WP-Safety

WooHoo! – WooCommerce customiser Security & Risk Analysis

wordpress.org/plugins/woohoo

Easily and quickly customise your WooCommerce shop.

100 active installs v1.0.2 PHP + WP 4.9.4+ Updated Aug 26, 2020
woocommercewoocommerce-customiserwoocommerce-customizer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WooHoo! – WooCommerce customiser Safe to Use in 2026?

Generally Safe

Score 85/100

WooHoo! – WooCommerce customiser has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "woohoo" plugin version 1.0.2 exhibits a generally strong security posture based on the provided static analysis. The complete absence of an attack surface, including AJAX handlers, REST API routes, shortcodes, and cron events, is a significant strength. This indicates that the plugin has no direct entry points that could be exploited by attackers. Furthermore, the code signals show no dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, all of which are excellent security practices. The 55% proper output escaping, while not 100%, is acceptable for a plugin with no identified attack surface. The lack of any recorded vulnerabilities or CVEs in its history suggests a history of secure development or a lack of significant security scrutiny, which is positive.

However, a few areas warrant attention. The 0 nonce checks and 0 capability checks are concerning, especially if there were any hidden entry points or if future versions introduce them without proper authorization checks. While the current analysis shows no direct vulnerabilities stemming from this, it represents a potential weakness. The 55% output escaping rate means that a portion of the plugin's output is not properly sanitized, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly without escaping. Given the absence of an attack surface, the immediate risk from unescaped output is low, but it's a practice that should be improved for future releases.

In conclusion, the "woohoo" plugin 1.0.2 appears to be a secure option at present due to its minimal attack surface and good coding practices regarding SQL and dangerous functions. The absence of historical vulnerabilities further bolsters this perception. The primary areas for improvement lie in ensuring 100% output escaping and implementing authorization checks (nonces and capabilities) for any future functionalities to maintain this secure standing.

Key Concerns

  • Unescaped output present (45%)
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

WooHoo! – WooCommerce customiser Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WooHoo! – WooCommerce customiser Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
18 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

55% escaped33 total outputs
Attack Surface

WooHoo! – WooCommerce customiser Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 38
filterwoocommerce_settings_tabs_arrayincludes\classes\class_woohoo.php:68
actionwoocommerce_settings_tabs_woohooincludes\classes\class_woohoo.php:69
actionwoocommerce_update_options_woohooincludes\classes\class_woohoo.php:70
filterwoocommerce_product_tabsincludes\core\additional_information_tab.php:33
filterwoocommerce_product_additional_information_headingincludes\core\additional_information_tab.php:48
filterwoocommerce_product_additional_information_headingincludes\core\additional_information_tab.php:78
filterwoocommerce_order_numberincludes\core\add_a_prefix_to_order_numbers.php:29
actionwoohoo-cart-iconincludes\core\add_cart_icon.php:81
actionwp_enqueue_scriptsincludes\core\add_cart_icon.php:105
filterwoocommerce_product_add_to_cart_textincludes\core\add_to_cart_button_text.php:90
filterwoocommerce_product_single_add_to_cart_textincludes\core\add_to_cart_button_text.php:91
actionwoocommerce_order_status_processingincludes\core\autocomplete_all_orders.php:47
filterwoocommerce_product_tabsincludes\core\description_tab.php:33
filterwoocommerce_product_description_headingincludes\core\description_tab.php:48
filterwoocommerce_product_description_headingincludes\core\description_tab.php:78
filterwoocommerce_product_thumbnails_columnsincludes\core\number_of_gallery_thumbnails_per_row.php:26
filterloop_shop_columnsincludes\core\number_of_products_per_row.php:26
filterwc_get_templateincludes\core\order_complete_page.php:34
filterwoocommerce_enable_order_notes_fieldincludes\core\order_notes_in_checkout.php:12
filtergettextincludes\core\place_order_button_text.php:39
actionwoocommerce_after_shop_loop_item_titleincludes\core\product_excerpt_on_shop_page.php:27
actionafter_setup_themeincludes\core\product_gallery_lightbox.php:27
actionafter_setup_themeincludes\core\product_gallery_slider.php:27
actionafter_setup_themeincludes\core\product_gallery_zoom.php:27
filterwoocommerce_cart_item_thumbnailincludes\core\product_images_in_cart.php:12
filtergettextincludes\core\rename_coupon_field_in_cart.php:47
filterwoocommerce_product_tabsincludes\core\reviews_tab.php:27
filtercomments_templateincludes\core\reviews_tab.php:57
actioninitincludes\core\woocommerce_breadcrumbs.php:26
actionadmin_initwoohoo.php:40
actionadmin_noticeswoohoo.php:78
actionadmin_initwoohoo.php:82
actionplugins_loadedwoohoo.php:98
actionadmin_enqueue_scriptswoohoo.php:145
actionafter_setup_themewoohoo.php:161
actionwoohoo_settings_fileswoohoo.php:243
filteradmin_footer_textwoohoo.php:317
actioncurrent_screenwoohoo.php:321
Maintenance & Trust

WooHoo! – WooCommerce customiser Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedAug 26, 2020
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

WooHoo! – WooCommerce customiser Alternatives

GoHero Store Customizer for WooCommerce

GoHero Store Customizer for WooCommerce

personalize-woocommerce-cart-page

A
90

GoHero is just a great WooCommerce extension to customize any store. Like change button text/labels, add contents and much more.

700 2 CVEs
Woomizer

Woomizer

woomizer

A
100

WooCommerce customizer with live preview.

10 No CVEs
ShopGlut – Builder for WooCommerce

ShopGlut – Builder for WooCommerce

shopglut

A
100

Builder for Woocommerce with 9 powerful modules including single product builder, cart page, checkout editor, order complete, wishlist, custom fields, …

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
Developer Profile

WooHoo! – WooCommerce customiser Developer Profile

MS

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WooHoo! – WooCommerce customiser

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woohoo/admin/css/woohoo-admin.min.css/wp-content/plugins/woohoo/public/font-awesome/css/fontawesome-all.min.css/wp-content/plugins/woohoo/admin/js/woohoo-admin.js
Script Paths
/wp-content/plugins/woohoo/admin/js/woohoo-admin.js
Version Parameters
woohoo_admin_css?ver=woohoo-admin.js?ver=fontawesome-all.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
woohoo_footer
JS Globals
woohoo
FAQ

Frequently Asked Questions about WooHoo! – WooCommerce customiser