WP-Safety

WPC Product Bundles for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-product-bundle

WPC Product Bundles is a plugin that helps you bundle a few products, offer them at a discount, and watch the sales go up!

30K active installs v8.4.8 PHP + WP 4.0+ Updated Mar 13, 2026
bundlebundleskitswoocommercewpc
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 28, 2023
Plugin page Download
Safety Verdict

Is WPC Product Bundles for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPC Product Bundles for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 28, 2023Updated 22d ago
Risk Assessment

The "woo-product-bundle" plugin version 8.4.8 exhibits a generally positive security posture, with a robust approach to handling AJAX requests and SQL queries. The complete absence of unauthenticated entry points (AJAX handlers, REST API routes, shortcodes) and the consistent use of prepared statements for all SQL queries are strong indicators of good security practices. Furthermore, the plugin demonstrates a high rate of proper output escaping and implements a significant number of nonce and capability checks, which are vital for preventing various web attacks. The vulnerability history shows only one medium severity CVE, which is now patched, suggesting a proactive approach to addressing past security issues.

However, the presence of three instances of the `unserialize` function is a notable concern. While the static analysis doesn't highlight critical or high-severity taint flows related to `unserialize`, this function is inherently risky if the data being deserialized is not strictly controlled or validated. The three flows with unsanitized paths, although not classified as critical or high, warrant careful investigation. The external HTTP requests, while not explicitly flagged as problematic in this analysis, could represent a potential vector if not implemented with strict validation and sanitization of external data. Overall, the plugin is well-protected in many areas, but the `unserialize` usage and unsanitized paths introduce a level of risk that should not be overlooked.

Key Concerns

  • Dangerous function `unserialize` used
  • Flows with unsanitized paths found
  • External HTTP requests present
Vulnerabilities
1

WPC Product Bundles for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-52127medium · 4.3Cross-Site Request Forgery (CSRF)

WPC Product Bundles for WooCommerce <= 7.3.1 - Cross-Site Request Forgery

Dec 28, 2023 Patched in 7.3.2 (26d)
Code Analysis
Analyzed Mar 16, 2026

WPC Product Bundles for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
33
305 escaped
Nonce Checks
9
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:111
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:189
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

SQL Query Safety

100% prepared2 total queries

Output Escaping

90% escaped338 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
admin_menu_content (includes\class-woosb.php:257)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPC Product Bundles for WooCommerce Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 7

authwp_ajax_woosb_update_search_settingsincludes\class-woosb.php:38
authwp_ajax_woosb_get_search_resultsincludes\class-woosb.php:39
authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:19
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:20
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:21
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:22
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22

