WP-Safety

BOGO Plus for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bogo-plus-for-woocommerce

BOGO Plus For WooCommerce makes Buy One, Get One promotions so easy!

40 active installs v1.1.0 PHP 7.4+ WP 6.1+ Updated Jan 4, 2026
bogobuy-one-get-onecouponsalewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is BOGO Plus for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

BOGO Plus for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "bogo-plus-for-woocommerce" plugin v1.1.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good coding practices by utilizing prepared statements for all SQL queries, properly escaping all output, and having no recorded vulnerability history. This suggests a developer who is aware of common web security pitfalls.

However, a significant concern arises from the presence of one unprotected AJAX handler. This represents a direct entry point into the plugin's functionality that lacks authentication checks, making it a potential target for unauthorized actions or data manipulation. While no taint flows were detected, the absence of capability checks for this AJAX handler is a notable weakness. The plugin's vulnerability history being entirely clear is a strong indicator of past security awareness, but it does not negate the current, identified risk in the code analysis.

In conclusion, while the plugin has strengths in its data handling and output sanitization, the unprotected AJAX handler poses a clear and present security risk. This requires immediate attention to implement proper authentication and authorization mechanisms before it can be considered secure.

Key Concerns

  • Unprotected AJAX handler found
  • AJAX handler without capability checks
Vulnerabilities
None known

BOGO Plus for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BOGO Plus for WooCommerce Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

BOGO Plus for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
15 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped15 total outputs
Attack Surface
1 unprotected

BOGO Plus for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_bogo_plus_product_searchbogo-plus-for-woocommerce.php:44
WordPress Hooks 12
filterwoocommerce_coupon_discount_typesbogo-plus-for-woocommerce.php:27
actionwoocommerce_before_calculate_totalsbogo-plus-for-woocommerce.php:30
actionwoocommerce_before_calculate_totalsbogo-plus-for-woocommerce.php:31
actionwoocommerce_before_calculate_totalsbogo-plus-for-woocommerce.php:32
actionwoocommerce_removed_couponbogo-plus-for-woocommerce.php:34
actionwoocommerce_before_calculate_totalsbogo-plus-for-woocommerce.php:37
actionwoocommerce_removed_couponbogo-plus-for-woocommerce.php:47
actionwoocommerce_before_calculate_totalsbogo-plus-for-woocommerce.php:50
actionwoocommerce_coupon_optionsbogo-plus-for-woocommerce.php:54
actionwoocommerce_coupon_options_savebogo-plus-for-woocommerce.php:87
filterwoocommerce_coupon_is_validbogo-plus-for-woocommerce.php:108
actionbefore_woocommerce_initbogo-plus-for-woocommerce.php:111
Maintenance & Trust

BOGO Plus for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 4, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

BOGO Plus for WooCommerce Alternatives

PW WooCommerce BOGO

PW WooCommerce BOGO

pw-woocommerce-bogo-free

A
100

PW WooCommerce BOGO Free makes Buy One, Get One promotions so easy!

400 No CVEs
DC BOGO Coupons

DC BOGO Coupons

dc-bogo-coupons

A
100

The minimal, elegant, and powerful solution for creating advanced Buy One, Get One offers in WooCommerce.

0 No CVEs
Smart Coupons For WooCommerce Coupons

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

A
99

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE
Advanced Coupons for WooCommerce Coupons & Store Credit

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

A
93

Enhance WooCommerce coupons with new coupon types, BOGO coupons, store credit, discount rules, url coupons, gift cards, loyalty program + more!

20K 4 CVEs
GIFTiT – Free Gifts for WooCommerce

GIFTiT – Free Gifts for WooCommerce

ithemeland-free-gifts-for-woo

A
100

Free Gifts for WooCommerce allows you to offer Free Gifts to your customers whenever they make a purchase on your site.

2K No CVEs
Developer Profile

BOGO Plus for WooCommerce Developer Profile

Rashmi Singh

2 plugins · 70 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BOGO Plus for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bogo-plus-for-woocommerce/assets/css/bogo-plus-admin.css/wp-content/plugins/bogo-plus-for-woocommerce/assets/js/bogo-plus-admin.js
Script Paths
/wp-content/plugins/bogo-plus-for-woocommerce/assets/js/bogo-plus-admin.js
Version Parameters
bogo-plus-for-woocommerce/assets/css/bogo-plus-admin.css?ver=bogo-plus-for-woocommerce/assets/js/bogo-plus-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bogo-plus-coupon-options
HTML Comments
<!-- BOGO Plus Coupon Options -->
Data Attributes
data-noncedata-product_iddata-variation_iddata-bogo_iddata-bogo_variation_iddata-bogo_qty+1 more
JS Globals
bogo_plus_ajax_object
REST Endpoints
/wp-json/bogo-plus-for-woocommerce/v1/product-search
FAQ

Frequently Asked Questions about BOGO Plus for WooCommerce