WP-Safety

Discount Rules for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-discount-rules

The discount plugin for WooCommerce helps you create bulk discount, quantity discount, storewide sale, dynamic pricing discount offers easily.

100K active installs v2.6.14 PHP + WP 4.6.1+ Updated Feb 25, 2026
bulk-discountcouponsdiscountsdynamic-pricingwoocommerce
97
A · Safe
CVEs total4
Unpatched0
Last CVEOct 15, 2024
Plugin page Download
Safety Verdict

Is Discount Rules for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Discount Rules for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Oct 15, 2024Updated 1mo ago
Risk Assessment

The "woo-discount-rules" plugin exhibits a mixed security posture. While it demonstrates strong adherence to output escaping and a high percentage of prepared SQL statements, indicating good development practices in some areas, several significant concerns exist. The static analysis reveals a substantial attack surface with 6 out of 7 entry points lacking proper authentication checks. This, combined with the presence of the `unserialize` function, which can be a vector for remote code execution if used with untrusted input, raises considerable alarms. The vulnerability history further amplifies these concerns, showing a pattern of medium severity vulnerabilities, including Cross-Site Scripting and Missing Authorization. The fact that all 4 known CVEs are currently patched is a positive sign, but the recurring nature of these vulnerability types suggests potential underlying weaknesses in how user input is handled and authorized. Overall, the plugin has made progress in addressing past issues, but the uncovered entry points and the historical prevalence of authorization and XSS vulnerabilities necessitate careful monitoring and remediation.

Key Concerns

  • High number of unprotected AJAX handlers
  • Presence of 'unserialize' function
  • History of medium severity vulnerabilities (4 total)
  • Common vulnerability types: XSS and Missing Authorization
  • Two unsanitized taint flows identified
Vulnerabilities
4

Discount Rules for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2020
2020
1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2024-8541medium · 4.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting

Oct 15, 2024 Patched in 2.6.6 (1d)
CVE-2022-2090medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Discount Rules for WooCommerce <= 2.4.1 - Reflected Cross-Site Scripting

Jun 27, 2022 Patched in 2.4.2 (575d)
WF-ac3a7732-c076-4418-b44a-748cc5668107-woo-discount-rulesmedium · 6.3Missing Authorization

Discount Rules for WooCommerce <= 2.2.0 - Missing Authorization

Sep 17, 2020 Patched in 2.2.1 (1223d)
CVE-2020-36834medium · 6.3Missing Authorization

Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization

Aug 20, 2020 Patched in 2.1.0 (1518d)
Code Analysis
Analyzed Mar 16, 2026

Discount Rules for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
9
75 prepared
Unescaped Output
3
683 escaped
Nonce Checks
7
Capability Checks
2
File Operations
2
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize($data);v2\App\Helpers\Migration.php:989

SQL Query Safety

89% prepared84 total queries

Output Escaping

100% escaped686 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
set_status_header (v2\App\Helpers\Input.php:197)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Discount Rules for WooCommerce Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_awdr_switch_versioncommon.php:4
authwp_ajax_wdr_ajaxv2\App\Router.php:49
authwp_ajax_awdr_get_product_discountv2\App\Router.php:50
noprivwp_ajax_awdr_get_product_discountv2\App\Router.php:51
authwp_ajax_wdr_admin_statisticsv2\App\Router.php:59
noprivwp_ajax_wdr_ajaxv2\App\Router.php:147

