WP-Safety

One Click Upsell Funnel for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-one-click-upsell-funnel

Create WooCommerce Upsells in One Click, Increase Sales with Related Products, Post Purchase Upsell, Cross Sell, Order Bump and Frequently Bought.

1K active installs v3.6.1 PHP 7.4+ WP 6.7.0+ Updated Jan 9, 2026
cross-sellfunnel-buildersales-funnelupsellwoocommerce-checkout
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 20, 2024
Plugin page Download
Safety Verdict

Is One Click Upsell Funnel for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

One Click Upsell Funnel for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 20, 2024Updated 2mo ago
Risk Assessment

The plugin "woo-one-click-upsell-funnel" v3.6.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a very high percentage of properly escaped output, mitigating common injection and XSS risks. The presence of numerous nonce and capability checks also indicates an effort to secure functionalities. However, a significant concern arises from the substantial attack surface, particularly the 11 unprotected AJAX handlers. While taint analysis didn't reveal critical or high severity flows, the presence of 4 flows with unsanitized paths warrants attention as it could be exploited in conjunction with other vulnerabilities.

The vulnerability history shows a single medium severity CVE related to Cross-site Scripting (XSS), which is positive that it's patched. However, the fact that a medium severity XSS vulnerability was present at some point, combined with the unprotected AJAX handlers, suggests a potential for attackers to leverage these unprotected entry points to execute malicious scripts if input validation is insufficient in those areas. The plugin's strengths lie in its database interaction and output handling, but its weaknesses are concentrated in the handling of user-submitted data through its numerous AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Medium severity CVE history
Vulnerabilities
1

One Click Upsell Funnel for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11938medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode

Dec 20, 2024 Patched in 3.4.10 (4d)
Code Analysis
Analyzed Mar 16, 2026

One Click Upsell Funnel for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
41
922 escaped
Nonce Checks
49
Capability Checks
3
File Operations
3
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

96% escaped963 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

11 flows4 with unsanitized paths
return_funnel_offer_section_content (admin\class-woocommerce-one-click-upsell-funnel-admin.php:318)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

One Click Upsell Funnel for WooCommerce Attack Surface

Entry Points31
Unprotected11

AJAX Handlers 13

authwp_ajax_seach_products_for_offersincludes\class-woocommerce-one-click-upsell-funnel.php:212
authwp_ajax_seach_products_for_funnelincludes\class-woocommerce-one-click-upsell-funnel.php:214
authwp_ajax_search_product_categories_for_funnelincludes\class-woocommerce-one-click-upsell-funnel.php:215
authwp_ajax_wps_upsell_init_migratorincludes\class-woocommerce-one-click-upsell-funnel.php:218
authwp_ajax_wps_upsell_stop_migratorincludes\class-woocommerce-one-click-upsell-funnel.php:219
authwp_ajax_wps_upsell_dismiss_elementor_inactive_noticeincludes\class-woocommerce-one-click-upsell-funnel.php:222
authwp_ajax_wps_wocuf_pro_return_offer_contentincludes\class-woocommerce-one-click-upsell-funnel.php:230
authwp_ajax_wps_upsell_activate_offer_template_ajaxincludes\class-woocommerce-one-click-upsell-funnel.php:233
authwp_ajax_wps_wocuf_dismiss_notice_bannerincludes\class-woocommerce-one-click-upsell-funnel.php:275
authwp_ajax_send_onboarding_dataincludes\class-wpswings-onboarding-helper.php:112
noprivwp_ajax_send_onboarding_dataincludes\class-wpswings-onboarding-helper.php:113
authwp_ajax_skip_onboarding_popupincludes\class-wpswings-onboarding-helper.php:116
noprivwp_ajax_skip_onboarding_popupincludes\class-wpswings-onboarding-helper.php:117

