WP-Safety

FloristPress for Woo – Customize your eCommerce store for your Florist Security & Risk Analysis

wordpress.org/plugins/bakkbone-florist-companion

Provides standardized features for floristry websites – built by florists, for florists.

10 active installs v7.8.2 PHP 8.1+ WP 6.0+ Updated Jan 6, 2026
ecommercefloristwoocommerce
98
A · Safe
CVEs total3
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is FloristPress for Woo – Customize your eCommerce store for your Florist Safe to Use in 2026?

Generally Safe

Score 98/100

FloristPress for Woo – Customize your eCommerce store for your Florist has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 11, 2024Updated 2mo ago
Risk Assessment

The 'bakkbone-florist-companion' plugin v7.8.2 exhibits a mixed security posture. While the absence of critical or high severity taint flows and no currently unpatched CVEs are positive indicators, several areas raise concern. The static analysis reveals a significant attack surface with 8 AJAX handlers, two of which lack authentication checks. This presents a direct avenue for unauthorized actions if these endpoints are exploitable. Furthermore, the high percentage of SQL queries (93%) not using prepared statements is a substantial risk, potentially leading to SQL injection vulnerabilities. The output escaping also falls short, with only 45% properly escaped, increasing the likelihood of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, while showing no currently critical or high issues, does indicate a pattern of past XSS and missing authorization vulnerabilities, suggesting these are recurring weaknesses that require diligent patching. In conclusion, while the plugin has no immediate critical flaws based on the provided data, the existing structural weaknesses in authentication, SQL query handling, and output sanitization, coupled with a history of similar vulnerabilities, necessitate careful monitoring and potential remediation.

Key Concerns

  • AJAX handlers without authentication checks
  • Low percentage of prepared statements for SQL queries
  • Low percentage of properly escaped output
  • History of medium severity vulnerabilities (XSS, Missing Auth)
Vulnerabilities
3

FloristPress for Woo – Customize your eCommerce store for your Florist Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-54347medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FloristPress <= 7.2.0 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 7.3.0 (9d)
CVE-2024-53799medium · 4.3Missing Authorization

FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure

Dec 2, 2024 Patched in 7.4.0 (10d)
CVE-2024-53798medium · 5.4Missing Authorization

FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion

Dec 2, 2024 Patched in 7.4.0 (10d)
Code Analysis
Analyzed Mar 17, 2026

FloristPress for Woo – Customize your eCommerce store for your Florist Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
1 prepared
Unescaped Output
385
314 escaped
Nonce Checks
24
Capability Checks
35
File Operations
17
External Requests
4
Bundled Libraries
3

Bundled Libraries

TinyMCESelect2dompdf

SQL Query Safety

7% prepared15 total queries

Output Escaping

45% escaped699 total outputs
Data Flows
14 unsanitized

Data Flow Analysis

25 flows14 with unsanitized paths
get_timeslots_for_order (src\core\ajax.php:1124)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

FloristPress for Woo – Customize your eCommerce store for your Florist Attack Surface

Entry Points12
Unprotected2

AJAX Handlers 8

authwp_ajax_bkf_notifiersrc\core\ajax.php:76
authwp_ajax_bkf_notifier_statussrc\core\ajax.php:77
authwp_ajax_petals_msg_frontendsrc\core\ajax.php:83
authwp_ajax_petals_decisionsrc\core\ajax.php:84
authwp_ajax_petals_msgsrc\core\ajax.php:85
authwp_ajax_petals_outboundsrc\core\ajax.php:86
noprivwp_ajax_petals_outboundsrc\core\ajax.php:87
authwp_ajax_bkf_cppsrc\core\ajax.php:88

