WP-Safety

Bulk Delete Security & Risk Analysis

wordpress.org/plugins/bulk-delete

Bulk delete posts, pages, users, attachments, and meta fields based on complex bulk conditions & filters.

30K active installs v6.11 PHP 5.3+ WP 5.0+ Updated Dec 23, 2025
bulkbulk-cleanbulk-deleteclean-databasedelete
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 3, 2016
Plugin page Download
Safety Verdict

Is Bulk Delete Safe to Use in 2026?

Generally Safe

Score 100/100

Bulk Delete has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2016Updated 3mo ago
Risk Assessment

The "bulk-delete" plugin version 6.11 presents a generally good security posture, with strong adherence to secure coding practices. The static analysis reveals a minimal attack surface, with only one AJAX handler, and importantly, this handler appears to be protected by authorization checks. The absence of dangerous functions, file operations, and external HTTP requests further enhances its security. A high percentage of SQL queries utilize prepared statements, and output escaping is robust, minimizing risks of SQL injection and cross-site scripting (XSS). Nonce checks are present on all identified SQL queries, and capability checks are also implemented.

Key Concerns

  • Majority of SQL queries are prepared
  • High percentage of output escaping
  • Nonce checks on all SQL queries
  • Capability checks present
  • AJAX handler has authorization
  • No dangerous functions or file operations
  • No external HTTP requests
  • Bundled library (Select2) may need updates
  • One medium severity vulnerability historically
Vulnerabilities
1

Bulk Delete Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-c3016491-6a6a-433f-9018-5e84f9e3e37c-bulk-deletemedium · 5.4Missing Authorization

Bulk Delete <= 5.5.3 - Missing Authorization

Mar 3, 2016 Patched in 5.5.4 (2882d)
Code Analysis
Analyzed Mar 16, 2026

Bulk Delete Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
8 prepared
Unescaped Output
51
475 escaped
Nonce Checks
14
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

57% prepared14 total queries

Output Escaping

90% escaped526 total outputs
Attack Surface

Bulk Delete Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_bd_load_taxonomy_terminclude\Core\Controller.php:29
WordPress Hooks 76
actionbd_add_meta_box_for_postsinclude\addons\posts.php:27
filtersafe_style_cssinclude\addons\util.php:83
filtersafe_style_cssinclude\addons\util.php:336
filterbd_action_nonce_checkinclude\base\class-bd-base-page.php:117
filterbd_admin_help_tabsinclude\base\class-bd-base-page.php:118
filteradmin_footer_textinclude\base\class-bd-base-page.php:277
actionbd_before_admin_enqueue_scriptsinclude\compatibility\advanced-custom-fields-pro.php:23
actionbd_before_queryinclude\compatibility\the-event-calendar.php:23
actionbd_before_admin_enqueue_scriptsinclude\compatibility\woocommerce.php:24
actionadmin_initinclude\controller\class-bd-controller.php:20
actionbd_pre_bulk_actioninclude\controller\class-bd-controller.php:21
actionbd_before_schedulerinclude\controller\class-bd-controller.php:22
filterbd_get_action_nonce_checkinclude\controller\class-bd-controller.php:24
filterbd_primary_pagesinclude\Core\Addon\FeatureAddon.php:60
filterbd_upsell_addonsinclude\Core\Addon\FeatureAddon.php:75
actionbd_after_modulesinclude\Core\Addon\Upseller.php:17
filterbd_javascript_arrayinclude\Core\Base\BaseModule.php:146
filterbd_action_nonce_checkinclude\Core\Base\BasePage.php:149
filterbd_admin_help_tabsinclude\Core\Base\BasePage.php:152
filterbd_plugin_action_linksinclude\Core\Base\BasePage.php:157
actionadmin_action_bulkwp_install_wp301include\Core\Base\BasePage.php:162
filteradmin_footer_textinclude\Core\Base\BasePage.php:520
actionparse_queryinclude\Core\Base\BaseQueryOverrider.php:26
actioninitinclude\Core\Base\BaseScheduler.php:58
filterbd_javascript_arrayinclude\Core\Base\BaseScheduler.php:60
actioninitinclude\Core\BulkDelete.php:234
actionadmin_menuinclude\Core\BulkDelete.php:236
actionadmin_initinclude\Core\Controller.php:22
actionbd_pre_bulk_actioninclude\Core\Controller.php:24
actionbd_before_schedulerinclude\Core\Controller.php:25
filterbd_get_action_nonce_checkinclude\Core\Controller.php:27
filterbd_help_tooltipinclude\Core\Controller.php:31
filterplugin_action_linksinclude\Core\Controller.php:32
actionbd_after_queryinclude\Core\Controller.php:37
actionbd_before_secondary_menusinclude\Core\Controller.php:263
actionbd_admin_footer_settings_pageinclude\Core\Controller.php:264
actionadmin_initinclude\Core\Controller.php:265
actionbd_admin_footer_misc_pageinclude\Core\Controller.php:268
actionbd_delete_croninclude\Core\Cron\CronListPage.php:18
actionbd_run_croninclude\Core\Cron\CronListPage.php:19
actionbd_delete_comment_meta_forminclude\Core\Metas\Modules\DeleteCommentMetaModule.php:33
filterbd_delete_comment_meta_optionsinclude\Core\Metas\Modules\DeleteCommentMetaModule.php:34
filterbd_delete_comment_meta_queryinclude\Core\Metas\Modules\DeleteCommentMetaModule.php:45
filterbd_upsell_addonsinclude\Deprecated\Addons\DeprecatedModule.php:41
filterbd_delete_optionsinclude\Deprecated\deprecated.php:50
filterbd_delete_optionsinclude\Deprecated\deprecated.php:100
filterbd_delete_optionsinclude\Deprecated\deprecated.php:121
filterbd_delete_optionsinclude\Deprecated\deprecated.php:147
filterbd_delete_optionsinclude\Deprecated\deprecated.php:200
filterbd_delete_optionsinclude\Deprecated\deprecated.php:226
filterbd_delete_optionsinclude\Deprecated\deprecated.php:252
filterbd_javascript_arrayinclude\Deprecated\deprecated.php:275
actionbd_loadedinclude\Deprecated\old-bulk-delete.php:363
actionbd_loadedinclude\helpers\addon.php:28
actionbd_delete_pages_by_statusinclude\pages\class-bulk-delete-pages.php:215
filterbd_javascript_arrayinclude\pages\class-bulk-delete-pages.php:216
actionbd_delete_posts_by_statusinclude\posts\class-bulk-delete-posts.php:1035
actionbd_delete_posts_by_categoryinclude\posts\class-bulk-delete-posts.php:1036
actionbd_delete_posts_by_taginclude\posts\class-bulk-delete-posts.php:1037
actionbd_delete_posts_by_taxonomyinclude\posts\class-bulk-delete-posts.php:1038
actionbd_delete_posts_by_post_typeinclude\posts\class-bulk-delete-posts.php:1039
actionbd_delete_posts_by_urlinclude\posts\class-bulk-delete-posts.php:1040
actionbd_delete_posts_by_revisioninclude\posts\class-bulk-delete-posts.php:1041
actionbd_delete_croninclude\posts\class-bulk-delete-posts.php:1043
filterbd_javascript_arrayinclude\posts\class-bulk-delete-posts.php:1044
filteradmin_footer_textinclude\ui\admin-ui.php:40
actionbd_admin_footer_posts_pageinclude\ui\admin-ui.php:44
actionbd_admin_footer_pages_pageinclude\ui\admin-ui.php:45
actionbd_admin_footer_cron_pageinclude\ui\admin-ui.php:46
actionbd_admin_footer_addon_pageinclude\ui\admin-ui.php:47
actionbd_admin_footer_info_pageinclude\ui\admin-ui.php:48
filterplugin_action_linksinclude\users\class-bd-users-page.php:56
actionparse_queryinclude\util\class-bulk-delete-by-days.php:19
filterposts_whereinclude\util\class-bulk-delete-by-days.php:32
filterposts_selectioninclude\util\class-bulk-delete-by-days.php:33
actioninitload-bulk-delete.php:44
Maintenance & Trust

