WP-Safety

Product Carousel For WooCommerce – WoorouSell Security & Risk Analysis

wordpress.org/plugins/woorousell

WoorouSell allows you to showcase your woocommerce products in a beautiful and responsive carousel format!

300 active installs v1.1.2 PHP 5.6+ WP 4.9.8+ Updated Jan 28, 2025
ecommerceproduct-carouselwoocommercewoocommerce-carouselwoocommerce-slider
91
A · Safe
CVEs total1
Unpatched0
Last CVEJan 14, 2025
Plugin page Download
Safety Verdict

Is Product Carousel For WooCommerce – WoorouSell Safe to Use in 2026?

Generally Safe

Score 91/100

Product Carousel For WooCommerce – WoorouSell has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 14, 2025Updated 1yr ago
Risk Assessment

The "woorousell" plugin v1.1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, handling file operations securely, and making no external HTTP requests. The absence of critical or high-severity taint flows and dangerous functions is also reassuring. However, there are significant areas of concern, primarily revolving around its attack surface.

The plugin exposes two AJAX handlers without authentication checks, representing a direct pathway for potential attacks. While the total number of entry points is relatively low, the lack of proper authorization on these handlers is a notable weakness. Furthermore, the output escaping is significantly lacking, with only 15% of outputs being properly escaped, which is a strong indicator of potential Cross-Site Scripting (XSS) vulnerabilities, aligning with its past vulnerability history.

The vulnerability history reveals one medium-severity Cross-Site Scripting (XSS) vulnerability, last patched in 2025. Although currently unpatched vulnerabilities are zero, the nature of the past vulnerability and the low rate of proper output escaping strongly suggest that the risk of new XSS flaws remains elevated. The presence of Freemius v1.0, a bundled library, could also pose a risk if it's outdated and contains known vulnerabilities, though this specific version isn't flagged as a direct issue in the provided data.

Key Concerns

  • Unprotected AJAX handlers present
  • Low percentage of properly escaped output
  • Medium severity past vulnerability (XSS)
  • Bundled library (Freemius v1.0)
Vulnerabilities
1

Product Carousel For WooCommerce – WoorouSell Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22724medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Carousel For WooCommerce – WoorouSell <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 14, 2025 Patched in 1.1.1 (17d)
Code Analysis
Analyzed Mar 16, 2026

Product Carousel For WooCommerce – WoorouSell Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
187
34 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

15% escaped221 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
create_new (builder\settings-page\controller.php:190)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Product Carousel For WooCommerce – WoorouSell Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_wrslb-add-newbuilder\settings-page\controller.php:74
authwp_ajax_wrslb-create-newbuilder\settings-page\controller.php:75
authwp_ajax_wrslb-delete-carouselbuilder\settings-page\controller.php:78
authwp_ajax_wrslb-update-settingsbuilder\settings-page\controller.php:81

Shortcodes 1

[woorousell] builder\builder\controller.php:76
WordPress Hooks 8
actioninitbuilder\builder\controller.php:73
actionget_footerbuilder\builder\model.php:331
actionadmin_menubuilder\settings-page\controller.php:71
actionplugins_loadedfunctions.php:81
actioninitincludes\class-woorousell.php:163
actionwp_enqueue_scriptsincludes\class-woorousell.php:166
actionadmin_enqueue_scriptsincludes\class-woorousell.php:167
actionadmin_menuincludes\help.php:32
Maintenance & Trust

Product Carousel For WooCommerce – WoorouSell Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 28, 2025
PHP min version5.6
Downloads11K

Community Trust

Rating80/100
Number of ratings2
Active installs300
Alternatives

Product Carousel For WooCommerce – WoorouSell Alternatives

Product Carousel Slider & Grid Ultimate for WooCommerce

Product Carousel Slider & Grid Ultimate for WooCommerce

woo-product-carousel-slider-and-grid-ultimate

A
86

The most intuitive solution to make your eCommerce site visually appealing. Create & customize WooCommerce product carousel, sliders, or grids easily

7K 6 CVEs
WPB Product Slider for WooCommerce

WPB Product Slider for WooCommerce

wpb-woocommerce-product-slider

A
100

Display WooCommerce products in a responsive slider or carousel with customizable layouts to boost engagement and improve product browsing.

5K No CVEs
TWI Woocommerce Grid/Slider/Carousel Lite

TWI Woocommerce Grid/Slider/Carousel Lite

twi-woocommerce-gridslidercarousel-lite

A
85

Requires PHP: 5.6 Stable tag: 2.0.0 License: GPLv3 License URI: http://www.gnu.org/licenses/agpl-3.0.html Simple, easy and super flexible Awesome Woo &hellip;

10 No CVEs
YITH WooCommerce Product Slider Carousel

YITH WooCommerce Product Slider Carousel

yith-woocommerce-product-slider-carousel

A
99

YITH WooCommerce Product Slider Carousel allows you to create responsive product sliders!

5K 1 CVE
Carousel Upsells and Related Product for Woocommerce

Carousel Upsells and Related Product for Woocommerce

carousel-upsells-and-related-product-for-woocommerce

A
85

The plugin replaces the standard related and upsells products on carousel slider using a script glide.js that does not depend on the jquery, which muc &hellip;

1K No CVEs
Developer Profile

Product Carousel For WooCommerce – WoorouSell Developer Profile

mojofywp

2 plugins · 1K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect Product Carousel For WooCommerce – WoorouSell

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woorousell/assets/css/woorousell-frontend.css/wp-content/plugins/woorousell/assets/css/woorousell.css/wp-content/plugins/woorousell/assets/js/jquery.bxslider.min.js/wp-content/plugins/woorousell/assets/js/plugin.js
Script Paths
/wp-content/plugins/woorousell/assets/js/jquery.bxslider.min.js/wp-content/plugins/woorousell/assets/js/plugin.js
Version Parameters
woorousell/assets/css/woorousell-frontend.css?ver=woorousell/assets/css/woorousell.css?ver=woorousell/assets/js/jquery.bxslider.min.js?ver=woorousell/assets/js/plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wrsl-carousel-wrapwrsl-carousel-wrapperwrsl-carousel-itemwrsl-carousel-navwrsl-carousel-prevwrsl-carousel-nextwrsl-carousel-pager
HTML Comments
<!-- WoorouSell Carousel START --><!-- WoorouSell Carousel END -->
Data Attributes
data-wrsl-columnsdata-wrsl-speeddata-wrsl-autodata-wrsl-pausedata-wrsl-pagerdata-wrsl-controls+3 more
JS Globals
WRSLL
Shortcode Output
[woorousell
FAQ

Frequently Asked Questions about Product Carousel For WooCommerce – WoorouSell