Shortcodes 18

[wps_wocuf_pro_yes] public\class-woocommerce-one-click-upsell-funnel-public.php:1724
[wps_wocuf_pro_no] public\class-woocommerce-one-click-upsell-funnel-public.php:1727
[wps_wocuf_pro_offer_price] public\class-woocommerce-one-click-upsell-funnel-public.php:1730
[wps_wocuf_pro_order_details] public\class-woocommerce-one-click-upsell-funnel-public.php:1732
[wps_wocuf_pro_funnel_default_offer_page] public\class-woocommerce-one-click-upsell-funnel-public.php:1735
[wps_upsell_yes] public\class-woocommerce-one-click-upsell-funnel-public.php:1741
[wps_upsell_no] public\class-woocommerce-one-click-upsell-funnel-public.php:1743
[wps_upsell_title] public\class-woocommerce-one-click-upsell-funnel-public.php:1746
[wps_upsell_desc] public\class-woocommerce-one-click-upsell-funnel-public.php:1748
[wps_upsell_desc_short] public\class-woocommerce-one-click-upsell-funnel-public.php:1750
[wps_upsell_image] public\class-woocommerce-one-click-upsell-funnel-public.php:1752
[wps_upsell_price] public\class-woocommerce-one-click-upsell-funnel-public.php:1754
[wps_upsell_product_shipping_price] public\class-woocommerce-one-click-upsell-funnel-public.php:1756
[wps_upsell_variations] public\class-woocommerce-one-click-upsell-funnel-public.php:1758
[wps_upsell_star_review] public\class-woocommerce-one-click-upsell-funnel-public.php:1761
[wps_upsell_default_offer_identification] public\class-woocommerce-one-click-upsell-funnel-public.php:1764
[wps_upsell_timer] public\class-woocommerce-one-click-upsell-funnel-public.php:1770
[wps_upsell_quantity] public\class-woocommerce-one-click-upsell-funnel-public.php:1772
WordPress Hooks 72
actionadmin_initincludes\class-woocommerce-one-click-upsell-funnel-global-functions.php:1068
actionplugins_loadedincludes\class-woocommerce-one-click-upsell-funnel.php:188
actionadmin_enqueue_scriptsincludes\class-woocommerce-one-click-upsell-funnel.php:206
actionadmin_enqueue_scriptsincludes\class-woocommerce-one-click-upsell-funnel.php:208
actionadmin_menuincludes\class-woocommerce-one-click-upsell-funnel.php:210
actionpre_get_postsincludes\class-woocommerce-one-click-upsell-funnel.php:225
filterpage_templateincludes\class-woocommerce-one-click-upsell-funnel.php:227
filterwps_deactivation_supported_slugincludes\class-woocommerce-one-click-upsell-funnel.php:236
filtersafe_style_cssincludes\class-woocommerce-one-click-upsell-funnel.php:239
filtermanage_edit-shop_order_columnsincludes\class-woocommerce-one-click-upsell-funnel.php:244
actionmanage_shop_order_posts_custom_columnincludes\class-woocommerce-one-click-upsell-funnel.php:247
actionwoocommerce_shop_order_list_table_custom_columnincludes\class-woocommerce-one-click-upsell-funnel.php:249
filterwoocommerce_shop_order_list_table_columnsincludes\class-woocommerce-one-click-upsell-funnel.php:250
filterrestrict_manage_postsincludes\class-woocommerce-one-click-upsell-funnel.php:253
filterrequestincludes\class-woocommerce-one-click-upsell-funnel.php:256
filterwoocommerce_payment_gateways_setting_columnsincludes\class-woocommerce-one-click-upsell-funnel.php:259
actionwoocommerce_payment_gateways_setting_column_wps_upsellincludes\class-woocommerce-one-click-upsell-funnel.php:262
actionwoocommerce_product_options_general_product_dataincludes\class-woocommerce-one-click-upsell-funnel.php:264
actionwoocommerce_process_product_metaincludes\class-woocommerce-one-click-upsell-funnel.php:265
actionwoocommerce_product_after_variable_attributesincludes\class-woocommerce-one-click-upsell-funnel.php:266
actionwoocommerce_save_product_variationincludes\class-woocommerce-one-click-upsell-funnel.php:267
filterwoocommerce_admin_reportsincludes\class-woocommerce-one-click-upsell-funnel.php:270
actionadmin_initincludes\class-woocommerce-one-click-upsell-funnel.php:273
actionwps_wgm_check_for_notification_updateincludes\class-woocommerce-one-click-upsell-funnel.php:274
