Does Bzhy – Feature Enhancements for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Bzhy – Feature Enhancements for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bzhy – Feature Enhancements for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Bzhy – Feature Enhancements for WooCommerce 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bzhy – Feature Enhancements for WooCommerce compatible with PHP 7.2+?

Bzhy – Feature Enhancements for WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bzhy – Feature Enhancements for WooCommerce updated?

Bzhy – Feature Enhancements for WooCommerce was last updated on Jan 11, 2026. Frequent updates are generally a positive security signal.

What is Bzhy – Feature Enhancements for WooCommerce's security score?

Bzhy – Feature Enhancements for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bzhy – Feature Enhancements for WooCommerce Security Review

Safety Verdict

Is Bzhy – Feature Enhancements for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Bzhy – Feature Enhancements for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin "bzhy-feature-enhancements-for-woocommerce" v1.2.2 exhibits a generally strong security posture due to its adherence to several best practices. Notably, all identified SQL queries utilize prepared statements, and a significant majority of output operations are properly escaped. The plugin also demonstrates a good awareness of WordPress security by implementing nonce and capability checks on many of its entry points, and its vulnerability history is clean, with no recorded CVEs. This suggests a proactive approach to security by the developers.

However, the static analysis reveals a concerning pattern in the taint analysis. A significant number of flows (24 out of 38) were found with unsanitized paths, and critically, all of these are flagged as high severity. While the static analysis itself did not uncover exploitable vulnerabilities, these unsanitized path flows represent potential entry points for attackers if user-supplied data is not handled with extreme care before being used in file operations or other sensitive contexts. The presence of 8 file operations without further context on their sanitization or authorization is also a point of attention, especially in conjunction with the taint analysis results.

In conclusion, while the plugin's foundational security practices like prepared SQL statements and robust output escaping are commendable, the high number of high-severity unsanitized path flows in the taint analysis is a significant weakness that requires immediate investigation and remediation. The absence of a known vulnerability history is positive, but it does not negate the potential risks highlighted by the taint analysis. Addressing these unsanitized paths is crucial to ensure the plugin's overall security.

Key Concerns

High severity unsanitized path flows
24/38 taint flows have unsanitized paths
8 file operations

Vulnerabilities

None known

Bzhy – Feature Enhancements for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Bzhy – Feature Enhancements for WooCommerce Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

224 prepared

Unescaped Output

62

390 escaped

Nonce Checks

22

Capability Checks

8

File Operations

8

External Requests

0

Bundled Libraries

0

SQL Query Safety

100% prepared224 total queries

Output Escaping

86% escaped452 total outputs

Data Flows

24 unsanitized

Data Flow Analysis

25 flows24 with unsanitized paths

ajax_overview_turn_module (admin\src\class_admin.php:184)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Bzhy – Feature Enhancements for WooCommerce Attack Surface

Entry Points10

Unprotected0

AJAX Handlers 4

authwp_ajax_bzhy_module_gdprmodules\gdpr\class_gdpr.php:49

noprivwp_ajax_bzhy_module_gdprmodules\gdpr\class_gdpr.php:50

authwp_ajax_bzhy_module_gdprtrunk\modules\gdpr\class_gdpr.php:49

noprivwp_ajax_bzhy_module_gdprtrunk\modules\gdpr\class_gdpr.php:50

REST API Routes 2

GET/wp-json/bzhy/v1/kb_catmodules\kbs\class_kbs.php:73

GET/wp-json/bzhy/v1/kb_cattrunk\modules\kbs\class_kbs.php:73

Shortcodes 4

[bzhy_discount_price_list] modules\discount\class_discount_shortcode.php:21

[bzhy_kbs_categories_list] modules\kbs\class_kbs.php:134

[bzhy_discount_price_list] trunk\modules\discount\class_discount_shortcode.php:21