Shortcodes 4

[bkf_page_title] src\core\shortcodes.php:19
[bkf_site_title] src\core\shortcodes.php:20
[bkf_suburb_search] src\core\shortcodes.php:21
[fee] src\suburbs\method.php:129
WordPress Hooks 214
filterextra_plugin_headersbakkbone-florist-companion.php:81
actionbefore_woocommerce_initbakkbone-florist-companion.php:83
filterwoocommerce_get_settings_pagesbakkbone-florist-companion.php:109
filteracf/settings/urlbakkbone-florist-companion.php:143
filteracf/settings/show_adminbakkbone-florist-companion.php:148
filteracf/settings/show_updatesbakkbone-florist-companion.php:149
filterautomatorwp_user_completed_action_log_metasrc\awp\actions\block_date.php:77
filterautomatorwp_log_fieldssrc\awp\actions\block_date.php:78
actionautomatorwp_initsrc\awp\awp.php:39
actionautomatorwp_pre_initsrc\awp\awp.php:71
filterautomatorwp_user_completed_trigger_log_metasrc\awp\triggers\dd_closed.php:52
filterautomatorwp_log_fieldssrc\awp\triggers\dd_closed.php:53
filterautomatorwp_trigger_tags_replacementssrc\awp\triggers\dd_closed.php:54
filterautomatorwp_get_trigger_tag_replacement_times_no_user_triggerssrc\awp\triggers\dd_closed.php:55
filterautomatorwp_get_trigger_last_completion_log_no_user_typessrc\awp\triggers\dd_closed.php:56
filterautomatorwp_get_action_last_completion_log_no_user_typessrc\awp\triggers\dd_closed.php:57
filterautomatorwp_user_completed_trigger_log_metasrc\awp\triggers\dd_full.php:52
filterautomatorwp_log_fieldssrc\awp\triggers\dd_full.php:53
filterautomatorwp_trigger_tags_replacementssrc\awp\triggers\dd_full.php:54
filterautomatorwp_get_trigger_tag_replacement_times_no_user_triggerssrc\awp\triggers\dd_full.php:55
filterautomatorwp_get_trigger_last_completion_log_no_user_typessrc\awp\triggers\dd_full.php:56
filterautomatorwp_get_action_last_completion_log_no_user_typessrc\awp\triggers\dd_full.php:57
actionbreakdance_loadedsrc\bd\inc.php:7
actionadmin_noticessrc\core\admin-notices.php:13
actionwp_dashboard_setupsrc\core\admin-notices.php:14
actionadmin_bar_menusrc\core\admin-notices.php:15
actionrest_api_initsrc\core\api.php:13
filterrest_post_dispatchsrc\core\api.php:14
actionwoocommerce_after_settings_shippingsrc\core\classes.php:13
actionwp_headsrc\core\core.php:19
actionwp_footersrc\core\core.php:20
filteradmin_footer_textsrc\core\core.php:21
filterwoocommerce_checkout_fieldssrc\core\core.php:24
actionwoocommerce_after_shop_loop_item_titlesrc\core\core.php:27
filterwoocommerce_checkout_fieldssrc\core\core.php:30
actionwoocommerce_checkout_processsrc\core\core.php:31
actionwoocommerce_thankyousrc\core\core.php:34
filterwoocommerce_get_country_localesrc\core\core.php:36
actionwoocommerce_checkout_processsrc\core\core.php:37
filterplugin_action_links_bakkbone-florist-companion/bakkbone-florist-companion.phpsrc\core\core.php:38
filterwoocommerce_shipping_package_namesrc\core\core.php:39
filtergettextsrc\core\core.php:40
filterngettextsrc\core\core.php:41
filterwoocommerce_billing_fieldssrc\core\core.php:42
filterwoocommerce_shipping_fieldssrc\core\core.php:43
filterwoocommerce_admin_billing_fieldssrc\core\core.php:44
filterwoocommerce_admin_shipping_fieldssrc\core\core.php:45
filterwoocommerce_email_order_meta_fieldssrc\core\core.php:46
filterwoocommerce_order_details_after_order_tablesrc\core\core.php:47
filterwoocommerce_order_details_after_customer_detailssrc\core\core.php:48
actionwoocommerce_checkout_update_order_metasrc\core\core.php:49
actionadd_meta_boxessrc\core\core.php:50
actionsave_postsrc\core\core.php:51
actionwoocommerce_admin_order_data_after_shipping_addresssrc\core\core.php:52
actionwoocommerce_process_shop_order_metasrc\core\core.php:53
filterwoocommerce_checkout_fieldssrc\core\core.php:54
actionwoocommerce_after_checkout_billing_formsrc\core\core.php:55
filterwoocommerce_product_cross_sells_products_headingsrc\core\core.php:56
filterwoocommerce_cart_no_shipping_available_htmlsrc\core\core.php:57
filterwoocommerce_no_shipping_available_htmlsrc\core\core.php:58
actionwoocommerce_new_ordersrc\core\core.php:59
filteradmin_bar_menusrc\core\core.php:60
filterwoocommerce_ship_to_different_address_checkedsrc\core\core.php:61
actionwp_enqueue_scriptssrc\core\enqueue.php:17
