WP-Safety

Bulk Edit Products for WooCommerce – WP Sheet Editor Security & Risk Analysis

wordpress.org/plugins/woo-bulk-edit-products

Modern Bulk Editor for WooCommerce products, create and edit hundreds of products in a spreadsheet inside wp-admin. No need to export/import

10K active installs v1.8.21 PHP + WP 4.7+ Updated Jan 17, 2026
bulk-editproductsspreadsheetwoocommercewp-sheet-editor
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bulk Edit Products for WooCommerce – WP Sheet Editor Safe to Use in 2026?

Generally Safe

Score 100/100

Bulk Edit Products for WooCommerce – WP Sheet Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "woo-bulk-edit-products" v1.8.21 plugin exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the plugin demonstrates good practices in SQL query preparation and output escaping, the sheer number of unprotected AJAX handlers presents a significant attack surface. This means that malicious actors could potentially trigger these handlers without proper authentication, leading to unintended actions or information disclosure. The taint analysis reveals four high-severity flows with unsanitized paths, which, when combined with the unprotected AJAX handlers, indicate a tangible risk of injection vulnerabilities or unauthorized data manipulation. The absence of any recorded vulnerabilities in its history is a positive indicator of past security diligence, but it does not negate the current risks identified in the code analysis. Overall, the plugin has strengths in its internal coding practices regarding SQL and output, but the large number of unauthenticated entry points and identified high-severity taint flows are critical weaknesses that require immediate attention.

Key Concerns

  • 20 AJAX handlers without auth checks
  • 4 High severity taint flows with unsanitized paths
  • 9 Nonce checks present, but 20 AJAX handlers unprotected
  • 3 Capability checks, but 20 AJAX handlers unprotected
Vulnerabilities
None known

Bulk Edit Products for WooCommerce – WP Sheet Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Bulk Edit Products for WooCommerce – WP Sheet Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
103 prepared
Unescaped Output
28
384 escaped
Nonce Checks
9
Capability Checks
3
File Operations
24
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

98% prepared105 total queries

Output Escaping

93% escaped412 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

15 flows11 with unsanitized paths
maybe_download_log_file (modules\wp-sheet-editor\inc\api\logger.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
20 unprotected

