WP-Safety

Quick Buy One Get One Free Security & Risk Analysis

wordpress.org/plugins/quick-buy-one-get-one-free

Create BOGO offers to boost your WooCommerce stores conversion rate.

0 active installs v1.1.1 PHP + WP 4.0+ Updated Jan 22, 2026
bogobuy-one-get-onebuy-one-get-one-freewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Quick Buy One Get One Free Safe to Use in 2026?

Generally Safe

Score 100/100

Quick Buy One Get One Free has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "quick-buy-one-get-one-free" plugin v1.1.1 exhibits a strong security posture based on the provided static analysis. It demonstrates excellent practices by having no dangerous functions, no raw SQL queries, and almost all output properly escaped. The complete absence of file operations and external HTTP requests further reduces the attack surface. Furthermore, the plugin incorporates nonce checks and has a clean vulnerability history with zero known CVEs, indicating a proactive approach to security.

However, a notable concern is the complete lack of capability checks across its entry points. While AJAX handlers are present and protected from unauthorized access via WordPress's default mechanisms, the absence of capability checks means that any authenticated user, regardless of their role or permissions, can trigger these actions. This could lead to unintended consequences or information disclosure if the actions performed by these AJAX handlers are sensitive or can be manipulated in a way that bypasses business logic. This is the primary area of risk identified in the analysis.

In conclusion, the plugin is well-developed from a technical security standpoint, prioritizing core security practices like prepared statements and output escaping. Its vulnerability-free history is a significant strength. The critical weakness lies in the lack of granular access control via capability checks on its AJAX endpoints. Addressing this would significantly bolster its security and move it towards a truly robust security profile.

Key Concerns

  • No capability checks on AJAX handlers
Vulnerabilities
None known

Quick Buy One Get One Free Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Quick Buy One Get One Free Release Timeline

v1.1.1Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Quick Buy One Get One Free Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
112 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped113 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
bogo_for_woocommerce_display_button_text_settings (includes\admin\class-admin-bogo_for_woocommerce-settingspage.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Quick Buy One Get One Free Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bogo_set_free_variationincludes\integration\class-bogo_for_woocommerce-sc-variations.php:147
noprivwp_ajax_bogo_set_free_variationincludes\integration\class-bogo_for_woocommerce-sc-variations.php:148
WordPress Hooks 24
actionplugins_loadedbogo_for_woocommerce.php:36
actionbefore_woocommerce_initbogo_for_woocommerce.php:39
actionadmin_noticesbogo_for_woocommerce.php:49
actionadmin_enqueue_scriptsincludes\admin\class-bogo_for_woocommerce-assets.php:12
actionwp_enqueue_scriptsincludes\admin\class-bogo_for_woocommerce-assets.php:38
actionwp_enqueue_scriptsincludes\admin\class-bogo_for_woocommerce-assets.php:56
actionwoocommerce_single_product_summaryincludes\admin\premium\class-bogo_for_woocommerce-functions-hooks-integration-woocommerce.php:6
actioninitincludes\class-bogo_for_woocommerce-settings.php:81
actionadmin_initincludes\class-bogo_for_woocommerce-settings.php:84
actionwp_enqueue_scriptsincludes\class-bogo_for_woocommerce.php:126
actionwp_enqueue_scriptsincludes\class-bogo_for_woocommerce.php:127
actionadmin_enqueue_scriptsincludes\class-bogo_for_woocommerce.php:130
actionadmin_enqueue_scriptsincludes\class-bogo_for_woocommerce.php:131
actioninitincludes\class-bogo_for_woocommerce.php:140
actionwoocommerce_before_calculate_totalsincludes\integration\class-bogo_for_woocommerce-cart.php:7
actionwoocommerce_before_calculate_totalsincludes\integration\class-bogo_for_woocommerce-cart.php:260
filterwoocommerce_cart_item_quantityincludes\integration\class-bogo_for_woocommerce-cart.php:308
filterwoocommerce_cart_item_removedincludes\integration\class-bogo_for_woocommerce-cart.php:316
filterwoocommerce_product_data_tabsincludes\integration\class-bogo_for_woocommerce-product-settings.php:6
actionwoocommerce_product_data_panelsincludes\integration\class-bogo_for_woocommerce-product-settings.php:40
actionwoocommerce_process_product_metaincludes\integration\class-bogo_for_woocommerce-product-settings.php:255
actionwoocommerce_after_cart_item_nameincludes\integration\class-bogo_for_woocommerce-sc-variations.php:130
actionwoocommerce_review_order_after_cart_item_nameincludes\integration\class-bogo_for_woocommerce-sc-variations.php:138
actionwoocommerce_blocks_loadedincludes\integration\class-bogo_for_woocommerce-variations.php:6
Maintenance & Trust

Quick Buy One Get One Free Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version
Downloads138

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Quick Buy One Get One Free Alternatives

Buy one Get one Free – BOGO discount rule maker for WooCommerce

Buy one Get one Free – BOGO discount rule maker for WooCommerce

buy-one-get-one-free

A
100

Create buy one get one free or buy X get Y Free, BOGO discount rule of product in WooCommerce

500 No CVEs
ingenidev Buy One Get One Free (BOGO) for WooCommerce

ingenidev Buy One Get One Free (BOGO) for WooCommerce

ingenidev-bogo-offers-for-woocommerce

A
100

NEW Plugin! The ultimate WooCommerce plugin for creating powerful Buy One Get One Free (BOGO) deals, dynamic pricing rules, quantity discounts to boos …

10 No CVEs
BOGO Same Product (Buy One Get One Free)

BOGO Same Product (Buy One Get One Free)

virtualcode-bogo-same-product

A
100

Run Buy One Get One Free promotions in WooCommerce with automatic cart handling.

0 No CVEs
PW WooCommerce BOGO

PW WooCommerce BOGO

pw-woocommerce-bogo-free

A
100

PW WooCommerce BOGO Free makes Buy One, Get One promotions so easy!

400 No CVEs
BOGO Plus for WooCommerce

BOGO Plus for WooCommerce

bogo-plus-for-woocommerce

A
100

BOGO Plus For WooCommerce makes Buy One, Get One promotions so easy!

40 No CVEs
Developer Profile

Quick Buy One Get One Free Developer Profile

Appalify

5 plugins · 70 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Quick Buy One Get One Free

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quick-buy-one-get-one-free/assets/js/bogo-admin.js/wp-content/plugins/quick-buy-one-get-one-free/assets/js/bogo-blocks-cart-ui.js/wp-content/plugins/quick-buy-one-get-one-free/assets/js/bogo-shortcode-cart-ui.js
Script Paths
includes/admin/class-bogo_for_woocommerce-assets.php
Version Parameters
bogo-admin-js?ver=quick-bogo-blocks-cart-ui?ver=quick-bogo-shortcode-cart-ui?ver=

HTML / DOM Fingerprints

JS Globals
bogo_varsQuickBogo
FAQ

Frequently Asked Questions about Quick Buy One Get One Free