WP-Safety

OBULKiT – Bulk Edit WooCommerce Orders Security & Risk Analysis

wordpress.org/plugins/ithemeland-woo-bulk-orders-editing-lite

Streamline order management by editing and updating multiple orders simultaneously, ensuring smooth operations.

300 active installs v3.0.5 PHP 8.0.3+ WP 4.4+ Updated Jan 6, 2026
billing-addressedit-shipping-addressorders-editorwoocommerce-bulk-editwoocommerce-order
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is OBULKiT – Bulk Edit WooCommerce Orders Safe to Use in 2026?

Generally Safe

Score 100/100

OBULKiT – Bulk Edit WooCommerce Orders has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The plugin 'ithemeland-woo-bulk-orders-editing-lite' version 3.0.5 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with a very high percentage of properly escaped output and well-utilized prepared statements for SQL queries. The extensive presence of nonce and capability checks (63 and 3 respectively) suggests a conscious effort to protect against common WordPress attack vectors. The absence of any recorded vulnerabilities in its history further contributes to a perceived good security track record.

However, significant concerns arise from the static analysis. The plugin exposes 51 AJAX handlers, and alarmingly, one of these lacks any authentication checks, creating a direct entry point for unauthenticated attackers. Furthermore, the presence of 13 analyzed taint flows, with all of them having unsanitized paths, is a critical red flag. While no critical or high-severity issues were identified in the taint analysis specifically, the fact that all analyzed flows are unsanitized indicates a potential for vulnerabilities that might be further exploited if combined with other weaknesses, especially given the presence of the `unserialize` function which is often a target for attacks when dealing with untrusted input.

In conclusion, while the plugin has a clean vulnerability history and good output escaping, the unprotected AJAX handler and the high number of unsanitized taint flows present a notable risk. The potential for issues with `unserialize` also warrants caution. These areas require immediate investigation and remediation to solidify the plugin's security.

Key Concerns

  • Unprotected AJAX handler
  • All taint flows unsanitized paths
  • Dangerous function: unserialize present
Vulnerabilities
None known

OBULKiT – Bulk Edit WooCommerce Orders Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

OBULKiT – Bulk Edit WooCommerce Orders Release Timeline

v3.0.5Current
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.0
v1.9.1
v1.9
v1.8
v1.7
v1.6
v1.5
v1.4
v1.3
v1.2
Code Analysis
Analyzed Mar 16, 2026

OBULKiT – Bulk Edit WooCommerce Orders Code Analysis

Dangerous Functions
15
Raw SQL Queries
12
40 prepared
Unescaped Output
7
1263 escaped
Nonce Checks
63
Capability Checks
3
File Operations
3
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$field = unserialize($item->field);classes\repositories\History.php:41
unserialize'value' => unserialize($item->prev_value),classes\repositories\History.php:49
unserialize$field = unserialize($item->field);classes\repositories\History.php:79
unserialize'value' => unserialize($item->new_value),classes\repositories\History.php:87
unserialize$item->new_value = is_serialized($item->new_value) ? unserialize($item->new_value) : $item->new_valuclasses\services\history\HistoryRedoService.php:77
unserialize$field = unserialize($item->field);classes\services\history\HistoryRedoService.php:78
unserialize$field = unserialize($item->field);classes\services\history\HistoryRedoService.php:134
unserialize'value' => unserialize($item->new_value),classes\services\history\HistoryRedoService.php:142
unserialize$field = unserialize($item->field);classes\services\history\HistoryUndoService.php:90
unserialize'value' => unserialize($item->prev_value),classes\services\history\HistoryUndoService.php:98
unserialize$field = unserialize($item->field);classes\services\history\HistoryUndoService.php:145
unserialize'value' => unserialize($item->prev_value),classes\services\history\HistoryUndoService.php:153
unserializeif (is_array(unserialize($history->fields)) && !empty(unserialize($history->fields))) {views\history\history_items.php:27
unserializeif (is_array(unserialize($history->fields)) && !empty(unserialize($history->fields))) {views\history\history_items.php:27
unserializeforeach (unserialize($history->fields) as $field) {views\history\history_items.php:28

Bundled Libraries

Select2

SQL Query Safety

77% prepared52 total queries

Output Escaping

99% escaped1270 total outputs
Data Flows · Security
13 unsanitized

Data Flow Analysis

13 flows13 with unsanitized paths
import_orders (classes\controllers\WOBEL_Post.php:357)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