Shortcodes 3

[woosb_form] includes\class-woosb.php:224
[woosb_bundled] includes\class-woosb.php:225
[woosb_bundles] includes\class-woosb.php:226
WordPress Hooks 97
filterrest_request_after_callbacksincludes\class-blocks.php:84
filterwoocommerce_hydration_request_after_callbacksincludes\class-blocks.php:85
actionwoocommerce_blocks_mini-cart_block_registrationincludes\class-blocks.php:86
actionwoocommerce_blocks_cart_block_registrationincludes\class-blocks.php:92
actionwoocommerce_blocks_checkout_block_registrationincludes\class-blocks.php:98
filterwpo_wcpdf_order_items_dataincludes\class-compatible.php:23
filterwpo_wcpdf_order_items_dataincludes\class-compatible.php:27
filterwf_pklist_modify_meta_dataincludes\class-compatible.php:35
filterwf_pklist_alter_order_itemsincludes\class-compatible.php:38
filterwf_pklist_alter_package_order_itemsincludes\class-compatible.php:39
filterwf_pklist_alter_order_itemsincludes\class-compatible.php:43
filterwf_pklist_alter_package_order_itemsincludes\class-compatible.php:44
actioninitincludes\class-woosb.php:22
filterwoocommerce_available_variationincludes\class-woosb.php:25
actionadmin_initincludes\class-woosb.php:28
actionadmin_menuincludes\class-woosb.php:29
actionwp_enqueue_scriptsincludes\class-woosb.php:32
actionadmin_enqueue_scriptsincludes\class-woosb.php:35
filterproduct_type_selectorincludes\class-woosb.php:42
filterwoocommerce_product_data_tabsincludes\class-woosb.php:45
filterwoocommerce_product_tabsincludes\class-woosb.php:49
actionwoocommerce_single_product_summaryincludes\class-woosb.php:55
actionwoocommerce_single_product_summaryincludes\class-woosb.php:58
actionwoocommerce_single_product_summaryincludes\class-woosb.php:61
actionwoocommerce_single_product_summaryincludes\class-woosb.php:68
actionwoocommerce_single_product_summaryincludes\class-woosb.php:71
actionwoocommerce_product_data_panelsincludes\class-woosb.php:76
actionwoocommerce_process_product_meta_woosbincludes\class-woosb.php:77
filterwoocommerce_product_price_classincludes\class-woosb.php:80
actionwoocommerce_woosb_add_to_cartincludes\class-woosb.php:83
actionwoocommerce_before_add_to_cart_buttonincludes\class-woosb.php:84
filterwoocommerce_add_to_cart_sold_individually_found_in_cartincludes\class-woosb.php:87
filterwoocommerce_add_to_cart_validationincludes\class-woosb.php:88
filterwoocommerce_add_cart_item_dataincludes\class-woosb.php:89
actionwoocommerce_add_to_cartincludes\class-woosb.php:90
filterwoocommerce_get_cart_item_from_sessionincludes\class-woosb.php:91
filterwoocommerce_cart_item_nameincludes\class-woosb.php:94
actionwoocommerce_after_cart_item_nameincludes\class-woosb.php:95
filterwoocommerce_cart_item_quantityincludes\class-woosb.php:96
filterwoocommerce_cart_item_remove_linkincludes\class-woosb.php:97
filterwoocommerce_cart_contents_countincludes\class-woosb.php:98
actionwoocommerce_cart_item_removedincludes\class-woosb.php:99
filterwoocommerce_cart_item_priceincludes\class-woosb.php:100
filterwoocommerce_cart_item_subtotalincludes\class-woosb.php:101
filterwoocommerce_get_item_countincludes\class-woosb.php:104
filterwoocommerce_widget_cart_item_visibleincludes\class-woosb.php:107
filterwoocommerce_cart_item_visibleincludes\class-woosb.php:110
filterwoocommerce_checkout_cart_item_visibleincludes\class-woosb.php:111
filterwoocommerce_order_item_visibleincludes\class-woosb.php:114
filterwoocommerce_cart_item_classincludes\class-woosb.php:118
filterwoocommerce_mini_cart_item_classincludes\class-woosb.php:119
filterwoocommerce_order_item_classincludes\class-woosb.php:120
filterwoocommerce_get_item_dataincludes\class-woosb.php:125
actionwoocommerce_checkout_create_order_line_itemincludes\class-woosb.php:129
filterwoocommerce_order_item_nameincludes\class-woosb.php:130
filterwoocommerce_order_formatted_line_subtotalincludes\class-woosb.php:131
actionwoocommerce_order_item_meta_startincludes\class-woosb.php:135
actionwoocommerce_ajax_add_order_item_metaincludes\class-woosb.php:139
filterwoocommerce_hidden_order_itemmetaincludes\class-woosb.php:140
actionwoocommerce_before_order_itemmetaincludes\class-woosb.php:141
actionwoocommerce_restore_cart_itemincludes\class-woosb.php:144
filterplugin_action_linksincludes\class-woosb.php:147
filterplugin_row_metaincludes\class-woosb.php:148
filterwoocommerce_loop_add_to_cart_linkincludes\class-woosb.php:151
actionwoocommerce_before_mini_cart_contentsincludes\class-woosb.php:154
actionwoocommerce_before_calculate_totalsincludes\class-woosb.php:155
filterwoocommerce_cart_shipping_packagesincludes\class-woosb.php:158
filterwoocommerce_cart_contents_weightincludes\class-woosb.php:159
filterwoocommerce_get_price_htmlincludes\class-woosb.php:162
filterwoocommerce_order_again_cart_item_dataincludes\class-woosb.php:165
actionwoocommerce_cart_loaded_from_sessionincludes\class-woosb.php:166
filterwoocommerce_coupon_is_valid_for_productincludes\class-woosb.php:169
actionwoocommerce_product_set_stock_statusincludes\class-woosb.php:172
actionwoocommerce_variation_set_stock_statusincludes\class-woosb.php:173
filterdisplay_post_statesincludes\class-woosb.php:176
actioncurrent_screenincludes\class-woosb.php:179
actionwoocommerce_no_stock_notificationincludes\class-woosb.php:182
actionwoocommerce_low_stock_notificationincludes\class-woosb.php:183
actionpre_get_postsincludes\class-woosb.php:187
actionpre_get_postsincludes\class-woosb.php:191
actionpre_get_postsincludes\class-woosb.php:195
actionwpcap_added_to_orderincludes\class-woosb.php:199
filterwoovr_default_selectorincludes\class-woosb.php:202
filterwpcsm_locationsincludes\class-woosb.php:205
filterwoocommerce_product_export_meta_valueincludes\class-woosb.php:208
filterwoocommerce_product_import_pre_insert_product_objectincludes\class-woosb.php:211
filterwoosb_item_idincludes\class-woosb.php:215
filterbulk_actions-edit-productincludes\class-woosb.php:4005
filterhandle_bulk_actions-edit-productincludes\class-woosb.php:4006
actionadmin_noticesincludes\class-woosb.php:4007
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:17
actionadmin_menuincludes\dashboard\wpc-dashboard.php:18
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionplugins_loadedwpc-product-bundles.php:39
actionadmin_noticeswpc-product-bundles.php:43
Maintenance & Trust

