WP-Safety

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Security & Risk Analysis

wordpress.org/plugins/woo-boost-sales

Boost Sales for WooCommerce with dynamic upsell popups, cross-sell bundles, and 'Frequently Bought Together' suggestions

300 active installs v1.2.17 PHP 7.0+ WP 5.0.0+ Updated Feb 27, 2026
add-to-cart-popup-woocommercewoocommerce-add-to-cart-popupwoocommerce-boost-saleswoocommerce-cross-sellwoocommerce-popup-after-add-to-cart
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Safe to Use in 2026?

Generally Safe

Score 100/100

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "woo-boost-sales" v1.2.17 plugin demonstrates a generally good security posture with strong adherence to secure coding practices. The absence of known CVEs and the consistent use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin utilizes nonces and capability checks extensively, indicating an effort to protect against common WordPress attack vectors. The high percentage of properly escaped output also suggests a good defense against cross-site scripting (XSS) vulnerabilities.

However, there are specific areas of concern that warrant attention. The presence of two AJAX handlers without authentication checks represents a potential entry point for attackers. While taint analysis did not reveal critical or high severity issues, the two flows with unsanitized paths, even if categorized as lower severity, should be investigated to ensure they cannot be exploited in conjunction with other vulnerabilities or specific configurations. The use of a bundled library, Select2, without explicit version information also introduces a minor risk if this library itself contains known vulnerabilities and is not kept up-to-date.

Overall, "woo-boost-sales" v1.2.17 is a relatively secure plugin, largely due to its proactive use of security features and lack of historical vulnerabilities. The primary risks lie in the unprotected AJAX endpoints and the potential for unsanitized paths in certain flows. Addressing these specific issues would further strengthen the plugin's security.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
  • Bundled library (Select2) without version context
Vulnerabilities
None known

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
89
670 escaped
Nonce Checks
31
Capability Checks
20
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

88% escaped759 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

11 flows2 with unsanitized paths
init_upsells (frontend\single_upsells.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Attack Surface

Entry Points21
Unprotected2

AJAX Handlers 20

authwp_ajax_wbs_wcpb_add_product_in_bundleadmin\bundles.php:68
authwp_ajax_wbs_search_product_in_bundleadmin\bundles.php:69
authwp_ajax_wbs_search_productadmin\upsell.php:13
authwp_ajax_wbs_u_save_productadmin\upsell.php:14
authwp_ajax_wbs_u_remove_productadmin\upsell.php:15
authwp_ajax_wbs_u_sync_productadmin\upsell.php:17
authwp_ajax_wbs_ajax_enable_upselladmin\upsell.php:18
authwp_ajax_wbs_search_product_crsadmin\zcrosssell.php:13
authwp_ajax_wbs_c_save_productadmin\zcrosssell.php:14
authwp_ajax_wbs_update_productadmin\zcrosssell.php:15
authwp_ajax_wbs_c_remove_productadmin\zcrosssell.php:16
authwp_ajax_wbs_u_create_bundle_from_crosssellsadmin\zcrosssell.php:17
authwp_ajax_wbs_ajax_enable_crossselladmin\zcrosssell.php:24
authwp_ajax_wbs_get_productfrontend\archive_upsells.php:17
noprivwp_ajax_wbs_get_productfrontend\archive_upsells.php:18
authwp_ajax_vi_wbs_frequently_product_add_to_cartfrontend\frequently-product.php:24
noprivwp_ajax_vi_wbs_frequently_product_add_to_cartfrontend\frequently-product.php:28
authwp_ajax_wbs_select_couponincludes\fields.php:23
authwp_ajax_wbs_search_product_exclincludes\fields.php:24
authwp_ajax_wbs_search_category_exclincludes\fields.php:25

