WP-Safety

Bolt Checkout for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bolt-checkout-woocommerce

Bring the world's fastest checkout to your WooCommerce site

100 active installs v2.21.1 PHP 7.0+ WP 5.0+ Updated Jul 8, 2025
boltcheckoutecommercepaymentwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bolt Checkout for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Bolt Checkout for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The security posture of the bolt-checkout-woocommerce plugin version 2.21.1 presents several significant concerns despite a clean vulnerability history. The static analysis reveals a considerable attack surface, with 8 out of 10 entry points lacking proper permission callbacks. This is further exacerbated by 7 taint flows identified as having unsanitized paths, all of which are flagged as high severity. While the plugin does not appear to have known CVEs, the presence of these high-severity taint flows suggests potential vulnerabilities that could be exploited if not addressed. The relatively low percentage of properly escaped output (57%) also raises concerns about potential cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Unprotected REST API routes
  • High severity unsanitized taint flows
  • Low percentage of proper output escaping
Vulnerabilities
None known

Bolt Checkout for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Bolt Checkout for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
25 prepared
Unescaped Output
67
89 escaped
Nonce Checks
2
Capability Checks
1
File Operations
15
External Requests
1
Bundled Libraries
0

SQL Query Safety

76% prepared33 total queries

Output Escaping

57% escaped156 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
auth_redirect (includes\classes\class-bolt-auth-redirect.php:96)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Bolt Checkout for WooCommerce Attack Surface

Entry Points10
Unprotected8

REST API Routes 8

GET/wp-json/bolt/responseincludes\bolt-payment-gateway-helpers.php:44
GET/wp-json/bolt/featureswitches/changedincludes\bolt-payment-gateway-helpers.php:53
GET/wp-json/bolt/redirectincludes\classes\class-bolt-auth-redirect.php:77
GET/wp-json/bolt/debugincludes\classes\class-bolt-debug.php:73
GET/wp-json/bolt/loginincludes\classes\class-bolt-get-account.php:78
GET/wp-json/bolt/create-orderincludes\classes\class-bolt-order-creator.php:83
GET/wp-json/bolt/shippingtaxincludes\classes\class-bolt-shipping-and-tax.php:63
GET/wp-json/bolt/update-cartincludes\classes\class-bolt-update-cart.php:87

