Does WowRevenue – Product Bundles & Bulk Discounts have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WowRevenue – Product Bundles & Bulk Discounts compatible with WordPress 6.9.4?

According to WordPress.org data, WowRevenue – Product Bundles & Bulk Discounts 2.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WowRevenue – Product Bundles & Bulk Discounts compatible with PHP 7.4+?

WowRevenue – Product Bundles & Bulk Discounts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WowRevenue – Product Bundles & Bulk Discounts updated?

WowRevenue – Product Bundles & Bulk Discounts was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is WowRevenue – Product Bundles & Bulk Discounts's security score?

WowRevenue – Product Bundles & Bulk Discounts has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WowRevenue – Product Bundles & Bulk Discounts Security & Risk Analysis

wordpress.org/plugins/revenue

WowRevenue is a combination of product bundles and discount campaigns, including bulk discounts, buy x get y discounts, and more.

1K active installs v2.2.1 PHP 7.4+ WP 6.8+ Updated Apr 15, 2026

bogobought-togetherbulk-discountproduct-bundlesupsells

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 16, 2026

Plugin page Download

Safety Verdict

Is WowRevenue – Product Bundles & Bulk Discounts Safe to Use in 2026?

Generally Safe

Score 96/100

WowRevenue – Product Bundles & Bulk Discounts has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Feb 16, 2026Updated 1mo ago

Risk Assessment

The "revenue" plugin v2.1.8 exhibits a mixed security posture. On the positive side, it demonstrates good coding practices with a high percentage of SQL queries using prepared statements and properly escaped output. The presence of numerous nonce and capability checks further indicates an awareness of security principles. However, significant concerns arise from the substantial attack surface exposed without adequate authorization checks.

Specifically, the plugin has 8 unprotected entry points, including 7 AJAX handlers and 1 REST API route that lacks permission callbacks. This represents a considerable risk, as attackers could potentially exploit these unauthenticated endpoints. The taint analysis, while limited in scope, did identify one flow with unsanitized paths, which, although not rated critical or high, warrants attention and further investigation to ensure it doesn't lead to vulnerabilities. The historical vulnerability data shows a past pattern of missing authorization, reinforcing the concerns raised by the static analysis.

While the plugin has no currently unpatched CVEs and a recent vulnerability was addressed, the recurring theme of missing authorization in past issues and the current static analysis findings suggest a persistent weakness. The plugin's strengths lie in its careful handling of database queries and output, but the unprotected entry points remain a significant liability that could be exploited.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API route
Flow with unsanitized paths
Missing authorization vulnerability history

Vulnerabilities

2 published

WowRevenue – Product Bundles & Bulk Discounts Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-2001high · 8.8Missing Authorization

WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

Feb 16, 2026 Patched in 2.1.4 (1d)

CVE-2025-62070medium · 4.3Missing Authorization

WowRevenue <= 1.2.13 - Missing Authorization

Oct 16, 2025 Patched in 1.2.14 (8d)

Version History

WowRevenue – Product Bundles & Bulk Discounts Release Timeline

v2.2.1Current

v2.2.0

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.31 CVE

v2.1.21 CVE

v2.1.11 CVE

v2.1.01 CVE

v2.0.101 CVE

v2.0.91 CVE

v2.0.81 CVE

v2.0.71 CVE

v2.0.61 CVE

v2.0.51 CVE

v2.0.41 CVE

v2.0.31 CVE

Code Analysis

Analyzed Mar 16, 2026

WowRevenue – Product Bundles & Bulk Discounts Code Analysis

Dangerous Functions

Raw SQL Queries

89 prepared

Unescaped Output

3486 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared94 total queries

Output Escaping

99% escaped3511 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

<class-revenue-next-order-coupon> (includes\campaigns\class-revenue-next-order-coupon.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

