WP-Safety

WPC Frequently Bought Together for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-bought-together

WPC Frequently Bought Together helps you increase your sales with personalized product recommendations.

10K active installs v7.7.6 PHP + WP 4.0+ Updated Feb 25, 2026
bought-togetherrelatedupsellswoocommercewpc
99
A · Safe
CVEs total2
Unpatched0
Last CVEAug 16, 2024
Plugin page Download
Safety Verdict

Is WPC Frequently Bought Together for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

WPC Frequently Bought Together for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 16, 2024Updated 1mo ago
Risk Assessment

The "woo-bought-together" plugin v7.7.7 demonstrates a mixed security posture. On the positive side, it has a substantial number of nonce and capability checks, and all SQL queries utilize prepared statements, indicating good practices in these areas. The absence of raw SQL queries and file operations is also a strength. However, the presence of the "unserialize" function is a notable concern, as it can be a vector for remote code execution if user-supplied data is directly unserialized without proper sanitization. While the taint analysis did not reveal critical or high severity unsanitized paths, the fact that two flows with unsanitized paths were found warrants attention, especially in conjunction with the use of "unserialize".

The plugin's vulnerability history shows two medium severity CVEs, both related to missing authorization. While there are currently no unpatched vulnerabilities, the pattern of past authorization issues suggests a recurring theme that needs continuous vigilance. The most recent vulnerability being on August 16, 2024, indicates that even recent versions have had exploitable flaws. In conclusion, while the plugin employs several security best practices, the potential risks associated with "unserialize" and the historical pattern of authorization vulnerabilities represent areas that require careful monitoring and potentially further hardening.

Key Concerns

  • Dangerous function 'unserialize' used
  • Flows with unsanitized paths found
  • Medium severity CVEs in history
Vulnerabilities
2

WPC Frequently Bought Together for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-43312medium · 4.3Missing Authorization

WPC Frequently Bought Together for WooCommerce <= 7.1.9 - Missing Authorization

Aug 16, 2024 Patched in 7.2.0 (4d)
CVE-2024-32687medium · 4.3Missing Authorization

WPC Frequently Bought Together for WooCommerce <= 7.0.3 - Missing Authorization

Apr 17, 2024 Patched in 7.0.4 (7d)
Code Analysis
Analyzed Mar 16, 2026

WPC Frequently Bought Together for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
60
435 escaped
Nonce Checks
17
Capability Checks
8
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

SQL Query Safety

100% prepared2 total queries

Output Escaping

88% escaped495 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
admin_menu_content (includes\class-woobt.php:307)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPC Frequently Bought Together for WooCommerce Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 13

authwp_ajax_woobt_update_search_settingsincludes\class-woobt.php:44
authwp_ajax_woobt_get_search_resultsincludes\class-woobt.php:45
authwp_ajax_woobt_add_textincludes\class-woobt.php:46
authwp_ajax_woobt_add_ruleincludes\class-woobt.php:47
authwp_ajax_woobt_add_combinationincludes\class-woobt.php:48
authwp_ajax_woobt_search_termincludes\class-woobt.php:49
authwp_ajax_woobt_import_exportincludes\class-woobt.php:50
authwp_ajax_woobt_import_export_saveincludes\class-woobt.php:51
authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22