Shortcodes 1

[wbs_frequently_product] frontend\frequently-product.php:83
WordPress Hooks 106
filterplugin_action_links_woo-boost-sales/woo-boost-sales.phpadmin\admin.php:8
actioninitadmin\admin.php:14
actioninitadmin\bundles.php:63
actionadmin_enqueue_scriptsadmin\bundles.php:64
filterwoocommerce_product_data_tabsadmin\bundles.php:66
actionwoocommerce_product_data_panelsadmin\bundles.php:67
actionwoocommerce_process_product_metaadmin\bundles.php:70
actionwoocommerce_process_product_meta_wbs_bundleadmin\bundles.php:71
actionwbs_wcpb_admin_product_bundle_dataadmin\bundles.php:72
filterproduct_type_selectoradmin\bundles.php:76
filterwoocommerce_admin_html_order_item_classadmin\bundles.php:79
filterwoocommerce_admin_order_item_classadmin\bundles.php:83
filterwoocommerce_admin_order_item_countadmin\bundles.php:87
filterwoocommerce_hidden_order_itemmetaadmin\bundles.php:91
actionadmin_menuadmin\settings.php:11
filterwbs_data_settingsadmin\settings.php:12
actionwbs_settings_end_of_tab_crossselladmin\settings.php:13
filteradmin_enqueue_scriptsadmin\settings.php:14
actionwbs_settings_start_of_tab_upselladmin\settings.php:15
actionwbs_settings_start_of_tab_crossselladmin\settings.php:16
actionwbs_settings_start_of_tab_frequently_productadmin\settings.php:17
actionadmin_menuadmin\upsell.php:11
filterset-screen-optionadmin\upsell.php:12
actionadmin_enqueue_scriptsadmin\upsell.php:16
actionset_object_termsadmin\upsell.php:19
actionadmin_menuadmin\zcrosssell.php:11
filterset-screen-optionadmin\zcrosssell.php:12
actionadmin_enqueue_scriptsadmin\zcrosssell.php:21
actionadmin_initadmin\zcrosssell.php:23
actionadmin_menuadmin\zsystem.php:15
actionwp_footerfrontend\archive_upsells.php:16
filterwoocommerce_add_to_cart_fragmentsfrontend\archive_upsells.php:19
actionwp_enqueue_scriptsfrontend\bundles.php:55
actionwoocommerce_wbs_bundle_add_to_cartfrontend\bundles.php:58
filterwoocommerce_add_to_cart_validationfrontend\bundles.php:59
filterwoocommerce_add_cart_item_datafrontend\bundles.php:67
filterwoocommerce_cart_item_remove_linkfrontend\bundles.php:69
filterwoocommerce_cart_item_quantityfrontend\bundles.php:76
actionwoocommerce_after_cart_item_quantity_updatefrontend\bundles.php:77
actionwoocommerce_before_cart_item_quantity_zerofrontend\bundles.php:84
filterwoocommerce_cart_item_pricefrontend\bundles.php:86
filterwoocommerce_cart_item_subtotalfrontend\bundles.php:87
filterwoocommerce_checkout_item_subtotalfrontend\bundles.php:88
filterwoocommerce_add_cart_itemfrontend\bundles.php:89
actionwoocommerce_add_to_cartfrontend\bundles.php:91
actionwoocommerce_cart_item_removedfrontend\bundles.php:92
actionwoocommerce_cart_item_restoredfrontend\bundles.php:93
filterwoocommerce_cart_contents_countfrontend\bundles.php:95
filterwoocommerce_cart_item_classfrontend\bundles.php:97
filterwoocommerce_get_cart_item_from_sessionfrontend\bundles.php:99
filterwoocommerce_order_formatted_line_subtotalfrontend\bundles.php:107
actionwoocommerce_new_order_itemfrontend\bundles.php:113
filterwoocommerce_order_item_classfrontend\bundles.php:114
filterwoocommerce_cart_shipping_packagesfrontend\bundles.php:117
filterwoocommerce_cart_product_subtotalfrontend\bundles.php:118
filtervi_wcaio_mini_cart_pd_removefrontend\bundles.php:123
filtervi_wcaio_mini_cart_pd_qtyfrontend\bundles.php:124
filterwoocommerce_get_cart_contentsfrontend\bundles.php:126
filterwoocommerce_cart_item_namefrontend\bundles.php:127
filterwoocommerce_stock_amount_cart_itemfrontend\bundles.php:129
filterwoocommerce_widget_cart_item_quantityfrontend\bundles.php:133
actionwp_footerfrontend\cross_sells.php:22
actioninitfrontend\frequently-product.php:22
actionwoocommerce_boost_sales_frequently_product_selectfrontend\frequently-product.php:32
filtervi_wbs_frequently_product_item_displayed_namefrontend\frequently-product.php:36
actionwoocommerce_after_add_to_cart_formfrontend\frequently-product.php:41
filterwoocommerce_available_variationfrontend\frequently-product.php:49
filteroption_woocommerce_hide_out_of_stock_itemsfrontend\frequently-product.php:50
actionwp_enqueue_scriptsfrontend\frequently-product.php:84
filterwoocommerce_add_errorfrontend\frequently-product.php:222
actionwp_enqueue_scriptsfrontend\scripts.php:21
actionwp_enqueue_scriptsfrontend\scripts.php:22
actionwoocommerce_before_main_contentfrontend\scripts.php:26
actionwp_footerfrontend\single_upsells.php:17
actionwoocommerce_boost_sales_single_product_summaryfrontend\upsells.php:21
actionwoocommerce_boost_sales_single_product_summary_mobilefrontend\upsells.php:22
actionwoocommerce_boost_sales_simple_add_to_cartfrontend\upsells.php:26
actionwoocommerce_boost_sales_variable_add_to_cartfrontend\upsells.php:30
actionwoocommerce_boost_sales_single_variationfrontend\upsells.php:34
actionwoocommerce_boost_sales_simple_add_to_cart_mobilefrontend\upsells.php:39
actionwoocommerce_boost_sales_variable_add_to_cart_mobilefrontend\upsells.php:43
actionwoocommerce_boost_sales_single_variation_mobilefrontend\upsells.php:47
actionwoocommerce_boost_sales_single_product_summaryfrontend\upsells.php:53
actionwoocommerce_boost_sales_single_product_summary_mobilefrontend\upsells.php:54
actionwoocommerce_boost_sales_before_shop_loop_item_titlefrontend\upsells.php:60
actionwoocommerce_boost_sales_shop_loop_item_titlefrontend\upsells.php:69
actionwoocommerce_boost_sales_after_shop_loop_item_titlefrontend\upsells.php:80
actionwoocommerce_boost_sales_after_shop_loop_item_titlefrontend\upsells.php:81
actionwoocommerce_add_to_cartfrontend\upsells.php:83
actionadmin_initincludes\fields.php:20
actionadmin_enqueue_scriptsincludes\fields.php:21
actionvillatheme_setting_htmlincludes\fields.php:22
actionadmin_enqueue_scriptsincludes\support.php:32
actionadmin_noticesincludes\support.php:33
actionadmin_initincludes\support.php:34
actionadmin_menuincludes\support.php:35
filterplugin_row_metaincludes\support.php:37
actionadmin_initincludes\support.php:39
actionadmin_bar_menuincludes\support.php:41
actionadmin_noticesincludes\support.php:55
actionadmin_footerincludes\support.php:672
actionadmin_bar_menuincludes\support.php:810
actionadmin_noticesincludes\support.php:956
filterbetrs_calculated_totals-per_orderplugins\woocommerce-table-rate-shipping.php:12
actionplugins_loadedwoo-boost-sales.php:32
actionbefore_woocommerce_initwoo-boost-sales.php:33
Maintenance & Trust

