Does Bonkers Addons have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Bonkers Addons compatible with WordPress 5.8.13?

According to WordPress.org data, Bonkers Addons 1.0.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is Bonkers Addons updated?

Bonkers Addons was last updated on Jul 28, 2021. Frequent updates are generally a positive security signal.

What is Bonkers Addons's security score?

Bonkers Addons has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bonkers Addons Security & Risk Analysis

wordpress.org/plugins/bonkers-addons

This plugins adds several options in the customizer to use with your theme.

60 active installs v1.0.1 PHP + WP 3.7+ Updated Jul 28, 2021

companionshortcodeswidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bonkers Addons Safe to Use in 2026?

Generally Safe

Score 85/100

Bonkers Addons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "bonkers-addons" plugin v1.0.1 exhibits a mixed security posture. On the positive side, it shows good practices in its handling of SQL queries, utilizing prepared statements exclusively, and has a high percentage of properly escaped output. The complete absence of dangerous functions, file operations, external HTTP requests, and known vulnerabilities is also a strong indicator of a secure codebase in these areas. However, the presence of two AJAX handlers without authentication checks represents a significant security concern, as these could be exploited by unauthenticated users to perform unintended actions. The lack of nonce checks on these AJAX endpoints exacerbates this risk, making cross-site request forgery (CSRF) a plausible attack vector.

The taint analysis shows no critical or high severity flows, which is reassuring. However, the presence of three flows with unsanitized paths, even if not deemed critical in this analysis, indicates potential for unexpected behavior or information disclosure if these paths are used maliciously. The plugin's vulnerability history is currently clean, suggesting diligence from the developers or a lack of historical targeting. Nevertheless, the identified unprotected AJAX handlers are the most immediate and actionable security risks that require attention.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX handlers
Taint flows with unsanitized paths

Vulnerabilities

None known

Bonkers Addons Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Bonkers Addons Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Bonkers Addons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

317 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped338 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

bonkers_addons_init (bonkers-addons.php:32)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Bonkers Addons Attack Surface

Entry Points9

Unprotected2

AJAX Handlers 2

noprivwp_ajax_bonkers_addons_save_sortablebonkers-addons.php:1396

authwp_ajax_bonkers_addons_save_sortablebonkers-addons.php:1397

Shortcodes 7

[shopapp_gallery] shortcodes\gallery.php:93

[shopapp_image_banner] shortcodes\image-banner.php:93

[shopapp_instagram_box] shortcodes\instagram-box.php:124

[shopapp_offer_banner] shortcodes\offer-banner.php:145

[shopapp_products_carousel] shortcodes\product-carousel.php:177

[shopapp_products_slider] shortcodes\slider-products.php:146

[shopapp_stairs_products] shortcodes\stairs-products.php:123

WordPress Hooks 16

actioncustomize_registerbonkers-addons.php:1305

actionwidgets_initbonkers-addons.php:1321

actioncustomize_controls_enqueue_scriptsbonkers-addons.php:1416

actionadmin_noticesbonkers-addons.php:1437

actionplugins_loadedbonkers-addons.php:1447

actionvc_before_initshortcodes\gallery.php:44

actionvc_before_initshortcodes\image-banner.php:45

actionvc_before_initshortcodes\instagram-box.php:56

actionvc_before_initshortcodes\offer-banner.php:68

actionvc_before_initshortcodes\product-carousel.php:65

actionvc_before_initshortcodes\slider-products.php:58

actionvc_before_initshortcodes\stairs-products.php:51

actionadmin_enqueue_scriptswidgets\class-bonkers-client-logo.php:18

actionadmin_enqueue_scriptswidgets\class-bonkers-phone-feature.php:18

actionadmin_enqueue_scriptswidgets\class-bonkers-service.php:18

actionadmin_enqueue_scriptswidgets\class-bonkers-team-member.php:18

Maintenance & Trust

Bonkers Addons Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJul 28, 2021

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

Bonkers Addons Alternatives

Matcha Extra

matcha-extra

100

Used for adding extra features to WP Matcha Themes.

0 No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Desert Companion

desert-companion

100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs

Arile Extra

arile-extra

100

Arile Extra is a companion plugin for ArileWP WordPress theme by ThemeArile.

10K No CVEs

Shapely Companion

shapely-companion

Shapely Companion is a companion plugin for Shapely WordPress theme by Colorlib.com.

10K 1 CVE

Developer Profile

Bonkers Addons Developer Profile

colorlibplugins

11 plugins · 420K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

747 days

View full developer profile

Detection Fingerprints

How We Detect Bonkers Addons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bonkers-addons/custom-controls/class-bonkers-radio-image-control.php/wp-content/plugins/bonkers-addons/custom-controls/class-bonkers-addons-display-text-control.php/wp-content/plugins/bonkers-addons/shortcodes/product-carousel.php

HTML / DOM Fingerprints

CSS Classes

bonkers-intro-lineql_border_btn

HTML Comments

Data Attributes

data-sectionid="bonkers_addons_welcome_section"data-sectionid="bonkers_addons_services_section"

JS Globals

window.bonkers_addons_sanitize_text_htmlwindow.bonkers_addons_sanitize_textwindow.bonkers_addons_sanitize_urlwindow.bonkers_addons_sanitize_integer

Shortcode Output

[product_carousel]

FAQ