WP-Safety

WPC Composite Products for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-composite-products

WPC Composite Products provide a powerful kit-building solution for WooCommerce store.

9K active installs v7.6.9 PHP + WP 4.0+ Updated Mar 11, 2026
componentcompositekitswoocommercewpc
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 26, 2024
Plugin page Download
Safety Verdict

Is WPC Composite Products for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

WPC Composite Products for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 26, 2024Updated 23d ago
Risk Assessment

The wpc-composite-products plugin v7.6.9 exhibits a generally strong security posture, with a significant number of entry points (10 AJAX handlers) that are all protected by authorization checks. The plugin also demonstrates good practices regarding SQL queries, with 100% using prepared statements, and a very high percentage of properly escaped output. Nonce and capability checks are present, indicating an awareness of common WordPress security mechanisms. The absence of file operations and shortcodes also reduces potential attack vectors. However, the presence of three 'unserialize' calls is a notable concern, as unserialization of untrusted data is a known vector for code execution vulnerabilities. The taint analysis, while showing no critical or high severity flows with unsanitized paths, does indicate two such flows, which warrants further investigation to confirm they are indeed benign.

Key Concerns

  • Dangerous function 'unserialize' used
  • Taint flow with unsanitized path detected
Vulnerabilities
1

WPC Composite Products for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-2838medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 26, 2024 Patched in 7.2.8 (1d)
Code Analysis
Analyzed Mar 16, 2026

WPC Composite Products for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
19
410 escaped
Nonce Checks
13
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:111
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:189
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

96% escaped429 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
admin_menu_content (includes\class-wooco.php:837)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPC Composite Products for WooCommerce Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_wooco_add_componentincludes\class-wooco.php:37
authwp_ajax_wooco_save_componentsincludes\class-wooco.php:38
authwp_ajax_wooco_export_componentsincludes\class-wooco.php:39
authwp_ajax_wooco_search_termincludes\class-wooco.php:40
authwp_ajax_wooco_search_productincludes\class-wooco.php:41
authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:19
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:20
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:21
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:22
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
WordPress Hooks 69
filterrest_request_after_callbacksincludes\class-blocks.php:84
filterwoocommerce_hydration_request_after_callbacksincludes\class-blocks.php:85
actionwoocommerce_blocks_mini-cart_block_registrationincludes\class-blocks.php:86
actionwoocommerce_blocks_cart_block_registrationincludes\class-blocks.php:92
actionwoocommerce_blocks_checkout_block_registrationincludes\class-blocks.php:98
actioninitincludes\class-wooco.php:24
actionadmin_initincludes\class-wooco.php:27
actionadmin_menuincludes\class-wooco.php:28
actionwp_enqueue_scriptsincludes\class-wooco.php:31
actionadmin_enqueue_scriptsincludes\class-wooco.php:34
actionwc_ajax_wooco_load_galleryincludes\class-wooco.php:44
filterproduct_type_selectorincludes\class-wooco.php:47
filterwoocommerce_product_data_tabsincludes\class-wooco.php:50
actionwoocommerce_product_data_panelsincludes\class-wooco.php:53
actionwoocommerce_process_product_meta_compositeincludes\class-wooco.php:54
actionwoocommerce_composite_add_to_cartincludes\class-wooco.php:57
actionwoocommerce_before_add_to_cart_buttonincludes\class-wooco.php:58
filterwoocommerce_add_to_cart_sold_individually_found_in_cartincludes\class-wooco.php:62
filterwoocommerce_add_to_cart_validationincludes\class-wooco.php:63
actionwoocommerce_add_to_cartincludes\class-wooco.php:64
filterwoocommerce_add_cart_item_dataincludes\class-wooco.php:65
filterwoocommerce_get_cart_item_from_sessionincludes\class-wooco.php:66
actionwoocommerce_restore_cart_itemincludes\class-wooco.php:69
filterdisplay_post_statesincludes\class-wooco.php:72
filterwoocommerce_cart_item_nameincludes\class-wooco.php:75
filterwoocommerce_cart_item_quantityincludes\class-wooco.php:76
filterwoocommerce_cart_item_remove_linkincludes\class-wooco.php:77
filterwoocommerce_cart_contents_countincludes\class-wooco.php:78
actionwoocommerce_cart_item_removedincludes\class-wooco.php:79
filterwoocommerce_cart_item_priceincludes\class-wooco.php:80
filterwoocommerce_cart_item_subtotalincludes\class-wooco.php:81
actionwoocommerce_after_cart_item_nameincludes\class-wooco.php:84
filterwoocommerce_cart_item_visibleincludes\class-wooco.php:88
filterwoocommerce_checkout_cart_item_visibleincludes\class-wooco.php:89
filterwoocommerce_widget_cart_item_visibleincludes\class-wooco.php:94
filterwoocommerce_order_item_visibleincludes\class-wooco.php:99
filterwoocommerce_cart_item_classincludes\class-wooco.php:104
filterwoocommerce_mini_cart_item_classincludes\class-wooco.php:105
filterwoocommerce_order_item_classincludes\class-wooco.php:106
filterwoocommerce_get_item_dataincludes\class-wooco.php:111
filterwoocommerce_order_item_get_formatted_meta_dataincludes\class-wooco.php:115
actionwoocommerce_checkout_create_order_line_itemincludes\class-wooco.php:121
filterwoocommerce_order_item_nameincludes\class-wooco.php:122
filterwoocommerce_order_formatted_line_subtotalincludes\class-wooco.php:123
actionwoocommerce_order_item_meta_startincludes\class-wooco.php:126
filterwoocommerce_hidden_order_itemmetaincludes\class-wooco.php:130
actionwoocommerce_before_order_itemmetaincludes\class-wooco.php:131
filterplugin_action_linksincludes\class-wooco.php:134
filterplugin_row_metaincludes\class-wooco.php:135
filterwoocommerce_loop_add_to_cart_linkincludes\class-wooco.php:138
actionwoocommerce_before_mini_cart_contentsincludes\class-wooco.php:141
actionwoocommerce_before_calculate_totalsincludes\class-wooco.php:142
filterwoocommerce_cart_shipping_packagesincludes\class-wooco.php:145
filterwoocommerce_get_price_htmlincludes\class-wooco.php:148
filterwoocommerce_product_price_classincludes\class-wooco.php:151
filterwoocommerce_order_again_cart_item_dataincludes\class-wooco.php:154
actionwoocommerce_cart_loaded_from_sessionincludes\class-wooco.php:155
filterwoocommerce_coupon_is_valid_for_productincludes\class-wooco.php:158
filterwoocommerce_product_export_meta_valueincludes\class-wooco.php:161
filterwoocommerce_product_import_pre_insert_product_objectincludes\class-wooco.php:164
filterwpcsm_locationsincludes\class-wooco.php:167
filterwooco_disable_nonce_checkincludes\class-wooco.php:170
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:17
actionadmin_menuincludes\dashboard\wpc-dashboard.php:18
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionplugins_loadedwpc-composite-products.php:39
actionadmin_noticeswpc-composite-products.php:43
Maintenance & Trust

