WP-Safety

WPC Price by User Role for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-price-by-user-role

WPC Price by User Role helps you configure discounts and adjust prices in bulk based on user roles.

200 active installs v2.3.2 PHP + WP 4.0+ Updated Mar 15, 2026
role-priceuser-roleuser-roleswoocommercewpc
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPC Price by User Role for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPC Price by User Role for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago
Risk Assessment

The 'wpc-price-by-user-role' v2.3.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped output. The lack of known vulnerabilities in its history is also a strong indicator of a generally well-maintained codebase. However, significant concerns arise from the attack surface analysis. Four out of nine AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with potentially sensitive functionalities. The presence of the `unserialize` function, while not explicitly linked to a taint flow in this analysis, is a known risk if user-controlled data is ever passed to it without proper validation. While no critical or high severity taint flows were identified, the existence of one unsanitized path warrants caution. Overall, the plugin has strengths in its SQL handling and output escaping, but the unprotected AJAX endpoints and the potential risk from `unserialize` create notable security weaknesses.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function 'unserialize' present
  • Flows with unsanitized paths
Vulnerabilities
None known

WPC Price by User Role for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPC Price by User Role for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
14
172 escaped
Nonce Checks
7
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

92% escaped186 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
ajax_export (includes\dashboard\wpc-dashboard.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

WPC Price by User Role for WooCommerce Attack Surface

Entry Points9
Unprotected4

AJAX Handlers 9

authwp_ajax_wpcpu_add_role_priceincludes\class-backend.php:40
authwp_ajax_wpcpu_overviewincludes\class-backend.php:41
authwp_ajax_wpcpu_search_termincludes\class-backend.php:42
authwp_ajax_wpcpu_search_productincludes\class-backend.php:43
authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
WordPress Hooks 34
actioninitincludes\class-backend.php:18
actionadmin_enqueue_scriptsincludes\class-backend.php:19
actionadmin_initincludes\class-backend.php:22
filterpre_update_optionincludes\class-backend.php:23
actionadmin_menuincludes\class-backend.php:24
filterplugin_action_linksincludes\class-backend.php:27
filterplugin_row_metaincludes\class-backend.php:28
filterwoocommerce_product_data_tabsincludes\class-backend.php:31
actionwoocommerce_product_data_panelsincludes\class-backend.php:32
actionwoocommerce_process_product_metaincludes\class-backend.php:33
filtermanage_edit-product_columnsincludes\class-backend.php:36
actionmanage_product_posts_custom_columnincludes\class-backend.php:37
filterwoocommerce_product_export_meta_valueincludes\class-backend.php:46
filterwoocommerce_product_import_pre_insert_product_objectincludes\class-backend.php:49
filterwoocommerce_product_get_regular_priceincludes\class-frontend.php:17
filterwoocommerce_product_get_sale_priceincludes\class-frontend.php:18
filterwoocommerce_product_get_priceincludes\class-frontend.php:19
filterwoocommerce_product_variation_get_regular_priceincludes\class-frontend.php:22
filterwoocommerce_product_variation_get_sale_priceincludes\class-frontend.php:23
filterwoocommerce_product_variation_get_priceincludes\class-frontend.php:24
filterwoocommerce_variation_prices_regular_priceincludes\class-frontend.php:25
filterwoocommerce_variation_prices_sale_priceincludes\class-frontend.php:26
filterwoocommerce_variation_prices_priceincludes\class-frontend.php:27
filterwoocommerce_get_variation_prices_hashincludes\class-frontend.php:28
filterwoocommerce_get_price_htmlincludes\class-frontend.php:31
filterwoocommerce_loop_add_to_cart_linkincludes\class-frontend.php:32
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionadmin_initincludes\log\wpc-log.php:6
actionplugins_loadedwpc-price-by-user-role.php:37
actionadmin_noticeswpc-price-by-user-role.php:41
Maintenance & Trust

WPC Price by User Role for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version
Downloads10K

Community Trust

Rating50/100
Number of ratings2
Active installs200
Alternatives

WPC Price by User Role for WooCommerce Alternatives

Gou Manage My Account Menu – User Roles

Gou Manage My Account Menu – User Roles

gou-wc-account-tabs

A
99

Extension for WooCommerce to manage my account menus. Functionality to add/update/rename, show/hide, build multi-level menus.

100 1 CVE
Coupons Role Restriction for WooCommerce

Coupons Role Restriction for WooCommerce

runthings-wc-coupons-role-restrict

A
100

Restrict the usage of WooCommerce coupons based on user roles.

50 No CVEs
Simple Role Based Pricing

Simple Role Based Pricing

simple-role-based-pricing

A
100

A lightweight WooCommerce plugin to set custom prices or discounts for products based on user roles.

40 No CVEs
Hide Product Prices Until Login – for WooCommerce

Hide Product Prices Until Login – for WooCommerce

hide-product-prices-until-login-for-woocommerce

A
100

Hide WooCommerce product prices and Add to Cart buttons unless customers are logged in or from allowed countries or roles.

10 No CVEs
Multi Roles Vendor

Multi Roles Vendor

multi-roles-vendor

A
85

User Role assigment Plugin for WooCommerce Multivendor Sites

0 No CVEs
Developer Profile

WPC Price by User Role for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Price by User Role for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpc-price-by-user-role/assets/css/wpcpu.css/wp-content/plugins/wpc-price-by-user-role/assets/js/wpcpu.js
Script Paths
/wp-content/plugins/wpc-price-by-user-role/assets/js/wpcpu.js
Version Parameters
wpc-price-by-user-role/assets/css/wpcpu.css?ver=wpc-price-by-user-role/assets/js/wpcpu.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcpu_settingswpcpu-select-enable
Data Attributes
id='wpcpu_settings'
FAQ

Frequently Asked Questions about WPC Price by User Role for WooCommerce