WP-Safety

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Security & Risk Analysis

wordpress.org/plugins/whols

WooCommerce Wholesale plugin for WooCommerce wholesale pricing. It is a b2b plugin for WooCommerce. WooCommerce B2B or B2B + B2C hybrid Store Solution

1K active installs v2.4.8 PHP 5.4+ WP 4.0+ Updated Feb 26, 2026
wholesale-pluginwholesale-priceswholesale-pricingwoocommerce-b2bwoocommerce-wholesale
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Whols – Wholesale Prices and B2B Store Solution for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Whols – Wholesale Prices and B2B Store Solution for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "whols" v2.4.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a generally secure development approach. The absence of dangerous functions, file operations, and bundled libraries is also a strength.

However, there are several areas of concern that warrant attention. The plugin exposes a significant attack surface with 29 total entry points, of which 4 are unprotected. Specifically, 3 out of 17 AJAX handlers lack authentication checks, and 1 out of 11 REST API routes is missing permission callbacks. While the taint analysis did not reveal critical or high severity vulnerabilities, it did identify one flow with an unsanitized path, which could potentially be exploited in conjunction with the unprotected entry points.

The plugin's strengths lie in its clean SQL handling and lack of historical vulnerabilities. The weaknesses are primarily related to authorization controls on its entry points and a single detected unsanitized path in its taint analysis. While not currently known to be exploitable, the unprotected entry points and unsanitized path represent potential vectors for future security issues if not addressed.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Flows with unsanitized paths
Vulnerabilities
None known

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
92
460 escaped
Nonce Checks
17
Capability Checks
12
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

83% escaped552 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

11 flows1 with unsanitized paths
<class-product-quick-edit-fields> (includes\Admin\class-product-quick-edit-fields.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Attack Surface

Entry Points29
Unprotected4

AJAX Handlers 17

authwp_ajax_csf-get-iconsincludes\Admin\csf-settings-custom\functions\actions.php:50
authwp_ajax_csf-exportincludes\Admin\csf-settings-custom\functions\actions.php:87
authwp_ajax_csf-importincludes\Admin\csf-settings-custom\functions\actions.php:123
authwp_ajax_csf-resetincludes\Admin\csf-settings-custom\functions\actions.php:150
authwp_ajax_csf-chosenincludes\Admin\csf-settings-custom\functions\actions.php:189
authwp_ajax_whols_diagnostic_dataincludes\Admin\Diagnostic_Data.php:101
authwp_ajax_htim_activate_pluginincludes\Admin\install-manager\class-install-manager.php:38
authwp_ajax_whols_noticesincludes\Admin\Notice_Handler.php:39
noprivwp_ajax_whols_ajax_user_registerincludes\ajax-actions.php:116
authwp_ajax_whols_ajax_user_registerincludes\ajax-actions.php:117
authwp_ajax_whols_open_raq_modalincludes\request-a-quote\class-request-quote.php:20
noprivwp_ajax_whols_open_raq_modalincludes\request-a-quote\class-request-quote.php:21
authwp_ajax_whols_request_raq_form_submitincludes\request-a-quote\class-request-quote.php:23
noprivwp_ajax_whols_request_raq_form_submitincludes\request-a-quote\class-request-quote.php:24
authwp_ajax_whols_save_order_listincludes\save-order-list\class-save-order-list.php:44
authwp_ajax_whols_delete_saved_listincludes\save-order-list\class-save-order-list.php:45
authwp_ajax_whols_add_list_to_cartincludes\save-order-list\class-save-order-list.php:46

REST API Routes 11

GET/wp-json/whols/v1/settingsincludes\vue-settings\class-settings-rest-api.php:31
GET/wp-json/whols/v1/reset-sectionincludes\vue-settings\class-settings-rest-api.php:49
GET/wp-json/whols/v1/wp_optionincludes\vue-settings\class-settings-rest-api.php:59
GET/wp-json/whols/v1/wholesaler-rolesincludes\vue-settings\class-settings-rest-api.php:88
GET/wp-json/whols/v1/pagesincludes\vue-settings\class-settings-rest-api.php:99
GET/wp-json/whols/v1/productsincludes\vue-settings\class-settings-rest-api.php:110
GET/wp-json/whols/v1/product-categoriesincludes\vue-settings\class-settings-rest-api.php:121
GET/wp-json/whols/v1/countriesincludes\vue-settings\class-settings-rest-api.php:132
GET/wp-json/whols/v1/usersincludes\vue-settings\class-settings-rest-api.php:143
GET/wp-json/whols/v1/payment-gatewaysincludes\vue-settings\class-settings-rest-api.php:154
GET/wp-json/whols/v1/dashboard-dataincludes\vue-settings\class-settings-rest-api.php:165