WowRevenue – Product Bundles & Bulk Discounts Attack Surface

Entry Points29

Unprotected8

AJAX Handlers 27

authwp_ajax_custom_save_coupon_actionincludes\campaigns\class-revenue-next-order-coupon.php:39

authwp_ajax_update_product_viewsincludes\campaigns\class-revenue-stock-scarcity.php:46

noprivwp_ajax_update_product_viewsincludes\campaigns\class-revenue-stock-scarcity.php:47

authwp_ajax_revenue_add_to_cartincludes\class-revenue-ajax.php:25

noprivwp_ajax_revenue_add_to_cartincludes\class-revenue-ajax.php:27

authwp_ajax_revenue_add_bundle_to_cartincludes\class-revenue-ajax.php:28

noprivwp_ajax_revenue_add_bundle_to_cartincludes\class-revenue-ajax.php:29

authwp_ajax_revenue_close_popupincludes\class-revenue-ajax.php:30

noprivwp_ajax_revenue_close_popupincludes\class-revenue-ajax.php:31

authwp_ajax_revenue_count_impressionincludes\class-revenue-ajax.php:32

noprivwp_ajax_revenue_count_impressionincludes\class-revenue-ajax.php:33

authwp_ajax_revenue_get_product_priceincludes\class-revenue-ajax.php:37

authwp_ajax_revx_get_next_campaign_idincludes\class-revenue-ajax.php:39

authwp_ajax_revx_get_campaign_limitsincludes\class-revenue-ajax.php:41

authwp_ajax_revx_activate_woocommerceincludes\class-revenue-ajax.php:43

authwp_ajax_revx_install_woocommerceincludes\class-revenue-ajax.php:45

authwp_ajax_revenue_get_search_suggestionincludes\class-revenue-ajax.php:47

authwp_ajax_revenue_get_cart_totalincludes\class-revenue-ajax.php:48

noprivwp_ajax_revenue_get_cart_totalincludes\class-revenue-ajax.php:49

authwp_ajax_revenue_get_campaign_offer_itemsincludes\class-revenue-ajax.php:51

authwp_ajax_revenue_get_trigger_itemsincludes\class-revenue-ajax.php:53

noprivwp_ajax_revenue_get_trigger_itemsincludes\class-revenue-ajax.php:55

authwp_ajax_revenue_get_campaign_htmlincludes\class-revenue-campaign.php:241

noprivwp_ajax_revenue_get_campaign_htmlincludes\class-revenue-campaign.php:242

authwp_ajax_revx_deactive_pluginincludes\deactive\class-deactive.php:30

authwp_ajax_revx_install_pluginincludes\durbin\class-our-plugins.php:13

authwp_ajax_revx_installincludes\notice\class-notice.php:43

REST API Routes 1

GET/wp-json/revenue/v1/custom-couponsincludes\campaigns\class-revenue-next-order-coupon.php:335

Shortcodes 1

[revenue_coupon] includes\campaigns\class-revenue-next-order-coupon.php:142

WordPress Hooks 116

actionadmin_menuincludes\admin\class-revenue-menu.php:52

actionwoocommerce_json_search_found_productsincludes\admin\class-revenue-menu.php:53

filterwoocommerce_json_search_found_categoriesincludes\admin\class-revenue-menu.php:54

actionadmin_headincludes\admin\class-revenue-menu.php:55

actionadmin_enqueue_scriptsincludes\admin\class-revenue-menu.php:56

actionadmin_headincludes\admin\class-revenue-menu.php:168

filterwoocommerce_is_purchasableincludes\campaigns\class-revenue-bundle-discount.php:81

actionrevenue_check_cart_itemsincludes\campaigns\class-revenue-bundle-discount.php:94

filterwoocommerce_order_formatted_line_subtotalincludes\campaigns\class-revenue-bundle-discount.php:96

actionrevenue_rest_insert_campaignincludes\campaigns\class-revenue-bundle-discount.php:97

filterwoocommerce_add_cart_item_dataincludes\campaigns\class-revenue-countdown-timer.php:40

actionwp_footerincludes\campaigns\class-revenue-countdown-timer.php:41

filterwoocommerce_package_ratesincludes\campaigns\class-revenue-free-shipping-bar.php:66

actionrevenue_campaign_free_shipping_bar_before_calculate_cart_totalsincludes\campaigns\class-revenue-free-shipping-bar.php:68