OBULKiT – Bulk Edit WooCommerce Orders Attack Surface

Entry Points51
Unprotected1

AJAX Handlers 51

authwp_ajax_wobe_add_meta_keys_by_order_idclasses\controllers\WOBEL_Ajax.php:47
authwp_ajax_wobe_column_manager_add_fieldclasses\controllers\WOBEL_Ajax.php:48
authwp_ajax_wobe_column_manager_get_fields_for_editclasses\controllers\WOBEL_Ajax.php:49
authwp_ajax_wobe_orders_filterclasses\controllers\WOBEL_Ajax.php:50
authwp_ajax_wobe_save_filter_presetclasses\controllers\WOBEL_Ajax.php:51
authwp_ajax_wobe_order_editclasses\controllers\WOBEL_Ajax.php:52
authwp_ajax_wobe_create_new_orderclasses\controllers\WOBEL_Ajax.php:53
authwp_ajax_wobe_delete_ordersclasses\controllers\WOBEL_Ajax.php:54
authwp_ajax_wobe_untrash_ordersclasses\controllers\WOBEL_Ajax.php:55
authwp_ajax_wobe_empty_trashclasses\controllers\WOBEL_Ajax.php:56
authwp_ajax_wobe_duplicate_orderclasses\controllers\WOBEL_Ajax.php:57
authwp_ajax_wobe_load_filter_profileclasses\controllers\WOBEL_Ajax.php:58
authwp_ajax_wobe_delete_filter_profileclasses\controllers\WOBEL_Ajax.php:59
authwp_ajax_wobe_save_column_profileclasses\controllers\WOBEL_Ajax.php:60
authwp_ajax_wobe_get_text_editor_contentclasses\controllers\WOBEL_Ajax.php:61
authwp_ajax_wobe_history_undoclasses\controllers\WOBEL_Ajax.php:62
authwp_ajax_wobe_history_redoclasses\controllers\WOBEL_Ajax.php:63
authwp_ajax_wobe_history_filterclasses\controllers\WOBEL_Ajax.php:64
authwp_ajax_wobe_change_count_per_pageclasses\controllers\WOBEL_Ajax.php:65
authwp_ajax_wobe_filter_profile_change_use_alwaysclasses\controllers\WOBEL_Ajax.php:66
authwp_ajax_wobe_get_default_filter_profile_ordersclasses\controllers\WOBEL_Ajax.php:67
authwp_ajax_wobe_get_taxonomy_parent_select_boxclasses\controllers\WOBEL_Ajax.php:68
authwp_ajax_wobe_sort_by_columnclasses\controllers\WOBEL_Ajax.php:69
authwp_ajax_wobe_get_order_detailsclasses\controllers\WOBEL_Ajax.php:70
authwp_ajax_wobe_get_customer_billing_addressclasses\controllers\WOBEL_Ajax.php:71
authwp_ajax_wobe_get_customer_shipping_addressclasses\controllers\WOBEL_Ajax.php:72
authwp_ajax_wobe_get_productsclasses\controllers\WOBEL_Ajax.php:73
authwp_ajax_wobe_get_taxonomiesclasses\controllers\WOBEL_Ajax.php:74
authwp_ajax_wobe_get_tagsclasses\controllers\WOBEL_Ajax.php:75
authwp_ajax_wobe_get_categoriesclasses\controllers\WOBEL_Ajax.php:76
authwp_ajax_wobe_get_order_notesclasses\controllers\WOBEL_Ajax.php:77
authwp_ajax_wobe_add_order_noteclasses\controllers\WOBEL_Ajax.php:78
authwp_ajax_wobe_delete_order_noteclasses\controllers\WOBEL_Ajax.php:79
authwp_ajax_wobe_get_order_addressclasses\controllers\WOBEL_Ajax.php:80
authwp_ajax_wobe_get_order_itemsclasses\controllers\WOBEL_Ajax.php:81
authwp_ajax_wobe_clear_filter_dataclasses\controllers\WOBEL_Ajax.php:82
authwp_ajax_wobe_history_change_pageclasses\controllers\WOBEL_Ajax.php:83
authwp_ajax_wobe_get_order_custom_field_filesclasses\controllers\WOBEL_Ajax.php:84
authwp_ajax_wobe_add_custom_field_file_itemclasses\controllers\WOBEL_Ajax.php:85
authwp_ajax_wobe_bulk_edit_add_custom_field_file_itemclasses\controllers\WOBEL_Ajax.php:86
authwp_ajax_wobe_is_processingclasses\controllers\WOBEL_Ajax.php:87
authwp_ajax_wobe_background_process_force_stopclasses\controllers\WOBEL_Ajax.php:88
authwp_ajax_wobe_background_process_clear_complete_messageclasses\controllers\WOBEL_Ajax.php:89
authwp_ajax_wobe_background_process_clear_tasks_countclasses\controllers\WOBEL_Ajax.php:90
authwp_ajax_wobe_get_order_taxonomy_termsclasses\controllers\WOBEL_Ajax.php:91
authwp_ajax_wobe_add_meta_keys_manualclasses\controllers\WOBEL_Ajax.php:92
authwp_ajax_wobe_add_acf_meta_fieldclasses\controllers\WOBEL_Ajax.php:93
authwp_ajax_wobe_add_schedule_jobclasses\services\scheduler\Order_Scheduler.php:41
authwp_ajax_wobe_get_schedule_jobsclasses\services\scheduler\Order_Scheduler.php:42
authwp_ajax_wobe_schedule_get_current_timeclasses\services\scheduler\Scheduler.php:40
authwp_ajax_wobel_ithemeland_onboarding_pluginframework\onboarding\Onboarding.php:24
WordPress Hooks 28
filtersafe_style_cssclasses\bootstrap\WOBEL.php:45
actionadmin_menuclasses\bootstrap\WOBEL.php:51
actionadmin_enqueue_scriptsclasses\bootstrap\WOBEL.php:52
filterposts_whereclasses\bootstrap\WOBEL_Custom_Queries.php:23
filterposts_whereclasses\bootstrap\WOBEL_Custom_Queries.php:24
filterposts_whereclasses\bootstrap\WOBEL_Custom_Queries.php:25
filterwobe_column_fieldsclasses\bootstrap\WOBEL_Meta_Fields.php:23
filterwobe_column_fieldsclasses\bootstrap\WOBEL_Meta_Fields.php:24
actionadmin_post_wobe_column_manager_new_presetclasses\controllers\WOBEL_Post.php:29
actionadmin_post_wobe_column_manager_edit_presetclasses\controllers\WOBEL_Post.php:30
actionadmin_post_wobe_column_manager_delete_presetclasses\controllers\WOBEL_Post.php:31
actionadmin_post_wobe_load_column_profileclasses\controllers\WOBEL_Post.php:32
actionadmin_post_wobe_settingsclasses\controllers\WOBEL_Post.php:33
actionadmin_post_wobe_export_ordersclasses\controllers\WOBEL_Post.php:34
actionadmin_post_wobe_import_ordersclasses\controllers\WOBEL_Post.php:35
actionadmin_post_wobe_save_column_profileclasses\controllers\WOBEL_Post.php:36
filterupload_mimesclasses\controllers\WOBEL_Post.php:365
filterwp_check_filetype_and_extclasses\controllers\WOBEL_Post.php:370
filterwobe_top_navigation_buttonsclasses\controllers\Woo_Order_Controller.php:49
filterwobe_footer_view_filesclasses\controllers\Woo_Order_Controller.php:50
filtercron_schedulesclasses\services\scheduler\Scheduler.php:28
actionadmin_enqueue_scriptsclasses\services\scheduler\Scheduler.php:29
actionadmin_initframework\analytics\AnalyticsTracker.php:22
actioninitframework\analytics\AnalyticsTracker.php:23
actioninitithemeland-woo-bulk-orders-editing-lite.php:54
actionbefore_woocommerce_initithemeland-woo-bulk-orders-editing-lite.php:57
actionplugins_loadedithemeland-woo-bulk-orders-editing-lite.php:63
actionadmin_noticesviews\alerts\woocommerce_required.php:14
Maintenance & Trust

