WP-Safety

Products Suggestions for WooCommerce Security & Risk Analysis

wordpress.org/plugins/cart-products-suggestions-for-woocommerce

Products Suggestions for WooCommerce – promote additional products to your customers.

800 active installs v3.6.2.3 PHP 7.0+ WP 5.0+ Updated Mar 12, 2026
cart-promocart-promotioncart-suggestionproduct-suggestionrelated-products
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Products Suggestions for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Products Suggestions for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The plugin "cart-products-suggestions-for-woocommerce" v3.6.2.3 demonstrates a generally good security posture, with all identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) appearing to have appropriate authentication or permission checks. The absence of known vulnerabilities in its history is a positive indicator of ongoing security attention or a lack of exploitable flaws discovered so far. The code analysis shows that SQL queries are exclusively using prepared statements, which is excellent practice. Nonce checks and capability checks are also present across many entry points, further strengthening its defenses.

However, there are a few areas that warrant attention. The presence of the `unserialize` function, even if not immediately tied to a detected taint flow, represents a potential risk if user-controlled data is ever passed to it without rigorous sanitization. Furthermore, a significant portion (60%) of the 275 output operations are not properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if untrusted data is directly outputted into the browser. While taint analysis showed no unsanitized paths, the unescaped output is a significant concern that could be exploited.

In conclusion, the plugin has a solid foundation with strong adherence to secure coding practices like prepared statements and authorization checks. The primary weaknesses lie in the potential risk of `unserialize` and the substantial amount of unescaped output. Addressing these would significantly enhance its security. The lack of historical vulnerabilities is encouraging, but the identified code analysis issues highlight areas for immediate improvement.

Key Concerns

  • Unescaped output (60% of 275)
  • Presence of 'unserialize' function
Vulnerabilities
None known

Products Suggestions for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Products Suggestions for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
166
109 escaped
Nonce Checks
14
Capability Checks
24
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

Output Escaping

40% escaped275 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
<framework> (berocket\framework.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Products Suggestions for WooCommerce Attack Surface

Entry Points14
Unprotected0

AJAX Handlers 13

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47
authwp_ajax_brcs_cart_suggestiondivi\includes\CartSuggestionExtension.php:13

Shortcodes 1

[br_cart_suggestion] main.php:74
WordPress Hooks 103
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
filterberocket_cart_suggestion_condition_mode_cartincludes\check\suggestion_check.php:5
filterberocket_cart_suggestion_condition_mode_eachincludes\check\suggestion_check.php:6
filterberocket_cart_suggestion_check_result_otherincludes\check\suggestion_check.php:7
filterBeRocket_cart_suggestion_custom_post_after_conditionsincludes\check\suggestion_check.php:8
filterberocket_cart_suggestion_get_productsincludes\check\suggestion_check.php:9
filterberocket_cart_suggestion_check_cart_dataincludes\check\suggestion_check.php:10
filterwoocommerce_add_to_cart_fragmentsmain.php:71
filterBeRocket_updater_menu_order_custom_postmain.php:72
actionwidgets_initmain.php:73
actiondivi_extensions_initmain.php:76
actionwoocommerce_before_cart_tablemain.php:212
actionwoocommerce_after_cart_tablemain.php:215
actionwoocommerce_after_cartmain.php:218
filterthe_contentmain.php:223
filterthe_contentmain.php:225
filterthe_contentmain.php:245
filterthe_contentmain.php:263
filterpost_classtemplates\print_products.php:14
Maintenance & Trust

Products Suggestions for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.0
Downloads38K

Community Trust

Rating100/100
Number of ratings11
Active installs800
Alternatives

Products Suggestions for WooCommerce Alternatives

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce

wt-woocommerce-related-products

A
100

This WooCommerce related products plugin, lets you create upsells, and cross-sells with smart WooCommerce product recommendations widget.

10K No CVEs
UpsellWP – WooCommerce Upsell and Related Products Offers

UpsellWP – WooCommerce Upsell and Related Products Offers

checkout-upsell-and-order-bumps

B
78

Best WooCommerce Upsell plugin to create checkout upsells, cross-sells, order bumps and frequently bought together bundles to increase AOV.

5K 1 unpatched
Custom Related Products for WooCommerce

Custom Related Products for WooCommerce

custom-related-products-for-woocommerce

A
100

Custom Related Products for WooCommerce lets you choose which products should show in the related products area on a product detail page.

5K No CVEs
Related Products for WooCommerce

Related Products for WooCommerce

woo-related-products-refresh-on-reload

A
100

Display random related products in a slider based on product category, tag, or attribute on every product page.

3K 1 CVE
Smart Related Products – AI-Inspired Recommendations for WooCommerce

Smart Related Products – AI-Inspired Recommendations for WooCommerce

ai-related-products

B
78

Show the right products to the right customers. A smart WooCommerce add-on for personalized product recommendations.

1K 1 unpatched
Developer Profile

Products Suggestions for WooCommerce Developer Profile

BeRocket

22 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
381 days
View full developer profile
Detection Fingerprints

How We Detect Products Suggestions for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cart-products-suggestions-for-woocommerce/css/style.css/wp-content/plugins/cart-products-suggestions-for-woocommerce/js/cart-products-suggestions.js
Script Paths
/wp-content/plugins/cart-products-suggestions-for-woocommerce/js/cart-products-suggestions.js
Version Parameters
cart-products-suggestions-for-woocommerce/css/style.css?ver=cart-products-suggestions-for-woocommerce/js/cart-products-suggestions.js?ver=

HTML / DOM Fingerprints

CSS Classes
br-cart-suggestion-buttonbr-cart-suggestion-containerbr-cart-suggestion-product
Data Attributes
data-br-cart-suggestion
JS Globals
BeRocket_products_suggestion_option
FAQ

Frequently Asked Questions about Products Suggestions for WooCommerce