Shortcodes 1

[awdr_sale_items_list] v2\App\Router.php:216
WordPress Hooks 120
actionadvanced_woo_discount_rules_on_settings_headcommon.php:57
actionplugins_loadedcommon.php:208
actionadmin_menuv1\index.php:15
filteradvanced_woo_discount_rules_converted_currency_valuev2\App\Compatibility\AeliaCurrencySwitcherByAelia.php:17
filteradvanced_woo_discount_rules_calculate_cart_subtotal_manuallyv2\App\Compatibility\AeliaCurrencySwitcherByAelia.php:34
filteradvanced_woo_discount_rules_calculate_discount_for_cart_itemv2\App\Compatibility\CompositeProductsBySomewhereWarm.php:17
filteradvanced_woo_discount_rules_include_cart_item_to_count_quantityv2\App\Compatibility\CompositeProductsBySomewhereWarm.php:24
filteradvanced_woo_discount_rules_process_cart_item_for_cheapest_rulev2\App\Compatibility\CompositeProductsBySomewhereWarm.php:31
filteradvanced_woo_discount_rules_discounted_price_of_cart_itemv2\App\Compatibility\CurrencySwitcherByRealmag777.php:17
filteradvanced_woo_discount_rules_discounted_price_of_cart_itemv2\App\Compatibility\CurrencySwitcherByVillatheme.php:17
filteradvanced_woo_discount_rules_discounted_price_of_cart_itemv2\App\Compatibility\CurrencySwitcherByWPWham.php:17
filterthwepo_product_price_htmlv2\App\Compatibility\ExtraProductOptionsProByThemeHigh.php:19
filterwc_facebook_product_pricev2\App\Compatibility\FacebookForWoocommerceByFacebook.php:19
filteradvanced_woo_discount_rules_additional_fee_amountv2\App\Compatibility\MultiCurrencyByTivNet.php:17
filteradvanced_woo_discount_rules_converted_currency_valuev2\App\Compatibility\MultiCurrencyByTivNet.php:18
filteradvanced_woo_discount_rules_converted_currency_valuev2\App\Compatibility\MultiCurrencyByWPML.php:18
filterwcml_multi_currency_ajax_actionsv2\App\Compatibility\MultiCurrencyByWPML.php:28
filteradvanced_woo_discount_rules_converted_currency_valuev2\App\Compatibility\PriceBasedOnCountryByOscarGare.php:17
actionwp_headv2\App\Compatibility\ProductAddOnsByWooCommerce.php:17
filterwwp_filter_wholesale_price_htmlv2\App\Compatibility\WholesalePricesByRymeraWebCo.php:18
filteradvanced_woo_discount_rules_modify_price_htmlv2\App\Compatibility\WholesalePricesByRymeraWebCo.php:30
actionadmin_noticesv2\App\Controllers\Admin\Messages.php:22
actionadmin_noticesv2\App\Controllers\Admin\Messages.php:27
actionadmin_noticesv2\App\Controllers\Admin\Messages.php:30
filterwoocommerce_product_is_on_salev2\App\Controllers\ManageDiscount.php:101
actionwoocommerce_after_calculate_totalsv2\App\Controllers\ManageDiscount.php:1064
filterwoocommerce_get_shop_coupon_datav2\App\Controllers\ManageDiscount.php:1179
filterwoocommerce_coupon_errorv2\App\Controllers\ManageDiscount.php:1195
actionwoocommerce_after_calculate_totalsv2\App\Controllers\ManageDiscount.php:1280
actionwoocommerce_cart_calculate_feesv2\App\Controllers\ManageDiscount.php:1439
filterposts_wherev2\App\Helpers\Migration.php:1123
filteradvanced_woo_discount_rules_filtersv2\App\Helpers\ProOptions.php:17
filteradvanced_woo_discount_rules_conditionsv2\App\Helpers\ProOptions.php:18
filteradvanced_woo_discount_rules_adjustment_typev2\App\Helpers\ProOptions.php:19
actionwoocommerce_before_calculate_totalsv2\App\Helpers\Woocommerce.php:613
filterwoocommerce_cart_totals_get_fees_from_cart_taxesv2\App\Helpers\Woocommerce.php:877
filtersafe_style_cssv2\App\Router.php:42
actionadmin_menuv2\App\Router.php:54
actionadmin_initv2\App\Router.php:55
actionadmin_enqueue_scriptsv2\App\Router.php:56
actionadmin_noticesv2\App\Router.php:58
filterwoocommerce_screen_idsv2\App\Router.php:60
filteradvanced_woo_discount_rules_get_product_discount_price_from_custom_pricev2\App\Router.php:70
filteradvanced_woo_discount_rules_get_custom_taxonomiesv2\App\Router.php:71
filteradvanced_woo_discount_rules_get_product_discount_pricev2\App\Router.php:74
filteradvanced_woo_discount_rules_get_product_discount_detailsv2\App\Router.php:75
filteradvanced_woo_discount_rules_get_product_discount_percentagev2\App\Router.php:76
filteradvanced_woo_discount_rules_get_product_save_amountv2\App\Router.php:77
filteradvanced_woo_discount_rules_get_cart_item_discount_pricev2\App\Router.php:79
filteradvanced_woo_discount_rules_get_cart_item_discount_detailsv2\App\Router.php:80
filteradvanced_woo_discount_rules_get_cart_item_saved_amountv2\App\Router.php:81
filteradvanced_woo_discount_rules_get_order_item_discount_pricev2\App\Router.php:83
filteradvanced_woo_discount_rules_get_order_item_discount_detailsv2\App\Router.php:84