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.0
Downloads34K

Community Trust

Rating68/100
Number of ratings9
Active installs300
Alternatives

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Alternatives

Leo Product Recommendations for WooCommerce

Leo Product Recommendations for WooCommerce

leo-product-recommendations

A
100

Boost WooCommerce sales with smart product recommendation popups on add to cart.

500 No CVEs
Developer Profile

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon Developer Profile

VillaTheme

58 plugins · 167K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
214 days
View full developer profile
Detection Fingerprints

How We Detect Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-boost-sales/assets/css/woo-boost-sales.css/wp-content/plugins/woo-boost-sales/assets/js/woo-boost-sales.js/wp-content/plugins/woo-boost-sales/assets/css/woo-boost-sales-admin.css/wp-content/plugins/woo-boost-sales/assets/js/woo-boost-sales-admin.js
Script Paths
/wp-content/plugins/woo-boost-sales/assets/js/woo-boost-sales.js/wp-content/plugins/woo-boost-sales/assets/js/woo-boost-sales-admin.js
Version Parameters
woo-boost-sales/assets/css/woo-boost-sales-admin.css?ver=woo-boost-sales/assets/js/woo-boost-sales-admin.js?ver=woo-boost-sales/assets/css/woo-boost-sales.css?ver=woo-boost-sales/assets/js/woo-boost-sales.js?ver=

HTML / DOM Fingerprints

CSS Classes
woo-boost-sales-main-wrapperwoo-boost-sales-cart-wrapperwoo-boost-sales-checkout-wrapperwoo-boost-sales-thankyou-wrapper
HTML Comments
<!-- VI WooCommerce Boost Sales --><!-- VI WooCommerce Boost Sales - Free -->
Data Attributes
data-woo-boost-sales-campaign-iddata-woo-boost-sales-product-iddata-woo-boost-sales-popup-type
JS Globals
woo_boost_sales_paramswoo_boost_sales_cart_paramswoo_boost_sales_checkout_params
Shortcode Output
[woo_boost_sales_campaign][woo_boost_sales_upsell][woo_boost_sales_crossell]
FAQ

Frequently Asked Questions about Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon