Does Bumbal connector have any unpatched vulnerabilities?

No. All known vulnerabilities in Bumbal connector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bumbal connector compatible with WordPress 6.0.11?

According to WordPress.org data, Bumbal connector 1.0.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Bumbal connector compatible with PHP 7.2+?

Bumbal connector requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bumbal connector updated?

Bumbal connector was last updated on Jul 20, 2022. Frequent updates are generally a positive security signal.

What is Bumbal connector's security score?

Bumbal connector has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bumbal connector Security & Risk Analysis

wordpress.org/plugins/bumbal

Bumbal connector is a plug-in for sending orders directly from WooCommerce to Bumbal planning software.

10 active installs v1.0.0 PHP 7.2+ WP 3.0.1+ Updated Jul 20, 2022

bumbalconnectorplanningsoftware

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bumbal connector Safe to Use in 2026?

Generally Safe

Score 85/100

Bumbal connector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "bumbal" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good development practices by utilizing prepared statements for all SQL queries, ensuring proper output escaping for all content, and performing no file operations or external HTTP requests. The absence of known vulnerabilities in its history is also a positive indicator. However, significant security concerns arise from its attack surface. All three identified entry points – two AJAX handlers and one REST API route – lack authentication or permission checks, making them directly accessible to unauthenticated users. This is a critical oversight that exposes the plugin to potential exploitation.

The static analysis reveals a substantial risk due to these unprotected entry points. While there are no detected dangerous functions, raw SQL, or unsanitized taint flows, the open nature of its AJAX and REST API endpoints bypasses standard WordPress security mechanisms. The plugin's vulnerability history is clean, suggesting a lack of past issues, but this does not mitigate the current inherent risks posed by its unprotected endpoints. The presence of a nonce check on only one of the AJAX handlers is insufficient and does not cover all potential attack vectors. In conclusion, while the plugin adheres to good practices in data handling and output, the critical lack of authentication on its entry points significantly undermines its overall security, creating a high-risk profile.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Lack of capability checks
Only 1 nonce check for 2 AJAX handlers

Vulnerabilities

None known

Bumbal connector Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Bumbal connector Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Bumbal connector Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped45 total outputs

Attack Surface

3 unprotected

Bumbal connector Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 2

noprivwp_ajax_bumbal_send_time_slotincludes\class-bumbal.php:230

authwp_ajax_bumbal_send_time_slotincludes\class-bumbal.php:231

REST API Routes 1

GET/wp-json/bumbal/v1/activitypublic\class-bumbal-public.php:507

WordPress Hooks 23

filterwoocommerce_settings_tabs_arrayadmin\class-bumbal-settings.php:19

actionplugins_loadedincludes\class-bumbal.php:146

actionadmin_enqueue_scriptsincludes\class-bumbal.php:161

actionadmin_enqueue_scriptsincludes\class-bumbal.php:162

filterwoocommerce_get_settings_pagesincludes\class-bumbal.php:165

actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-bumbal.php:168

filterwoocommerce_order_actionsincludes\class-bumbal.php:172

actioninitincludes\class-bumbal.php:175

filterwc_order_statusesincludes\class-bumbal.php:176

actionwoocommerce_product_options_shippingincludes\class-bumbal.php:179

actionwoocommerce_admin_process_product_objectincludes\class-bumbal.php:180

actionwp_enqueue_scriptsincludes\class-bumbal.php:197

actionwp_enqueue_scriptsincludes\class-bumbal.php:198

actionwoocommerce_order_status_completedincludes\class-bumbal.php:203

actionwoocommerce_order_status_processingincludes\class-bumbal.php:210

actionwoocommerce_order_status_cancelledincludes\class-bumbal.php:214

actionwp_trash_postincludes\class-bumbal.php:215

actionwoocommerce_order_action_bumbalincludes\class-bumbal.php:216

filterwoocommerce_thankyouincludes\class-bumbal.php:219

actionadmin_post_bumbal_send_time_slotincludes\class-bumbal.php:227

actionrest_api_initincludes\class-bumbal.php:234

filteracf/settings/remove_wp_meta_boxincludes\class-bumbal.php:238

filterbumbal_convertincludes\class-bumbal.php:245

Maintenance & Trust

Bumbal connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJul 20, 2022

PHP min version7.2

Downloads817

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Bumbal connector Alternatives

Planaday Connector

planaday-connector

100

Toon het cursusaanbod vanuit Planaday op jouw website met de verschillende shortcodes die deze WordPress plugin beschikbaar stelt.

10 No CVEs

LeadConnector

leadconnector

LeadConnector: It helps you to add the LeadConnector chat widget and the LeadConnector funnel pages to your WordPress website.

30K 2 CVEs

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs

License Manager for WooCommerce

license-manager-for-woocommerce

Easily sell and manage software license keys through your WooCommerce shop

6K 4 CVEs

Developer Profile

Bumbal connector Developer Profile

itbumbal

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bumbal connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bumbal/admin/css/bumbal-admin.css/wp-content/plugins/bumbal/admin/js/bumbal-admin.js

Version Parameters

bumbal-admin.css?ver=bumbal-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

bumbal-status-wrapper

Data Attributes

id="bumbal_shipping_time"

FAQ