filteradvanced_woo_discount_rules_get_order_item_saved_amountv2\App\Router.php:85
filteradvanced_woo_discount_rules_get_order_discount_detailsv2\App\Router.php:87
filteradvanced_woo_discount_rules_get_order_saved_amountv2\App\Router.php:88
filterwoocommerce_checkout_create_order_coupon_itemv2\App\Router.php:92
filterwoocommerce_coupon_is_valid_for_productv2\App\Router.php:93
actionwoocommerce_checkout_create_order_line_itemv2\App\Router.php:97
actionwoocommerce_after_order_itemmetav2\App\Router.php:101
filterwoocommerce_cart_item_subtotalv2\App\Router.php:102
filterwoocommerce_order_formatted_line_subtotalv2\App\Router.php:103
filterwoocommerce_cart_totals_order_total_htmlv2\App\Router.php:107
actionwoocommerce_get_formatted_order_totalv2\App\Router.php:108
actionwoocommerce_admin_order_totals_after_totalv2\App\Router.php:109
filteradvanced_woo_discount_rules_get_order_line_item_you_saved_textv2\App\Router.php:112
filteradvanced_woo_discount_rules_get_order_total_you_saved_textv2\App\Router.php:113
actionwoocommerce_before_shop_loopv2\App\Router.php:121
actionwoocommerce_before_single_productv2\App\Router.php:124
actionwoocommerce_before_cartv2\App\Router.php:127
actionwoocommerce_before_checkout_formv2\App\Router.php:130
actionwoocommerce_review_order_before_cart_contentsv2\App\Router.php:131
actionwp_loadedv2\App\Router.php:142
actionwp_enqueue_scriptsv2\App\Router.php:146
filterwoocommerce_get_price_htmlv2\App\Router.php:149
filterwoocommerce_get_price_htmlv2\App\Router.php:150
filterwoocommerce_variable_price_htmlv2\App\Router.php:151
actionwp_loadedv2\App\Router.php:154
filterwoocommerce_coupon_messagev2\App\Router.php:156
filterwoocommerce_product_is_on_salev2\App\Router.php:161
filterwoocommerce_sale_flashv2\App\Router.php:165
actionwp_loadedv2\App\Router.php:169
filterwc_get_templatev2\App\Router.php:171
actionwoocommerce_before_cartv2\App\Router.php:176
actionwoocommerce_before_mini_cartv2\App\Router.php:177
actionwoocommerce_before_mini_cart_contentsv2\App\Router.php:178
actionwoocommerce_before_calculate_totalsv2\App\Router.php:180
actionwoocommerce_cart_item_pricev2\App\Router.php:181
filterwoocommerce_cart_totals_coupon_labelv2\App\Router.php:182
actionwoocommerce_cart_calculate_feesv2\App\Router.php:183
filterwoocommerce_get_shop_coupon_datav2\App\Router.php:184
actionwoocommerce_after_calculate_totalsv2\App\Router.php:186
filterwoocommerce_get_shop_coupon_datav2\App\Router.php:187
filterwoocommerce_cart_totals_coupon_labelv2\App\Router.php:188
filterwoocommerce_cart_totals_coupon_htmlv2\App\Router.php:190
actionwoocommerce_before_cartv2\App\Router.php:194
actionwoocommerce_before_checkout_formv2\App\Router.php:195
actionwoocommerce_review_order_before_cart_contentsv2\App\Router.php:196
actionwoocommerce_checkout_update_order_metav2\App\Router.php:199
actionwoocommerce_store_api_checkout_update_order_metav2\App\Router.php:200
actionadvanced_woo_discount_rules_load_discount_tablev2\App\Router.php:211
actionadvanced_woo_discount_rules_load_discount_barv2\App\Router.php:212
filteradvanced_woo_discount_rules_after_processed_bogo_free_auto_addv2\App\Router.php:227
actionadvanced_woo_discount_rules_after_initializev2\App\Router.php:230
filteradvanced_woo_discount_rules_additional_fee_amountv2\App\Router.php:233
actionadvanced_woo_discount_rules_scheduled_rebuild_on_sale_index_eventv2\App\Router.php:244
actionadmin_initv2\App\Router.php:248
filteradvanced_woo_discount_rules_do_recalculate_totalv2\App\Snippets\disableRecalculateTotal.php:6
actionplugins_loadedv2\App\Snippets\overrideCustomPrice.php:6
filterwoocommerce_product_get_pricev2\App\Snippets\overrideCustomPrice.php:7
filterwoocommerce_product_variation_get_pricev2\App\Snippets\overrideCustomPrice.php:16
actionadvanced_woo_discount_rules_after_apply_discountv2\App\Snippets\overrideCustomPrice.php:26
filteradvanced_woo_discount_rules_do_apply_price_discountv2\App\Snippets\overrideCustomPrice.php:45
filterwoocommerce_product_get_pricev2\App\Snippets\overrideCustomPrice.php:47
filterwoocommerce_product_variation_get_pricev2\App\Snippets\overrideCustomPrice.php:56
actionadvanced_woo_discount_rules_discounted_price_of_cart_itemv2\App\Snippets\overrideCustomPrice.php:65
filteradvanced_woo_discount_rules_recalculate_discount_before_apply_couponv2\App\Snippets\recalculateTotalBeforeApplyCoupon.php:6
actionbefore_woocommerce_initwoo-discount-rules.php:24
actionadmin_initwoo-discount-rules.php:190
actionplugins_loadedwoo-discount-rules.php:196
Maintenance & Trust