filterrevenue_campaign_free_shipping_bar_cart_item_priceincludes\campaigns\class-revenue-free-shipping-bar.php:71

actionrest_api_initincludes\campaigns\class-revenue-next-order-coupon.php:40

actionedit_form_after_editorincludes\campaigns\class-revenue-next-order-coupon.php:41

actionsave_postincludes\campaigns\class-revenue-next-order-coupon.php:42

filterwoocommerce_coupon_is_validincludes\campaigns\class-revenue-next-order-coupon.php:45

actionwoocommerce_order_status_completedincludes\campaigns\class-revenue-next-order-coupon.php:46

actionwoocommerce_order_status_on-holdincludes\campaigns\class-revenue-next-order-coupon.php:47

actionwoocommerce_order_status_processingincludes\campaigns\class-revenue-next-order-coupon.php:48

filterwoocommerce_add_cart_item_dataincludes\campaigns\class-revenue-next-order-coupon.php:49

actionwoocommerce_checkout_create_order_line_itemincludes\campaigns\class-revenue-next-order-coupon.php:50

actiontemplate_redirectincludes\campaigns\class-revenue-next-order-coupon.php:51

actionwoocommerce_before_cart_tableincludes\campaigns\class-revenue-next-order-coupon.php:52

actionwoocommerce_thankyouincludes\campaigns\class-revenue-next-order-coupon.php:128

actionwoocommerce_before_thankyouincludes\campaigns\class-revenue-next-order-coupon.php:129

actionwoocommerce_account_contentincludes\campaigns\class-revenue-next-order-coupon.php:135

actionwoocommerce_account_contentincludes\campaigns\class-revenue-next-order-coupon.php:136

actionrevenue_campaign_normal_discount_before_calculate_cart_totalsincludes\campaigns\class-revenue-normal-discount.php:49

filterrevenue_campaign_normal_discount_cart_item_priceincludes\campaigns\class-revenue-normal-discount.php:50

actionwpincludes\campaigns\class-revenue-stock-scarcity.php:43

filterwoocommerce_add_cart_item_dataincludes\campaigns\class-revenue-stock-scarcity.php:44

actionwp_footerincludes\campaigns\class-revenue-stock-scarcity.php:45

actionwp_enqueue_scriptsincludes\campaigns\class-revenue-stock-scarcity.php:48

filterwoocommerce_get_stock_htmlincludes\campaigns\class-revenue-stock-scarcity.php:209

actionwc_ajax_revenue_add_to_cartincludes\class-revenue-ajax.php:26

filterrevenue_rest_before_prepare_campaignincludes\class-revenue-ajax.php:35

actiontemplate_redirectincludes\class-revenue-analytics.php:24

actionrevenue_campaign_order_createdincludes\class-revenue-analytics.php:25

actionrevenue_item_added_to_cartincludes\class-revenue-campaign.php:148

actionwoocommerce_remove_cart_itemincludes\class-revenue-campaign.php:150

actionwoocommerce_cart_item_restoredincludes\class-revenue-campaign.php:152

actionwoocommerce_cart_emptiedincludes\class-revenue-campaign.php:154

actionwoocommerce_add_to_cartincludes\class-revenue-campaign.php:156

actionwoocommerce_before_calculate_totalsincludes\class-revenue-campaign.php:158

actionwoocommerce_check_cart_itemsincludes\class-revenue-campaign.php:160

actionwoocommerce_cart_item_remove_linkincludes\class-revenue-campaign.php:162

actionwoocommerce_cart_item_quantityincludes\class-revenue-campaign.php:164

actionwoocommerce_cart_item_classincludes\class-revenue-campaign.php:166

actionwoocommerce_cart_item_subtotalincludes\class-revenue-campaign.php:168

actionwoocommerce_cart_item_priceincludes\class-revenue-campaign.php:170

actionwoocommerce_get_item_dataincludes\class-revenue-campaign.php:172

actionwoocommerce_cart_item_nameincludes\class-revenue-campaign.php:174

actionwoocommerce_after_cart_item_quantity_updateincludes\class-revenue-campaign.php:176

actionwoocommerce_store_api_product_quantity_minimumincludes\class-revenue-campaign.php:178

