WP-Safety

Bulk Content Toolkit Security & Risk Analysis

wordpress.org/plugins/bulk-content-toolkit

A WordPress plugin for bulk editing posts, pages, and custom post types with quick actions and custom fields.

20 active installs v1.2.9 PHP 7.4+ WP 5.0+ Updated Mar 13, 2026
bulk-actionsbulk-editcontent-managementwordpress-plugin
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Bulk Content Toolkit Safe to Use in 2026?

Generally Safe

Score 100/100

Bulk Content Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago
Risk Assessment

The "bulk-content-toolkit" v1.2.9 plugin exhibits a generally strong security posture, with a significant emphasis on secure coding practices. The plugin demonstrates a high rate of properly escaped outputs and a good adoption of prepared statements for SQL queries. The absence of known CVEs and a clean vulnerability history further bolster this positive outlook, suggesting a mature and well-maintained codebase.

However, the static analysis did reveal some areas for improvement. Specifically, there are three identified flows with unsanitized paths. While these are flagged as high severity, the absence of actual exploitable vulnerabilities in the history suggests these might be potential risks rather than actively exploited weaknesses. The presence of multiple AJAX handlers, though all protected, still contributes to the overall attack surface, and any future oversights in these areas could pose a risk.

In conclusion, "bulk-content-toolkit" v1.2.9 is a relatively secure plugin with good fundamental security practices. The main area of concern lies in the identified unsanitized path flows, which warrant further investigation and remediation to eliminate potential vulnerabilities. The strong history of no known vulnerabilities is a positive indicator, but proactive addressing of the identified taint flows will ensure continued security.

Key Concerns

  • Flows with unsanitized paths (high severity)
Vulnerabilities
None known

Bulk Content Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Bulk Content Toolkit Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
2
143 escaped
Nonce Checks
10
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

80% prepared10 total queries

Output Escaping

99% escaped145 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
bulkedittoolkit_handle_custom_fields_update (includes\admin\quick-edit.php:449)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Bulk Content Toolkit Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_get_quick_edit_statusincludes\api\ajax-handlers.php:19
authwp_ajax_get_bulk_edit_statusesincludes\api\ajax-handlers.php:42
noprivwp_ajax_get_bulk_edit_statusesincludes\api\ajax-handlers.php:43
authwp_ajax_update_fields_for_post_typeincludes\api\ajax-handlers.php:45
authwp_ajax_load_selected_fieldsincludes\api\ajax-handlers.php:75
authwp_ajax_bulk_edit_fields_saveincludes\api\ajax-handlers.php:102
authwp_ajax_remove_post_type_from_bulk_editincludes\api\ajax-handlers.php:149
WordPress Hooks 12
actionadmin_noticesbulk-content-toolkit.php:53
actioninitbulk-content-toolkit.php:98
actionadmin_menuincludes\admin\admin-settings.php:167
actionadmin_initincludes\admin\admin-settings.php:168
actionadmin_noticesincludes\admin\bulk-actions.php:58
actionbulk_edit_custom_boxincludes\admin\quick-edit.php:396
actionquick_edit_custom_boxincludes\admin\quick-edit.php:401
actionadmin_post_update_custom_fieldsincludes\admin\quick-edit.php:447
actionadmin_enqueue_scriptsincludes\frontend\enqueue-scripts.php:50
actionadmin_enqueue_scriptsincludes\frontend\enqueue-scripts.php:51
actionadmin_enqueue_scriptsincludes\frontend\enqueue-scripts.php:63
actionadmin_enqueue_scriptsincludes\frontend\enqueue-scripts.php:72
Maintenance & Trust

Bulk Content Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Bulk Content Toolkit Alternatives

Bulk Edit Post Title

Bulk Edit Post Title

bulk-edit-post-title

A
100

Efficiently modify multiple post titles in bulk with three powerful editing modes. Designed for WordPress content managers and editors.

100 No CVEs
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

auto-image-attributes-from-filename-with-bulk-updater

A
100

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K No CVEs
Country & Phone Field Contact Form 7

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

A
100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

woo-bulk-editor

A
97

BEAR - WooCommerce Bulk Editor Professional (former WOOBE) is plugin for bulk edit/manage woocommerce products their data in the flexible way

40K 17 CVEs
ACF Quick Edit Fields

ACF Quick Edit Fields

acf-quickedit-fields

A
92

Enable Columns, Filters, Quick Edit and Bulk Edit for ACF Fields in WordPress List Tables

30K 1 CVE
Developer Profile

Bulk Content Toolkit Developer Profile

Thomas Lloancy

9 plugins · 120 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bulk Content Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bulk-content-toolkit/assets/css/admin-styles.css/wp-content/plugins/bulk-content-toolkit/assets/js/bulk-edit-scripts.js/wp-content/plugins/bulk-content-toolkit/assets/js/bulk-edit-settings.js/wp-content/plugins/bulk-content-toolkit/assets/js/quick-edit-script.js
Script Paths
/wp-content/plugins/bulk-content-toolkit/assets/js/bulk-edit-scripts.js/wp-content/plugins/bulk-content-toolkit/assets/js/bulk-edit-settings.js/wp-content/plugins/bulk-content-toolkit/assets/js/quick-edit-script.js
Version Parameters
bulk-content-toolkit/assets/css/admin-styles.css?ver=bulk-content-toolkit/assets/js/bulk-edit-scripts.js?ver=bulk-content-toolkit/assets/js/bulk-edit-settings.js?ver=bulk-content-toolkit/assets/js/quick-edit-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bulk-edit-settings-wrapbulk-edit-field-rowbulk-edit-field-labelbulk-edit-field-inputbulk-edit-action-columnbulk-edit-nonce-fieldbulk-edit-save-buttonbulk-edit-cancel-button
HTML Comments
<!-- Bulk Content Toolkit Settings --><!-- Bulk Edit Form --><!-- Quick Edit Field -->
Data Attributes
data-bulk-edit-fielddata-bulk-edit-post-typedata-bulk-edit-field-name
JS Globals
bulkEditToolkitbulkEditToolkitAdmin
REST Endpoints
/wp-json/bulk-content-toolkit/v1/settings/wp-json/bulk-content-toolkit/v1/update_setting
FAQ

Frequently Asked Questions about Bulk Content Toolkit