actionwp_enqueue_scriptsincludes\class-woocommerce-one-click-upsell-funnel.php:292
actionwp_enqueue_scriptsincludes\class-woocommerce-one-click-upsell-funnel.php:294
actionwoocommerce_initincludes\class-woocommerce-one-click-upsell-funnel.php:296
filtercron_schedulesincludes\class-woocommerce-one-click-upsell-funnel.php:299
actiontemplate_redirectincludes\class-woocommerce-one-click-upsell-funnel.php:302
filterwp_page_menu_argsincludes\class-woocommerce-one-click-upsell-funnel.php:305
filterwp_get_nav_menu_itemsincludes\class-woocommerce-one-click-upsell-funnel.php:308
actionwp_print_stylesincludes\class-woocommerce-one-click-upsell-funnel.php:317
actioninitincludes\class-woocommerce-one-click-upsell-funnel.php:320
filterwps_currency_switcher_side_switcher_after_htmlincludes\class-woocommerce-one-click-upsell-funnel.php:323
filterthe_contentincludes\class-woocommerce-one-click-upsell-funnel.php:326
filterwp_kses_allowed_htmlincludes\class-woocommerce-one-click-upsell-funnel.php:330
actionwoocommerce_checkout_order_processedincludes\class-woocommerce-one-click-upsell-funnel.php:335
actionwoocommerce_store_api_checkout_order_processedincludes\class-woocommerce-one-click-upsell-funnel.php:338
actionwp_loadedincludes\class-woocommerce-one-click-upsell-funnel.php:341
actionwp_loadedincludes\class-woocommerce-one-click-upsell-funnel.php:344
actionwps_wocuf_lite_order_cron_scheduleincludes\class-woocommerce-one-click-upsell-funnel.php:347
actionwp_headincludes\class-woocommerce-one-click-upsell-funnel.php:350
actionwp_footerincludes\class-woocommerce-one-click-upsell-funnel.php:353
actionwp_footerincludes\class-woocommerce-one-click-upsell-funnel.php:356
filterwoocommerce_order_item_get_formatted_meta_dataincludes\class-woocommerce-one-click-upsell-funnel.php:359
actionwoocommerce_thankyouincludes\class-woocommerce-one-click-upsell-funnel.php:362
actionwp_headincludes\class-woocommerce-one-click-upsell-funnel.php:367
actionwp_headincludes\class-woocommerce-one-click-upsell-funnel.php:370
actionwoocommerce_thankyouincludes\class-woocommerce-one-click-upsell-funnel.php:373
actionwp_loadedincludes\class-woocommerce-one-click-upsell-funnel.php:380
actionwoocommerce_initincludes\class-woocommerce-one-click-upsell-funnel.php:387
actionwoocommerce_after_checkout_billing_formincludes\class-woocommerce-one-click-upsell-funnel.php:390
actionadmin_enqueue_scriptsincludes\class-wpswings-onboarding-helper.php:104
actionadmin_enqueue_scriptsincludes\class-wpswings-onboarding-helper.php:105
actionadmin_footerincludes\class-wpswings-onboarding-helper.php:106
actionadmin_footerincludes\class-wpswings-onboarding-helper.php:107
filterwps_on_boarding_form_fieldsincludes\class-wpswings-onboarding-helper.php:108
filterwps_deactivation_form_fieldsincludes\class-wpswings-onboarding-helper.php:109
actionplugins_loadedpage-builders\elementor\class-elementor-widget-loader.php:46
actionadmin_noticespage-builders\elementor\class-elementor-widget-loader.php:70
actionadmin_noticespage-builders\elementor\class-elementor-widget-loader.php:75
actionelementor/widgets/widgets_registeredpage-builders\elementor\elementor-widget\class-elementor-widget.php:118
actionmwb_wocuf_pro_setting_tab_activewoocommerce-one-click-upsell-funnel.php:81
actionadmin_noticeswoocommerce-one-click-upsell-funnel.php:98
filterplugin_row_metawoocommerce-one-click-upsell-funnel.php:211
filterwoocommerce_get_checkout_order_received_urlwoocommerce-one-click-upsell-funnel.php:350
actionadmin_initwoocommerce-one-click-upsell-funnel.php:372
actionadmin_noticeswoocommerce-one-click-upsell-funnel.php:383
actionbefore_woocommerce_initwoocommerce-one-click-upsell-funnel.php:414
actionbefore_woocommerce_initwoocommerce-one-click-upsell-funnel.php:423
actionadmin_noticeswoocommerce-one-click-upsell-funnel.php:437
actionadmin_noticeswoocommerce-one-click-upsell-funnel.php:475

