Source evidence

admin.php labelled dangerous by Defender Pro Plugin

PPOM – Product Addons & Custom Fields for WooCommerce · support · 2025-10-22T12:48:00+00:00

PPOM – Product Addons & Custom Fields for WooCommerce plugin evidence original source source API

mixedsentiment

highseverity

0.88relevance

7replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

5 / 34 rows with source links

14.7% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

29 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

Lin resolved

I have Version 33.0.16 of PPOM Plugin. My Defender Pro Plugin warned me about the admin.php file inside the woocommerce-product-addon folder because of the line: extract( $_REQUEST ); I have been using PPOM and Defender Pro for years – but this makes me feel awkward. Defender suggests to deactivate PPOM Plugin and delete the admin.php file – Please give me some advice: Is the file ok or not? Are you planning on updating it with another method? Thank you. Lin Hi Lin, Thank you for writing. Can you please share exactly what is the message shared by Defender Pro? Once I have the message I can share this with the development team for review. Kind regards, Rodica Hi Rodica, Thank you for your quick answer. I will send you a screenshot: Does this do it? Greetz, Lin Hi Lin, Thank you for sharing the screenshot. Please don’t worry, it is highly likely that this is a false positive from Defender Pro. We have already shared your report with our development team for review. They will investigate the specific context of this file to either confirm it’s safe (a false positive) or to update the code if needed. If there is indeed any update required to address this from a security best practice perspective, we will release a new version of the PPOM plugin. We appreciate you being a long-time user and for helping us keep PPOM robust and secure. Kind regards, Rodica Hello PPOM, my Defender Plugin still shows the warning, the extract() is still in the code. Are there any news from the development? When are you planning to update that code bit? – In case you are not: please explain why I should not be worried. Thank you, Lin Is there anybody out there? Hi Lin, I apologize for the delay. The development team reviewed this, and an update will be released in the following period. Thank you for your support! Hi, We just released an update which should contain a fix for this too. Let us know how this works for you.

Commercial Context

Opportunity

developer change safety and site customization

Custom Fields change-safety workflow for shipping custom code and site changes without breaking production

Buyer: developers, agencies, and technical site owners

Wedge: preflight custom fields code changes, compatibility risks, rollback paths, and debug evidence

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: admin.php labelled dangerous by Defender Pro Plugin: users show security, compatibility, support pain that may indicate a product gap.

Evidence quote: admin.php labelled dangerous by Defender Pro Plugin I have Version 33.0.16 of PPOM Plugin.

Affected feature: woocommerce

security compatibility support easy

Plugin

API

PPOM – Product Addons & Custom Fields for WooCommerce

20.0K active installs · 1.5M downloads · rating 90.0

custom fields product addons variable products woocommerce product addons woocommerce product options

Comments

7 shown

rodicaelena 2025-10-22T13:17:00+00:00

Hi Lin, Thank you for writing. Can you please share exactly what is the message shared by Defender Pro? Once I have the message I can share this with the development team for review. Kind regards, Rodica

Lin 2025-10-22T14:14:00+00:00

Hi Rodica, Thank you for your quick answer. I will send you a screenshot: Does this do it? Greetz, Lin

rodicaelena 2025-10-23T08:54:00+00:00

Hi Lin, Thank you for sharing the screenshot. Please don’t worry, it is highly likely that this is a false positive from Defender Pro. We have already shared your report with our development team for review. They will investigate the specific context of this file to either confirm it’s safe (a false positive) or to update the code if needed. If there is indeed any update required to address this from a security best practice perspective, we will release a new version of the PPOM plugin. We appreciate you being a long-time user and for helping us keep PPOM robust and secure. Kind regards, Rodica

Lin 2025-11-25T16:00:00+00:00

Hello PPOM, my Defender Plugin still shows the warning, the extract() is still in the code. Are there any news from the development? When are you planning to update that code bit? – In case you are not: please explain why I should not be worried. Thank you, Lin

Lin 2025-12-10T13:04:00+00:00

Is there anybody out there?

rodicaelena 2025-12-18T15:01:00+00:00

Hi Lin, I apologize for the delay. The development team reviewed this, and an update will be released in the following period. Thank you for your support!

rodicaelena 2025-12-19T13:38:00+00:00

Hi, We just released an update which should contain a fix for this too. Let us know how this works for you.