Does WC Product Bundles have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Product Bundles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Product Bundles compatible with WordPress 6.0.11?

According to WordPress.org data, WC Product Bundles 1.1.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is WC Product Bundles updated?

WC Product Bundles was last updated on Jul 19, 2022. Frequent updates are generally a positive security signal.

What is WC Product Bundles's security score?

WC Product Bundles has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Product Bundles Security & Risk Analysis

wordpress.org/plugins/wc-product-bundles

Bundle two or more woocommerce products together and sell them at a discounted rate.

100 active installs v1.1.0 PHP + WP 3.5+ Updated Jul 19, 2022

woocommerce-product-bundle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WC Product Bundles Safe to Use in 2026?

Generally Safe

Score 85/100

WC Product Bundles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "wc-product-bundles" v1.1.0 plugin presents a mixed security posture. On the positive side, the code analysis indicates good practices in several areas. There are no identified dangerous functions, all SQL queries utilize prepared statements, and file operations and external HTTP requests are absent. The low percentage of unescaped output (17%) is also a good sign, suggesting that developers have made an effort to sanitize output to prevent cross-site scripting (XSS) vulnerabilities. The complete lack of historical vulnerabilities, including critical and high severity ones, further contributes to a perception of a relatively secure plugin. However, a significant concern arises from the presence of one AJAX handler that lacks any authentication checks. This creates a direct attack vector that could be exploited by unauthenticated users, potentially leading to unintended actions or data manipulation depending on the functionality of that specific AJAX handler. The absence of taint analysis data, while potentially meaning no issues were found, also means we cannot definitively rule out unsanitized data flows, especially in conjunction with the unprotected AJAX endpoint.

Key Concerns

Unprotected AJAX handler
Missing nonce checks on AJAX
Unescaped output (17% unescaped)

Vulnerabilities

None known

WC Product Bundles Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WC Product Bundles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped65 total outputs

Attack Surface

1 unprotected

WC Product Bundles Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wcpb_ajaxclasses\listener.php:14

WordPress Hooks 26

filterproduct_type_selectorclasses\admin-form.php:14

filterwoocommerce_product_data_tabsclasses\admin-form.php:15

actionwoocommerce_product_options_general_product_dataclasses\admin-form.php:16

actionwoocommerce_product_data_panelsclasses\admin-form.php:17

filterwcpb/build/products_searchclasses\builder.php:12

filterwcpb/build/included_productsclasses\builder.php:13

filterwcpb/search/productsclasses\dao.php:13

filterwcpb/add_to_bundle/productsclasses\dao.php:14

filterwcpb/remove_from_bundle/productsclasses\dao.php:15

filterwcpb/load/bundleclasses\dao.php:16

actionsave_postclasses\dao.php:17

filterposts_whereclasses\dao.php:28

actionwoocommerce_wcpb_add_to_cartclasses\product-form.php:16

filterwoocommerce_cart_item_nameclasses\product-form.php:18

filterwoocommerce_checkout_cart_item_quantityclasses\product-form.php:19

actionwoocommerce_new_order_itemclasses\product-form.php:20

actionwoocommerce_reduce_order_stockclasses\product-form.php:21

actionwoocommerce_order_status_cancelledclasses\product-form.php:22

filterwoocommerce_sale_flashclasses\product-form.php:23

filterwoocommerce_add_to_cart_validationclasses\product-form.php:24

filterwcpb/requestclasses\request.php:15

filterwcpb/responseclasses\response.php:14

actioninitwcpb.php:34

actionplugins_loadedwcpb.php:35

filterwcpb/get_infowcpb.php:36

actionwp_enqueue_scriptswcpb.php:37

Maintenance & Trust

WC Product Bundles Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJul 19, 2022

PHP min version

Downloads16K

Community Trust

Rating62/100

Number of ratings15

Active installs100

Alternatives

WC Product Bundles Alternatives

Product Bundle Builder for WooCommerce

easy-product-bundles-for-woocommerce

100

WooCommerce Product Bundle help to creates Product Bundles, Composite Products, Mix and Match, BOGO deals, Offer gift products, and Assembled Products …

7K No CVEs

Bopo – WooCommerce Product Bundle Builder

bopo-woo-product-bundle-builder

100

Create irresistible bundle products for WooCommerce, offering flexible pricing and great deals for your customers

1K No CVEs

Products Wizard Lite for WooCommerce

products-wizard-lite-for-woocommerce

100

This plugin helps you sell your products by the step-by-step wizard. Use the [woocommerce-products-wizard] shortcode to init.

30 No CVEs

QODE Product Bundles for WooCommerce

qode-product-bundles-for-woocommerce

100

Boost conversion rates, create extra value deals and run cross-selling campaigns by combining two or more products in practical product bundles.

10 No CVEs

QuickBundles – WooCommerce Product Bundles

quickbundles

100

Easily create compelling product bundles in WooCommerce to boost your sales and average order value. Intuitive builder, flexible pricing & urgency …

0 No CVEs

Developer Profile

WC Product Bundles Developer Profile

Saravana Kumar K

3 plugins · 7K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

302 days

View full developer profile

Detection Fingerprints

How We Detect WC Product Bundles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-product-bundles/assets/css/wcpb-admin.css/wp-content/plugins/wc-product-bundles/assets/css/wcpb-front-end.css/wp-content/plugins/wc-product-bundles/assets/js/wcpb.js

Script Paths

/wp-content/plugins/wc-product-bundles/assets/js/wcpb.js

Version Parameters

wc-product-bundles/assets/js/wcpb.js?ver=wc-product-bundles/assets/css/wcpb-admin.css?ver=wc-product-bundles/assets/css/wcpb-front-end.css?ver=

HTML / DOM Fingerprints

CSS Classes

wcpb-product-search-container-ulwcpb-product-search-txt-wrapperwcpb-ajax-spinnerwcpb-product-search-result-holderwcpb_close_allwcpb_expand_allwcpb-add-productwcpb-products-container+14 more

HTML Comments

<!-- Plugin URI: http://sarkware.com/wc-product-bundle-bundle-products-together-and-sell-them-with-a-discounted-rate/ -->

+7 more

Data Attributes

data-product_iddata-bundle_iddata-product_type='wcpb'id="wcpb-product-search-txt"id="wcpb-ajax-spinner"id="wcpb-product-search-result-holder"+9 more

JS Globals

wcpb_var

FAQ