WPC Product Bundles for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version
Downloads2.3M

Community Trust

Rating88/100
Number of ratings220
Active installs30K
Alternatives

WPC Product Bundles for WooCommerce Alternatives

Product Bundle Builder for WooCommerce

Product Bundle Builder for WooCommerce

easy-product-bundles-for-woocommerce

A
100

WooCommerce Product Bundle help to creates Product Bundles, Composite Products, Mix and Match, BOGO deals, Offer gift products, and Assembled Products &hellip;

7K No CVEs
WPC Composite Products for WooCommerce

WPC Composite Products for WooCommerce

wpc-composite-products

A
99

WPC Composite Products provide a powerful kit-building solution for WooCommerce store.

9K 1 CVE
WPC Grouped Product for WooCommerce

WPC Grouped Product for WooCommerce

wpc-grouped-product

A
99

WPC Grouped Product helps you make up standalone products that are presented as a group.

3K 1 CVE
Product Bundles – Bulk Discounts

Product Bundles – Bulk Discounts

product-bundles-bulk-discounts-for-woocommerce

A
92

Free mini-extension for WooCommerce Product Bundles that allows you to offer bulk quantity discounts.

700 No CVEs
Product Bundles – Variation Bundles

Product Bundles – Variation Bundles

product-bundles-variation-bundles

A
100

Free mini-extension for WooCommerce Product Bundles that allows you to map Bundles to variations. Once a Product Bundle has been mapped to a variation &hellip;

600 No CVEs
Developer Profile

WPC Product Bundles for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Product Bundles for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-product-bundle/assets/css/woosb-blocks.css/wp-content/plugins/woo-product-bundle/assets/js/woosb-blocks.js
Script Paths
/wp-content/plugins/woo-product-bundle/assets/js/woosb-blocks.js
Version Parameters
woo-product-bundle/assets/css/woosb-blocks.css?ver=woo-product-bundle/assets/js/woosb-blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes
woosb-blocks
Data Attributes
data-woosb-bundlesdata-woosb-bundleddata-woosb-hide-bundleddata-woosb-fixed-pricedata-woosb-price
JS Globals
window.wc_blocks_all_settingswindow.wc_blocks_products_block_editor_settingswindow.wc_blocks_cart_block_settings
REST Endpoints
/wp-json/wc/store/v1/products/wp-json/wc/store/v1/cart/wp-json/wc/store/v1/checkout
FAQ

Frequently Asked Questions about WPC Product Bundles for WooCommerce