actionadmin_enqueue_scriptssrc\core\enqueue.php:20
actionadmin_headsrc\core\enqueue.php:22
actionplugins_loadedsrc\core\localisation.php:17
filtergform_phone_formatssrc\core\localisation.php:20
filtergform_address_typessrc\core\localisation.php:21
actionplugins_loadedsrc\core\notifier.php:17
actionload-edit.phpsrc\core\notifier.php:18
actionload-woocommerce_page_wc-orderssrc\core\notifier.php:19
actionadmin_print_footer_scriptssrc\core\notifier.php:23
filterviews_edit-shop_ordersrc\core\notifier.php:25
filterviews_woocommerce_page_wc-orderssrc\core\notifier.php:26
actionplugins_loadedsrc\core\options.php:15
actionwoocommerce_update_options_bkfsrc\core\options.php:16
filterwoocommerce_valid_order_statuses_for_paymentsrc\core\order-status.php:13
actioninitsrc\core\order-status.php:14
filterwc_order_statusessrc\core\order-status.php:15
filterwoocommerce_reports_order_statusessrc\core\order-status.php:16
filterwoocommerce_order_is_paid_statusessrc\core\order-status.php:17
filterwoocommerce_order_is_pending_statusessrc\core\order-status.php:18
filterbulk_actions-edit-shop_ordersrc\core\order-status.php:19
filterbulk_actions-woocommerce_page_wc-orderssrc\core\order-status.php:20
actionadmin_headsrc\core\order-status.php:21
filterwoocommerce_admin_order_actionssrc\core\order-status.php:22
filterwc_order_statusessrc\core\order-status.php:23
filterviews_edit-shop_ordersrc\core\order-status.php:24
filterviews_woocommerce_page_wc-orderssrc\core\order-status.php:25
filterwoocommerce_menu_order_countsrc\core\order-status.php:26
filterwoocommerce_cart_shipping_packagessrc\core\pickup.php:13
actionwoocommerce_after_checkout_formsrc\core\pickup.php:14
filterwoocommerce_checkout_fieldssrc\core\pickup.php:15
actionwoocommerce_admin_field_bkf_audiosrc\core\settings.php:19
actionwoocommerce_admin_field_petals_urlsrc\core\settings.php:20
actionwoocommerce_admin_field_petals_categorysrc\core\settings.php:21
actionwoocommerce_admin_field_petals_productsrc\core\settings.php:22
filterwoocommerce_get_settings_point-of-salesrc\core\settings.php:24
actioninitsrc\core\shortcodes.php:13
filtermce_external_pluginssrc\core\shortcodes.php:14
filtermce_buttonssrc\core\shortcodes.php:15
actionadmin_menusrc\core\tools.php:14
actioninitsrc\cpt\delivery-suburb.php:13
actionload-edit.phpsrc\cpt\delivery-suburb.php:14
actionload-post.phpsrc\cpt\delivery-suburb.php:15
actionload-post-new.phpsrc\cpt\delivery-suburb.php:16
actionadmin_initsrc\cpt\delivery-suburb.php:17
actionadmin_menusrc\dd\calendar.php:13
actionadmin_headsrc\dd\dd-options.php:14
actionwoocommerce_update_options_bkf_ddsrc\dd\dd-options.php:15
actionadd_meta_boxessrc\dd\dd-options.php:16
actionsave_postsrc\dd\dd-options.php:17
actionwoocommerce_process_shop_order_metasrc\dd\dd-options.php:18
actionwoocommerce_admin_field_bkf_weekdaysrc\dd\dd-settings.php:19
actionwoocommerce_after_settings_bkf_ddsrc\dd\dd-settings.php:20
actionwoocommerce_review_order_before_paymentsrc\dd\dd.php:14
actionwoocommerce_checkout_update_order_metasrc\dd\dd.php:15
filterwoocommerce_email_order_meta_fieldssrc\dd\dd.php:16
filterwoocommerce_order_details_before_order_tablesrc\dd\dd.php:17
actionwoocommerce_after_checkout_validationsrc\dd\dd.php:18
filtermanage_edit-shop_order_columnssrc\dd\dd.php:19
filtermanage_edit-shop_order_sortable_columnssrc\dd\dd.php:20
filtermanage_woocommerce_page_wc-orders_columnssrc\dd\dd.php:21
filtermanage_woocommerce_page_wc-orders_sortable_columnssrc\dd\dd.php:22
actionpre_get_postssrc\dd\dd.php:23
actionwoocommerce_order_query_argssrc\dd\dd.php:24
actionmanage_shop_order_posts_custom_columnsrc\dd\dd.php:25
actionwoocommerce_shop_order_list_table_custom_columnsrc\dd\dd.php:26
filterwoocommerce_checkout_required_field_noticesrc\dd\dd.php:27
actionwoocommerce_before_checkout_shipping_formsrc\dd\dd.php:28
filterwoocommerce_order_data_store_cpt_get_orders_querysrc\dd\dd.php:29
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:13
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:14
actionwoocommerce_cart_calculate_feessrc\dd\fees.php:15
filterwoocommerce_order_query_argssrc\dd\filter.php:15
actionpre_get_postssrc\dd\filter.php:16
actionrestrict_manage_postssrc\dd\filter.php:17
