WP-Safety

Buy One Get One Free for WooCommerce Security & Risk Analysis

wordpress.org/plugins/buy-one-get-one-free-for-woocommerce

Completely free and simple plugin to add buy one get one free offers to WooCommerce. No ads, no upsells.

10 active installs v1.0.0 PHP 7.2+ WP 6.1.1+ Updated Unknown
ecommerceonline-storesell-onlineshopshopping-cart
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Buy One Get One Free for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Buy One Get One Free for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The static analysis of the 'buy-one-get-one-free-for-woocommerce' plugin v1.0.0 reveals a very small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the code does not appear to utilize dangerous functions, make external HTTP requests, or perform file operations. All SQL queries are using prepared statements, which is a strong security practice. However, a significant concern is that 0% of output is properly escaped. This means that any dynamic data displayed to users could potentially be vulnerable to Cross-Site Scripting (XSS) attacks if not handled carefully at the point of display.

The plugin's vulnerability history is clean, with no known CVEs recorded. This, combined with the absence of critical or high-severity issues in the static and taint analysis, suggests a generally well-written codebase in terms of common vulnerability classes. The lack of recorded vulnerabilities could indicate a history of secure development or a relatively new/untested plugin. The primary weakness identified is the lack of output escaping, which presents a potential XSS risk, though the absence of other common vulnerabilities is a positive sign.

Key Concerns

  • 0% of output properly escaped
Vulnerabilities
None known

Buy One Get One Free for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Buy One Get One Free for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

Buy One Get One Free for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionadmin_enqueue_scriptsbuy-one-get-one-free-for-woocommerce.php:39
actionwp_enqueue_scriptsbuy-one-get-one-free-for-woocommerce.php:46
actionadmin_initbuy-one-get-one-free-for-woocommerce.php:52
actionadmin_noticesbuy-one-get-one-free-for-woocommerce.php:75
actionafter_setup_themeincludes\options-page.php:11
actioncarbon_fields_register_fieldsincludes\options-page.php:12
actiontemplate_redirectincludes\trigger-bogo.php:12
actionwoocommerce_checkout_update_order_reviewincludes\trigger-bogo.php:13
actionwoocommerce_before_mini_cart_contentsincludes\trigger-bogo.php:14
filterwoocommerce_cart_item_quantityincludes\trigger-bogo.php:38
filterwoocommerce_cart_item_remove_linkincludes\trigger-bogo.php:39
actionafter_setup_themewp-content\plugins\carbon-fields-plugin\carbon-fields-plugin.php:20
actionadmin_headwp-content\plugins\carbon-fields-plugin\core\Libraries\Plugin_Update_Warning\Plugin_Update_Warning.php:19
actionadmin_footerwp-content\plugins\carbon-fields-plugin\core\Libraries\Plugin_Update_Warning\Plugin_Update_Warning.php:33
actionadmin_footerwp-content\plugins\carbon-fields-plugin\core\Libraries\Plugin_Update_Warning\Plugin_Update_Warning.php:38
Maintenance & Trust

Buy One Get One Free for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedUnknown
PHP min version7.2
Downloads1K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Buy One Get One Free for WooCommerce Alternatives

WooCommerce

WooCommerce

woocommerce

A
87

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 42 CVEs
CT Commerce Lite 🛒 | Fast & Flexible WordPress eCommerce Plugin

CT Commerce Lite 🛒 | Fast & Flexible WordPress eCommerce Plugin

ctc-lite

A
100

CT Commerce Lite** is an ultra-lightweight, block-based eCommerce plugin for WordPress

200 No CVEs
Secudeal Payments for Ecommerce

Secudeal Payments for Ecommerce

secudeal-payments-for-ecommerce

C
60

Official WooCommerce Payment gateway for the SECUDEAL payment solution dedicated to marketplaces.

10 1 unpatched
UNIVERSAM

UNIVERSAM

universam-demo

B
74

Платформа для сайта и бизнеса «УНИВЕРСАМ» c CRM. Множество цен, любые программы лояльности. 1С, парсинг, SEO, рассылка, конструктор рассылок.

10 1 unpatched
Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
Developer Profile

Buy One Get One Free for WooCommerce Developer Profile

Chris Love

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Buy One Get One Free for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buy-one-get-one-free-for-woocommerce/assets/js/scripts.js/wp-content/plugins/buy-one-get-one-free-for-woocommerce/assets/css/styles.css/wp-content/plugins/buy-one-get-one-free-for-woocommerce/assets/js/frontend.js
Script Paths
/wp-content/plugins/buy-one-get-one-free-for-woocommerce/assets/js/scripts.js/wp-content/plugins/buy-one-get-one-free-for-woocommerce/assets/js/frontend.js

HTML / DOM Fingerprints

CSS Classes
svbogo-notice
JS Globals
SVBOGO_PLUGIN_SLUG
FAQ

Frequently Asked Questions about Buy One Get One Free for WooCommerce