Bulk Edit Products for WooCommerce – WP Sheet Editor Attack Surface

Entry Points20
Unprotected20

AJAX Handlers 20

authwp_ajax_vgse_save_manual_column_resizemodules\columns-resizing\columns-resizing.php:17
authwp_ajax_vgse_update_columns_visibilitymodules\columns-visibility\columns-visibility.php:34
authwp_ajax_vgse_remove_columnmodules\columns-visibility\columns-visibility.php:35
authwp_ajax_vgse_restore_columnsmodules\columns-visibility\columns-visibility.php:36
authwp_ajax_vgse_delete_row_idsmodules\wp-sheet-editor\inc\ajax.php:643
authwp_ajax_vgse_dismiss_review_tipmodules\wp-sheet-editor\inc\ajax.php:644
authwp_ajax_vgse_notice_dismissmodules\wp-sheet-editor\inc\ajax.php:645
authwp_ajax_vgse_get_taxonomy_termsmodules\wp-sheet-editor\inc\ajax.php:646
authwp_ajax_vgse_load_datamodules\wp-sheet-editor\inc\ajax.php:647
authwp_ajax_vgse_save_gutenberg_contentmodules\wp-sheet-editor\inc\ajax.php:648
authwp_ajax_vgse_save_datamodules\wp-sheet-editor\inc\ajax.php:649
authwp_ajax_vgse_find_post_by_namemodules\wp-sheet-editor\inc\ajax.php:650
authwp_ajax_vgse_list_post_titlesmodules\wp-sheet-editor\inc\ajax.php:651
authwp_ajax_vgse_save_individual_postmodules\wp-sheet-editor\inc\ajax.php:652
authwp_ajax_vgse_insert_individual_postmodules\wp-sheet-editor\inc\ajax.php:653
authwp_ajax_vgse_search_taxonomy_termsmodules\wp-sheet-editor\inc\ajax.php:654
authwp_ajax_vgse_find_users_by_keywordmodules\wp-sheet-editor\inc\ajax.php:655
authwp_ajax_vgse_find_users_by_keyword_for_select2modules\wp-sheet-editor\inc\ajax.php:656
authwp_ajax_vgse_save_post_types_settingmodules\wp-sheet-editor\inc\ajax.php:657
authwp_ajax_vgse_set_settingsmodules\wp-sheet-editor\inc\ajax.php:658
WordPress Hooks 153
filtervg_sheet_editor/woocommerce/teasers/allowed_columnsinc\sheet.php:16
filtervg_sheet_editor/handsontable/custom_argsmodules\autofill-cells\autofill-cells.php:30
actionvg_sheet_editor/initializedmodules\autofill-cells\autofill-cells.php:51
actionvg_sheet_editor/after_enqueue_assetsmodules\columns-resizing\columns-resizing.php:15
filtervg_sheet_editor/handsontable/custom_argsmodules\columns-resizing\columns-resizing.php:16
filtervg_sheet_editor/columns/provider_itemsmodules\columns-resizing\columns-resizing.php:20
actionvg_sheet_editor/initializedmodules\columns-resizing\columns-resizing.php:109
actionadmin_initmodules\columns-visibility\columns-visibility.php:30
filtervg_sheet_editor/columns/all_itemsmodules\columns-visibility\columns-visibility.php:31
actionvg_sheet_editor/editor/before_initmodules\columns-visibility\columns-visibility.php:32
actionvg_sheet_editor/after_enqueue_assetsmodules\columns-visibility\columns-visibility.php:33
filtervg_sheet_editor/columns/blacklisted_columnsmodules\columns-visibility\columns-visibility.php:37
actionvg_sheet_editor/save_rows/before_saving_rowsmodules\columns-visibility\columns-visibility.php:38
filtervg_sheet_editor/columns/all_itemsmodules\columns-visibility\columns-visibility.php:247
actionvg_sheet_editor/initializedmodules\columns-visibility\columns-visibility.php:582
actionvg_sheet_editor/initializedmodules\factory.php:34
actionvg_sheet_editor/after_initmodules\factory.php:35
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:94
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:95
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:96
actionvg_sheet_editor/editor/before_initmodules\factory.php:97
filtervg_sheet_editor/custom_columns/teaser/allow_to_lock_columnmodules\factory.php:98
filtervg_sheet_editor/custom_post_types/get_all_post_typesmodules\factory.php:104
filtervg_sheet_editor/custom_post_types/get_all_post_types_namesmodules\factory.php:105
filtervg_sheet_editor/allowed_post_typesmodules\factory.php:106
filtervg_sheet_editor/frontend/allowed_post_typesmodules\factory.php:107
filtervg_sheet_editor/api/all_post_typesmodules\factory.php:108
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:21
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:22
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:23
actionvg_sheet_editor/after_enqueue_assetsmodules\filters\filters.php:24
filtervg_sheet_editor/load_rows/wp_query_argsmodules\filters\filters.php:25
actionvg_sheet_editor/load_rows/after_processingmodules\filters\filters.php:26
filtervg_sheet_editor/handsontable/custom_argsmodules\filters\filters.php:28
filterposts_clausesmodules\filters\filters.php:29
filtervg_sheet_editor/js_datamodules\filters\filters.php:30
filtervg_sheet_editor/load_rows/wp_query_argsmodules\filters\filters.php:31
actionvg_sheet_editor/editor_page/after_editor_pagemodules\filters\filters.php:32
actionload-edit.phpmodules\filters\filters.php:34
actioncurrent_screenmodules\filters\filters.php:35
actionvg_sheet_editor/initializedmodules\filters\filters.php:716
filtervg_sheet_editor/modules/listmodules\init.php:15
actionplugins_loadedmodules\init.php:17
actionafter_uninstallmodules\init.php:111
filterplugin_iconmodules\init.php:112
filtershow_deactivation_feedback_formmodules\init.php:113
filteris_submenu_visiblemodules\init.php:115
filterget_user_metadatamodules\init.php:162
actionadmin_footermodules\wp-sheet-editor\inc\api\bootstrap.php:96
actionadmin_menumodules\wp-sheet-editor\inc\api\editor.php:37
filterheartbeat_settingsmodules\wp-sheet-editor\inc\api\editor.php:65
actionadmin_headmodules\wp-sheet-editor\inc\api\editor.php:68
actionvg_sheet_editor/render_editor_js_settingsmodules\wp-sheet-editor\inc\api\editor.php:69
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\inc\api\editor.php:71
actionadmin_print_stylesmodules\wp-sheet-editor\inc\api\editor.php:72
actionadmin_initmodules\wp-sheet-editor\inc\api\editor.php:73
filterBetterLinks/Admin/skip_no_conflictmodules\wp-sheet-editor\inc\api\editor.php:78
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\infinite-serialized-field.php:25
filtervg_sheet_editor/woocommerce/variation_columnsmodules\wp-sheet-editor\inc\api\infinite-serialized-field.php:27
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\logger.php:302
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\logger.php:303
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\api\logger.php:306
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\api\logger.php:307
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\queues.php:121
actionvg_sheet_editor/save_rows/before_saving_cellmodules\wp-sheet-editor\inc\api\serialized-field.php:38
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\serialized-field.php:40
filtervg_sheet_editor/formulas/sql_execution/can_executemodules\wp-sheet-editor\inc\api\serialized-field.php:42
filtervg_sheet_editor/woocommerce/variation_columnsmodules\wp-sheet-editor\inc\api\serialized-field.php:45
filtervgse_sheet_editor/provider/post/prefetch/meta_keysmodules\wp-sheet-editor\inc\api\serialized-field.php:47
filtervg_sheet_editor/load_rows/preload_datamodules\wp-sheet-editor\inc\api\serialized-field.php:48
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\tables-infinite-serialized-field.php:22
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\api\toolbar.php:170
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\integrations\elementor.php:17
actionvg_sheet_editor/save_rows/after_saving_postmodules\wp-sheet-editor\inc\integrations\elementor.php:18
filtervg_sheet_editor/duplicate/final_post_idmodules\wp-sheet-editor\inc\integrations\elementor.php:19
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\integrations\elementor.php:99
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\integrations\visual-composer.php:15
actionadmin_menumodules\wp-sheet-editor\inc\options-init.php:656
actionvg_sheet_editor/filters/after_fieldsmodules\wp-sheet-editor\inc\teasers\advanced-filters.php:28
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\advanced-filters.php:115
actionadmin_noticesmodules\wp-sheet-editor\inc\teasers\coupons.php:25
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\coupons.php:26
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\coupons.php:104
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\custom-columns.php:27
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\custom-columns.php:103
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\teasers\formulas.php:25
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\formulas.php:107
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\teasers\frontend.php:24
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\frontend.php:108
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\teasers\post-types.php:37
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\post-types.php:172
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\terms.php:27
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\terms.php:103
actionvg_sheet_editor/editor_page/after_console_textmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:28
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:29
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:121
actionadmin_noticesmodules\wp-sheet-editor\inc\teasers\users.php:24
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\users.php:25
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\users.php:99
filtervg_sheet_editor/allowed_post_typesmodules\wp-sheet-editor\inc\teasers\woocommerce.php:72
filtervg_sheet_editor/add_new_posts/create_new_postsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:73
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:74
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:75
filtervg_sheet_editor/custom_columns/teaser/allow_to_lock_columnmodules\wp-sheet-editor\inc\teasers\woocommerce.php:76
actionwoocommerce_variable_product_before_variationsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:77
actionvg_sheet_editor/editor_page/after_console_textmodules\wp-sheet-editor\inc\teasers\woocommerce.php:78
actionvg_sheet_editor/save_rows/after_saving_postmodules\wp-sheet-editor\inc\teasers\woocommerce.php:79
filtervg_sheet_editor/js_datamodules\wp-sheet-editor\inc\teasers\woocommerce.php:80
actionvg_sheet_editor/load_rows/found_postsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:82
actionvg_sheet_editor/load_rows/outputmodules\wp-sheet-editor\inc\teasers\woocommerce.php:89
actionvg_sheet_editor/load_rows/allowed_post_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:95
actionvg_sheet_editor/load_rows/outputmodules\wp-sheet-editor\inc\teasers\woocommerce.php:100
filterwoocommerce_product_variation_title_include_attributesmodules\wp-sheet-editor\inc\teasers\woocommerce.php:106
filterwoocommerce_composite_update_price_metamodules\wp-sheet-editor\inc\teasers\woocommerce.php:371
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\woocommerce.php:953
filterwoocommerce_allow_marketplace_suggestionsmodules\wp-sheet-editor\wp-sheet-editor.php:125
filtervg_sheet_editor/extensions/is_toolbar_allowedmodules\wp-sheet-editor\wp-sheet-editor.php:595
filtervg_sheet_editor/extensions/is_page_allowedmodules\wp-sheet-editor\wp-sheet-editor.php:596
actionadmin_menumodules\wp-sheet-editor\wp-sheet-editor.php:600
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:601
actionadmin_footermodules\wp-sheet-editor\wp-sheet-editor.php:603
actionadd_meta_boxesmodules\wp-sheet-editor\wp-sheet-editor.php:604
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:606
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:607
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:608
actionwp_dashboard_setupmodules\wp-sheet-editor\wp-sheet-editor.php:609
filterwp_kses_allowed_htmlmodules\wp-sheet-editor\wp-sheet-editor.php:610
filtervg_sheet_editor/use_rest_api_onlymodules\wp-sheet-editor\wp-sheet-editor.php:617
filtervg_sheet_editor/use_rest_api_onlymodules\wp-sheet-editor\wp-sheet-editor.php:621
filtervg_sheet_editor/register_admin_pagesmodules\wp-sheet-editor\wp-sheet-editor.php:629
filtervg_sheet_editor/bootstrap/settingsmodules\wp-sheet-editor\wp-sheet-editor.php:630
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\wp-sheet-editor.php:634
actioncreated_termmodules\wp-sheet-editor\wp-sheet-editor.php:644
filterwp_update_term_datamodules\wp-sheet-editor\wp-sheet-editor.php:645
actiondelete_termmodules\wp-sheet-editor\wp-sheet-editor.php:646
actionuser_registermodules\wp-sheet-editor\wp-sheet-editor.php:647
actionvg_sheet_editor/on_uninstallmodules\wp-sheet-editor\wp-sheet-editor.php:648
actionadmin_page_access_deniedmodules\wp-sheet-editor\wp-sheet-editor.php:649
filterstateless_skip_cache_bustingmodules\wp-sheet-editor\wp-sheet-editor.php:652
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:653
actionadmin_noticesmodules\wp-sheet-editor\wp-sheet-editor.php:655
actionactivated_pluginmodules\wp-sheet-editor\wp-sheet-editor.php:676
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:677
actionwp_loadedmodules\wp-sheet-editor\wp-sheet-editor.php:1555
actionwpmodules\wp-sheet-editor\wp-sheet-editor.php:1558
actioninitmodules\wp-sheet-editor\wp-sheet-editor.php:1612
actionsetup_thememodules\wp-sheet-editor\wp-sheet-editor.php:1613
actionvg_sheet_editor/initializedproducts.php:102
actionadmin_initproducts.php:103
actioninitproducts.php:104
actionbefore_woocommerce_initproducts.php:105
actionadmin_noticesproducts.php:134
filtervg_sheet_editor/register_admin_pagesproducts.php:140

