Does WooCommerce Product Fees have any unpatched vulnerabilities?

No. All known vulnerabilities in WooCommerce Product Fees have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WooCommerce Product Fees compatible with WordPress 4.9.29?

According to WordPress.org data, WooCommerce Product Fees 1.3.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WooCommerce Product Fees updated?

WooCommerce Product Fees was last updated on May 28, 2018. Frequent updates are generally a positive security signal.

What is WooCommerce Product Fees's security score?

WooCommerce Product Fees has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WooCommerce Product Fees Security & Risk Analysis

wordpress.org/plugins/woocommerce-product-fees

WooCommerce Product Fees allows you to add additional fees at checkout based on products that are in the cart.

2K active installs v1.3.0 PHP + WP 4.0+ Updated May 28, 2018

product-feesproduct-surchargewoocommercewoocommerce-feeswoocommerce-surcharge

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WooCommerce Product Fees Safe to Use in 2026?

Generally Safe

Score 85/100

WooCommerce Product Fees has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The static analysis of "woocommerce-product-fees" v1.3.0 reveals a generally strong security posture, with no identified dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, or external HTTP requests. The plugin also demonstrates good practices in output escaping, with 86% of outputs being properly escaped. The attack surface is notably small, with zero identified AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, no unprotected entry points. Taint analysis also shows no critical or high severity flows, indicating a lack of obvious data manipulation vulnerabilities. Furthermore, the plugin has no recorded vulnerability history, which suggests a well-maintained and secure codebase over time. However, the complete absence of nonce checks and capability checks across all identified entry points (even though the number of entry points is zero) presents a theoretical weakness. If new entry points were introduced without proper authentication or authorization mechanisms, this could pose a risk. Overall, based on the provided data, the plugin appears secure for its current version, but vigilance regarding future updates and the potential for introduced vulnerabilities is always advised.

Key Concerns

No nonce checks implemented
No capability checks implemented
86% output escaping is good, but 14% is not

Vulnerabilities

None known

WooCommerce Product Fees Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WooCommerce Product Fees Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped7 total outputs

Attack Surface

WooCommerce Product Fees Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 21

actionwoocommerce_get_sections_productsclasses\admin\class-wcpf-admin-global-settings.php:20

actionwoocommerce_get_settings_productsclasses\admin\class-wcpf-admin-global-settings.php:21

actionwoocommerce_coupon_optionsclasses\admin\class-wcpf-admin-global-settings.php:25

actionwoocommerce_coupon_options_saveclasses\admin\class-wcpf-admin-global-settings.php:26

filterwoocommerce_csv_product_import_mapping_optionsclasses\admin\class-wcpf-admin-global-settings.php:32

filterwoocommerce_csv_product_import_mapping_default_columnsclasses\admin\class-wcpf-admin-global-settings.php:33

filterwoocommerce_product_import_pre_insert_product_objectclasses\admin\class-wcpf-admin-global-settings.php:34

filterwoocommerce_product_export_column_namesclasses\admin\class-wcpf-admin-global-settings.php:37

filterwoocommerce_product_export_product_default_columnsclasses\admin\class-wcpf-admin-global-settings.php:38

filterwoocommerce_product_export_product_column_wcpf_fee_nameclasses\admin\class-wcpf-admin-global-settings.php:39

filterwoocommerce_product_export_product_column_wcpf_fee_amountclasses\admin\class-wcpf-admin-global-settings.php:40

filterwoocommerce_product_export_product_column_wcpf_fee_multiplierclasses\admin\class-wcpf-admin-global-settings.php:41

actionwoocommerce_product_write_panel_tabsclasses\admin\class-wcpf-admin-product-settings.php:20

actionwoocommerce_product_data_panelsclasses\admin\class-wcpf-admin-product-settings.php:21

actionwoocommerce_process_product_metaclasses\admin\class-wcpf-admin-product-settings.php:22

actionwoocommerce_product_after_variable_attributesclasses\admin\class-wcpf-admin-product-settings.php:25

actionwoocommerce_save_product_variationclasses\admin\class-wcpf-admin-product-settings.php:26

actionadmin_headclasses\admin\class-wcpf-admin-product-settings.php:29

actionplugins_loadedclasses\class-woocommerce-product-fees.php:29

actionwoocommerce_cart_calculate_feesclasses\class-woocommerce-product-fees.php:32

actionplugins_loadedwoocommerce-product-fees.php:28

Maintenance & Trust

WooCommerce Product Fees Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 28, 2018

PHP min version

Downloads38K

Community Trust

Rating96/100

Number of ratings21

Active installs2K

Alternatives

WooCommerce Product Fees Alternatives

Product Fees Toolkit for WooCommerce

product-fees-toolkit-for-woocommerce

100

Add product-level fees in WooCommerce. Fixed or percentage per product or variation, with tax, quantity and coupon support.

10 No CVEs

Additional Fees For WooCommerce Checkout

woo-additional-fees-on-checkout-wordpress

Create required/non-required multiple fees for WooCommerce checkout, apply as fixed/percentage cost upon cart quantity/amount/product/category/type.

200 2 CVEs

Flexible Fees Manager for WooCommerce

flexible-fees-manager-for-woocommerce

100

Add conditional fees to WooCommerce based on cart, products, shipping, payment methods, location, and more — without writing any code.

0 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

Developer Profile

WooCommerce Product Fees Developer Profile

Caleb Burks

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WooCommerce Product Fees

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-product-fees/assets/css/wcpf-admin-settings.css/wp-content/plugins/woocommerce-product-fees/assets/js/wcpf-admin-settings.js

Script Paths

/wp-content/plugins/woocommerce-product-fees/assets/js/wcpf-admin-settings.js

Version Parameters

woocommerce-product-fees/assets/css/wcpf-admin-settings.css?ver=woocommerce-product-fees/assets/js/wcpf-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcpf-fee-namewcpf-fee-amountwcpf-fee-multiplier

HTML Comments

Data Attributes

data-product-fee-namedata-product-fee-amountdata-product-fee-multiplier

JS Globals

wcpf_admin_settings_params

FAQ