WP-Safety

FloristPress for Woo – Customize your eCommerce store for your Florist Security & Risk Analysis

wordpress.org/plugins/bakkbone-florist-companion

Provides standardized features for floristry websites – built by florists, for florists.

10 active installs v7.8.3 PHP 8.1+ WP 6.0+ Updated Mar 21, 2026
ecommercefloristwoocommerce
95
A · Safe
CVEs total4
Unpatched0
Last CVEMar 25, 2026
Plugin page Download
Safety Verdict

Is FloristPress for Woo – Customize your eCommerce store for your Florist Safe to Use in 2026?

Generally Safe

Score 95/100

FloristPress for Woo – Customize your eCommerce store for your Florist has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Mar 25, 2026Updated 1mo ago
Risk Assessment

The 'bakkbone-florist-companion' plugin v7.8.2 exhibits a mixed security posture. While the absence of critical or high severity taint flows and no currently unpatched CVEs are positive indicators, several areas raise concern. The static analysis reveals a significant attack surface with 8 AJAX handlers, two of which lack authentication checks. This presents a direct avenue for unauthorized actions if these endpoints are exploitable. Furthermore, the high percentage of SQL queries (93%) not using prepared statements is a substantial risk, potentially leading to SQL injection vulnerabilities. The output escaping also falls short, with only 45% properly escaped, increasing the likelihood of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, while showing no currently critical or high issues, does indicate a pattern of past XSS and missing authorization vulnerabilities, suggesting these are recurring weaknesses that require diligent patching. In conclusion, while the plugin has no immediate critical flaws based on the provided data, the existing structural weaknesses in authentication, SQL query handling, and output sanitization, coupled with a history of similar vulnerabilities, necessitate careful monitoring and potential remediation.

Key Concerns

  • AJAX handlers without authentication checks
  • Low percentage of prepared statements for SQL queries
  • Low percentage of properly escaped output
  • History of medium severity vulnerabilities (XSS, Missing Auth)
Vulnerabilities
4 published

FloristPress for Woo – Customize your eCommerce store for your Florist Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2026-1986medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter

Mar 25, 2026 Patched in 7.8.3 (1d)
CVE-2024-54347medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FloristPress <= 7.2.0 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 7.3.0 (9d)
CVE-2024-53799medium · 4.3Missing Authorization

FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure

Dec 2, 2024 Patched in 7.4.0 (10d)
CVE-2024-53798medium · 5.4Missing Authorization

FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion

Dec 2, 2024 Patched in 7.4.0 (10d)
Version History

FloristPress for Woo – Customize your eCommerce store for your Florist Release Timeline

v7.8.3Current
v7.8.21 CVE
CVE-2026-1986
v7.8.11 CVE
CVE-2026-1986
v7.8.01 CVE
CVE-2026-1986
v7.7.11 CVE
CVE-2026-1986
v7.7.01 CVE
CVE-2026-1986
v7.6.01 CVE
CVE-2026-1986
v7.5.11 CVE
CVE-2026-1986
v7.5.01 CVE
CVE-2026-1986
v7.4.01 CVE
CVE-2026-1986
v7.3.03 CVEs
CVE-2024-53799 CVE-2024-53798 CVE-2026-1986
v7.2.04 CVEs
CVE-2024-53799 CVE-2024-53798 CVE-2024-54347 +1 more
v7.1.04 CVEs
CVE-2024-53799 CVE-2024-53798 CVE-2024-54347 +1 more
v7.0.04 CVEs
CVE-2024-53799 CVE-2024-53798 CVE-2024-54347 +1 more
Code Analysis
Analyzed Mar 17, 2026

FloristPress for Woo – Customize your eCommerce store for your Florist Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
1 prepared
Unescaped Output
385
314 escaped
Nonce Checks
24
Capability Checks
35
File Operations
17
External Requests
4
Bundled Libraries
3

Bundled Libraries

TinyMCESelect2dompdf

SQL Query Safety

7% prepared15 total queries

Output Escaping

45% escaped699 total outputs
Data Flows · Security
14 unsanitized

Data Flow Analysis

25 flows14 with unsanitized paths
get_timeslots_for_order (src\core\ajax.php:1124)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

FloristPress for Woo – Customize your eCommerce store for your Florist Attack Surface

