Does Dynamic Pricing and Discount Rules have any unpatched vulnerabilities?

No. All known vulnerabilities in Dynamic Pricing and Discount Rules have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dynamic Pricing and Discount Rules compatible with WordPress 6.8.5?

According to WordPress.org data, Dynamic Pricing and Discount Rules 2.3.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Dynamic Pricing and Discount Rules compatible with PHP 7.2+?

Dynamic Pricing and Discount Rules requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dynamic Pricing and Discount Rules updated?

Dynamic Pricing and Discount Rules was last updated on Apr 17, 2025. Frequent updates are generally a positive security signal.

What is Dynamic Pricing and Discount Rules's security score?

Dynamic Pricing and Discount Rules has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dynamic Pricing and Discount Rules Security & Risk Analysis

wordpress.org/plugins/discount-and-dynamic-pricing

Dynamic Pricing Plugin lets you create special discounts for your customers based on product and cart details.

1K active installs v2.3.0 PHP 7.2+ WP 5.2+ Updated Apr 17, 2025

bulk-discountdiscount-pricediscount-rulesdynamic-pricing-and-discountswoocommerce-dynamic-pricing

A · Safe

CVEs total1

Unpatched0

Last CVEMay 30, 2025

Download

Safety Verdict

Is Dynamic Pricing and Discount Rules Safe to Use in 2026?

Generally Safe

Score 99/100

Dynamic Pricing and Discount Rules has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 30, 2025Updated 11mo ago

Risk Assessment

The "discount-and-dynamic-pricing" plugin v2.3.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and includes a reasonable number of nonce and capability checks. The absence of critical or high-severity taint flows is also a strong indicator of careful code development.

However, a significant concern arises from the presence of one unprotected AJAX handler, which represents a direct attack surface that could be exploited without proper authentication. Furthermore, a notable portion of the plugin's output (54%) is not properly escaped, creating a potential risk for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being rendered.

The vulnerability history shows one medium-severity CVE related to Cross-Site Request Forgery (CSRF). While this vulnerability is reported as unpatched, its medium severity and the lack of more critical historical issues suggest a trend towards less severe security flaws, but the unpatched nature warrants attention. Overall, the plugin has strengths in secure SQL handling and a decent number of checks, but the unprotected AJAX endpoint and output escaping deficiencies pose notable risks.

Key Concerns

Unprotected AJAX handler
Significant portion of output unescaped
Medium severity unpatched CVE

Vulnerabilities

Dynamic Pricing and Discount Rules Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49077medium · 4.3Cross-Site Request Forgery (CSRF)

Dynamic Pricing and Discount Rules <= 2.2.9 - Cross-Site Request Forgery

May 30, 2025 Patched in 2.3.0 (4d)

Code Analysis

Analyzed Mar 16, 2026

Dynamic Pricing and Discount Rules Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

46% escaped129 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

output_content (admin\class-thwdpf-admin-settings-rules.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Dynamic Pricing and Discount Rules Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_thwdpf_dismiss_review_request_noticeadmin\class-thwdpf-admin.php:31

authwp_ajax_thwdpf_skip_review_request_noticeadmin\class-thwdpf-admin.php:32

authwp_ajax_thwdpf_load_productsincludes\class-thwdpf-data.php:20

authwp_ajax_thwdpf_deactivation_reasonincludes\class-thwdpf.php:22

WordPress Hooks 28

actionbefore_woocommerce_initdiscount-and-dynamic-pricing.php:49

actionadmin_footer-plugins.phpincludes\class-thwdpf.php:21

actioninitincludes\class-thwdpf.php:24

actioninitincludes\class-thwdpf.php:53

actionadmin_enqueue_scriptsincludes\class-thwdpf.php:66

actionadmin_menuincludes\class-thwdpf.php:67

filterwoocommerce_screen_idsincludes\class-thwdpf.php:68

actionwp_enqueue_scriptsincludes\class-thwdpf.php:80

actioninitpublic\class-thwdpf-public-discount-cart.php:20

actionwoocommerce_before_cartpublic\class-thwdpf-public-discount-cart.php:24

actionwoocommerce_review_order_before_paymentpublic\class-thwdpf-public-discount-cart.php:26