actionwoocommerce_store_api_product_quantity_maximumincludes\class-revenue-campaign.php:180

actionwoocommerce_checkout_order_processedincludes\class-revenue-campaign.php:182

actionwoocommerce_store_api_checkout_order_processedincludes\class-revenue-campaign.php:184

actionwoocommerce_checkout_create_order_line_itemincludes\class-revenue-campaign.php:186

actionwoocommerce_hidden_order_itemmetaincludes\class-revenue-campaign.php:188

filterwoocommerce_package_ratesincludes\class-revenue-campaign.php:192

actionwpincludes\class-revenue-campaign.php:194

actionwp_print_scriptsincludes\class-revenue-campaign.php:196

actionrevenue_campaign_before_headerincludes\class-revenue-campaign.php:198

actionwoocommerce_cart_calculate_feesincludes\class-revenue-campaign.php:207

filterwoocommerce_add_to_cart_fragmentsincludes\class-revenue-campaign.php:213

actionrevenue_before_campaign_renderincludes\class-revenue-campaign.php:215

filterwoocommerce_blocks_checkout_block_registrationincludes\class-revenue-campaign.php:219

filterrevenue_block_before_cart_formincludes\class-revenue-campaign.php:230

filterrender_blockincludes\class-revenue-campaign.php:239

filterwoocommerce_available_variationincludes\class-revenue-campaign.php:243

filterrender_block_dataincludes\class-revenue-campaign.php:599

filterrender_block_dataincludes\class-revenue-campaign.php:658

actionwoocommerce_before_thankyouincludes\class-revenue-campaign.php:1060

actionwoocommerce_thankyouincludes\class-revenue-campaign.php:1061

actionwoocommerce_after_cart_item_nameincludes\class-revenue-campaign.php:1065

filterwoocommerce_cart_item_priceincludes\class-revenue-campaign.php:1066

actionrvex_below_the_product_titleincludes\class-revenue-campaign.php:1070

actionrvex_below_the_product_priceincludes\class-revenue-campaign.php:1071

actionwoocommerce_before_add_to_cart_quantityincludes\class-revenue-campaign.php:1072

actionwoocommerce_review_order_before_submitincludes\class-revenue-campaign.php:1081

actionwoocommerce_review_order_before_paymentincludes\class-revenue-campaign.php:1082

actionwoocommerce_review_order_before_shippingincludes\class-revenue-campaign.php:1083

filterthe_contentincludes\class-revenue-campaign.php:1091

actionwp_headincludes\class-revenue-campaign.php:1093

actionwp_footerincludes\class-revenue-campaign.php:1094

filterwoocommerce_product_get_priceincludes\class-revenue-campaign.php:2385

filterwoocommerce_product_variation_get_priceincludes\class-revenue-campaign.php:2386

filterywsbs_subscription_recurring_priceincludes\class-revenue-campaign.php:3258

actionastra_woo_single_title_afterincludes\class-revenue-functions.php:397

actionwoocommerce_single_product_summaryincludes\class-revenue-functions.php:404

actionastra_woo_single_price_afterincludes\class-revenue-functions.php:413

actionwoocommerce_single_product_summaryincludes\class-revenue-functions.php:421

actionwoocommerce_account_contentincludes\class-revenue-functions.php:430

actionwoocommerce_account_contentincludes\class-revenue-functions.php:437

filtersafe_style_cssincludes\class-revenue-functions.php:4057

actionadmin_initincludes\class-revenue-notice.php:86

actionadmin_noticesincludes\class-revenue-notice.php:87

actionwp_initialize_siteincludes\class-revenue.php:63

actionplugins_loadedincludes\class-revenue.php:70

actioninitincludes\class-revenue.php:72

actionadmin_initincludes\class-revenue.php:74

actionwoocommerce_loadedincludes\class-revenue.php:76

actionplugins_loadedincludes\class-revenue.php:80

filterplugin_row_metaincludes\class-revenue.php:84

actionwp_headincludes\class-revenue.php:85

actioninitincludes\class-revenue.php:251

actioninitincludes\class-revenue.php:254

actionwp_enqueue_scriptsincludes\class-revenue.php:258

actionadmin_footerincludes\deactive\class-deactive.php:28

actionadmin_noticesincludes\notice\class-notice.php:36

actionadmin_initincludes\notice\class-notice.php:37

actionrest_api_initincludes\notice\class-notice.php:40

actionrest_api_initincludes\rest-api\class-revenue-server.php:29

Maintenance & Trust

WowRevenue – Product Bundles & Bulk Discounts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads42K