Shortcodes 2

[bolt_account] includes\classes\class-bolt-html-handler.php:709
[bolt_sso] includes\classes\class-bolt-html-handler.php:710
WordPress Hooks 100
actionadmin_noticesbolt-checkout-woocommerce.php:120
actionwoocommerce_initbolt-checkout-woocommerce.php:130
actionplugins_loadedbolt-checkout-woocommerce.php:134
filterwoocommerce_is_rest_api_requestbolt-checkout-woocommerce.php:186
actionbefore_woocommerce_initbolt-checkout-woocommerce.php:205
actionadmin_enqueue_scriptsincludes\admin\class-bolt-checkout-admin.php:52
actionwoocommerce_admin_order_data_after_billing_addressincludes\admin\class-bolt-checkout-admin.php:59
actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-bolt-checkout-admin.php:68
actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-bolt-checkout-admin.php:77
actionwoocommerce_admin_order_data_after_order_detailsincludes\admin\class-bolt-checkout-admin.php:86
filtermanage_shop_order_posts_columnsincludes\admin\class-bolt-checkout-admin.php:91
filterwoocommerce_shop_order_list_table_columnsincludes\admin\class-bolt-checkout-admin.php:92
actionmanage_shop_order_posts_custom_columnincludes\admin\class-bolt-checkout-admin.php:95
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-bolt-checkout-admin.php:104
filterwoocommerce_order_actionsincludes\admin\class-bolt-checkout-admin.php:115
actionwoocommerce_order_action_wc_bolt_force_approveincludes\admin\class-bolt-checkout-admin.php:118
actionwoocommerce_order_action_wc_bolt_confirm_rejectionincludes\admin\class-bolt-checkout-admin.php:121
filterwoocommerce_valid_order_statuses_for_payment_completeincludes\admin\class-bolt-checkout-admin.php:124
filterjson_endpointsincludes\bolt-payment-gateway-helpers.php:37
actionrest_api_initincludes\bolt-payment-gateway-helpers.php:64
actionshutdownincludes\bolt-payment-gateway-helpers.php:262
actionwoocommerce_order_status_on-hold_to_cancelledincludes\bolt-payment-gateway-helpers.php:487
actionwoocommerce_order_status_on-hold_to_processingincludes\bolt-payment-gateway-helpers.php:531
actionwoocommerce_order_status_on-hold_to_completedincludes\bolt-payment-gateway-helpers.php:532
actionshutdownincludes\bolt-payment-gateway-helpers.php:594
actionshutdownincludes\bolt-payment-gateway-helpers.php:731
filterwoocommerce_default_address_fieldsincludes\classes\class-bolt-address-helper.php:106
filterwc_bolt_order_creation_hint_dataincludes\classes\class-bolt-address-helper.php:107
filterwoocommerce_validate_postcodeincludes\classes\class-bolt-address-helper.php:497
filterjson_endpointsincludes\classes\class-bolt-auth-redirect.php:43
actionrest_api_initincludes\classes\class-bolt-auth-redirect.php:45
actionwoocommerce_after_checkout_formincludes\classes\class-bolt-checkout-tracking.php:47
actionwoocommerce_thankyouincludes\classes\class-bolt-checkout-tracking.php:50
filterwoocommerce_update_order_review_fragmentsincludes\classes\class-bolt-checkout-tracking.php:53
actionwp_footerincludes\classes\class-bolt-checkout-tracking.php:62
actionwoocommerce_checkout_order_processedincludes\classes\class-bolt-checkout-tracking.php:65
actionwp_enqueue_scriptsincludes\classes\class-bolt-checkout.php:119
actionwc_ajax_wc_bolt_create_orderincludes\classes\class-bolt-checkout.php:121
actionwc_ajax_wc_bolt_save_emailincludes\classes\class-bolt-checkout.php:122
actionwc_ajax_wc_bolt_checkout_validationincludes\classes\class-bolt-checkout.php:123
actionwc_ajax_wc_bolt_record_frontend_errorincludes\classes\class-bolt-checkout.php:124
actionwc_ajax_wc_bolt_generate_checkout_btnincludes\classes\class-bolt-checkout.php:125
actionwoocommerce_checkout_order_processedincludes\classes\class-bolt-checkout.php:127
actionwoocommerce_checkout_order_processedincludes\classes\class-bolt-checkout.php:128
filterwoocommerce_payment_successful_resultincludes\classes\class-bolt-checkout.php:131
filterwoocommerce_payment_successful_resultincludes\classes\class-bolt-checkout.php:142
filterwoocommerce_my_account_my_orders_actionsincludes\classes\class-bolt-checkout.php:153
filterwoocommerce_cancel_unpaid_orderincludes\classes\class-bolt-checkout.php:164
actionwoocommerce_after_order_object_saveincludes\classes\class-bolt-checkout.php:167
actionwoocommerce_after_shop_order_object_saveincludes\classes\class-bolt-checkout.php:176
actionshutdownincludes\classes\class-bolt-checkout.php:782
filterjson_endpointsincludes\classes\class-bolt-debug.php:38
actionrest_api_initincludes\classes\class-bolt-debug.php:40
actioninitincludes\classes\class-bolt-gateway-init.php:353
actioninitincludes\classes\class-bolt-gateway-init.php:354
filterwoocommerce_payment_gatewaysincludes\classes\class-bolt-gateway-init.php:355
filterwc_order_statusesincludes\classes\class-bolt-gateway-init.php:356
actionwp_print_scriptsincludes\classes\class-bolt-gateway-init.php:357
filterjson_endpointsincludes\classes\class-bolt-get-account.php:43
actionrest_api_initincludes\classes\class-bolt-get-account.php:45
actionwoocommerce_after_add_to_cart_buttonincludes\classes\class-bolt-html-handler.php:75
actionwoocommerce_proceed_to_checkoutincludes\classes\class-bolt-html-handler.php:76
actionwoocommerce_widget_shopping_cart_buttonsincludes\classes\class-bolt-html-handler.php:77
actionbolt_payment_checkoutincludes\classes\class-bolt-html-handler.php:78
actioninitincludes\classes\class-bolt-html-handler.php:79
actioninitincludes\classes\class-bolt-install.php:27
actionshutdownincludes\classes\class-bolt-metrics-client.php:312
filterjson_endpointsincludes\classes\class-bolt-order-creator.php:48
actionrest_api_initincludes\classes\class-bolt-order-creator.php:50
filterjson_endpointsincludes\classes\class-bolt-shipping-and-tax.php:38
actionrest_api_initincludes\classes\class-bolt-shipping-and-tax.php:40
filterjson_endpointsincludes\classes\class-bolt-shipping-api-handler.php:31
actionrest_api_initincludes\classes\class-bolt-shipping-api-handler.php:33
filterjson_endpointsincludes\classes\class-bolt-tax-api-handler.php:31
actionrest_api_initincludes\classes\class-bolt-tax-api-handler.php:33
actionwc_bolt_presetup_set_cart_by_bolt_referenceincludes\classes\class-bolt-update-cart.php:42
filterjson_endpointsincludes\classes\class-bolt-update-cart.php:52
actionrest_api_initincludes\classes\class-bolt-update-cart.php:54
actionwc_ajax_wc_bolt_save_wc_order_attributionincludes\classes\class-bolt-wc-order-attribution.php:92
actionwoocommerce_after_cartincludes\classes\class-bolt-wc-order-attribution.php:99
actionwoocommerce_after_add_to_cart_formincludes\classes\class-bolt-wc-order-attribution.php:100
actionwp_footerincludes\classes\class-bolt-wc-order-attribution.php:101
actionwoocommerce_register_formincludes\classes\class-bolt-wc-order-attribution.php:102
filterwc_bolt_cart_js_paramsincludes\classes\class-bolt-wc-order-attribution.php:103
filterwc_bolt_filter_product_page_ppc_button_js_paramsincludes\classes\class-bolt-wc-order-attribution.php:109
actionwc_bolt_after_set_cart_by_bolt_referenceincludes\classes\class-bolt-wc-order-attribution.php:115
actionwc_bolt_after_load_cart_from_native_wc_sessionincludes\classes\class-bolt-wc-order-attribution.php:121
filterwoocommerce_shipping_chosen_methodincludes\classes\class-bolt-woocommerce-cart-calculation.php:53
actionwc_ajax_wc_bolt_get_bolt_cartincludes\functions\bolt-cart-functions.php:123
actionwoocommerce_after_checkout_validationincludes\functions\bolt-checkout-functions.php:37
filterwoocommerce_available_payment_gatewaysincludes\functions\bolt-checkout-functions.php:59
filterwoocommerce_my_account_my_orders_actionsincludes\functions\bolt-checkout-functions.php:77
filterbefore_woocommerce_payincludes\functions\bolt-checkout-functions.php:93
filterwoocommerce_before_pay_actionincludes\functions\bolt-checkout-functions.php:181
actionwoocommerce_after_template_partincludes\functions\bolt-checkout-functions.php:203
actionwoocommerce_order_status_bolt-reject_to_processingincludes\functions\bolt-email-functions.php:34
actionwoocommerce_order_status_bolt-reject_to_failedincludes\functions\bolt-email-functions.php:53
filterwoocommerce_gateway_titleincludes\functions\bolt-order-functions.php:328
actionwp_enqueue_scriptsincludes\public\class-bolt-payment-gateway-public.php:48
actionwp_headincludes\public\class-bolt-payment-gateway-public.php:58
Maintenance & Trust