Shortcodes 1

[whols_registration_form] includes\Frontend\Wholesaler_Login_Register.php:21
WordPress Hooks 123
actionadmin_menuincludes\Admin\class-menu-manager.php:6
actionadmin_menuincludes\Admin\class-menu-manager.php:9
actionparent_fileincludes\Admin\class-menu-manager.php:15
actionadmin_footerincludes\Admin\class-menu-manager.php:18
filterpllwc_copy_post_metasincludes\Admin\class-polylang-integration.php:58
filterpllwc_copy_variation_metasincludes\Admin\class-polylang-integration.php:61
actionadmin_enqueue_scriptsincludes\Admin\class-product-quick-edit-fields.php:28
actionwoocommerce_product_quick_edit_endincludes\Admin\class-product-quick-edit-fields.php:108
actionwoocommerce_product_quick_edit_saveincludes\Admin\class-product-quick-edit-fields.php:109
actionwoocommerce_product_bulk_edit_endincludes\Admin\class-product-quick-edit-fields.php:112
actionwoocommerce_product_bulk_edit_saveincludes\Admin\class-product-quick-edit-fields.php:113
actionmanage_product_posts_custom_columnincludes\Admin\class-product-quick-edit-fields.php:116
actionadmin_footerincludes\Admin\class-product-quick-edit-fields.php:119
actionadmin_menuincludes\Admin\csf-settings-custom\classes\admin-options.class.php:107
actionadmin_bar_menuincludes\Admin\csf-settings-custom\classes\admin-options.class.php:108
actionnetwork_admin_menuincludes\Admin\csf-settings-custom\classes\admin-options.class.php:112
filteradmin_footer_textincludes\Admin\csf-settings-custom\classes\admin-options.class.php:432
actionadd_meta_boxesincludes\Admin\csf-settings-custom\classes\metabox-options.class.php:50
actionsave_postincludes\Admin\csf-settings-custom\classes\metabox-options.class.php:51
actionedit_attachmentincludes\Admin\csf-settings-custom\classes\metabox-options.class.php:52
actionafter_setup_themeincludes\Admin\csf-settings-custom\classes\setup.class.php:73
actioninitincludes\Admin\csf-settings-custom\classes\setup.class.php:74
actionswitch_themeincludes\Admin\csf-settings-custom\classes\setup.class.php:75
actionadmin_enqueue_scriptsincludes\Admin\csf-settings-custom\classes\setup.class.php:76
actionwp_enqueue_scriptsincludes\Admin\csf-settings-custom\classes\setup.class.php:77
actionwp_headincludes\Admin\csf-settings-custom\classes\setup.class.php:78
filteradmin_body_classincludes\Admin\csf-settings-custom\classes\setup.class.php:79
actionadmin_initincludes\Admin\csf-settings-custom\classes\taxonomy-options.class.php:41
filtermanage_whols_user_request_posts_columnsincludes\Admin\Custom_Columns.php:23
actionmanage_whols_user_request_posts_custom_columnincludes\Admin\Custom_Columns.php:24
filtermanage_edit-whols_role_cat_columnsincludes\Admin\Custom_Columns.php:27
filtermanage_whols_role_cat_custom_columnincludes\Admin\Custom_Columns.php:28
filtermanage_product_posts_columnsincludes\Admin\Custom_Columns.php:31
actionmanage_product_posts_custom_columnincludes\Admin\Custom_Columns.php:32
actioninitincludes\Admin\Custom_Posts.php:22
actiondelete_userincludes\Admin\Custom_Posts.php:25
actioninitincludes\Admin\Custom_Taxonomies.php:24
actionadmin_noticesincludes\Admin\Diagnostic_Data.php:97
actionadmin_enqueue_scriptsincludes\Admin\Diagnostic_Data.php:105
actionadmin_enqueue_scriptsincludes\Admin\install-manager\class-install-manager.php:35
actionadmin_menuincludes\Admin\Menu_Manager.php:7
actionadmin_menuincludes\Admin\Menu_Manager.php:10
actioncustom_menu_orderincludes\Admin\Menu_Manager.php:13
actionparent_fileincludes\Admin\Menu_Manager.php:16
actionadmin_noticesincludes\Admin\Notice_Handler.php:37
actionadmin_footerincludes\Admin\Notice_Handler.php:38
filterwoocommerce_product_data_tabsincludes\Admin\Product_Metabox.php:22
actionwoocommerce_product_data_panelsincludes\Admin\Product_Metabox.php:25
actionwoocommerce_process_product_metaincludes\Admin\Product_Metabox.php:28
actionwoocommerce_product_options_pricingincludes\Admin\Product_Metabox.php:31
actionwoocommerce_process_product_metaincludes\Admin\Product_Metabox.php:34
actionwoocommerce_variation_options_pricingincludes\Admin\Product_Metabox.php:37
actionwoocommerce_save_product_variationincludes\Admin\Product_Metabox.php:40
actionadmin_menuincludes\Admin\recommended-plugins\class.recommended-plugins.php:79
actionadmin_enqueue_scriptsincludes\Admin\recommended-plugins\class.recommended-plugins.php:80
actioninitincludes\Admin\recommended-plugins\recommendations.php:14