Entry Points12
Unprotected2

AJAX Handlers 8

authwp_ajax_bkf_notifiersrc\core\ajax.php:76
authwp_ajax_bkf_notifier_statussrc\core\ajax.php:77
authwp_ajax_petals_msg_frontendsrc\core\ajax.php:83
authwp_ajax_petals_decisionsrc\core\ajax.php:84
authwp_ajax_petals_msgsrc\core\ajax.php:85
authwp_ajax_petals_outboundsrc\core\ajax.php:86
noprivwp_ajax_petals_outboundsrc\core\ajax.php:87
authwp_ajax_bkf_cppsrc\core\ajax.php:88

Shortcodes 4

[bkf_page_title] src\core\shortcodes.php:19
[bkf_site_title] src\core\shortcodes.php:20
[bkf_suburb_search] src\core\shortcodes.php:21
[fee] src\suburbs\method.php:129
WordPress Hooks 214
filterextra_plugin_headersbakkbone-florist-companion.php:81
actionbefore_woocommerce_initbakkbone-florist-companion.php:83
filterwoocommerce_get_settings_pagesbakkbone-florist-companion.php:109
filteracf/settings/urlbakkbone-florist-companion.php:143
filteracf/settings/show_adminbakkbone-florist-companion.php:148
filteracf/settings/show_updatesbakkbone-florist-companion.php:149
filterautomatorwp_user_completed_action_log_metasrc\awp\actions\block_date.php:77
filterautomatorwp_log_fieldssrc\awp\actions\block_date.php:78
actionautomatorwp_initsrc\awp\awp.php:39
actionautomatorwp_pre_initsrc\awp\awp.php:71
filterautomatorwp_user_completed_trigger_log_metasrc\awp\triggers\dd_closed.php:52
filterautomatorwp_log_fieldssrc\awp\triggers\dd_closed.php:53
filterautomatorwp_trigger_tags_replacementssrc\awp\triggers\dd_closed.php:54
filterautomatorwp_get_trigger_tag_replacement_times_no_user_triggerssrc\awp\triggers\dd_closed.php:55
filterautomatorwp_get_trigger_last_completion_log_no_user_typessrc\awp\triggers\dd_closed.php:56
filterautomatorwp_get_action_last_completion_log_no_user_typessrc\awp\triggers\dd_closed.php:57
filterautomatorwp_user_completed_trigger_log_metasrc\awp\triggers\dd_full.php:52
filterautomatorwp_log_fieldssrc\awp\triggers\dd_full.php:53
filterautomatorwp_trigger_tags_replacementssrc\awp\triggers\dd_full.php:54
filterautomatorwp_get_trigger_tag_replacement_times_no_user_triggerssrc\awp\triggers\dd_full.php:55
filterautomatorwp_get_trigger_last_completion_log_no_user_typessrc\awp\triggers\dd_full.php:56
filterautomatorwp_get_action_last_completion_log_no_user_typessrc\awp\triggers\dd_full.php:57
actionbreakdance_loadedsrc\bd\inc.php:7
actionadmin_noticessrc\core\admin-notices.php:13
actionwp_dashboard_setupsrc\core\admin-notices.php:14
actionadmin_bar_menusrc\core\admin-notices.php:15
actionrest_api_initsrc\core\api.php:13
filterrest_post_dispatchsrc\core\api.php:14
actionwoocommerce_after_settings_shippingsrc\core\classes.php:13
actionwp_headsrc\core\core.php:19
actionwp_footersrc\core\core.php:20
filteradmin_footer_textsrc\core\core.php:21
filterwoocommerce_checkout_fieldssrc\core\core.php:24
actionwoocommerce_after_shop_loop_item_titlesrc\core\core.php:27
filterwoocommerce_checkout_fieldssrc\core\core.php:30
actionwoocommerce_checkout_processsrc\core\core.php:31
actionwoocommerce_thankyousrc\core\core.php:34
filterwoocommerce_get_country_localesrc\core\core.php:36
actionwoocommerce_checkout_processsrc\core\core.php:37
filterplugin_action_links_bakkbone-florist-companion/bakkbone-florist-companion.phpsrc\core\core.php:38
filterwoocommerce_shipping_package_namesrc\core\core.php:39
filtergettextsrc\core\core.php:40
filterngettextsrc\core\core.php:41
filterwoocommerce_billing_fieldssrc\core\core.php:42
filterwoocommerce_shipping_fieldssrc\core\core.php:43
filterwoocommerce_admin_billing_fieldssrc\core\core.php:44
filterwoocommerce_admin_shipping_fieldssrc\core\core.php:45
filterwoocommerce_email_order_meta_fieldssrc\core\core.php:46
filterwoocommerce_order_details_after_order_tablesrc\core\core.php:47
filterwoocommerce_order_details_after_customer_detailssrc\core\core.php:48
actionwoocommerce_checkout_update_order_metasrc\core\core.php:49
actionadd_meta_boxessrc\core\core.php:50
actionsave_postsrc\core\core.php:51
actionwoocommerce_admin_order_data_after_shipping_addresssrc\core\core.php:52
actionwoocommerce_process_shop_order_metasrc\core\core.php:53
filterwoocommerce_checkout_fieldssrc\core\core.php:54
actionwoocommerce_after_checkout_billing_formsrc\core\core.php:55
filterwoocommerce_product_cross_sells_products_headingsrc\core\core.php:56
filterwoocommerce_cart_no_shipping_available_htmlsrc\core\core.php:57
filterwoocommerce_no_shipping_available_htmlsrc\core\core.php:58
actionwoocommerce_new_ordersrc\core\core.php:59
filteradmin_bar_menusrc\core\core.php:60
filterwoocommerce_ship_to_different_address_checkedsrc\core\core.php:61
actionwp_enqueue_scriptssrc\core\enqueue.php:17
actionadmin_enqueue_scriptssrc\core\enqueue.php:20
actionadmin_headsrc\core\enqueue.php:22
actionplugins_loadedsrc\core\localisation.php:17
filtergform_phone_formatssrc\core\localisation.php:20
filtergform_address_typessrc\core\localisation.php:21
actionplugins_loadedsrc\core\notifier.php:17
actionload-edit.phpsrc\core\notifier.php:18
actionload-woocommerce_page_wc-orderssrc\core\notifier.php:19
actionadmin_print_footer_scriptssrc\core\notifier.php:23
filterviews_edit-shop_ordersrc\core\notifier.php:25
filterviews_woocommerce_page_wc-orderssrc\core\notifier.php:26
actionplugins_loadedsrc\core\options.php:15
actionwoocommerce_update_options_bkfsrc\core\options.php:16
filterwoocommerce_valid_order_statuses_for_paymentsrc\core\order-status.php:13
actioninitsrc\core\order-status.php:14
filterwc_order_statusessrc\core\order-status.php:15
filterwoocommerce_reports_order_statusessrc\core\order-status.php:16
filterwoocommerce_order_is_paid_statusessrc\core\order-status.php:17
filterwoocommerce_order_is_pending_statusessrc\core\order-status.php:18
filterbulk_actions-edit-shop_ordersrc\core\order-status.php:19
filterbulk_actions-woocommerce_page_wc-orderssrc\core\order-status.php:20
actionadmin_headsrc\core\order-status.php:21
filterwoocommerce_admin_order_actionssrc\core\order-status.php:22
filterwc_order_statusessrc\core\order-status.php:23
filterviews_edit-shop_ordersrc\core\order-status.php:24
filterviews_woocommerce_page_wc-orderssrc\core\order-status.php:25
filterwoocommerce_menu_order_countsrc\core\order-status.php:26
filterwoocommerce_cart_shipping_packagessrc\core\pickup.php:13
actionwoocommerce_after_checkout_formsrc\core\pickup.php:14
filterwoocommerce_checkout_fieldssrc\core\pickup.php:15
actionwoocommerce_admin_field_bkf_audiosrc\core\settings.php:19
actionwoocommerce_admin_field_petals_urlsrc\core\settings.php:20
actionwoocommerce_admin_field_petals_categorysrc\core\settings.php:21
actionwoocommerce_admin_field_petals_productsrc\core\settings.php:22
filterwoocommerce_get_settings_point-of-salesrc\core\settings.php:24
actioninitsrc\core\shortcodes.php:13
filtermce_external_pluginssrc\core\shortcodes.php:14
filtermce_buttonssrc\core\shortcodes.php:15
actionadmin_menusrc\core\tools.php:14
actioninitsrc\cpt\delivery-suburb.php:13
actionload-edit.phpsrc\cpt\delivery-suburb.php:14
actionload-post.phpsrc\cpt\delivery-suburb.php:15
actionload-post-new.phpsrc\cpt\delivery-suburb.php:16
actionadmin_initsrc\cpt\delivery-suburb.php:17
actionadmin_menusrc\dd\calendar.php:13
actionadmin_headsrc\dd\dd-options.php:14
actionwoocommerce_update_options_bkf_ddsrc\dd\dd-options.php:15
actionadd_meta_boxessrc\dd\dd-options.php:16
actionsave_postsrc\dd\dd-options.php:17
actionwoocommerce_process_shop_order_metasrc\dd\dd-options.php:18
actionwoocommerce_admin_field_bkf_weekdaysrc\dd\dd-settings.php:19
actionwoocommerce_after_settings_bkf_ddsrc\dd\dd-settings.php:20
actionwoocommerce_review_order_before_paymentsrc\dd\dd.php:14
actionwoocommerce_checkout_update_order_metasrc\dd\dd.php:15
filterwoocommerce_email_order_meta_fieldssrc\dd\dd.php:16
filterwoocommerce_order_details_before_order_tablesrc\dd\dd.php:17
actionwoocommerce_after_checkout_validationsrc\dd\dd.php:18
filtermanage_edit-shop_order_columnssrc\dd\dd.php:19
filtermanage_edit-shop_order_sortable_columnssrc\dd\dd.php:20
filtermanage_woocommerce_page_wc-orders_columnssrc\dd\dd.php:21
filtermanage_woocommerce_page_wc-orders_sortable_columnssrc\dd\dd.php:22
actionpre_get_postssrc\dd\dd.php:23
actionwoocommerce_order_query_argssrc\dd\dd.php:24
actionmanage_shop_order_posts_custom_columnsrc\dd\dd.php:25
actionwoocommerce_shop_order_list_table_custom_columnsrc\dd\dd.php:26
filterwoocommerce_checkout_required_field_noticesrc\dd\dd.php:27
actionwoocommerce_before_checkout_shipping_formsrc\dd\dd.php:28
filterwoocommerce_order_data_store_cpt_get_orders_querysrc\dd\dd.php:29
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:13
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:14
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:15
filterwoocommerce_order_query_argssrc\dd\filter.php:15
actionpre_get_postssrc\dd\filter.php:16
actionrestrict_manage_postssrc\dd\filter.php:17
actionwoocommerce_order_list_table_restrict_manage_orderssrc\dd\filter.php:18
filterviews_edit-shop_ordersrc\dd\filter.php:19
filterviews_woocommerce_page_wc-orderssrc\dd\filter.php:20
actioninitsrc\dd\hygiene.php:23
actionbkf_dd_purgesrc\dd\hygiene.php:24
actionbkf_cb_purgesrc\dd\hygiene.php:25
actionplugins_loadedsrc\dd\hygiene.php:26
filteremail_change_emailsrc\emails\override.php:13
filterwp_new_user_notification_email_adminsrc\emails\override.php:14
filterinvited_user_emailsrc\emails\override.php:15
filterrecovery_mode_emailsrc\emails\override.php:16
filterpassword_change_emailsrc\emails\override.php:17
filterauto_core_update_emailsrc\emails\override.php:18
filternew_user_email_contentsrc\emails\override.php:19
filternew_admin_email_contentsrc\emails\override.php:20
filternew_network_admin_email_contentsrc\emails\override.php:21
filterupdate_welcome_user_emailsrc\emails\override.php:22
filterrecovery_email_support_infosrc\emails\override.php:23
filtersite_admin_email_change_emailsrc\emails\override.php:24
filterauto_plugin_theme_update_emailsrc\emails\override.php:25
filterwp_new_user_notification_emailsrc\emails\override.php:26
filternetwork_admin_email_change_emailsrc\emails\override.php:27
filteruser_request_action_email_contentsrc\emails\override.php:28
filteruser_request_action_email_headerssrc\emails\override.php:29
filterretrieve_password_notification_emailsrc\emails\override.php:30
filteruser_request_confirmed_email_contentsrc\emails\override.php:31
filterwp_password_change_notification_emailsrc\emails\override.php:32
filterwp_mail_content_typesrc\emails\override.php:33
actionwoocommerce_email_classessrc\emails\status-email.php:13
actionwoocommerce_order_status_changedsrc\emails\status-email.php:15
filterwoocommerce_admin_order_actionssrc\pdf\actions.php:14
actionadmin_headsrc\pdf\actions.php:15
actionplugins_loadedsrc\pdf\pdf-options.php:18
actionadmin_footersrc\pdf\pdf-options.php:20
filterwoocommerce_email_attachmentssrc\pdf\pdf-options.php:21
actionwoocommerce_admin_order_data_after_order_detailssrc\pdf\pdf-options.php:22
filterwoocommerce_order_details_before_order_tablesrc\pdf\pdf-options.php:23
filterwoocommerce_order_actionssrc\pdf\pdf-options.php:24
actioninitsrc\petals\cpt.php:15
actionload-post.phpsrc\petals\cpt.php:16
actionload-post-new.phpsrc\petals\cpt.php:17
actionload-edit.phpsrc\petals\cpt.php:18
actioninitsrc\petals\cpt.php:19
actionacf/initsrc\petals\cpt.php:20
actionacf/save_postsrc\petals\cpt.php:21
filtersingle_templatesrc\petals\cpt.php:22
filterpost_row_actionssrc\petals\cpt.php:23
filterpre_get_document_titlesrc\petals\cpt.php:24
filterget_edit_post_linksrc\petals\cpt.php:25
filtermanage_bkf_petals_order_posts_columnssrc\petals\cpt.php:26
actionmanage_bkf_petals_order_posts_custom_columnsrc\petals\cpt.php:27
filtermanage_edit-bkf_petals_order_sortable_columnssrc\petals\cpt.php:28
actionpre_get_postssrc\petals\cpt.php:29
filterbulk_actions-edit-bkf_petals_ordersrc\petals\cpt.php:30
filtercomments_clausessrc\petals\cpt.php:32
filtercomment_feed_wheresrc\petals\cpt.php:33
filtergettextsrc\petals\cpt.php:1420
filtergettextsrc\petals\cpt.php:1434
actionwoocommerce_email_classessrc\petals\email.php:17
actionwoocommerce_email_order_metasrc\petals\email.php:19
actionwoocommerce_order_status_changedsrc\petals\email.php:20
filtercomments_clausessrc\petals\email.php:57
actionadd_meta_boxessrc\petals\messaging.php:16
filterwoocommerce_order_data_store_cpt_get_orders_querysrc\petals\outbound.php:15
actionadmin_menusrc\petals\petals-options.php:20
actionadmin_initsrc\petals\petals-options.php:21
actionmanage_shop_order_posts_custom_columnsrc\petals\petals.php:15
actionwoocommerce_shop_order_list_table_custom_columnsrc\petals\petals.php:16
filterwoocommerce_admin_order_data_after_order_detailssrc\petals\petals.php:17
actionadmin_menusrc\pos\phone.php:13
actionadmin_bar_menusrc\pos\phone.php:14
actionadmin_noticessrc\pos\phone.php:15
actionwoocommerce_checkout_update_order_reviewsrc\suburbs\method.php:18
filterwoocommerce_package_ratessrc\suburbs\method.php:71
filterwoocommerce_shipping_methodssrc\suburbs\method.php:78
actionwoocommerce_shipping_initsrc\suburbs\method.php:315
Maintenance & Trust

