Does Astra Bulk Edit have any unpatched vulnerabilities?

No. All known vulnerabilities in Astra Bulk Edit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Astra Bulk Edit compatible with WordPress 6.9.4?

According to WordPress.org data, Astra Bulk Edit 1.2.11 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Astra Bulk Edit compatible with PHP 5.2+?

Astra Bulk Edit requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Astra Bulk Edit updated?

Astra Bulk Edit was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Astra Bulk Edit's security score?

Astra Bulk Edit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Astra Bulk Edit Security & Risk Analysis

wordpress.org/plugins/astra-bulk-edit

An easy-to-use plugin for the Astra theme that lets you edit Page Meta Settings for multiple pages/posts at once.

30K active installs v1.2.11 PHP 5.2+ WP 4.4+ Updated Feb 26, 2026

astra-meta-settingsbulk-edit-astra-meta-settingsmeta-settings-bulk-editpage-bulk-editwordpress-bulk-edit-plugin

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2023

Plugin page Download

Safety Verdict

Is Astra Bulk Edit Safe to Use in 2026?

Generally Safe

Score 100/100

Astra Bulk Edit has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2023Updated 1mo ago

Risk Assessment

The astra-bulk-edit plugin version 1.2.11 exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. SQL queries are exclusively handled with prepared statements, and a high percentage of outputs are properly escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and XSS. The presence of nonce and capability checks on entry points further bolsters its defenses against unauthorized access and actions.

Despite these strengths, a past vulnerability classified as 'Missing Authorization' in late 2023, even though currently unpatched in known CVEs, warrants attention. While the static analysis indicates no immediate authorization issues within the analyzed code, this historical pattern suggests a potential recurring weakness or an area that requires vigilant monitoring. The limited attack surface of a single AJAX handler, which crucially has authorization checks, is a positive indicator. However, a single unpatched medium severity vulnerability, even if historical, is enough to prevent a perfect score and necessitates careful consideration.

In conclusion, the plugin demonstrates good security practices, particularly in its handling of database queries and output sanitization. The presence of security checks on its single entry point is a positive sign. The primary concern stems from a past medium severity vulnerability related to missing authorization. While there are no current unpatched CVEs or critical static analysis findings, this history suggests that developers should remain diligent in thoroughly reviewing authorization logic for any potential future issues.

Key Concerns

Past medium severity vulnerability: Missing Authorization

Vulnerabilities

Astra Bulk Edit Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44148medium · 4.3Missing Authorization

Astra Bulk Edit <= 1.2.7 - Missing Authorization

Sep 22, 2023 Patched in 1.2.8 (123d)

Code Analysis

Analyzed Mar 16, 2026

Astra Bulk Edit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped32 total outputs

Attack Surface

Astra Bulk Edit Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_astra_save_post_bulk_editclasses\class-astra-blk-meta-boxes-bulk-edit.php:60

WordPress Hooks 5

actionadmin_initclasses\class-astra-blk-meta-boxes-bulk-edit.php:50

actionbulk_edit_custom_boxclasses\class-astra-blk-meta-boxes-bulk-edit.php:53

actionquick_edit_custom_boxclasses\class-astra-blk-meta-boxes-bulk-edit.php:54

actionadmin_enqueue_scriptsclasses\class-astra-blk-meta-boxes-bulk-edit.php:56

actionsave_postclasses\class-astra-blk-meta-boxes-bulk-edit.php:58

Maintenance & Trust

Astra Bulk Edit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version5.2

Downloads763K

Community Trust

Rating80/100

Number of ratings4

Active installs30K

Alternatives

Astra Bulk Edit Alternatives

No alternatives data available yet.

Developer Profile

Astra Bulk Edit Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

196 days

View full developer profile

Detection Fingerprints

How We Detect Astra Bulk Edit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/astra-bulk-edit/classes/class-astra-blk-meta-boxes-bulk-edit.php

Version Parameters

astra-bulk-edit/classes/class-astra-blk-meta-boxes-bulk-edit.php?ver=astra-bulk-edit.php?ver=

HTML / DOM Fingerprints

CSS Classes

astra-bulk-edit-wrapastra-bulk-edit-container

HTML Comments

Bulk Edit For AstraMeta Boxes setup

Data Attributes

data-astra-bulk-edit-noncedata-astra-bulk-edit-post-ids

JS Globals

AstraBulkEdit

REST Endpoints

/wp-json/astra-bulk-edit/v1/save

FAQ