WP-Safety

UpSellSmart – Product Recommendations Security & Risk Analysis

wordpress.org/plugins/upsellsmart-product-recommendations

Local, data-driven UpSellSmart – Product Recommendations with multiple engines and comprehensive admin controls.

0 active installs v1.0.3 PHP 7.4+ WP 5.0+ Updated Feb 8, 2026
cross-sellfrequently-bought-togetherpersonalized-productsproduct-recommendationsupsell
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is UpSellSmart – Product Recommendations Safe to Use in 2026?

Generally Safe

Score 100/100

UpSellSmart – Product Recommendations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'upsellsmart-product-recommendations' plugin version 1.0.3 exhibits a generally good security posture, with a low risk profile. The code analysis reveals strong adherence to secure coding practices, including a high percentage of SQL queries using prepared statements and properly escaped output. The absence of dangerous functions, file operations, and external HTTP requests further mitigates potential attack vectors. The plugin also demonstrates a proactive approach to security with a significant number of nonce and capability checks, indicating an awareness of common WordPress vulnerabilities.

Despite these strengths, a critical concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for unauthenticated users to interact with the plugin's functionality, potentially leading to unintended actions or information disclosure depending on the handler's purpose. The taint analysis shows no unsanitized paths, which is a positive sign, and the plugin has no known past vulnerabilities, suggesting a stable and well-maintained codebase.

In conclusion, while the plugin is well-built with many secure coding practices in place, the single unprotected AJAX handler represents a significant weakness that needs immediate attention. Addressing this specific vulnerability would elevate the plugin's security posture considerably, making it a highly secure option for WordPress users.

Key Concerns

  • AJAX handler without auth check
Vulnerabilities
None known

UpSellSmart – Product Recommendations Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

UpSellSmart – Product Recommendations Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

UpSellSmart – Product Recommendations Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
21 prepared
Unescaped Output
8
64 escaped
Nonce Checks
11
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

81% prepared26 total queries

Output Escaping

89% escaped72 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<class-upspr-performance-tracker> (includes\class-upspr-engine-type\Helper\class-upspr-performance-tracker.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

UpSellSmart – Product Recommendations Attack Surface

Entry Points15
Unprotected1

AJAX Handlers 15

authwp_ajax_upspr_get_categoriesincludes\class-upspr-admin.php:33
authwp_ajax_upspr_get_tagsincludes\class-upspr-admin.php:34
authwp_ajax_upspr_get_brandsincludes\class-upspr-admin.php:35
authwp_ajax_upspr_get_attributesincludes\class-upspr-admin.php:36
authwp_ajax_upspr_get_productsincludes\class-upspr-admin.php:37
authwp_ajax_upspr_get_products_by_idsincludes\class-upspr-admin.php:38
authwp_ajax_upspr_get_countriesincludes\class-upspr-admin.php:39
authwp_ajax_upspr_get_statesincludes\class-upspr-admin.php:40
authwp_ajax_upspr_store_campaign_interactionincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:24
noprivwp_ajax_upspr_store_campaign_interactionincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:25
authwp_ajax_upspr_test_conversion_trackingincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:28
authwp_ajax_upspr_track_impressionincludes\class-upspr-engine-type\Helper\class-upspr-performance-tracker.php:470
noprivwp_ajax_upspr_track_impressionincludes\class-upspr-engine-type\Helper\class-upspr-performance-tracker.php:471
authwp_ajax_upspr_track_clickincludes\class-upspr-engine-type\Helper\class-upspr-performance-tracker.php:473
noprivwp_ajax_upspr_track_clickincludes\class-upspr-engine-type\Helper\class-upspr-performance-tracker.php:474
WordPress Hooks 14
actionadmin_enqueue_scriptsincludes\class-upspr-admin.php:31
actionadmin_menuincludes\class-upspr-admin.php:32
actionwpincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:18
actionwoocommerce_order_status_completedincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:20
actionwoocommerce_order_status_processingincludes\class-upspr-engine-type\class-upspr-cross-sell-integration.php:21
actionwoocommerce_single_product_summaryincludes\class-upspr-engine-type\class-upspr-recently-viewed.php:30
actionwp_enqueue_scriptsincludes\class-upspr-frontend.php:39
actionwpincludes\class-upspr-recommendations.php:51
actionrest_api_initincludes\class-upspr-rest-api.php:42
actionadmin_initincludes\class-upspr-settings.php:39
actionplugins_loadedupsellsmart-product-recommendations.php:66
actioninitupsellsmart-product-recommendations.php:67
actionbefore_woocommerce_initupsellsmart-product-recommendations.php:68
actionadmin_noticesupsellsmart-product-recommendations.php:107
Maintenance & Trust

UpSellSmart – Product Recommendations Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 8, 2026
PHP min version7.4
Downloads273

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

UpSellSmart – Product Recommendations Alternatives

Frequently Bought Together Product For Woocommerce

Frequently Bought Together Product For Woocommerce

frequently-bought-together-product-for-woocommerce

A
100

Boost WooCommerce sales with a Frequently Bought Together widget — display product bundles with per-product discounts on any product page.

60 No CVEs
Appsell for WooCommerce: Upsell, Cross Sell, Frequently Bought Together, Discounts, Coupons & Bundles

Appsell for WooCommerce: Upsell, Cross Sell, Frequently Bought Together, Discounts, Coupons & Bundles

appsell

A
92

Increase your store's average order value, conversion rate, sales, and revenues significantly with the easiest-to-use Upsell & Cross-sell builder app.

10 No CVEs
DynamicBlocks – Product Recommendations & Bundles for WooCommerce

DynamicBlocks – Product Recommendations & Bundles for WooCommerce

dynamic-blocks-builder

A
100

Create product recommendations, bundles and upsell blocks for WooCommerce with flexible dynamic options and customizable display rules.

10 No CVEs
DL Frequently Bought Together

DL Frequently Bought Together

dl-frequently-bought-together

A
100

Adds a “Frequently Bought Together” bundle section to WooCommerce product pages, with dynamic pricing and one-click add-to-cart.

0 No CVEs
Easy Frequently Bought Together for WooCommerce

Easy Frequently Bought Together for WooCommerce

easy-frequently-bought-together-for-woocommerce

A
100

Sell more by bundling related products — Easy Frequently Bought Together for WooCommerce lets customers buy together with smart discounts.

0 No CVEs
Developer Profile

UpSellSmart – Product Recommendations Developer Profile

Md. Kamrul Hasan

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect UpSellSmart – Product Recommendations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/upsellsmart-product-recommendations/assets/dist/js/admin.js/wp-content/plugins/upsellsmart-product-recommendations/assets/dist/css/admin.css
Script Paths
/wp-content/plugins/upsellsmart-product-recommendations/assets/dist/js/admin.js
Version Parameters
upsellsmart-product-recommendations/assets/dist/js/admin.js?ver=upsellsmart-product-recommendations/assets/dist/css/admin.css?ver=

HTML / DOM Fingerprints

JS Globals
upspr_plugin_urlupspr_plugin_versionupspr_ajax_object
REST Endpoints
/wp-json/upspr/v1/recommendations
Shortcode Output
[upsellsmart_recommendations]
FAQ

Frequently Asked Questions about UpSellSmart – Product Recommendations