Scheduled Events 2

wps_wgm_check_for_notification_update
wps_wocuf_lite_order_cron_schedule
Maintenance & Trust

One Click Upsell Funnel for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 9, 2026
PHP min version7.4
Downloads76K

Community Trust

Rating90/100
Number of ratings98
Active installs1K
Alternatives

One Click Upsell Funnel for WooCommerce Alternatives

FunnelKit – Funnel Builder for WooCommerce Checkout

FunnelKit – Funnel Builder for WooCommerce Checkout

funnel-builder

B
82

Create high-converting WooCommerce checkout pages, WooCommerce thank you pages & sales funnels with the highest-rated WordPress funnel builder.

40K 12 CVEs
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

wpfunnels

A
89

WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c &hellip;

6K 11 CVEs
CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

cartflows

A
97

1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.

200K 6 CVEs
Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.

Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.

upsell-order-bump-offer-for-woocommerce

A
98

Upsell Funnel Builder lets you create WooCommerce Upsells, Order Bumps, One Click upsell, Cross-Sells, Frequently Bought, and Popups.

3K 2 CVEs
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

stylish-cost-calculator

B
72

Cost calculator for WordPress: 🌟 Engage visitors and boost conversions with interactive calculations, lead capture, and payment integrations.

2K 1 unpatched
Developer Profile

One Click Upsell Funnel for WooCommerce Developer Profile

WP Swings

13 plugins · 43K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect One Click Upsell Funnel for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-one-click-upsell-funnel/assets/css/admin-style.css/wp-content/plugins/woo-one-click-upsell-funnel/assets/css/style.css/wp-content/plugins/woo-one-click-upsell-funnel/assets/js/admin-script.js/wp-content/plugins/woo-one-click-upsell-funnel/assets/js/script.js
Script Paths
/wp-content/plugins/woo-one-click-upsell-funnel/assets/js/script.js/wp-content/plugins/woo-one-click-upsell-funnel/assets/js/admin-script.js
Version Parameters
woo-one-click-upsell-funnel/assets/css/style.css?ver=woo-one-click-upsell-funnel/assets/css/admin-style.css?ver=woo-one-click-upsell-funnel/assets/js/script.js?ver=woo-one-click-upsell-funnel/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wocuf-admin-wrapwps-upsell-settingswocuf-offer-detailswocuf-offer-list-tablewocuf-upsell-preview
HTML Comments
<!-- Start of WooCommerce One Click Upsell Funnel -->
Data Attributes
data-wocuf-offer-iddata-wocuf-product-id
JS Globals
WPS_WOCUF_OBJ
REST Endpoints
/wp-json/wocuf/v1/get-upsell-data/wp-json/wocuf/v1/save-upsell-settings
Shortcode Output
[wocuf_upsell_offer]
FAQ

Frequently Asked Questions about One Click Upsell Funnel for WooCommerce