Does WPC Mystery Box for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in WPC Mystery Box for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPC Mystery Box for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, WPC Mystery Box for WooCommerce 1.1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WPC Mystery Box for WooCommerce updated?

WPC Mystery Box for WooCommerce was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is WPC Mystery Box for WooCommerce's security score?

WPC Mystery Box for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPC Mystery Box for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-mystery-box

WPC Mystery Box allows you to sell boxes that contain randomly products.

50 active installs v1.1.8 PHP + WP 4.0+ Updated Mar 15, 2026

boxkitsmysterywoocommercewpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPC Mystery Box for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPC Mystery Box for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago

Risk Assessment

The wpc-mystery-box plugin v1.1.8 demonstrates a strong security posture based on the provided static analysis. The absence of any known CVEs, critical or high severity taint flows, and a nearly perfect output escaping rate indicate a developer committed to secure coding practices. Furthermore, the complete reliance on prepared statements for SQL queries and the presence of numerous nonce and capability checks on entry points are commendable security measures.

However, the use of the `unserialize` function presents a potential risk. While no specific taint flows were identified as unsanitized in this analysis, `unserialize` is a known vector for remote code execution vulnerabilities if the serialized data originates from an untrusted source. The plugin also makes external HTTP requests, which, if not handled securely, could lead to other vulnerabilities. The lack of a vulnerability history, while generally positive, offers less insight into historical security patterns or developer responsiveness to past issues.

In conclusion, the plugin appears to be well-secured with robust checks and modern coding practices. The primary area of concern lies with the potential risk associated with `unserialize`, even without immediate evidence of exploitation in this analysis. The external HTTP requests are also a point to monitor. Overall, the strengths in coding practices and lack of historical vulnerabilities outweigh the isolated potential risks, suggesting a generally safe plugin.

Key Concerns

Use of unserialize function
External HTTP requests made

Vulnerabilities

None known

WPC Mystery Box for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPC Mystery Box for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

217 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179

unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

98% escaped222 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

<class-wpcmb> (includes\class-wpcmb.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPC Mystery Box for WooCommerce Attack Surface

Entry Points11

Unprotected0

AJAX Handlers 10

authwp_ajax_wpcmb_add_assortmentincludes\class-wpcmb.php:32

authwp_ajax_wpcmb_save_assortmentsincludes\class-wpcmb.php:33

authwp_ajax_wpcmb_export_assortmentsincludes\class-wpcmb.php:34

authwp_ajax_wpcmb_search_termincludes\class-wpcmb.php:35

authwp_ajax_wpcmb_search_productincludes\class-wpcmb.php:36

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9

authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10

authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11

authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12

authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22

Shortcodes 1

[wpcmb] includes\class-wpcmb.php:47

WordPress Hooks 33

actioninitincludes\class-wpcmb.php:18

actionadmin_initincludes\class-wpcmb.php:23

filterpre_update_optionincludes\class-wpcmb.php:24

actionadmin_menuincludes\class-wpcmb.php:25

actionadmin_enqueue_scriptsincludes\class-wpcmb.php:26

filterdisplay_post_statesincludes\class-wpcmb.php:27

filterplugin_action_linksincludes\class-wpcmb.php:28

filterplugin_row_metaincludes\class-wpcmb.php:29

filterproduct_type_selectorincludes\class-wpcmb.php:39

filterwoocommerce_product_data_tabsincludes\class-wpcmb.php:40

actionwoocommerce_product_data_panelsincludes\class-wpcmb.php:41

actionwoocommerce_process_product_meta_wpcmbincludes\class-wpcmb.php:42

actionwp_enqueue_scriptsincludes\class-wpcmb.php:49

filterwoocommerce_get_price_htmlincludes\class-wpcmb.php:50

actionwoocommerce_wpcmb_add_to_cartincludes\class-wpcmb.php:51

filterwoocommerce_add_to_cart_validationincludes\class-wpcmb.php:54

actionwoocommerce_check_cart_itemsincludes\class-wpcmb.php:55

filterwoocommerce_order_item_visibleincludes\class-wpcmb.php:58

filterwoocommerce_available_payment_gatewaysincludes\class-wpcmb.php:59

actionwoocommerce_hidden_order_itemmetaincludes\class-wpcmb.php:60

actionwoocommerce_order_status_processingincludes\class-wpcmb.php:61

actionwoocommerce_order_status_completedincludes\class-wpcmb.php:62

actionwoocommerce_order_item_meta_startincludes\class-wpcmb.php:66

actionwoocommerce_before_order_itemmetaincludes\class-wpcmb.php:70

filterwpcsm_locationsincludes\class-wpcmb.php:73

actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7

actionadmin_menuincludes\dashboard\wpc-dashboard.php:8

actionbefore_woocommerce_initincludes\hpos.php:7

actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20

actionadmin_menuincludes\kit\wpc-kit.php:21

actionadmin_initincludes\log\wpc-log.php:6

actionplugins_loadedwpc-mystery-box.php:39

actionadmin_noticeswpc-mystery-box.php:43

Maintenance & Trust

WPC Mystery Box for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

WPC Mystery Box for WooCommerce Alternatives

WPC Product Bundles for WooCommerce

woo-product-bundle

100

WPC Product Bundles is a plugin that helps you bundle a few products, offer them at a discount, and watch the sales go up!

30K 1 CVE

WPC Composite Products for WooCommerce

wpc-composite-products

WPC Composite Products provide a powerful kit-building solution for WooCommerce store.

9K 1 CVE

WPC Grouped Product for WooCommerce

wpc-grouped-product

WPC Grouped Product helps you make up standalone products that are presented as a group.

3K 1 CVE

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs

WPC Smart Wishlist for WooCommerce

woo-smart-wishlist

WPC Smart Wishlist is a simple but powerful tool that can help your customer save products for buying later.

100K 5 CVEs

Developer Profile

WPC Mystery Box for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

68 days

View full developer profile

Detection Fingerprints

How We Detect WPC Mystery Box for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpc-mystery-box/assets/css/wpc-mystery-box-backend.css/wp-content/plugins/wpc-mystery-box/assets/css/wpc-mystery-box-frontend.css/wp-content/plugins/wpc-mystery-box/assets/js/wpc-mystery-box-backend.js/wp-content/plugins/wpc-mystery-box/assets/js/wpc-mystery-box-frontend.js

Script Paths

/wp-content/plugins/wpc-mystery-box/includes/class-helper.php/wp-content/plugins/wpc-mystery-box/includes/class-product.php/wp-content/plugins/wpc-mystery-box/includes/class-wpcmb.php

Version Parameters

wpc-mystery-box/assets/css/wpc-mystery-box-backend.css?ver=wpc-mystery-box/assets/css/wpc-mystery-box-frontend.css?ver=wpc-mystery-box/assets/js/wpc-mystery-box-backend.js?ver=wpc-mystery-box/assets/js/wpc-mystery-box-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpcmb_assortmentwpcmb_assortment_innerwpcmb_assortment_headingwpcmb_move_assortmentwpcmb_assortment_namewpcmb_duplicate_assortmentwpcmb_assortment_toolswpcmb_assortment_editor+33 more

HTML Comments

+19 more

Data Attributes

data-product_type="wpcmb"data-iddata-namedata-assortment-key

JS Globals

WPCleverWpcmbwpcmb_backend_paramswpcmb_frontend_params

Shortcode Output

[wpcmb]

FAQ