OBULKiT – Bulk Edit WooCommerce Orders Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version8.0.3
Downloads16K

Community Trust

Rating80/100
Number of ratings4
Active installs300
Alternatives

OBULKiT – Bulk Edit WooCommerce Orders Alternatives

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

A
86

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 5 CVEs
Order Export & Order Import for WooCommerce

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

A
92

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs
Orders Tracking for WooCommerce

Orders Tracking for WooCommerce

woo-orders-tracking

A
99

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs
Sequential Order Numbers for WooCommerce

Sequential Order Numbers for WooCommerce

woocommerce-sequential-order-numbers

A
100

This plugin extends WooCommerce by setting sequential order numbers for new orders.

10K No CVEs
WC Order Test

WC Order Test

woo-order-test

A
100

Test your WooCommerce order process in seconds to ensure your checkout works correctly.

7K No CVEs
Developer Profile

OBULKiT – Bulk Edit WooCommerce Orders Developer Profile

ithemelandco

9 plugins · 5K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect OBULKiT – Bulk Edit WooCommerce Orders

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/reset.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/icomoon.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/bootstrap-material-datetimepicker.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/select2.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/sweetalert.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/bootstrap.min.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/style.css/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/css/datatable.css+9 more
Script Paths
/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/jquery.min.js/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/bootstrap.min.js/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/bootstrap-material-datetimepicker.js/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/select2.full.min.js/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/sweetalert.min.js/wp-content/plugins/ithemeland-woo-bulk-orders-editing-lite/assets/js/datatable.min.js+3 more
Version Parameters
ithemeland-woo-bulk-orders-editing-lite/assets/css/reset.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/icomoon.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/bootstrap-material-datetimepicker.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/select2.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/sweetalert.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/bootstrap.min.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/style.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/css/datatable.css?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/jquery.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/bootstrap.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/bootstrap-material-datetimepicker.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/select2.full.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/sweetalert.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/datatable.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/datatable.bootstrap.min.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/plugins.js?ver=ithemeland-woo-bulk-orders-editing-lite/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
wobel-bootstrapwobel-wrapperwobel-contentwobel-headerwobel-bodywobel-tablewobel-bulk-actionwobel-bulk-apply+10 more
HTML Comments
<!-- wobel-templates --><!-- ITHEMELANDCO --><!-- END ITHEMELANDCO -->
Data Attributes
data-wobel-bulk-actiondata-wobel-bulk-applydata-wobel-order-iddata-wobel-field-name
JS Globals
wobel_settingwobel_meta_fieldswobel_data_settingswobel_paramswobel_obj
FAQ

Frequently Asked Questions about OBULKiT – Bulk Edit WooCommerce Orders