WP-Safety

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Security & Risk Analysis

wordpress.org/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

Bulk Edit Simple Product type Properties like Title, SKU, Catalog Visibility, Shipping Class, Sale Price, Regular Price, Stock, Dimensions, etc.

4K active installs v1.5.2 PHP 6.1+ WP 3.0.1+ Updated Jan 13, 2026
bulk-editbulk-edit-attributesbulk-edit-pricewoocommercewoocommerce-bulk-edit
97
A · Safe
CVEs total3
Unpatched0
Last CVEJul 15, 2025
Plugin page Download
Safety Verdict

Is ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Safe to Use in 2026?

Generally Safe

Score 97/100

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 15, 2025Updated 2mo ago
Risk Assessment

The plugin 'elex-bulk-edit-products-prices-attributes-for-woocommerce-basic' v1.5.2 exhibits a mixed security posture. On the positive side, the static analysis reveals a lack of critical or high-severity issues in the analyzed code. There are no discovered dangerous functions, file operations, or external HTTP requests, and all SQL queries are properly prepared. The presence of 15 nonce checks and a robust output escaping rate (74%) are also good indicators of security awareness.

However, several areas present potential concerns. The plugin has a significant attack surface with 12 AJAX handlers, and while the static analysis reports no unprotected entry points, the absence of explicit capability checks on these AJAX handlers is a weakness. This means that while nonces might prevent basic tampering, the underlying actions could still be accessible to users who shouldn't be performing them if proper role-based access control is not implemented elsewhere. Furthermore, the history of three medium-severity vulnerabilities, particularly those related to SQL injection, suggests a recurring pattern of issues that, while currently patched, indicate a potential for future vulnerabilities if coding practices are not rigorously reviewed.

In conclusion, while the code analysis itself is largely positive regarding direct exploitation vectors like unescaped output or raw SQL, the potential for privilege escalation through unprotected AJAX actions and the historical trend of SQL injection vulnerabilities are notable weaknesses. The plugin's strengths lie in its proper handling of SQL and external interactions, but the attack surface and past vulnerability history warrant careful consideration for ongoing security.

Key Concerns

  • No capability checks on AJAX handlers
  • Bundled outdated library: Select2
  • Bundled outdated library: DataTables
  • Medium severity vulnerabilities in history (3)
Vulnerabilities
3

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-47645medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection

Jul 15, 2025 Patched in 1.5.0 (7d)
CVE-2025-3280medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection

Apr 23, 2025 Patched in 1.5.0 (16d)
CVE-2025-22352medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Shop manager+) SQL Injection

Jan 3, 2025 Patched in 1.5.0 (127d)
Code Analysis
Analyzed Mar 16, 2026

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
51
146 escaped
Nonce Checks
15
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2DataTables

Output Escaping

74% escaped197 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
elex_bep_display_count_callback (includes\elex-ajax-apifunctions.php:105)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Attack Surface