Shortcodes 2

[woobt] includes\class-woobt.php:57
[woobt_items] includes\class-woobt.php:58
WordPress Hooks 71
filterrest_request_after_callbacksincludes\class-blocks.php:84
filterwoocommerce_hydration_request_after_callbacksincludes\class-blocks.php:85
actionwoocommerce_blocks_mini-cart_block_registrationincludes\class-blocks.php:86
actionwoocommerce_blocks_cart_block_registrationincludes\class-blocks.php:92
actionwoocommerce_blocks_checkout_block_registrationincludes\class-blocks.php:98
actioninitincludes\class-woobt.php:33
filterwoocommerce_available_variationincludes\class-woobt.php:36
filterwoovr_data_attributesincludes\class-woobt.php:37
actionadmin_enqueue_scriptsincludes\class-woobt.php:40
actionadmin_initincludes\class-woobt.php:41
filterpre_update_optionincludes\class-woobt.php:42
actionadmin_menuincludes\class-woobt.php:43
actionwp_enqueue_scriptsincludes\class-woobt.php:54
filterwoocommerce_product_data_tabsincludes\class-woobt.php:61
actionwoocommerce_product_data_panelsincludes\class-woobt.php:64
actionwoocommerce_process_product_metaincludes\class-woobt.php:65
filterwoocommerce_product_price_classincludes\class-woobt.php:68
actionwoocommerce_before_add_to_cart_buttonincludes\class-woobt.php:71
filterwoocommerce_add_to_cart_sold_individually_found_in_cartincludes\class-woobt.php:74
filterwoocommerce_add_to_cart_validationincludes\class-woobt.php:78
actionwoocommerce_add_to_cartincludes\class-woobt.php:79
filterwoocommerce_add_cart_item_dataincludes\class-woobt.php:80
filterwoocommerce_get_cart_item_from_sessionincludes\class-woobt.php:81
actionwc_ajax_woobt_get_variation_itemsincludes\class-woobt.php:87
actionwc_ajax_woobt_add_all_to_cartincludes\class-woobt.php:88
actionwoocommerce_before_mini_cart_contentsincludes\class-woobt.php:91
actionwoocommerce_before_calculate_totalsincludes\class-woobt.php:92
filterwoocommerce_cart_item_nameincludes\class-woobt.php:95
filterwoocommerce_cart_item_quantityincludes\class-woobt.php:96
actionwoocommerce_cart_item_removedincludes\class-woobt.php:97
actionwoocommerce_checkout_create_order_line_itemincludes\class-woobt.php:100
filterwoocommerce_order_item_nameincludes\class-woobt.php:101
filterwoocommerce_hidden_order_itemmetaincludes\class-woobt.php:104
actionwoocommerce_before_order_itemmetaincludes\class-woobt.php:105
filterwoocommerce_order_again_cart_item_dataincludes\class-woobt.php:108
actionwoocommerce_cart_loaded_from_sessionincludes\class-woobt.php:109
actionwoocommerce_cart_item_restoredincludes\class-woobt.php:112
filterplugin_action_linksincludes\class-woobt.php:115
filterplugin_row_metaincludes\class-woobt.php:116
filterdisplay_post_statesincludes\class-woobt.php:119
filterpre_get_postsincludes\class-woobt.php:123
actionpre_get_postsincludes\class-woobt.php:127
actionpre_get_postsincludes\class-woobt.php:131
filterwoocommerce_products_admin_list_table_filtersincludes\class-woobt.php:135
actionpre_get_postsincludes\class-woobt.php:136
filterwoobt_item_idincludes\class-woobt.php:140
filterwoobt_parent_idincludes\class-woobt.php:141
filterwoovr_default_selectorincludes\class-woobt.php:145
filterwpcsm_locationsincludes\class-woobt.php:148
filterwoocommerce_product_export_meta_valueincludes\class-woobt.php:151
filterwoocommerce_product_import_pre_insert_product_objectincludes\class-woobt.php:154
filterwoobt_disable_nonce_checkincludes\class-woobt.php:160
actionwoocommerce_before_add_to_cart_formincludes\class-woobt.php:198
actionwoocommerce_after_add_to_cart_formincludes\class-woobt.php:202
actionwoocommerce_before_add_to_cart_buttonincludes\class-woobt.php:206
actionwoocommerce_before_add_to_cart_buttonincludes\class-woobt.php:210
actionwoocommerce_single_product_summaryincludes\class-woobt.php:214
actionwoocommerce_single_product_summaryincludes\class-woobt.php:218
actionwoocommerce_single_product_summaryincludes\class-woobt.php:222
actionwoocommerce_single_product_summaryincludes\class-woobt.php:226
actionwoocommerce_after_single_product_summaryincludes\class-woobt.php:230
actionwoocommerce_after_single_product_summaryincludes\class-woobt.php:234
actionwoobt_custom_positionincludes\class-woobt.php:240
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionadmin_initincludes\log\wpc-log.php:6
actionplugins_loadedwpc-frequently-bought-together.php:39
actionadmin_noticeswpc-frequently-bought-together.php:43
Maintenance & Trust

WPC Frequently Bought Together for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads708K

Community Trust

Rating90/100
Number of ratings83
Active installs10K
Alternatives

WPC Frequently Bought Together for WooCommerce Alternatives

Carousel Upsells and Related Product for Woocommerce

Carousel Upsells and Related Product for Woocommerce

carousel-upsells-and-related-product-for-woocommerce

A
85

The plugin replaces the standard related and upsells products on carousel slider using a script glide.js that does not depend on the jquery, which muc &hellip;

1K No CVEs
WPC Custom Related Products for WooCommerce

WPC Custom Related Products for WooCommerce

wpc-custom-related-products

A
100

WPC Custom Related Products allows you to choose custom related products for each product.

1K No CVEs
WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce

WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce

wpc-smart-linked-products

A
98

WPC Smart Linked Products plugin simplifies managing related, upsells, and cross-sells products in bulk with custom rules and mixed combinations.

700 1 CVE
Mighty Frequently Bought Together for WooCommerce

Mighty Frequently Bought Together for WooCommerce

mighty-frequently-bought-together

A
100

Increase your product sales by recommending them to buy together with other relevant products on your WooCommerce Store.

10 No CVEs
WPC Smart Quick View for WooCommerce

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

A
96

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs
Developer Profile

WPC Frequently Bought Together for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Frequently Bought Together for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-bought-together/assets/css/blocks.css/wp-content/plugins/woo-bought-together/assets/js/blocks.js/wp-content/plugins/woo-bought-together/assets/css/woobt.css/wp-content/plugins/woo-bought-together/assets/js/woobt.js/wp-content/plugins/woo-bought-together/assets/js/wpc-smart-quantity.js/wp-content/plugins/woo-bought-together/assets/js/wpc-smart-shortcode.js
Script Paths
/wp-content/plugins/woo-bought-together/assets/js/blocks.js/wp-content/plugins/woo-bought-together/assets/js/woobt.js/wp-content/plugins/woo-bought-together/assets/js/wpc-smart-quantity.js/wp-content/plugins/woo-bought-together/assets/js/wpc-smart-shortcode.js
Version Parameters
woo-bought-together/assets/css/blocks.css?ver=woo-bought-together/assets/js/blocks.js?ver=woo-bought-together/assets/css/woobt.css?ver=woo-bought-together/assets/js/woobt.js?ver=woo-bought-together/assets/js/wpc-smart-quantity.js?ver=woo-bought-together/assets/js/wpc-smart-shortcode.js?ver=

HTML / DOM Fingerprints

CSS Classes
woobt-itemswoobt-main-wrapwoobt-add-to-cartwoobt-main-productwoobt-product-item
Data Attributes
data-woobt_iddata-product_iddata-woobt_group
JS Globals
woobt_paramswpc_smart_quantity_paramswpc_smart_shortcode_params
Shortcode Output
[bought_together][wpc_smart_shortcode]
FAQ

Frequently Asked Questions about WPC Frequently Bought Together for WooCommerce