Does WPC External Variations for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in WPC External Variations for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPC External Variations for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, WPC External Variations for WooCommerce 1.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WPC External Variations for WooCommerce updated?

WPC External Variations for WooCommerce was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is WPC External Variations for WooCommerce's security score?

WPC External Variations for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPC External Variations for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-external-variations

WPC External Variations allows you to define an external URL for any variation.

300 active installs v1.0.7 PHP + WP 4.0+ Updated Dec 4, 2025

external-variationsvariationwoocommercewpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPC External Variations for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPC External Variations for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The wpc-external-variations plugin, version 1.0.7, exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history are positive indicators. The code analysis reveals good practices such as 100% use of prepared statements for SQL queries and a high percentage of properly escaped outputs. The plugin also demonstrates a good use of nonces and capability checks on its entry points, with no unprotected AJAX handlers, routes, shortcodes, or cron events identified.

However, there are a few areas of concern. The presence of the `unserialize` function three times is a significant potential risk. If data processed by these functions is not strictly controlled and comes from untrusted sources, it can lead to Remote Code Execution (RCE) vulnerabilities. While the taint analysis found no unsanitized paths, this doesn't completely negate the risk, as the vulnerability depends on the source and destination of the unserialized data, which is not fully detailed in the provided snippet. Furthermore, the plugin makes three external HTTP requests, which could be a vector for Server-Side Request Forgery (SSRF) or other network-based attacks if not handled securely.

Key Concerns

Dangerous function: unserialize used 3 times
External HTTP requests: 3 made

Vulnerabilities

None known

WPC External Variations for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPC External Variations for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

113 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:111

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:189

unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

95% escaped119 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

ajax_export (includes\dashboard\wpc-dashboard.php:225)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPC External Variations for WooCommerce Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:19

authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:20

authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:21

authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:22

authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22

WordPress Hooks 21

actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:17

actionadmin_menuincludes\dashboard\wpc-dashboard.php:18

actionbefore_woocommerce_initincludes\hpos.php:7

actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20

actionadmin_menuincludes\kit\wpc-kit.php:21

actionplugins_loadedwpc-external-variations.php:37

actionadmin_noticeswpc-external-variations.php:41

actioninitwpc-external-variations.php:62

actionadmin_initwpc-external-variations.php:65

actionadmin_menuwpc-external-variations.php:66

filterplugin_action_linkswpc-external-variations.php:69

filterplugin_row_metawpc-external-variations.php:70

actionadmin_enqueue_scriptswpc-external-variations.php:73

actionwoocommerce_product_after_variable_attributeswpc-external-variations.php:76

actionwoocommerce_save_product_variationwpc-external-variations.php:80

actionwp_enqueue_scriptswpc-external-variations.php:83

filterwoocommerce_available_variationwpc-external-variations.php:84

actionwoocommerce_single_variationwpc-external-variations.php:86

actionwpcsb_before_product_actionwpc-external-variations.php:89

actionwpcvd_duplicatedwpc-external-variations.php:92

actionwpcvb_bulk_update_variationwpc-external-variations.php:95

Maintenance & Trust

WPC External Variations for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version

Downloads4K

Community Trust

Rating84/100

Number of ratings5

Active installs300

Alternatives

WPC External Variations for WooCommerce Alternatives

WPC Variation Swatches for WooCommerce

wpc-variation-swatches

100

WPC Variation Swatches is a beautiful color, image, radio and buttons variation swatches for WooCommerce product attributes.

7K No CVEs

WPC Variations Radio Buttons for WooCommerce

wpc-variations-radio-buttons

100

WPC Variations Radio Buttons will replace dropdown select with radio buttons for the buyer easier in selecting the variations.

7K No CVEs

WPC Linked Variation for WooCommerce

wpc-linked-variation

100

WPC Linked Variation is built to link separate products together by attributes.

3K No CVEs

WPC Show Single Variations for WooCommerce

wpc-show-single-variations

100

WPC Show Single Variations helps you show all variations as single products on the archive pages.

1K No CVEs

WPC Variation Bulk Editor for WooCommerce

wpc-variation-bulk-editor

100

WPC Variation Bulk Editor helps you save precious time working on variations.

1K No CVEs

Developer Profile

WPC External Variations for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

68 days

View full developer profile

Detection Fingerprints

How We Detect WPC External Variations for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpc-external-variations/assets/css/backend.css/wp-content/plugins/wpc-external-variations/assets/css/frontend.css/wp-content/plugins/wpc-external-variations/assets/js/backend.js/wp-content/plugins/wpc-external-variations/assets/js/frontend.js

Script Paths

/wp-content/plugins/wpc-external-variations/assets/js/backend.js/wp-content/plugins/wpc-external-variations/assets/js/frontend.js

Version Parameters

wpc-external-variations/assets/css/backend.css?ver=wpc-external-variations/assets/css/frontend.css?ver=wpc-external-variations/assets/js/backend.js?ver=wpc-external-variations/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpcev_variation_external_url

Data Attributes

data-wpcev-variation-external-url

JS Globals

wpcev_frontend_params

FAQ