Discount Rules for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads2.8M

Community Trust

Rating96/100
Number of ratings1,239
Active installs100K
Alternatives

Discount Rules for WooCommerce Alternatives

Advanced Dynamic Pricing and Discount Rules for WooCommerce

Advanced Dynamic Pricing and Discount Rules for WooCommerce

advanced-dynamic-pricing-for-woocommerce

A
90

The discount plugin for WooCommerce supports any dynamic pricing discount: bulk discount, role discount, storewide, bogo, gifts, cart discount

20K 7 CVEs
Dynamic Pricing With Discount Rules for WooCommerce

Dynamic Pricing With Discount Rules for WooCommerce

aco-woo-dynamic-pricing

A
97

The Dynamic Pricing With Discount Rules plugin enables bulk discounts for WooCommerce products. Its simple design allows easy setup in minutes.

6K 2 CVEs
Dynamic Pricing and Discount Rules

Dynamic Pricing and Discount Rules

discount-and-dynamic-pricing

A
99

Dynamic Pricing Plugin lets you create special discounts for your customers based on product and cart details.

1K 1 CVE
Dynamic Pricing and Discount Rules for WooCommerce

Dynamic Pricing and Discount Rules for WooCommerce

woo-conditional-discount-rules-for-checkout

A
100

Conditional Discount Rules For WooCommerce Checkout Plugin will help you to create and manage complex discount rules based on your requirement.

800 1 CVE
PiWeb Conditional Discount / Bulk discounts for WooCommerce

PiWeb Conditional Discount / Bulk discounts for WooCommerce

conditional-discount-rule-for-woocommerce

A
100

Discount woocommerce plugin / Bulk discounts for woocommerce / dynamic pricing rule like product discount, product category discounts etc..

100 No CVEs
Developer Profile

Discount Rules for WooCommerce Developer Profile

flycart

4 plugins · 108K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
829 days
View full developer profile
Detection Fingerprints

How We Detect Discount Rules for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-discount-rules/v2/assets/css/woo-discount-rules.css/wp-content/plugins/woo-discount-rules/v2/assets/js/woo-discount-rules.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/jquery/jquery.min.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/jquery/jquery-migrate.min.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/jquery/jquery-ui.min.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/bootstrap/bootstrap.bundle.min.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/daterangepicker/moment.min.js/wp-content/plugins/woo-discount-rules/v2/assets/js/vendor/daterangepicker/daterangepicker.js+17 more
Script Paths
/wp-content/plugins/woo-discount-rules/v2/assets/js/woo-discount-rules.js/wp-content/plugins/woo-discount-rules/v2/assets/js/wdr-admin.js/wp-content/plugins/woo-discount-rules/v2/assets/js/wdr-frontend.js
Version Parameters
woo-discount-rules/v2/assets/css/woo-discount-rules.css?ver=woo-discount-rules/v2/assets/js/woo-discount-rules.js?ver=woo-discount-rules/v2/assets/js/wdr-admin.js?ver=woo-discount-rules/v2/assets/js/wdr-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wdr-admin-pagewdr-dashboard-layoutwdr-discount-rules-listingwdr-discount-rule-edit-formwdr-discount-conditions-builderwdr-discount-actions-builderwdr-discount-bogo-pricingwdr-products-selector+23 more
HTML Comments
<!-- WooCommerce Discount Rules v2 --><!-- Admin panel discount rules start --><!-- Admin panel discount rules end --><!-- Discount Rules Dashboard -->+28 more
Data Attributes
data-wdr-pagedata-wdr-tabdata-wdr-rule-iddata-wdr-condition-typedata-wdr-action-typedata-wdr-field+11 more
JS Globals
wdr_admin_dataWdrFrontEnd
REST Endpoints
/wp-json/wdr/v1/discount_rules/wp-json/wdr/v1/discount_rule/wp-json/wdr/v1/discount_rules/save/wp-json/wdr/v1/discount_rules/delete/wp-json/wdr/v1/conditions/wp-json/wdr/v1/actions/wp-json/wdr/v1/settings/wp-json/wdr/v1/settings/save/wp-json/wdr/v1/import_export/wp-json/wdr/v1/import_export/import/wp-json/wdr/v1/statistics/wp-json/wdr/v1/addons/wp-json/wdr/v1/addons/activate/wp-json/wdr/v1/addons/deactivate/wp-json/wdr/v1/products/wp-json/wdr/v1/customers/wp-json/wdr/v1/coupons/wp-json/wdr/v1/sales_report/wp-json/wdr/v1/migration
FAQ

Frequently Asked Questions about Discount Rules for WooCommerce