class-wc-call-for-price.php:338
filterwoocommerce_product_variation_get_priceincludes\class-wc-call-for-price.php:340
filterwoocommerce_empty_price_htmlincludes\class-wc-call-for-price.php:565
filterwoocommerce_variable_empty_price_htmlincludes\class-wc-call-for-price.php:566
filterwoocommerce_grouped_empty_price_htmlincludes\class-wc-call-for-price.php:567
filterwoocommerce_variation_empty_price_htmlincludes\class-wc-call-for-price.php:568
filterwoocommerce_short_descriptionincludes\class-wc-call-for-price.php:570
actionadmin_print_scripts-plugins.phpincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:92
actionadmin_noticesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:81
filtercron_schedulesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:82
actionadmin_initincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:83
actioninitwoocommerce-call-for-price.php:107
filterwoocommerce_get_settings_pageswoocommerce-call-for-price.php:114
actionbefore_woocommerce_initwoocommerce-call-for-price.php:116
Maintenance & Trust

Call for Price for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedMar 2, 2026
PHP min version7.4
Downloads147K

Community Trust

Rating78/100
Number of ratings27
Active installs8K
Alternatives

Call for Price for WooCommerce Alternatives

Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

product-enquiry-for-woocommerce

A
99

Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.

10K 1 CVE
YITH Request a Quote for WooCommerce

YITH Request a Quote for WooCommerce

yith-woocommerce-request-a-quote

A
93

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K 3 CVEs
Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

get-a-quote-button-for-woocommerce

A
98

Request a Quote for WooCommerce and Elementor plugin shows a Contact Form 7 or WPForms popup on button click. Quote for WooCommerce, price on request.

6K 1 CVE
CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce

woocommerce-catalog-enquiry

A
96

WooCommerce Catalog Mode, product enquiry, and request a quote plugin. Hide prices, disable cart, and collect enquiries easily.

6K 5 CVEs
Custom Price for WooCommerce

Custom Price for WooCommerce

custom-price-for-woocommerce

A
100

Name your price WooCommerce plugin. Add the custom price field for products. Let your customers decide how much they want to pay for products.

3K No CVEs
Developer Profile

Call for Price for WooCommerce Developer Profile

tychesoftwares

20 plugins · 160K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
232 days
View full developer profile
Detection Fingerprints

How We Detect Call for Price for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-call-for-price/includes/js/plugin-deactivation.js

HTML / DOM Fingerprints

Data Attributes
data-alg-wc-cfp-product-iddata-alg-wc-cfp-product-skudata-alg-wc-cfp-cart-iddata-alg-wc-cfp-cart-skudata-alg-wc-cfp-add-to-cart-urldata-alg-wc-cfp-add-to-cart-method+1 more
JS Globals
alg_wc_cfp_params
FAQ

Frequently Asked Questions about Call for Price for WooCommerce