WP-Safety

BundlePress – Grouped Product Bundle Builder for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bundlepress

Professional WooCommerce bundle builder. Create and manage custom WooCommerce bundle products with flexible pricing and display options.

0 active installs v1.1.0 PHP 7.4+ WP 6.8+ Updated Mar 28, 2026
bundle-builderbundlesproduct-bundleswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BundlePress – Grouped Product Bundle Builder for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

BundlePress – Grouped Product Bundle Builder for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

BundlePress v1.1.0 demonstrates a mixed security posture. On the positive side, the plugin utilizes prepared statements for all its SQL queries and has a very high rate of output escaping, indicating good practices for preventing common web vulnerabilities like SQL injection and XSS. The absence of critical or high-severity CVEs in its history also suggests a relatively stable and well-maintained codebase over time.

However, there are significant areas of concern. The plugin exposes a substantial attack surface with 8 total entry points, and critically, 4 of these (50%) lack authentication checks. This means unauthorized users could potentially interact with these components. The taint analysis reveals one flow with unsanitized paths, flagged as high severity, which could lead to serious security issues if exploited. Furthermore, only one nonce check is present across the entire plugin, which is insufficient given the number of unprotected entry points.

Overall, while the plugin excels in certain areas like database query sanitization and output encoding, the lack of proper authentication on a significant portion of its attack surface and the presence of a high-severity unsanitized path flow present considerable risks. The strong vulnerability history is a positive indicator, but it doesn't negate the immediate risks identified in the static and taint analysis.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized path flow
  • Insufficient nonce checks
  • Unprotected REST API routes
Vulnerabilities
None known

BundlePress – Grouped Product Bundle Builder for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BundlePress – Grouped Product Bundle Builder for WooCommerce Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

BundlePress – Grouped Product Bundle Builder for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
70 prepared
Unescaped Output
2
49 escaped
Nonce Checks
1
Capability Checks
7
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared70 total queries

Output Escaping

96% escaped51 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class-bundlepress-analytics-handler> (includes/class-bundlepress-analytics-handler.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

BundlePress – Grouped Product Bundle Builder for WooCommerce Attack Surface

Entry Points8
Unprotected4

AJAX Handlers 5

authwp_ajax_bundlepress_track_viewincludes/class-bundlepress-analytics-handler.php:15
noprivwp_ajax_bundlepress_track_viewincludes/class-bundlepress-analytics-handler.php:16
authwp_ajax_bundlepress_add_bundle_to_cartincludes/class-bundlepress-bundle-display.php:27
noprivwp_ajax_bundlepress_add_bundle_to_cartincludes/class-bundlepress-bundle-display.php:28
authwp_ajax_bundlepress_insights_consentincludes/class-bundlepress-insights.php:32

REST API Routes 3

GET/wp-json/bundlepress/v1/bundles-by-product/(?P<product_id>\d+)includes/class-bundlepress-bundle-upsell.php:36
GET/wp-json/bundlepress/v1/recommendations/(?P<product_id>\d+)includes/class-bundlepress-bundle-upsell.php:48
GET/wp-json/bundlepress/v1/other-pluginsincludes/class-bundlepress-other-plugins.php:27
WordPress Hooks 44
actionbefore_woocommerce_initbundlepress.php:22
actionadmin_initbundlepress.php:73
actionadmin_initbundlepress.php:74
actioninitbundlepress.php:92
actionadmin_menubundlepress.php:93
actionadmin_enqueue_scriptsbundlepress.php:94
actionwp_enqueue_scriptsbundlepress.php:97
actionwp_headbundlepress.php:98
actionrest_api_initincludes/class-bundlepress-analytics-handler.php:12
actionwoocommerce_order_status_completedincludes/class-bundlepress-analytics-handler.php:19
actionwoocommerce_order_status_processingincludes/class-bundlepress-analytics-handler.php:20
actionrest_api_initincludes/class-bundlepress-api.php:11
actionrest_api_initincludes/class-bundlepress-bundle-api.php:12
actionwoocommerce_bundlepress_add_to_cartincludes/class-bundlepress-bundle-display.php:12
actionwoocommerce_single_product_summaryincludes/class-bundlepress-bundle-display.php:14
actionwoocommerce_single_product_summaryincludes/class-bundlepress-bundle-display.php:17
filterwoocommerce_add_to_cart_validationincludes/class-bundlepress-bundle-display.php:19
actionwoocommerce_add_to_cartincludes/class-bundlepress-bundle-display.php:20
filterwoocommerce_add_cart_item_dataincludes/class-bundlepress-bundle-display.php:23
filterwoocommerce_store_api_add_to_cart_dataincludes/class-bundlepress-bundle-display.php:24
actionwoocommerce_before_calculate_totalsincludes/class-bundlepress-bundle-display.php:31
filterwoocommerce_get_item_dataincludes/class-bundlepress-bundle-display.php:34
actionwoocommerce_checkout_create_order_line_itemincludes/class-bundlepress-bundle-display.php:37
filterwoocommerce_shipping_free_shipping_is_availableincludes/class-bundlepress-bundle-display.php:40
filterwoocommerce_package_ratesincludes/class-bundlepress-bundle-display.php:41
actionwoocommerce_cart_item_removedincludes/class-bundlepress-bundle-display.php:44
actionwoocommerce_after_cart_item_quantity_updateincludes/class-bundlepress-bundle-display.php:45
filterwoocommerce_cart_item_quantityincludes/class-bundlepress-bundle-display.php:46
filterproduct_type_selectorincludes/class-bundlepress-bundle-product.php:9
actionplugins_loadedincludes/class-bundlepress-bundle-product.php:10
filterwoocommerce_product_classincludes/class-bundlepress-bundle-product.php:11
actionrest_api_initincludes/class-bundlepress-bundle-upsell.php:19
actionwoocommerce_single_product_summaryincludes/class-bundlepress-bundle-upsell.php:22
actionbefore_delete_postincludes/class-bundlepress-db.php:12
actionadmin_footerincludes/class-bundlepress-deactivation-survey.php:9
actionbundlepress_track_eventincludes/class-bundlepress-event-tracker.php:9
actionadmin_noticesincludes/class-bundlepress-insights.php:29
actionadmin_initincludes/class-bundlepress-insights.php:35
actionadmin_initincludes/class-bundlepress-insights.php:38
actionadmin_menuincludes/class-bundlepress-other-plugins.php:9
actionrest_api_initincludes/class-bundlepress-other-plugins.php:10
actionrest_api_initincludes/class-bundlepress-settings-api.php:13
actionadmin_noticesincludes/class-bundlepress-store-notice.php:19
actionadmin_enqueue_scriptsincludes/class-bundlepress-store-notice.php:20
Maintenance & Trust

