Does WPC Grouped Product for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in WPC Grouped Product for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPC Grouped Product for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, WPC Grouped Product for WooCommerce 5.2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WPC Grouped Product for WooCommerce updated?

WPC Grouped Product for WooCommerce was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is WPC Grouped Product for WooCommerce's security score?

WPC Grouped Product for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPC Grouped Product for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-grouped-product

WPC Grouped Product helps you make up standalone products that are presented as a group.

3K active installs v5.2.6 PHP + WP 4.0+ Updated Mar 10, 2026

groupgroupedkitswoocommercewpc

A · Safe

CVEs total1

Unpatched0

Last CVEApr 15, 2024

Plugin page Download

Safety Verdict

Is WPC Grouped Product for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

WPC Grouped Product for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 15, 2024Updated 24d ago

Risk Assessment

The "wpc-grouped-product" plugin v5.2.6 exhibits a generally strong security posture, with a well-protected attack surface and good practices in SQL query handling and output escaping. The vast majority of outputs are properly escaped, and all SQL queries utilize prepared statements, significantly mitigating common web vulnerabilities. Nonce and capability checks are also present for a majority of the entry points.

However, the presence of the `unserialize` function is a notable concern, as it can lead to Remote Code Execution (RCE) vulnerabilities if not handled with extreme caution and sanitization. While the taint analysis did not reveal critical or high severity issues in this specific version, the flow with an unsanitized path warrants careful review. The plugin's vulnerability history, specifically a past medium severity vulnerability of the "Missing Authorization" type, suggests a need for continued vigilance in access control implementations.

In conclusion, while the current static analysis shows many positive security indicators, the identified dangerous function and the past vulnerability highlight areas that require ongoing attention and rigorous security auditing to ensure the plugin remains secure.

Key Concerns

Dangerous function: unserialize
Flows with unsanitized paths found
Past medium severity vulnerability

Vulnerabilities

WPC Grouped Product for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-32520medium · 4.3Missing Authorization

WPC Grouped Product for WooCommerce <= 4.4.2 - Missing Authorization

Apr 15, 2024 Patched in 4.4.3 (9d)

Code Analysis

Analyzed Mar 16, 2026

WPC Grouped Product for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

264 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:111

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:189

unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped276 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

admin_menu_content (includes\class-woosg.php:176)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPC Grouped Product for WooCommerce Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 7

authwp_ajax_woosg_update_search_settingsincludes\class-woosg.php:54

authwp_ajax_woosg_get_search_resultsincludes\class-woosg.php:55

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:19

authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:20

authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:21

authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:22

authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22

Shortcodes 2

[woosg] includes\class-woosg.php:143

[woosg_form] includes\class-woosg.php:144

WordPress Hooks 38

actioninitincludes\class-woosg.php:38

actionadmin_initincludes\class-woosg.php:41

actionadmin_menuincludes\class-woosg.php:42

actionwp_enqueue_scriptsincludes\class-woosg.php:45

actionadmin_enqueue_scriptsincludes\class-woosg.php:48

filterwoocommerce_available_variationincludes\class-woosg.php:51

filterproduct_type_selectorincludes\class-woosg.php:58

filterwoocommerce_product_data_tabsincludes\class-woosg.php:61

filterwoocommerce_product_tabsincludes\class-woosg.php:65

actionwoocommerce_product_data_panelsincludes\class-woosg.php:69

actionwoocommerce_process_product_meta_woosgincludes\class-woosg.php:70

filterwoocommerce_get_price_htmlincludes\class-woosg.php:73

filterwoocommerce_post_classincludes\class-woosg.php:76

filterwoocommerce_product_price_classincludes\class-woosg.php:79

actionwoocommerce_woosg_add_to_cartincludes\class-woosg.php:82

actionwoocommerce_before_add_to_cart_buttonincludes\class-woosg.php:83

filterwoocommerce_add_to_cart_validationincludes\class-woosg.php:86

filterwoocommerce_add_cart_item_dataincludes\class-woosg.php:87

actionwoocommerce_add_to_cartincludes\class-woosg.php:88

filterwoocommerce_get_cart_item_from_sessionincludes\class-woosg.php:89

filterwoocommerce_get_cart_contentsincludes\class-woosg.php:95

filterdisplay_post_statesincludes\class-woosg.php:98

filterplugin_action_linksincludes\class-woosg.php:101

filterplugin_row_metaincludes\class-woosg.php:102

filterpre_get_postsincludes\class-woosg.php:106

actionpre_get_postsincludes\class-woosg.php:110

actionpre_get_postsincludes\class-woosg.php:114

filterwpcsm_locationsincludes\class-woosg.php:118

filterwoosg_item_idincludes\class-woosg.php:122

filterwoocommerce_product_export_meta_valueincludes\class-woosg.php:126

filterwoocommerce_product_import_pre_insert_product_objectincludes\class-woosg.php:129

actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:17

actionadmin_menuincludes\dashboard\wpc-dashboard.php:18

actionbefore_woocommerce_initincludes\hpos.php:7

actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20

actionadmin_menuincludes\kit\wpc-kit.php:21

actionplugins_loadedwpc-grouped-product.php:38

actionadmin_noticeswpc-grouped-product.php:42

Maintenance & Trust

WPC Grouped Product for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version

Downloads235K

Community Trust

Rating98/100

Number of ratings27

Active installs3K

Alternatives

WPC Grouped Product for WooCommerce Alternatives

WPC Product Bundles for WooCommerce

woo-product-bundle

100

WPC Product Bundles is a plugin that helps you bundle a few products, offer them at a discount, and watch the sales go up!

30K 1 CVE

WPC Composite Products for WooCommerce

wpc-composite-products

WPC Composite Products provide a powerful kit-building solution for WooCommerce store.

9K 1 CVE

WPC Smart Attribute Groups for WooCommerce

wpc-attribute-groups

100

WPC Smart Attribute Groups give you the possibility to display product attributes in separate groups.

300 No CVEs

WPC Mystery Box for WooCommerce

wpc-mystery-box

100

WPC Mystery Box allows you to sell boxes that contain randomly products.

50 No CVEs

Unified Inventory Manager For WooCommerce

unified-inventory-manager-for-wc

100

Powerful inventory solution for WooCommerce with bulk stock updates.

0 No CVEs

Developer Profile

WPC Grouped Product for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

68 days

View full developer profile

Detection Fingerprints

How We Detect WPC Grouped Product for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpc-grouped-product/assets/css/wpc-grouped-product.css/wp-content/plugins/wpc-grouped-product/assets/js/wpc-grouped-product.js/wp-content/plugins/wpc-grouped-product/assets/js/frontend.js/wp-content/plugins/wpc-grouped-product/assets/css/frontend.css

Script Paths

/wp-content/plugins/wpc-grouped-product/assets/js/wpc-grouped-product.js/wp-content/plugins/wpc-grouped-product/assets/js/frontend.js

Version Parameters

wpc-grouped-product/assets/css/wpc-grouped-product.css?ver=wpc-grouped-product/assets/js/wpc-grouped-product.js?ver=wpc-grouped-product/assets/js/frontend.js?ver=wpc-grouped-product/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpc-grouped-product-wrapperwpc-grouped-product-titlewpc-grouped-product-pricewpc-grouped-product-short-descriptionwpc-grouped-product-formwpc-grouped-product-add-to-cart-formwpc-grouped-product-itemwpc-grouped-product-item-image+6 more

HTML Comments

Data Attributes

data-product_iddata-group_iddata-quantity

JS Globals

woosg_params

REST Endpoints

/wp-json/woosg/v1/products

FAQ