WP-Safety

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Security & Risk Analysis

wordpress.org/plugins/doko-box-builder

Enable bundle building in WooCommerce. Increase sales and order value with accurate pricing and smart discounts.

10 active installs v1.9 PHP 8.0+ WP 6.0+ Updated Jun 20, 2025
bundle-pricingcartfast-checkoutwoocommerce-bundleswoocommerce-sales
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The Dokko Box Builder plugin (v1.9) exhibits a mixed security posture, with some positive indicators but significant concerns related to its attack surface. While the plugin demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped output, it falls short in securing its entry points. A striking 9 out of 11 identified entry points (AJAX handlers) lack authentication checks, creating a substantial risk for unauthorized actions. The taint analysis, while limited in scope, did identify one flow with unsanitized paths, though it was not categorized as critical or high severity. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting a potentially mature codebase or a lack of past targeted attacks. However, the current lack of authentication on critical AJAX endpoints is a significant weakness that outweighs the historical absence of vulnerabilities. Users should be aware that while the plugin avoids common pitfalls like raw SQL or outdated bundled libraries, the unprotected AJAX handlers represent a direct and exploitable attack vector.

Key Concerns

  • 9 AJAX handlers without auth checks
  • 1 flow with unsanitized paths (Taint Analysis)
  • 0 Nonce checks
  • 0 Capability checks
  • Bundled Freemius v1.0 library (potentially outdated)
Vulnerabilities
None known

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
120 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

88% escaped136 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-hs-doko-public> (public\class-hs-doko-public.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Attack Surface

Entry Points11
Unprotected9

AJAX Handlers 9

authwp_ajax_hs_dk_query_wccore\class-hs-doko.php:150
authwp_ajax_doko_get_admin_screencore\class-hs-doko.php:154
authwp_ajax_doko_get_bundle_rulecore\class-hs-doko.php:164
authwp_ajax_doko-get-box-displaycore\class-hs-doko.php:208
noprivwp_ajax_doko-get-box-displaycore\class-hs-doko.php:209
authwp_ajax_doko-store-bundle-contentcore\class-hs-doko.php:210
noprivwp_ajax_doko-store-bundle-contentcore\class-hs-doko.php:211
authwp_ajax_doko_wc_add_to_cartcore\class-hs-doko.php:212
noprivwp_ajax_doko_wc_add_to_cartcore\class-hs-doko.php:213

Shortcodes 2

[doko-bundles] public\class-hs-doko-public.php:232
[doko_products] public\class-hs-doko-public.php:233
WordPress Hooks 30
actionafter_uninstallcore\class-hs-doko-deactivator.php:33
actionplugins_loadedcore\class-hs-doko.php:133
actionadmin_enqueue_scriptscore\class-hs-doko.php:144
actionadmin_enqueue_scriptscore\class-hs-doko.php:145
actionadmin_menucore\class-hs-doko.php:146
actioninitcore\class-hs-doko.php:147
actionadd_meta_boxescore\class-hs-doko.php:148
actionedit_form_after_titlecore\class-hs-doko.php:149
actionsave_post_doko-bundlescore\class-hs-doko.php:151
actionsave_post_doko-bundles-rulescore\class-hs-doko.php:152
filterenter_title_herecore\class-hs-doko.php:153
actionadmin_postcore\class-hs-doko.php:155
filtermanage_edit-doko-bundles_columnscore\class-hs-doko.php:156
actionmanage_doko-bundles_posts_custom_columncore\class-hs-doko.php:157
actionwp_enqueue_scriptscore\class-hs-doko.php:175
actionwp_enqueue_scriptscore\class-hs-doko.php:181
actioninitcore\class-hs-doko.php:187
actionwoocommerce_after_shop_loop_item_titlecore\class-hs-doko.php:188
filterwc_get_template_partcore\class-hs-doko.php:194
filterwoocommerce_locate_templatecore\class-hs-doko.php:201
filterwoocommerce_get_item_datacore\class-hs-doko.php:214
actionwoocommerce_checkout_create_order_line_itemcore\class-hs-doko.php:221
actionwoocommerce_before_calculate_totalscore\class-hs-doko.php:228
filterwoocommerce_loop_add_to_cart_linkcore\class-hs-doko.php:229
filterwoocommerce_loop_product_linkcore\class-hs-doko.php:236
actionbefore_woocommerce_iniths-doko.php:40
filterbody_classpublic\class-hs-doko-public.php:206
filterwoocommerce_order_item_get_formatted_meta_datapublic\class-hs-doko-public.php:1075
actionwoocommerce_reduce_order_item_stockpublic\class-hs-doko-public.php:1087
actionwoocommerce_restore_order_stockpublic\class-hs-doko-public.php:1117
Maintenance & Trust

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 20, 2025
PHP min version8.0
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Alternatives

Ajax instant buy checkout for WooCommerce

Ajax instant buy checkout for WooCommerce

bss-ajax-checkout-instant

A
92

Ajax instant buy checkout for WooCommerce

0 No CVEs
WooCommerce

WooCommerce

woocommerce

A
87

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 42 CVEs
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

woo-cart-abandonment-recovery

A
100

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K 1 CVE
OttoKit: All-in-One Automation Platform

OttoKit: All-in-One Automation Platform

suretriggers

A
91

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

A
96

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter &hellip;

90K 4 CVEs
Developer Profile

Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce Developer Profile

UltiWP

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/doko-box-builder/admin/css/doko-select2.css/wp-content/plugins/doko-box-builder/admin/css/hs-doko-admin.css/wp-content/plugins/doko-box-builder/admin/css/core.css/wp-content/plugins/doko-box-builder/admin/css/isolated-block-editor.css/wp-content/plugins/doko-box-builder/admin/js/hs-doko-select2.js/wp-content/plugins/doko-box-builder/admin/js/hs-doko-blockUI.js/wp-content/plugins/doko-box-builder/admin/js/hs-isolated-editor.js/wp-content/plugins/doko-box-builder/admin/js/hs-doko-admin.js+6 more
Script Paths
admin/js/hs-doko-select2.jsadmin/js/hs-doko-blockUI.jsadmin/js/hs-isolated-editor.jsadmin/js/hs-doko-admin.jsadmin/js/core.jsadmin/js/isolated-block-editor.js+2 more
Version Parameters
doko-select2hs-doko-adminhs-corecsshs-iso-corecsshs-select2hs-blockUI-jshs-isolated-editor-jshs-doko-admin-jshs-corejshs-iso-corejsdoko-frontenddoko-vendors

HTML / DOM Fingerprints

CSS Classes
doko-select2-containerdoko-select2-dropdowndoko-select2-searchdoko-select2-resultsdoko-select2-selectiondoko-select2-choicedoko-select2-optionsdoko-block-wrapper+3 more
HTML Comments
<!-- wp:doko/product-bundle --><!-- /wp:doko/product-bundle --><!-- DOKO Block Editor --><!-- DOKO Admin Settings -->
Data Attributes
data-doko-bundle-iddata-doko-product-iddata-doko-quantitydata-doko-price
JS Globals
doko_frontend_paramsDOKO_BLOCK_EDITOR_SETTINGShs_doko_vars
REST Endpoints
/wp-json/doko/v1/get_bundle/wp-json/doko/v1/add_to_cart
Shortcode Output
[doko_product_bundle][doko_bundle_display]
FAQ

Frequently Asked Questions about Doko Bundle Builder : The Ultimate dynamic bundle builder for WooCommerce