Scheduled Events 1

wpse_daily_cron
Maintenance & Trust

Bulk Edit Products for WooCommerce – WP Sheet Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 17, 2026
PHP min version
Downloads368K

Community Trust

Rating98/100
Number of ratings228
Active installs10K
Alternatives

Bulk Edit Products for WooCommerce – WP Sheet Editor Alternatives

Bulk Edit Coupons for WooCommerce – WP Sheet Editor

Bulk Edit Coupons for WooCommerce – WP Sheet Editor

woo-coupons-bulk-editor

A
100

Modern Bulk Editor for WooCommerce Coupons, create and edit hundreds of coupons in a spreadsheet inside wp-admin. Quick view and edits.

500 No CVEs
Customers Table for WooCommerce: View, Search, Bulk Editor

Customers Table for WooCommerce: View, Search, Bulk Editor

woo-customers-spreadsheet-bulk-edit

A
100

View WooCommerce Customers in a Table , Bulk Editor for User Profiles, and Create New Customers Quickly.

100 No CVEs
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

woo-bulk-editor

A
97

BEAR - WooCommerce Bulk Editor Professional (former WOOBE) is plugin for bulk edit/manage woocommerce products their data in the flexible way

40K 17 CVEs
PW WooCommerce Bulk Edit

PW WooCommerce Bulk Edit

pw-bulk-edit

A
99

A powerful way to update your WooCommerce product catalog. Finally, no more tedious clicking through countless pages!

20K 1 CVE
Bulky – Bulk Edit Products for WooCommerce

Bulky – Bulk Edit Products for WooCommerce

bulky-bulk-edit-products-for-woo

A
100

A helpful tool that allows you to bulk edit available attributes of products such as ID, Title, Content,...

10K No CVEs
Developer Profile

Bulk Edit Products for WooCommerce – WP Sheet Editor Developer Profile

Jose Vega

20 plugins · 30K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
258 days
View full developer profile
Detection Fingerprints

How We Detect Bulk Edit Products for WooCommerce – WP Sheet Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-bulk-edit-products/assets/css/products.css/wp-content/plugins/woo-bulk-edit-products/assets/js/products.js/wp-content/plugins/woo-bulk-edit-products/vendor/vg-plugin-sdk/css/vg-plugin-sdk.css/wp-content/plugins/woo-bulk-edit-products/vendor/vg-plugin-sdk/js/vg-plugin-sdk.js
Script Paths
/wp-content/plugins/woo-bulk-edit-products/assets/js/products.js
Version Parameters
woo-bulk-edit-products/assets/css/products.css?ver=woo-bulk-edit-products/assets/js/products.js?ver=woo-bulk-edit-products/vendor/vg-plugin-sdk/css/vg-plugin-sdk.css?ver=woo-bulk-edit-products/vendor/vg-plugin-sdk/js/vg-plugin-sdk.js?ver=

HTML / DOM Fingerprints

CSS Classes
vg-sheet-editor-wc-products
Data Attributes
data-vgse-wc-products
JS Globals
vgse_wc_products
FAQ

Frequently Asked Questions about Bulk Edit Products for WooCommerce – WP Sheet Editor