filterwoocommerce_get_shop_coupon_datapublic\class-thwdpf-public-discount-cart.php:27

filterwoocommerce_cart_totals_coupon_labelpublic\class-thwdpf-public-discount-cart.php:28

filterwoocommerce_cart_totals_coupon_htmlpublic\class-thwdpf-public-discount-cart.php:29

filterwoocommerce_coupon_messagepublic\class-thwdpf-public-discount-cart.php:30

filterwoocommerce_coupon_errorpublic\class-thwdpf-public-discount-cart.php:31

actioninitpublic\class-thwdpf-public-discount-product.php:20

actionwoocommerce_before_add_to_cart_buttonpublic\class-thwdpf-public-discount-product.php:25

filterwoocommerce_get_price_htmlpublic\class-thwdpf-public-discount-product.php:27

filterwoocommerce_add_cart_item_datapublic\class-thwdpf-public-discount-product.php:28

actionwoocommerce_before_calculate_totalspublic\class-thwdpf-public-discount-product.php:29

filterwoocommerce_cart_item_pricepublic\class-thwdpf-public-discount-product.php:30

filterthwepo_before_calculate_totals_hook_prioritypublic\class-thwdpf-public-discount-product.php:31

actionwoocommerce_before_mini_cartpublic\class-thwdpf-public-discount-product.php:32

filterwoocommerce_show_variation_pricepublic\class-thwdpf-public-discount-product.php:523

filterwoocommerce_show_variation_pricepublic\class-thwdpf-public-discount-product.php:554

filterwoocommerce_show_variation_pricepublic\class-thwdpf-public-discount-product.php:607

filterwoocommerce_show_variation_pricepublic\class-thwdpf-public-discount-product.php:638

Maintenance & Trust

Dynamic Pricing and Discount Rules Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 17, 2025

PHP min version7.2

Downloads29K

Community Trust

Rating92/100

Number of ratings11

Active installs1K

Alternatives

Dynamic Pricing and Discount Rules Alternatives

Dynamic Pricing With Discount Rules for WooCommerce

aco-woo-dynamic-pricing

The Dynamic Pricing With Discount Rules plugin enables bulk discounts for WooCommerce products. Its simple design allows easy setup in minutes.

6K 2 CVEs

Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin

woo-advanced-discounts

A powerful WooCommerce dynamic pricing plugin for bulk discounts, free gifts, BOGOs, customer role or groups based deals and much more.

10K No CVEs

Simple Discount Rules for Woocommerce

woo-product-category-discount

100

Simple Discount Rules for Woocommerce allows administrator to add and remove discount to products based on Category.

5K 1 CVE

Discount Rules for WooCommerce – Disco | Dynamic Pricing, Conditions, Bulk, Bundle, BOGO

disco

100

WooCommerce discount rules plugin to create automatic product and cart discounts, bulk pricing, BOGO deals, and dynamic pricing without coupon codes.

700 No CVEs

REDIS – WooCommerce Dynamic Pricing and Discounts

redis-woo-dynamic-pricing-and-discounts

100

Help you easily set up bulk discounts for products or add discounts to the cart in various scenarios.

100 No CVEs

Developer Profile

Dynamic Pricing and Discount Rules Developer Profile

ThemeHigh

16 plugins · 579K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

245 days

View full developer profile

Detection Fingerprints

How We Detect Dynamic Pricing and Discount Rules

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/discount-and-dynamic-pricing/assets/css/thwdpf-admin.css/wp-content/plugins/discount-and-dynamic-pricing/assets/js/timepicker/jquery.timepicker.css/wp-content/plugins/discount-and-dynamic-pricing/assets/js/timepicker/jquery.timepicker.min.js/wp-content/plugins/discount-and-dynamic-pricing/assets/js/thwdpf-admin.js

Script Paths

/wp-content/plugins/discount-and-dynamic-pricing/assets/js/thwdpf-admin.js

Version Parameters

discount-and-dynamic-pricing/assets/css/thwdpf-admin.css?ver=discount-and-dynamic-pricing/assets/js/thwdpf-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

thwdpf-wrapthwdpf-deactivate-link

Data Attributes

data-noncedata-action

JS Globals

wdpf_var

FAQ