Total Findings
72
Security Grade
Coding Score
100/100
GS Simple WC Price History is a focused WooCommerce plugin for EU Omnibus Directive compliance that tracks product price history and displays the lowest price before a sale. The codebase is well-structured, demonstrates awareness of common WordPress security patterns (nonce verification, capability checks, prepared statements), and includes thoughtful performance optimisations such as batch-prefetching variation history to avoid N+1 queries. Two medium-severity issues require attention: the shortcode outputs an unescaped wc_price() HTML string directly into a data attribute (potential XSS via attribute injection), and the uninstall.php uses a raw LIKE query without $wpdb->prepare() (SQL injection risk limited to administrators). Several low-severity and informational items round out the report, including a missing LIMIT on the uninstall transient cleanup query, hardcoded UI strings in JavaScript that bypass the translation system, and the absence of a multisite-aware uninstall routine. Overall the plugin is in good shape for a private deployment. The two medium findings should be resolved before any public distribution, and the low/info items represent coding-standards improvements rather than exploitable vulnerabilities.
Show your audit status in your README or website.
[](https://wphealthkit.com/directory/wc-price-history-simple)
Paste this in your GitHub README or any Markdown file. The badge updates automatically on every re-audit — no need to refresh the snippet.
Claim this listing to get a Verified badge, control public audits, and get automatic re-scans.
Claim This PluginGet a comprehensive security audit for your WordPress plugin or theme. Upload your zip and get results in minutes.
Start Free Audit