UpsellWP – WooCommerce Upsell and Related Products Offers Security & Risk Analysis
wordpress.org/plugins/checkout-upsell-and-order-bumpsBest WooCommerce Upsell plugin to create checkout upsells, cross-sells, order bumps and frequently bought together bundles to increase AOV.
Is UpsellWP – WooCommerce Upsell and Related Products Offers Safe to Use in 2026?
Mostly Safe
Score 76/100UpsellWP – WooCommerce Upsell and Related Products Offers is generally safe to use. 2 past CVEs were resolved.
This plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, utilizing prepared statements exclusively, and has a high rate of output escaping. The absence of critical or high-severity taint flows is also a positive sign. However, significant concerns arise from the substantial attack surface exposed without adequate authentication. Three out of four entry points, all AJAX handlers, lack proper authorization checks, creating a clear pathway for unauthorized actions. The presence of a known, unpatched medium-severity vulnerability, specifically related to missing authorization, further exacerbates this risk. While the plugin has historically shown good practices in other areas, the current state of unpatched vulnerabilities and unprotected entry points necessitates immediate attention.
Key Concerns
- Unprotected AJAX handlers
- Unpatched medium severity CVE
- Lack of capability checks
UpsellWP – WooCommerce Upsell and Related Products Offers Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
UpsellWP – WooCommerce Upsell and Related Products Offers <= 2.2.4 - Authenticated (Shop manager+) SQL Injection
UpsellWP <= 2.2.3 - Missing Authorization
UpsellWP – WooCommerce Upsell and Related Products Offers Release Timeline
UpsellWP – WooCommerce Upsell and Related Products Offers Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
UpsellWP – WooCommerce Upsell and Related Products Offers Attack Surface
AJAX Handlers 3
Shortcodes 1
WordPress Hooks 116
Maintenance & Trust
UpsellWP – WooCommerce Upsell and Related Products Offers Maintenance & Trust
Maintenance Signals
Community Trust
UpsellWP – WooCommerce Upsell and Related Products Offers Alternatives
Leo Product Recommendations for WooCommerce
leo-product-recommendations
Boost WooCommerce sales with smart product recommendation popups on add to cart.
Offermative – WooCommerce Discount Rules, Upsells & BOGO Powered by AI
offermative-discount-pricing-related-products-upsell-funnels-for-woocommerce
Grow revenue and AOV with targeted and automated WooCommerce discount rules, upsells, cross-sells, order bumps, and dynamic pricing offers.
Cross/Upsell Popup for WooCommerce
cross-upsell-popup-for-woocommerce
A simple plugin to boost your sales with WooCommerce Upsell and Cross-Sell offers upon purchase of particular products on any page.
CartFlows – Funnel Builder & Checkout Plugin for WooCommerce
cartflows
1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell
wpfunnels
WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c …
UpsellWP – WooCommerce Upsell and Related Products Offers Developer Profile
4 plugins · 108K total installs
How We Detect UpsellWP – WooCommerce Upsell and Related Products Offers
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/checkout-upsell-and-order-bumps/assets/css/app.css/wp-content/plugins/checkout-upsell-and-order-bumps/assets/css/style.css/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/app.js/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/checkout.js/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/products.js/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/app.js/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/checkout.js/wp-content/plugins/checkout-upsell-and-order-bumps/assets/js/products.jscheckout-upsell-and-order-bumps/assets/css/app.css?ver=checkout-upsell-and-order-bumps/assets/css/style.css?ver=checkout-upsell-and-order-bumps/assets/js/app.js?ver=checkout-upsell-and-order-bumps/assets/js/checkout.js?ver=checkout-upsell-and-order-bumps/assets/js/products.js?ver=HTML / DOM Fingerprints
cuw-upsell-products-listcuw-checkout-upsellcuw-checkout-upsell-wrappercuw-checkout-upsell-productdata-cuw-product-iddata-cuw-offer-idCUW