Does Bolt Checkout for BigCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Bolt Checkout for BigCommerce compatible with WordPress 5.0.25?

According to WordPress.org data, Bolt Checkout for BigCommerce 1.0.0 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is Bolt Checkout for BigCommerce compatible with PHP 5.5+?

Bolt Checkout for BigCommerce requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bolt Checkout for BigCommerce updated?

Bolt Checkout for BigCommerce was last updated on Jan 3, 2019. Frequent updates are generally a positive security signal.

What is Bolt Checkout for BigCommerce's security score?

Bolt Checkout for BigCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bolt Checkout for BigCommerce Security & Risk Analysis

wordpress.org/plugins/bolt-checkout-bigcommerce

Bring the world's fastest checkout to your Wordpress site using BigCommerce for Wordpress.

10 active installs v1.0.0 PHP 5.5+ WP 2.7+ Updated Jan 3, 2019

boltcheckoutecommercepaypayment

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bolt Checkout for BigCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Bolt Checkout for BigCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The bolt-checkout-bigcommerce plugin v1.0.0 exhibits a concerning security posture due to a significant number of unprotected entry points. Out of 9 identified entry points, 8 lack authentication or permission checks, including all 6 AJAX handlers and both REST API routes. This creates a broad attack surface, making it highly vulnerable to unauthorized actions if an attacker can trigger these functions. While the code utilizes prepared statements for all SQL queries, which is a strong security practice, it fails to implement any nonce checks on AJAX handlers, a critical oversight for preventing Cross-Site Request Forgery (CSRF) attacks. The presence of unsanitized paths in taint analysis, even without critical or high severity findings, indicates a potential for path traversal vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, this lack of historical issues does not mitigate the current risks identified in the static analysis. In conclusion, while the plugin demonstrates good practices in SQL handling, the overwhelming number of unprotected entry points and the absence of essential security checks like nonces on AJAX handlers present a significant risk that requires immediate attention.

Key Concerns

Large attack surface without auth checks
AJAX handlers without auth checks
REST API routes without permission callbacks
No nonce checks on AJAX handlers
Low percentage of properly escaped output
Unsanitized paths in taint flows

Vulnerabilities

None known

Bolt Checkout for BigCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Bolt Checkout for BigCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Bolt Checkout for BigCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit( 300 );src/class-bolt-save-order.php:393

SQL Query Safety

100% prepared11 total queries

Output Escaping

10% escaped21 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ajax_bolt_create_single_order (src/class-bolt-page-checkout.php:43)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Bolt Checkout for BigCommerce Attack Surface

Entry Points9

Unprotected8

AJAX Handlers 6

authwp_ajax_bolt_create_single_ordersrc/class-bolt-page-checkout.php:38

noprivwp_ajax_bolt_create_single_ordersrc/class-bolt-page-checkout.php:39

authwp_ajax_bolt_create_ordersrc/class-bolt-save-order.php:47

noprivwp_ajax_bolt_create_ordersrc/class-bolt-save-order.php:48

authwp_ajax_bolt_clean_up_resourcessrc/class-bolt-save-order.php:49

noprivwp_ajax_bolt_clean_up_resourcessrc/class-bolt-save-order.php:50

REST API Routes 2

GET/wp-json/bolt/responsesrc/class-bolt-save-order.php:37

GET/wp-json/bolt/shippingtaxsrc/class-bolt-shipping-and-tax.php:31

Shortcodes 1

[bolt-confirmation] src/class-bolt-confirmation-page.php:11

WordPress Hooks 11

actionadmin_menusrc/class-bolt-bigcommerce-wordpress-admin.php:26

actionadmin_enqueue_scriptssrc/class-bolt-bigcommerce-wordpress-admin.php:27

actionwp_enqueue_scriptssrc/class-bolt-bigcommerce-wordpress.php:15

actioninitsrc/class-bolt-bigcommerce-wordpress.php:32

actionwp_logoutsrc/class-bolt-bigcommerce-wordpress.php:33

actionwp_loginsrc/class-bolt-bigcommerce-wordpress.php:34

filterbigcommerce/template=components/cart/cart-footer.php/datasrc/class-bolt-generate-order-token.php:25

filterbigcommerce/template/product/singlesrc/class-bolt-generate-order-token.php:29

filterbigcommerce/button/purchasesrc/class-bolt-generate-order-token.php:30

actionrest_api_initsrc/class-bolt-save-order.php:17

actionrest_api_initsrc/class-bolt-shipping-and-tax.php:12

Maintenance & Trust

Bolt Checkout for BigCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedJan 3, 2019

PHP min version5.5

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Bolt Checkout for BigCommerce Alternatives

Bolt Checkout for WooCommerce

bolt-checkout-woocommerce

100

Bring the world's fastest checkout to your WooCommerce site

100 No CVEs

iyzico for WooCommerce

iyzico-woocommerce

100

iyzico latest payment processing solution. Accept credit/debit cards, alternative digital wallets and bank accounts.

10K No CVEs

FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

fluent-cart

Sell Subscriptions, Physical Products, Digital Downloads easier than ever. Built for performance, scalability, and flexibility.

5K 2 CVEs

Payment Button for PayPal

wp-paypal

Easily accept payment in WordPress by adding a PayPal button to your website. Add PayPal Buy Now, Add to Cart, Subscription or Donation button.

4K 3 CVEs

GoDaddy Payments for WooCommerce

godaddy-payments

100

A payment gateway plugin that enables your U.S. or Canadian business to accept credit card payments directly on your WooCommerce site.

2K No CVEs

Developer Profile

Bolt Checkout for BigCommerce Developer Profile

boltpay

2 plugins · 110 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bolt Checkout for BigCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bolt-checkout-bigcommerce/src/css/bolt-bigcommerce.css

Version Parameters

bolt-bigcommerce-wordpress/src/css/bolt-bigcommerce.css?ver=

HTML / DOM Fingerprints

CSS Classes

wc-enhanced-select

Data Attributes

bolt-bigcommerce_api_keybolt-bigcommerce_signing_secretbolt-bigcommerce_publishable_keybolt-bigcommerce_testmodebolt-bigcommerce_paymentaction

FAQ