actionwoocommerce_order_list_table_restrict_manage_orderssrc\dd\filter.php:18
filterviews_edit-shop_ordersrc\dd\filter.php:19
filterviews_woocommerce_page_wc-orderssrc\dd\filter.php:20
actioninitsrc\dd\hygiene.php:23
actionbkf_dd_purgesrc\dd\hygiene.php:24
actionbkf_cb_purgesrc\dd\hygiene.php:25
actionplugins_loadedsrc\dd\hygiene.php:26
filteremail_change_emailsrc\emails\override.php:13
filterwp_new_user_notification_email_adminsrc\emails\override.php:14
filterinvited_user_emailsrc\emails\override.php:15
filterrecovery_mode_emailsrc\emails\override.php:16
filterpassword_change_emailsrc\emails\override.php:17
filterauto_core_update_emailsrc\emails\override.php:18
filternew_user_email_contentsrc\emails\override.php:19
filternew_admin_email_contentsrc\emails\override.php:20
filternew_network_admin_email_contentsrc\emails\override.php:21
filterupdate_welcome_user_emailsrc\emails\override.php:22
filterrecovery_email_support_infosrc\emails\override.php:23
filtersite_admin_email_change_emailsrc\emails\override.php:24
filterauto_plugin_theme_update_emailsrc\emails\override.php:25
filterwp_new_user_notification_emailsrc\emails\override.php:26
filternetwork_admin_email_change_emailsrc\emails\override.php:27
filteruser_request_action_email_contentsrc\emails\override.php:28
filteruser_request_action_email_headerssrc\emails\override.php:29
filterretrieve_password_notification_emailsrc\emails\override.php:30
filteruser_request_confirmed_email_contentsrc\emails\override.php:31
filterwp_password_change_notification_emailsrc\emails\override.php:32
filterwp_mail_content_typesrc\emails\override.php:33
actionwoocommerce_email_classessrc\emails\status-email.php:13
actionwoocommerce_order_status_changedsrc\emails\status-email.php:15
filterwoocommerce_admin_order_actionssrc\pdf\actions.php:14
actionadmin_headsrc\pdf\actions.php:15
actionplugins_loadedsrc\pdf\pdf-options.php:18
actionadmin_footersrc\pdf\pdf-options.php:20
filterwoocommerce_email_attachmentssrc\pdf\pdf-options.php:21
actionwoocommerce_admin_order_data_after_order_detailssrc\pdf\pdf-options.php:22
filterwoocommerce_order_details_before_order_tablesrc\pdf\pdf-options.php:23
filterwoocommerce_order_actionssrc\pdf\pdf-options.php:24
actioninitsrc\petals\cpt.php:15
actionload-post.phpsrc\petals\cpt.php:16
actionload-post-new.phpsrc\petals\cpt.php:17
actionload-edit.phpsrc\petals\cpt.php:18
actioninitsrc\petals\cpt.php:19
actionacf/initsrc\petals\cpt.php:20
actionacf/save_postsrc\petals\cpt.php:21
filtersingle_templatesrc\petals\cpt.php:22
filterpost_row_actionssrc\petals\cpt.php:23
filterpre_get_document_titlesrc\petals\cpt.php:24
filterget_edit_post_linksrc\petals\cpt.php:25
filtermanage_bkf_petals_order_posts_columnssrc\petals\cpt.php:26
actionmanage_bkf_petals_order_posts_custom_columnsrc\petals\cpt.php:27
filtermanage_edit-bkf_petals_order_sortable_columnssrc\petals\cpt.php:28
actionpre_get_postssrc\petals\cpt.php:29
filterbulk_actions-edit-bkf_petals_ordersrc\petals\cpt.php:30
filtercomments_clausessrc\petals\cpt.php:32
filtercomment_feed_wheresrc\petals\cpt.php:33
filtergettextsrc\petals\cpt.php:1420
filtergettextsrc\petals\cpt.php:1434
actionwoocommerce_email_classessrc\petals\email.php:17
actionwoocommerce_email_order_metasrc\petals\email.php:19
actionwoocommerce_order_status_changedsrc\petals\email.php:20
filtercomments_clausessrc\petals\email.php:57
actionadd_meta_boxessrc\petals\messaging.php:16
filterwoocommerce_order_data_store_cpt_get_orders_querysrc\petals\outbound.php:15
actionadmin_menusrc\petals\petals-options.php:20
actionadmin_initsrc\petals\petals-options.php:21
actionmanage_shop_order_posts_custom_columnsrc\petals\petals.php:15
actionwoocommerce_shop_order_list_table_custom_columnsrc\petals\petals.php:16
filterwoocommerce_admin_order_data_after_order_detailssrc\petals\petals.php:17
actionadmin_menusrc\pos\phone.php:13
actionadmin_bar_menusrc\pos\phone.php:14
actionadmin_noticessrc\pos\phone.php:15
actionwoocommerce_checkout_update_order_reviewsrc\suburbs\method.php:18
filterwoocommerce_package_ratessrc\suburbs\method.php:71
filterwoocommerce_shipping_methodssrc\suburbs\method.php:78
actionwoocommerce_shipping_initsrc\suburbs\method.php:315
Maintenance & Trust

