Does Checkout Upsell Order Bump for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Checkout Upsell Order Bump for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Checkout Upsell Order Bump for WooCommerce 2.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Checkout Upsell Order Bump for WooCommerce compatible with PHP 7.0+?

Checkout Upsell Order Bump for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Checkout Upsell Order Bump for WooCommerce updated?

Checkout Upsell Order Bump for WooCommerce was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is Checkout Upsell Order Bump for WooCommerce's security score?

Checkout Upsell Order Bump for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checkout Upsell Order Bump for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-upsell-and-order-bump

Boost sales with Checkout Upsell Order Bump for WooCommerce! Offer product suggestions and enticing discounts directly on the checkout page.

20 active installs v2.0.5 PHP 7.0+ WP 4.4.0+ Updated Apr 15, 2026

checkoutorder-bumpupsellwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Checkout Upsell Order Bump for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Checkout Upsell Order Bump for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "wc-upsell-and-order-bump" plugin v2.0.4 exhibits a concerningly open attack surface due to multiple unprotected AJAX handlers. While the static analysis indicates good practices in SQL query handling, output escaping, and a lack of critical taint flows, the presence of three AJAX entry points without authentication checks represents a significant security weakness. This means that unauthenticated users could potentially trigger these AJAX actions, leading to unintended behavior or exploitation if the handler's logic is vulnerable. Fortunately, the plugin has no recorded vulnerabilities (CVEs) and a clean history, suggesting a generally mature and well-maintained codebase in other areas. However, the unprotected AJAX endpoints are a direct and exploitable risk that needs immediate attention. The plugin's strengths lie in its secure database interactions and output sanitization, but this is overshadowed by the readily available, unprotected entry points.

Key Concerns

Unprotected AJAX handlers
Large attack surface without auth
Bundled library (Select2)

Vulnerabilities

None known

Checkout Upsell Order Bump for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Checkout Upsell Order Bump for WooCommerce Release Timeline

v2.0.5Current

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Checkout Upsell Order Bump for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

89% escaped35 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

xswcusop_save_updselldata (xswcusop-includes\xswcusop-options.php:6)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Checkout Upsell Order Bump for WooCommerce Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_xswcusop_addtocartbyproductidxswcusop-frontend\xswcusop-upsellcheckoutpage.php:603

noprivwp_ajax_xswcusop_addtocartbyproductidxswcusop-frontend\xswcusop-upsellcheckoutpage.php:605

authwp_ajax_xswcusop_send_mailxswcusop-includes\xswcusop-options.php:217

WordPress Hooks 20

actionwoocommerce_before_checkout_formxswcusop-frontend\xswcusop-orderbumpcheckoutpage.php:16

actionwoocommerce_after_checkout_billing_formxswcusop-frontend\xswcusop-orderbumpcheckoutpage.php:24

actionwoocommerce_checkout_before_order_reviewxswcusop-frontend\xswcusop-orderbumpcheckoutpage.php:32

actionwoocommerce_review_order_after_paymentxswcusop-frontend\xswcusop-orderbumpcheckoutpage.php:40

actionwp_enqueue_scriptsxswcusop-frontend\xswcusop-upsellcheckoutpage.php:5

actionwoocommerce_before_checkout_formxswcusop-frontend\xswcusop-upsellcheckoutpage.php:74

actionwoocommerce_after_checkout_billing_formxswcusop-frontend\xswcusop-upsellcheckoutpage.php:82

actionwoocommerce_review_order_before_paymentxswcusop-frontend\xswcusop-upsellcheckoutpage.php:90

actionwoocommerce_review_order_after_paymentxswcusop-frontend\xswcusop-upsellcheckoutpage.php:98

actionwoocommerce_after_checkout_formxswcusop-frontend\xswcusop-upsellcheckoutpage.php:106

filterwoocommerce_add_cart_item_dataxswcusop-frontend\xswcusop-upsellcheckoutpage.php:620

actionwoocommerce_before_calculate_totalsxswcusop-frontend\xswcusop-upsellcheckoutpage.php:631

filterwoocommerce_get_query_varsxswcusop-frontend\xswcusop-upsellcheckoutpage.php:650

filterwc_get_templatexswcusop-frontend\xswcusop-upsellcheckoutpage.php:652

actionwoocommerce_thankyouxswcusop-frontend\xswcusop-upsellcheckoutpage.php:670

actionwoocommerce_checkout_update_user_metaxswcusop-frontend\xswcusop-upsellcheckoutpage.php:680

actionadmin_initxswcusop-includes\xswcusop-options.php:4

actionadmin_initxswcusop-includes\xswcusop-options.php:21

actionadmin_enqueue_scriptsxswcusop-includes\xswcusop-options.php:40

actionadmin_menuxswcusop-includes\xswcusop-options.php:61

Maintenance & Trust

Checkout Upsell Order Bump for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.0

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Checkout Upsell Order Bump for WooCommerce Alternatives

WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

wpfunnels

WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c …

6K 12 CVEs

Checkout Upsell Funnel for WooCommerce

checkout-upsell-funnel-for-woo

100

Elevate your checkout experience with enticing product suggestions and smart order bumps, all featuring attractive discounts

600 No CVEs

Magic Order Bump for WooCommerce

magic-order-bump-for-woocommerce

100

Adds a beautiful, interactive order bump to the WooCommerce block checkout. One click adds a real product to the order.

0 No CVEs

CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

cartflows

1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.

200K 8 CVEs

FunnelKit – Funnel Builder for WooCommerce Checkout

funnel-builder

Create high-converting WooCommerce checkout pages, WooCommerce thank you pages & sales funnels with the highest-rated WordPress funnel builder.

40K 13 CVEs

Developer Profile

Checkout Upsell Order Bump for WooCommerce Developer Profile

Xfinitysoft

9 plugins · 4K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Checkout Upsell Order Bump for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-css/swiper-bundle.min.css/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/swiper-bundle.min.js/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-css/xswcusop-stylefrondend.css/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/xswcusop-mainfrontend.js

Script Paths

/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/swiper-bundle.min.js/wp-content/plugins/wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/xswcusop-mainfrontend.js

Version Parameters

wc-upsell-and-order-bump/xswcusop-assets/xswcusop-css/swiper-bundle.min.css?ver=wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/swiper-bundle.min.js?ver=wc-upsell-and-order-bump/xswcusop-assets/xswcusop-css/xswcusop-stylefrondend.css?ver=wc-upsell-and-order-bump/xswcusop-assets/xswcusop-js/xswcusop-mainfrontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

xswcusop-upsell-popupxswcusop-order-bump-popupxswcusop-upsell-product-sliderxswcusop-order-bump-container

HTML Comments

Data Attributes

data-xswcusop-upsell-iddata-xswcusop-order-bump-id

JS Globals

xswcusop_upselloptionsdataxswcusop_orderbumpdataxswcusop_mainfrontend

FAQ