actioncreated_whols_role_catincludes\Admin\Role_Manager.php:22
actiondelete_whols_role_catincludes\Admin\Role_Manager.php:23
actionpost_updatedincludes\Admin\Role_Manager.php:24
actionshow_user_profileincludes\Admin\User_Metabox.php:22
actionedit_user_profileincludes\Admin\User_Metabox.php:23
actionpersonal_options_updateincludes\Admin\User_Metabox.php:26
actionedit_user_profile_updateincludes\Admin\User_Metabox.php:27
actioninitincludes\Admin.php:28
filterplugin_action_links_whols/whols.phpincludes\Admin.php:44
actionadmin_enqueue_scriptsincludes\Admin.php:47
filterdisplay_post_statesincludes\Admin.php:50
actionwp_loadedincludes\class-assets-manager.php:19
actionwp_enqueue_scriptsincludes\class-assets-manager.php:22
actionadmin_enqueue_scriptsincludes\class-assets-manager.php:25
filterdgwt/wcas/search_query/argsincludes\Compatibility.php:13
filterwhols_override_wholesale_priceincludes\Compatibility.php:16
filterwoocommerce_product_export_meta_valueincludes\Compatibility.php:19
actionwhols_user_registration_successincludes\Email_Notifications.php:13
actionwhols_user_registration_successincludes\Email_Notifications.php:14
actionwhols_after_raq_form_submitincludes\Email_Notifications.php:17
filterwoocommerce_login_redirectincludes\Frontend\Wholesaler_Login_Register.php:25
filterlogin_redirectincludes\Frontend\Wholesaler_Login_Register.php:26
actionwpincludes\Frontend\Woo_Config.php:13
actionwoocommerce_before_calculate_totalsincludes\Frontend\Woo_Config.php:16
filterwoocommerce_get_price_htmlincludes\Frontend\Woo_Config.php:19
filterwoocommerce_available_variationincludes\Frontend\Woo_Config.php:22
filterwoocommerce_coupons_enabledincludes\Frontend\Woo_Config.php:25
actionwoocommerce_before_cartincludes\Frontend\Woo_Config.php:27
actionwoocommerce_before_checkout_formincludes\Frontend\Woo_Config.php:28
filterwoocommerce_product_query_meta_queryincludes\Frontend\Woo_Config.php:31
filterwoocommerce_shipping_free_shipping_is_availableincludes\Frontend\Woo_Config.php:34
actionwoocommerce_before_calculate_totalsincludes\Frontend\Woo_Config.php:37
filterwoocommerce_get_item_dataincludes\Frontend\Woo_Config.php:40
filterwoocommerce_loop_add_to_cart_linkincludes\Frontend\Woo_Config.php:43
filterwoocommerce_quantity_input_argsincludes\Frontend\Woo_Config.php:44
filterwoocommerce_is_purchasableincludes\Frontend\Woo_Config.php:77
filterwoocommerce_get_price_htmlincludes\Frontend\Woo_Config.php:80
actionwp_enqueue_scriptsincludes\Frontend.php:30
filterthe_contentincludes\Frontend.php:33
actionwoocommerce_checkout_update_order_metaincludes\Manage_Order.php:13
actionwoocommerce_checkout_create_order_line_itemincludes\Manage_Order.php:17
filterwoocommerce_thankyou_order_received_textincludes\Manage_Order.php:20
actionwp_enqueue_scriptsincludes\popup\class-whols-popup.php:65
actionwp_footerincludes\popup\class-whols-popup.php:68
actionwoocommerce_cart_actionsincludes\request-a-quote\class-request-quote.php:13
actionwoolentor_cart_actionsincludes\request-a-quote\class-request-quote.php:14
actionwp_footerincludes\request-a-quote\class-request-quote.php:17
actionwoocommerce_after_cart_tableincludes\save-order-list\class-save-order-list.php:34
filterwoocommerce_account_menu_itemsincludes\save-order-list\class-save-order-list.php:37
actioninitincludes\save-order-list\class-save-order-list.php:38
actionwoocommerce_account_whols-saved-lists_endpointincludes\save-order-list\class-save-order-list.php:39
actionwp_enqueue_scriptsincludes\save-order-list\class-save-order-list.php:42
actionwp_headincludes\vue-settings\class-frontend.php:28
actionadmin_headincludes\vue-settings\class-frontend.php:29
actionadmin_enqueue_scriptsincludes\vue-settings\class-settings-page.php:36
actionadmin_headincludes\vue-settings\class-settings-page.php:39
actionadmin_footerincludes\vue-settings\class-settings-page.php:42
filterscript_loader_tagincludes\vue-settings\class-settings-page.php:89
filterscript_loader_tagincludes\vue-settings\class-settings-page.php:129
actionrest_api_initincludes\vue-settings\class-settings-rest-api.php:24
actionadmin_noticeswhols.php:178
actioninitwhols.php:181
actionplugins_loadedwhols.php:184
actionadmin_initwhols.php:193
actionupdate_option_active_pluginswhols.php:209
actioninitwhols.php:299
actionadmin_headwhols.php:305
Maintenance & Trust