FloristPress for Woo – Customize your eCommerce store for your Florist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version8.1
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

FloristPress for Woo – Customize your eCommerce store for your Florist Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
Mercado Pago payments for WooCommerce

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

A
98

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 3 CVEs
WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
91

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
Developer Profile

FloristPress for Woo – Customize your eCommerce store for your Florist Developer Profile

BAKKBONE Australia

3 plugins · 110 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect FloristPress for Woo – Customize your eCommerce store for your Florist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bakkbone-florist-companion/lib/acf/acf.php/wp-content/plugins/bakkbone-florist-companion/src/petals/petals.php/wp-content/plugins/bakkbone-florist-companion/src/pdf/pdf.php/wp-content/plugins/bakkbone-florist-companion/src/dd/dd.php/wp-content/plugins/bakkbone-florist-companion/src/emails/status-email.php/wp-content/plugins/bakkbone-florist-companion/src/suburbs/method.php/wp-content/plugins/bakkbone-florist-companion/src/pos/phone.php/wp-content/plugins/bakkbone-florist-companion/src/awp/awp.php+30 more
Version Parameters
bakkbone-florist-companion/style.css?ver=bakkbone-florist-companion/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bkf_containerbkf_inputbkf_wrapbkf_tablebkf_wrap_optionsbkf_tab_content
HTML Comments
Dompdf version 3.1.0PhoneNumber version 0.8.0ACF version 6.5.0.1FullCalendar version 6.1.19+4 more
Data Attributes
data-plugin-path
JS Globals
BKF_AJAX_URLBKF_AJAX_NONCEBKF_VERSION
Shortcode Output
[bkf_delivery_options][bkf_delivery_calculator][bkf_card_creator][bkf_gift_message]
FAQ

Frequently Asked Questions about FloristPress for Woo – Customize your eCommerce store for your Florist