WPC Composite Products for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version
Downloads585K

Community Trust

Rating92/100
Number of ratings76
Active installs9K
Alternatives

WPC Composite Products for WooCommerce Alternatives

WPC Product Bundles for WooCommerce

WPC Product Bundles for WooCommerce

woo-product-bundle

A
100

WPC Product Bundles is a plugin that helps you bundle a few products, offer them at a discount, and watch the sales go up!

30K 1 CVE
Product Bundle Builder for WooCommerce

Product Bundle Builder for WooCommerce

easy-product-bundles-for-woocommerce

A
100

WooCommerce Product Bundle help to creates Product Bundles, Composite Products, Mix and Match, BOGO deals, Offer gift products, and Assembled Products &hellip;

7K No CVEs
WPC Grouped Product for WooCommerce

WPC Grouped Product for WooCommerce

wpc-grouped-product

A
99

WPC Grouped Product helps you make up standalone products that are presented as a group.

3K 1 CVE
WPC Mystery Box for WooCommerce

WPC Mystery Box for WooCommerce

wpc-mystery-box

A
100

WPC Mystery Box allows you to sell boxes that contain randomly products.

50 No CVEs
WPC Smart Quick View for WooCommerce

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

A
96

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs
Developer Profile

WPC Composite Products for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Composite Products for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpc-composite-products/assets/css/wooco-blocks.css/wp-content/plugins/wpc-composite-products/assets/js/wooco-blocks.js
Script Paths
/wp-content/plugins/wpc-composite-products/assets/js/wooco-blocks.js
Version Parameters
wpc-composite-products/assets/css/wooco-blocks.css?ver=wpc-composite-products/assets/js/wooco-blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes
wooco_products_wrapperwooco_wrapperwooco_compositewooco_product
HTML Comments
<!-- WPC Composite Products for WooCommerce --><!-- WPC Composite Products settings --><!-- WPC Composite Products --><!-- End WPC Composite Products -->
Data Attributes
data-wooco-iddata-wooco-quantitydata-wooco-pricedata-wooco-add-textdata-wooco-remove-text
JS Globals
WPCleverWoocowooco_datawooco_params
REST Endpoints
/wp-json/wooco/v1/composite-products
Shortcode Output
<div class="wpc-composite-products"><div class="wooco_products_wrapper"><div class="wooco_wrapper">
FAQ

Frequently Asked Questions about WPC Composite Products for WooCommerce