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version5.4
Downloads64K

Community Trust

Rating100/100
Number of ratings12
Active installs1K
Alternatives

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Alternatives

Wholesale Market

Wholesale Market

wholesale-market

A
91

Create your own wholesale market by adding wholesale price for particular customers in woocommerce

200 1 CVE
Wholesale Customers For WooCommerce

Wholesale Customers For WooCommerce

wholesale-customers-for-woo

A
85

A simple and easy to use B2B solution for WooCommerce. Wholesale Customers For Woo will assist you in selling wholesale through your WooCommerce store &hellip;

60 No CVEs
B2B plugin for Woocommerce

B2B plugin for Woocommerce

b2b-for-woo

A
100

The "B2B plugin for Woocommerce" plugin is designed to help store owners easily manage both wholesale (B2B) and retail (B2C) customers withi &hellip;

0 No CVEs
B2BKing — Ultimate WooCommerce B2B and Wholesale Solution — Dynamic Pricing, Wholesale Order Form & More

B2BKing — Ultimate WooCommerce B2B and Wholesale Solution — Dynamic Pricing, Wholesale Order Form & More

b2bking-wholesale-for-woocommerce

A
99

B2BKing is the complete solution for running a Wholesale, B2B or B2B + B2C hybrid store with WooCommerce.

10K 2 CVEs
WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices

WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices

wholesalex

A
97

Best WooCommerce wholesale plugin with features like b2b wholesale prices, wholesale order form, tiered pricing, catalog mode, dynamic pricing, etc!

2K 4 CVEs
Developer Profile

Whols – Wholesale Prices and B2B Store Solution for WooCommerce Developer Profile

HT Plugins

23 plugins · 64K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
124 days
View full developer profile
Detection Fingerprints

How We Detect Whols – Wholesale Prices and B2B Store Solution for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/whols/assets/css/whols-frontend.css/wp-content/plugins/whols/assets/css/whols-admin.css/wp-content/plugins/whols/assets/js/whols-frontend.js/wp-content/plugins/whols/assets/js/whols-admin.js/wp-content/plugins/whols/assets/css/theme-support.css
Script Paths
/wp-content/plugins/whols/assets/js/whols-frontend.js/wp-content/plugins/whols/assets/js/whols-admin.js
Version Parameters
whols/assets/css/whols-frontend.css?ver=whols/assets/css/whols-admin.css?ver=whols/assets/js/whols-frontend.js?ver=whols/assets/js/whols-admin.js?ver=whols/assets/css/theme-support.css?ver=

HTML / DOM Fingerprints

CSS Classes
whols-login-formwhols-register-formwhols-wholesale-pricewhols-role-based-pricewhols-b2b-notice
HTML Comments
<!-- whols_notice --><!-- whols_dependency_notice -->
Data Attributes
data-whols-product-iddata-whols-user-iddata-whols-role
JS Globals
window.whols_frontend_paramsvar whols_admin_params
REST Endpoints
/wp-json/whols/v1/get_product_price/wp-json/whols/v1/register_wholesaler
Shortcode Output
[whols_login_form][whols_register_form][whols_wholesale_products][whols_request_quote_button]
FAQ

Frequently Asked Questions about Whols – Wholesale Prices and B2B Store Solution for WooCommerce