Entry Points12
Unprotected0

AJAX Handlers 12

authwp_ajax_eh_bep_ajax_table_dataincludes\class-eh-datatables.php:335
authwp_ajax_eh_bep_get_attributes_actionincludes\elex-ajax-apifunctions.php:6
authwp_ajax_eh_bep_all_productsincludes\elex-ajax-apifunctions.php:7
authwp_ajax_eh_bep_count_productsincludes\elex-ajax-apifunctions.php:8
authwp_ajax_eh_bep_clear_productsincludes\elex-ajax-apifunctions.php:9
authwp_ajax_eh_bep_update_productsincludes\elex-ajax-apifunctions.php:10
authwp_ajax_eh_bep_filter_productsincludes\elex-ajax-apifunctions.php:11
authwp_ajax_eh_bulk_edit_display_countincludes\elex-ajax-apifunctions.php:12
authwp_ajax_eh_bep_all_productsincludes\elex-ajax-apifunctions.php:14
authwp_ajax_eh_bep_send_categories_filter_input_valueincludes\elex-ajax-apifunctions.php:16
authwp_ajax_elex_bep_update_checked_statusincludes\elex-ajax-apifunctions.php:18
authwp_ajax_eh_bep_ajax_table_dataincludes\elex-class-table-data.php:259
WordPress Hooks 12
actionadmin_noticeselex-bulk-edit-woocommerce-products-basic.php:127
actionbefore_woocommerce_initelex-bulk-edit-woocommerce-products-basic.php:146
actionplugins_loadedelex-bulk-edit-woocommerce-products-basic.php:158
actionadmin_headincludes\class-eh-datatables.php:653
actionadmin_footerincludes\class-eh-datatables.php:654
actionadmin_menuincludes\elex-class-bulk-edit-init.php:12
actionadmin_initincludes\elex-class-bulk-edit-init.php:19
actionadmin_headincludes\elex-class-table-data.php:491
actionadmin_footerincludes\elex-class-table-data.php:492
actionadmin_noticesreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:20
actionadmin_initreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:21
actionadmin_footertemplates\elex-template-frontend-tables.php:857
Maintenance & Trust

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 13, 2026
PHP min version6.1
Downloads153K

Community Trust

Rating74/100
Number of ratings25
Active installs4K
Alternatives

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Alternatives

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

A
94

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 4 CVEs
Bulk Price Update for Woocommerce

Bulk Price Update for Woocommerce

woo-bulk-price-update

A
100

Bulk price update for woocommerce to update prices in percentage or fixed with multiple categories options.

2K 1 CVE
PBULKiT – Bulk Edit WooCommerce Products

PBULKiT – Bulk Edit WooCommerce Products

ithemeland-woo-bulk-product-editor-lite

A
100

Stop wasting hours editing products one by one. Bulk edit thousands of WooCommerce products, variations, and prices in minutes.

1K No CVEs
OBULKiT – Bulk Edit WooCommerce Orders

OBULKiT – Bulk Edit WooCommerce Orders

ithemeland-woo-bulk-orders-editing-lite

A
100

Streamline order management by editing and updating multiple orders simultaneously, ensuring smooth operations.

300 No CVEs
VBULKiT – Bulk Edit WooCommerce Variations

VBULKiT – Bulk Edit WooCommerce Variations

ithemeland-bulk-variation-editing-for-woocommerce

A
100

Stop wasting days editing product variations one-by-one. Bulk edit thousands of WooCommerce variations in a few simple clicks.

100 No CVEs
Developer Profile

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) Developer Profile

ELEXtensions

22 plugins · 28K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
53 days
View full developer profile
Detection Fingerprints

How We Detect ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/bootstrap.css/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/sweetalert2.css/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/style.css/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-attributes.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-pricing.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations.js+15 more
Script Paths
/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-attributes.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-pricing.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations.js/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-attributes.js+14 more
Version Parameters
elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/bootstrap.css?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/sweetalert2.css?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/css/style.css?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-attributes.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-pricing.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-attributes.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-pricing.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-stock.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-taxonomy.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-terms.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-variations-wp-api.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-wp-api.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-import-product-data.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-fields.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-import-product.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-mapping.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-mapping-import-product-data.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-mapping-xml-fields.js?ver=elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/assets/js/elex-bulk-edit-products-bulk-edit-xml-import-xml-mapping-xml-import-product.js?ver=

HTML / DOM Fingerprints

CSS Classes
elex-bulk-edit-product-attr-pageeh-bulk-edit-product-attr
HTML Comments
Bulk Product Edit classPlugin initSub menu add in woocommerce menuRegister and enqueue style sheet.
Data Attributes
data-i18n="edit-product-attr"
JS Globals
elex_bep_ajax_objectelex_bulk_edit_pricing_objelex_bulk_edit_variations_objelex_bulk_edit_variations_attributes_objelex_bulk_edit_variations_pricing_objelex_bulk_edit_variations_stock_obj+10 more
FAQ

Frequently Asked Questions about ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)