[bzhy_kbs_categories_list] trunk\modules\kbs\class_kbs.php:134

WordPress Hooks 88

actionadmin_enqueue_scriptsadmin\src\class_admin.php:21

actioninitadmin\src\class_admin.php:22

actionadmin_menuadmin\src\class_admin.php:24

actionwp_loadedadmin\src\class_admin.php:27

actionadmin_menuadmin\src\class_admin_menu.php:24

filteradmin_footer_textadmin\src\class_admin_menu.php:69

filterupdate_footeradmin\src\class_admin_menu.php:70

filteroption_active_pluginscommon\bzhy_must_use_for_module_gdpr.php:2

actionwp_enqueue_scriptscommon\class_bzhy.php:54

actionadmin_initcommon\class_bzhy_update.php:37

actioninitmodules\discount\class_discount.php:53

actionwoocommerce_before_calculate_totalsmodules\discount\class_discount.php:54

actionadmin_enqueue_scriptsmodules\discount\class_discount_admin.php:73

actionadmin_noticesmodules\discount\class_discount_admin.php:82

filteradmin_footer_textmodules\discount\class_discount_admin.php:191

filterupdate_footermodules\discount\class_discount_admin.php:192

filteradmin_footer_textmodules\discount\class_discount_admin.php:225

filterupdate_footermodules\discount\class_discount_admin.php:226

filteradmin_footer_textmodules\discount\class_discount_admin.php:305

filterupdate_footermodules\discount\class_discount_admin.php:306

filteradmin_footer_textmodules\discount\class_discount_admin.php:600

filterupdate_footermodules\discount\class_discount_admin.php:601

filteradmin_footer_textmodules\discount\class_discount_admin.php:780

filterupdate_footermodules\discount\class_discount_admin.php:781

filteradmin_footer_textmodules\discount\class_discount_admin.php:961

filterupdate_footermodules\discount\class_discount_admin.php:962

filteradmin_footer_textmodules\discount\class_discount_admin.php:1019

filterupdate_footermodules\discount\class_discount_admin.php:1020

actionwp_footermodules\gdpr\class_gdpr.php:46

actionwp_enqueue_scriptsmodules\gdpr\class_gdpr.php:47

actionadmin_enqueue_scriptsmodules\gdpr\class_gdpr_admin.php:33

filteradmin_footer_textmodules\gdpr\class_gdpr_admin.php:161

filterupdate_footermodules\gdpr\class_gdpr_admin.php:162

filteradmin_footer_textmodules\gdpr\class_gdpr_admin.php:237

filterupdate_footermodules\gdpr\class_gdpr_admin.php:238

actioninitmodules\kbs\class_kbs.php:51

filterrender_blockmodules\kbs\class_kbs.php:52

actionrest_api_initmodules\kbs\class_kbs.php:53

actioninitmodules\kbs\class_kbs.php:55

actionadmin_enqueue_scriptsmodules\kbs\class_kbs_admin.php:42

actionadmin_initmodules\kbs\class_kbs_admin.php:43

actionsave_postmodules\kbs\class_kbs_admin.php:44

filteradmin_footer_textmodules\kbs\class_kbs_admin.php:158

filterupdate_footermodules\kbs\class_kbs_admin.php:159

actionadmin_enqueue_scriptstrunk\admin\src\class_admin.php:21

actioninittrunk\admin\src\class_admin.php:22

actionadmin_menutrunk\admin\src\class_admin.php:24

actionwp_loadedtrunk\admin\src\class_admin.php:27

actionadmin_menutrunk\admin\src\class_admin_menu.php:24

filteradmin_footer_texttrunk\admin\src\class_admin_menu.php:69

filterupdate_footertrunk\admin\src\class_admin_menu.php:70

filteroption_active_pluginstrunk\common\bzhy_must_use_for_module_gdpr.php:2

actionwp_enqueue_scriptstrunk\common\class_bzhy.php:54

actionadmin_inittrunk\common\class_bzhy_update.php:37

actioninittrunk\modules\discount\class_discount.php:53

actionwoocommerce_before_calculate_totalstrunk\modules\discount\class_discount.php:54

actionadmin_enqueue_scriptstrunk\modules\discount\class_discount_admin.php:73

actionadmin_noticestrunk\modules\discount\class_discount_admin.php:82

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:191

filterupdate_footertrunk\modules\discount\class_discount_admin.php:192

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:225

filterupdate_footertrunk\modules\discount\class_discount_admin.php:226

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:305

filterupdate_footertrunk\modules\discount\class_discount_admin.php:306

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:600

filterupdate_footertrunk\modules\discount\class_discount_admin.php:601

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:780

filterupdate_footertrunk\modules\discount\class_discount_admin.php:781

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:961

filterupdate_footertrunk\modules\discount\class_discount_admin.php:962

filteradmin_footer_texttrunk\modules\discount\class_discount_admin.php:1019

filterupdate_footertrunk\modules\discount\class_discount_admin.php:1020

actionwp_footertrunk\modules\gdpr\class_gdpr.php:46

actionwp_enqueue_scriptstrunk\modules\gdpr\class_gdpr.php:47

actionadmin_enqueue_scriptstrunk\modules\gdpr\class_gdpr_admin.php:33

filteradmin_footer_texttrunk\modules\gdpr\class_gdpr_admin.php:161

filterupdate_footertrunk\modules\gdpr\class_gdpr_admin.php:162

filteradmin_footer_texttrunk\modules\gdpr\class_gdpr_admin.php:237

filterupdate_footertrunk\modules\gdpr\class_gdpr_admin.php:238

actioninittrunk\modules\kbs\class_kbs.php:51

filterrender_blocktrunk\modules\kbs\class_kbs.php:52

actionrest_api_inittrunk\modules\kbs\class_kbs.php:53

actioninittrunk\modules\kbs\class_kbs.php:55

actionadmin_enqueue_scriptstrunk\modules\kbs\class_kbs_admin.php:42

actionadmin_inittrunk\modules\kbs\class_kbs_admin.php:43

actionsave_posttrunk\modules\kbs\class_kbs_admin.php:44

filteradmin_footer_texttrunk\modules\kbs\class_kbs_admin.php:158

filterupdate_footertrunk\modules\kbs\class_kbs_admin.php:159

Maintenance & Trust

Bzhy – Feature Enhancements for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 11, 2026

PHP min version7.2

Downloads154

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Bzhy – Feature Enhancements for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

Bzhy – Feature Enhancements for WooCommerce Developer Profile

Wayne Wang

1 plugin · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bzhy – Feature Enhancements for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bzhy-feature-enhancements-for-woocommerce/public/js/bzhy_admin.js/wp-content/plugins/bzhy-feature-enhancements-for-woocommerce/public/css/bzhy_admin.css

Script Paths

wp-content/plugins/bzhy-feature-enhancements-for-woocommerce/public/js/bzhy_admin.js

Version Parameters

bzhy_admin.js?ver=bzhy_admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

bzhy_admin_activebzhy_admin_disactive

Data Attributes

data-bzhy-type

JS Globals

bzhy_admin

FAQ

Bzhy – Feature Enhancements for WooCommerce Security & Risk Analysis