Bulk Delete Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 23, 2025
PHP min version5.3
Downloads1.1M

Community Trust

Rating86/100
Number of ratings130
Active installs30K
Alternatives

Bulk Delete Alternatives

WP Bulk Delete

WP Bulk Delete

wp-bulk-delete

A
98

Delete posts, pages, comments, users, taxonomy terms and meta fields in bulk with different powerful filters and conditions.

100K 2 CVEs
Users Bulk Delete With Preview

Users Bulk Delete With Preview

users-bulk-delete-with-preview

A
100

Easily delete multiple WordPress users with the Users Bulk Delete With Preview plugin. Preview details before removal for accuracy and better control.

30 No CVEs
Bulk Manager

Bulk Manager

bulk-manager

A
85

An easier way to update/delete your pages/posts content, excerpt, categories, tags, taxonomies, author and media at once.

0 No CVEs
Delete User Media Files

Delete User Media Files

delete-user-media

A
92

This is simple plugin to remove media files uploaded by the user, plugin offer to include/exclude certain users to delete bulk media files or you can &hellip;

0 No CVEs
Bulk Clean

Bulk Clean

easy-clean

A
85

Bulk clean allow you to delete unwanted posts, pages, custom post etc with a single click.

0 No CVEs
Developer Profile

Bulk Delete Developer Profile

WebFactory

28 plugins · 3.5M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
699 days
View full developer profile
Detection Fingerprints

How We Detect Bulk Delete

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bulk-delete/css/bulk-delete.css/wp-content/plugins/bulk-delete/js/bulk-delete.js
Script Paths
/wp-content/plugins/bulk-delete/js/bulk-delete.js
Version Parameters
bulk-delete/css/bulk-delete.css?ver=bulk-delete/js/bulk-delete.js?ver=

HTML / DOM Fingerprints

CSS Classes
bulk-delete-section
Data Attributes
data-bulk-delete-page-slug
JS Globals
bulk_deletebd_bulk_delete_var
REST Endpoints
/wp-json/bulk-delete/v1/
FAQ

Frequently Asked Questions about Bulk Delete