Bolt Checkout for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 8, 2025
PHP min version7.0
Downloads47K

Community Trust

Rating60/100
Number of ratings10
Active installs100
Alternatives

Bolt Checkout for WooCommerce Alternatives

iyzico for WooCommerce

iyzico for WooCommerce

iyzico-woocommerce

A
100

iyzico latest payment processing solution. Accept credit/debit cards, alternative digital wallets and bank accounts.

10K No CVEs
Aplazame

Aplazame

aplazame

A
100

Aplazame is an instant credit payment method for online purchases that allows Magento stores to boost sales by 50% by using financing as a marketing l …

600 No CVEs
Unify

Unify

unify

A
95

A CRM payment plugin which enables connectivity with Sticky.io (Formally Limelight)/Konnektive CRM and many more.

100 3 CVEs
Payment Gateway PayPay for WooCommerce

Payment Gateway PayPay for WooCommerce

wc-paypay-gateway

A
92

This plugin adds the functionality to take PayPay payments on your store of WooCommerce.

100 No CVEs
FreedomPay

FreedomPay

freedompay-payment-gateway

A
92

It's pretty easy to receive payments with FreedomPay Payments Provider.

90 No CVEs
Developer Profile

Bolt Checkout for WooCommerce Developer Profile

boltpay

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bolt Checkout for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bolt-checkout-woocommerce/assets/css/bolt-checkout-admin.css/wp-content/plugins/bolt-checkout-woocommerce/assets/js/bolt-checkout-admin.js/wp-content/plugins/bolt-checkout-woocommerce/assets/js/bolt-checkout-frontend.js
Script Paths
bolt-checkout-woocommerce/assets/js/bolt-checkout-admin.jsbolt-checkout-woocommerce/assets/js/bolt-checkout-frontend.js
Version Parameters
bolt-checkout-woocommerce/assets/css/bolt-checkout-admin.css?ver=bolt-checkout-woocommerce/assets/js/bolt-checkout-admin.js?ver=bolt-checkout-woocommerce/assets/js/bolt-checkout-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
bolt-checkout-noticebolt-checkout-wrapper
HTML Comments
<!-- Bolt Checkout for WooCommerce. --><!-- Required minimum versions, paths, urls, etc. --><!-- WooCommerce Bolt Checkout fallback notice. --><!-- Main instance of WooCommerce Bolt Payment Gateway. -->+4 more
Data Attributes
data-bolt-checkout-settings
JS Globals
BoltCheckoutAdminbolt
REST Endpoints
/wp-json/bolt-checkout/
FAQ

Frequently Asked Questions about Bolt Checkout for WooCommerce