BundlePress – Grouped Product Bundle Builder for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 28, 2026
PHP min version7.4
Downloads126

Community Trust

Rating100/100
Number of ratings2
Active installs0
Alternatives

BundlePress – Grouped Product Bundle Builder for WooCommerce Alternatives

BundleCraft

BundleCraft

bundlecraft

A
100

Create unlimited product bundles or combo offers in WooCommerce with custom discounts, titles, and responsive layouts.

0 No CVEs
Product Bundle Builder for WooCommerce

Product Bundle Builder for WooCommerce

easy-product-bundles-for-woocommerce

A
100

WooCommerce Product Bundle help to creates Product Bundles, Composite Products, Mix and Match, BOGO deals, Offer gift products, and Assembled Products &hellip;

6K No CVEs
Force Sell for WooCommerce

Force Sell for WooCommerce

force-sell-for-woocommerce

A
100

Force Sell for WooCommerce plugin allows you to link products to another product, so they are added to the cart together.

700 No CVEs
Forge12 Accessories for WooCommerce

Forge12 Accessories for WooCommerce

f12-wc-accessories

A
100

Add optional accessories to WooCommerce products and categories. Increase your average order value with product accessories, cart crossselling and cat &hellip;

90 No CVEs
Frequently Bought Together Product For Woocommerce

Frequently Bought Together Product For Woocommerce

frequently-bought-together-product-for-woocommerce

A
100

Boost WooCommerce sales with a Frequently Bought Together widget — display product bundles with per-product discounts on any product page.

60 No CVEs
Developer Profile

BundlePress – Grouped Product Bundle Builder for WooCommerce Developer Profile

Dominopress

13 plugins · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BundlePress – Grouped Product Bundle Builder for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bundlepress/assets/css/bundlepress.css/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-builder.js/wp-content/plugins/bundlepress/assets/js/bundlepress-analytics.js/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-product.js/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-upsell.js/wp-content/plugins/bundlepress/assets/js/bundlepress-settings.js/wp-content/plugins/bundlepress/assets/js/bundlepress-store-notice.js/wp-content/plugins/bundlepress/assets/js/bundlepress-insights.js+1 more
Script Paths
/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-builder.js/wp-content/plugins/bundlepress/assets/js/bundlepress-analytics.js/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-product.js/wp-content/plugins/bundlepress/assets/js/bundlepress-bundle-upsell.js/wp-content/plugins/bundlepress/assets/js/bundlepress-settings.js/wp-content/plugins/bundlepress/assets/js/bundlepress-store-notice.js+2 more
Version Parameters
bundlepress/style.css?ver=bundlepress-bundle-builder.js?ver=bundlepress-analytics.js?ver=bundlepress-bundle-product.js?ver=bundlepress-bundle-upsell.js?ver=bundlepress-settings.js?ver=bundlepress-store-notice.js?ver=bundlepress-insights.js?ver=bundlepress-other-plugins.js?ver=

HTML / DOM Fingerprints

CSS Classes
bundlepress-bundle-settingsbundlepress-product-settingsbundlepress-bundle-pricingbundlepress-bundle-display-optionsbundlepress-analytics-chartbundlepress-store-notice-settingsbundlepress-insights-card
HTML Comments
<!-- BundlePress Plugin Start --><!-- BundlePress Plugin End --><!-- BundlePress Analytics Chart Container --><!-- BundlePress Store Notice Settings Form -->
Data Attributes
data-bundlepress-iddata-bundlepress-typedata-bundlepress-product-id
JS Globals
BundlePressAdminBundlePressAnalyticsBundlePressBundleBuilderBundlePressSettings
REST Endpoints
/wp-json/bundlepress/v1/bundles/wp-json/bundlepress/v1/settings/wp-json/bundlepress/v1/analytics/wp-json/bundlepress/v1/products
Shortcode Output
[bundlepress_display][bundlepress_cart_item][bundlepress_related_bundles]
FAQ

Frequently Asked Questions about BundlePress – Grouped Product Bundle Builder for WooCommerce