FloristPress for Woo – Customize your eCommerce store for your Florist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 21, 2026
PHP min version8.1
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

FloristPress for Woo – Customize your eCommerce store for your Florist Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
Mercado Pago payments for WooCommerce

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

A
95

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 4 CVEs
WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
94

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
Developer Profile

FloristPress for Woo – Customize your eCommerce store for your Florist Developer Profile

BAKKBONE Australia

3 plugins · 110 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect FloristPress for Woo – Customize your eCommerce store for your Florist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bakkbone-florist-companion/lib/acf/acf.php/wp-content/plugins/bakkbone-florist-companion/src/petals/petals.php/wp-content/plugins/bakkbone-florist-companion/src/pdf/pdf.php/wp-content/plugins/bakkbone-florist-companion/src/dd/dd.php/wp-content/plugins/bakkbone-florist-companion/src/emails/status-email.php/wp-content/plugins/bakkbone-florist-companion/src/suburbs/method.php/wp-content/plugins/bakkbone-florist-companion/src/pos/phone.php/wp-content/plugins/bakkbone-florist-companion/src/awp/awp.php+30 more
Version Parameters
bakkbone-florist-companion/style.css?ver=bakkbone-florist-companion/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bkf_containerbkf_inputbkf_wrapbkf_tablebkf_wrap_optionsbkf_tab_content
HTML Comments
Dompdf version 3.1.0PhoneNumber version 0.8.0ACF version 6.5.0.1FullCalendar version 6.1.19+4 more
Data Attributes
data-plugin-path
JS Globals
BKF_AJAX_URLBKF_AJAX_NONCEBKF_VERSION
Shortcode Output
[bkf_delivery_options][bkf_delivery_calculator][bkf_card_creator][bkf_gift_message]
FAQ

Frequently Asked Questions about FloristPress for Woo – Customize your eCommerce store for your Florist