Community Trust

Rating100/100

Number of ratings18

Active installs1K

Alternatives

WowRevenue – Product Bundles & Bulk Discounts Alternatives

Discount Rules and Dynamic Pricing for WooCommerce

easy-woocommerce-discounts

100

WooCommerce discount plugin, pricing and discounts, category discount, smart coupon, quantity discount, bulk discount, shipping method, storewide.

10K No CVEs

WPC Frequently Bought Together for WooCommerce

woo-bought-together

WPC Frequently Bought Together helps you increase your sales with personalized product recommendations.

10K 2 CVEs

StoreGrowth: Smart Sales Booster for WooCommerce | BOGO, Upsells, Direct Checkout, Quick View, Side Cart

storegrowth-sales-booster

100

WooCommerce Sales Booster with BOGO, upsells, direct checkout, quick view, side cart, countdowns, floating bar, free shipping & stock bar.

2K No CVEs

Discount Rules for WooCommerce – Disco | Dynamic Pricing, Conditions, Bulk, Bundle, BOGO

disco

100

WooCommerce discount rules plugin to create automatic product and cart discounts, bulk pricing, BOGO deals, and dynamic pricing without coupon codes.

700 No CVEs

Dynamic Pricing & Discounts Lite

woo-dynamic-pricing-discounts-lite

Eminent plugin for WooCommerce stores with all type of discounts – dynamic pricing & discounts, category discount, product discount, BOGO rule & more.

400 1 unpatched

Developer Profile

WowRevenue – Product Bundles & Bulk Discounts Developer Profile

WPXPO

9 plugins · 51K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

137 days

View full developer profile

Detection Fingerprints

How We Detect WowRevenue – Product Bundles & Bulk Discounts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/revenue/assets/css/backend/revenue-admin.css/wp-content/plugins/revenue/assets/js/backend/revenue-notice.js

Script Paths

/wp-content/plugins/revenue/assets/js/backend/revenue-notice.js

Version Parameters

revenue-admin?ver=revenue-notice?ver=

HTML / DOM Fingerprints

CSS Classes

revx-menu-upgrade-to-pro

Data Attributes

data-revenue-tab

JS Globals

revenue_admin_params

FAQ

WowRevenue – Product Bundles & Bulk Discounts Security & Risk Analysis

Is WowRevenue – Product Bundles & Bulk Discounts Safe to Use in 2026?

Generally Safe

Key Concerns

WowRevenue – Product Bundles & Bulk Discounts Security Vulnerabilities

CVEs by Year

Severity Breakdown

WowRevenue – Product Bundles & Bulk Discounts Release Timeline

WowRevenue – Product Bundles & Bulk Discounts Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

WowRevenue – Product Bundles & Bulk Discounts Attack Surface

AJAX Handlers 27

REST API Routes 1

Shortcodes 1

WowRevenue – Product Bundles & Bulk Discounts Maintenance & Trust

Maintenance Signals

Community Trust

WowRevenue – Product Bundles & Bulk Discounts Alternatives

Discount Rules and Dynamic Pricing for WooCommerce

WPC Frequently Bought Together for WooCommerce

StoreGrowth: Smart Sales Booster for WooCommerce | BOGO, Upsells, Direct Checkout, Quick View, Side Cart

Discount Rules for WooCommerce – Disco | Dynamic Pricing, Conditions, Bulk, Bundle, BOGO

Dynamic Pricing & Discounts Lite

WowRevenue – Product Bundles & Bulk Discounts Developer Profile

How We Detect WowRevenue – Product Bundles & Bulk Discounts

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WowRevenue – Product Bundles & Bulk Discounts