Does Bulk Order Form for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Bulk Order Form for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bulk Order Form for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Bulk Order Form for WooCommerce 3.7.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bulk Order Form for WooCommerce compatible with PHP 7.4+?

Bulk Order Form for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bulk Order Form for WooCommerce updated?

Bulk Order Form for WooCommerce was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Bulk Order Form for WooCommerce's security score?

Bulk Order Form for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bulk Order Form for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-bulk-order-form

Automatically add a bulk or quick order form to your WooCommerce site with a single shortcode.

900 active installs v3.7.2 PHP 7.4+ WP 4.0+ Updated Nov 28, 2025

bulk-orderorder-formquick-orderwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEMay 31, 2023

Plugin page Download

Safety Verdict

Is Bulk Order Form for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Bulk Order Form for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 31, 2023Updated 4mo ago

Risk Assessment

The plugin "woocommerce-bulk-order-form" v3.7.2 exhibits a mixed security posture. While it demonstrates good practices like 100% prepared statement usage for SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and authentication mechanisms. The presence of 4 unprotected AJAX handlers represents a substantial risk, as these can be directly accessed and potentially exploited by unauthenticated users. The taint analysis showing zero flows is a positive sign, suggesting no obvious exploitable vulnerabilities were detected through that method in this specific analysis. However, the plugin's history of 2 medium severity Cross-Site Scripting (XSS) vulnerabilities, with the last one occurring in May 2023, indicates a recurring pattern of input sanitization issues. Although currently unpatched CVEs are zero, this historical trend warrants caution. The limited number of nonce and capability checks on entry points, especially the unprotected AJAX handlers, further amplifies the risk. Overall, the plugin has some strong security foundations, but the lack of robust authentication on several key entry points and its past XSS vulnerabilities are significant weaknesses that require immediate attention.

Key Concerns

Unprotected AJAX handlers
Medium severity XSS vulnerabilities in history
Limited nonce checks
No capability checks on entry points

Vulnerabilities

Bulk Order Form for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-34170medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting

May 31, 2023 Patched in 3.6.0 (237d)

WF-d549fcd5-6808-4d7d-bf1f-df8cfa458744-woocommerce-bulk-order-formmedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 30, 2023 Patched in 3.6.0 (238d)

Code Analysis

Analyzed Mar 16, 2026

Bulk Order Form for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

154 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

99% escaped155 total outputs

Attack Surface

4 unprotected

Bulk Order Form for WooCommerce Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 6

authwp_ajax_wcbulkorder_product_searchincludes\class-frontend-ajax.php:12

noprivwp_ajax_wcbulkorder_product_searchincludes\class-frontend-ajax.php:13

authwp_ajax_wcbulkorder_product_buy_nowincludes\class-frontend-ajax.php:16

noprivwp_ajax_wcbulkorder_product_buy_nowincludes\class-frontend-ajax.php:17

authwp_ajax_wcbulkorder_product_single_buy_nowincludes\class-frontend-ajax.php:19

noprivwp_ajax_wcbulkorder_product_single_buy_nowincludes\class-frontend-ajax.php:20

Shortcodes 1

[wcbulkorder] includes\class-shortcode-handler.php:12

WordPress Hooks 30

actionwc_bof_render_standard_template_product_searchform_templates\class-standard-product-search.php:14

actionwc_bof_render_variation_template_product_searchform_templates\class-variation-product-search.php:17

filterwc_bof_product_search_argsform_templates\class-variation-product-search.php:18

filterposts_searchincludes\abstract-template-product-search.php:53

actionadmin_enqueue_scriptsincludes\admin\class-admin-init.php:12

actionadmin_enqueue_scriptsincludes\admin\class-admin-init.php:13

filterplugin_row_metaincludes\admin\class-admin-init.php:14

filterwoocommerce_screen_idsincludes\admin\class-admin-init.php:16

filterwc_bof_settings_pagesincludes\admin\settings_framework\class-wp-plugin-options.php:12

filterwc_bof_settings_sectionincludes\admin\settings_framework\class-wp-plugin-options.php:13

filterwc_bof_settings_fieldsincludes\admin\settings_framework\class-wp-plugin-options.php:14

actionadmin_menuincludes\admin\settings_framework\class-wp-settings-framework.php:68

actionadmin_initincludes\admin\settings_framework\class-wp-settings-framework.php:70

actionwc_bof_settings_tab_contentincludes\admin\settings_framework\class-wp-settings-framework.php:72

actionadmin_noticesincludes\class-dependencies.php:25

actionadmin_noticesincludes\class-dependencies.php:31

actionadmin_noticesincludes\class-dependencies.php:37

actionwpincludes\class-frontend-ajax.php:15

filterwc_bulk_order_form_suggestionincludes\class-frontend-ajax.php:22

actionwp_enqueue_scriptsincludes\class-frontend.php:12

actionwp_enqueue_scriptsincludes\class-frontend.php:13

actionwc_bof_loadedincludes\functions.php:9

actionwc_bof_standard_add_to_cartincludes\standard-template-add-to-cart-handler.php:12

actionwc_bof_standard_single_add_to_cartincludes\standard-template-add-to-cart-handler.php:13

actionwc_bof_variation_add_to_cartincludes\variation-template-add-to-cart-handler.php:12

actionwc_bof_variation_single_add_to_cartincludes\variation-template-add-to-cart-handler.php:13

actioninitwc-bulk-order-form.php:45

actioninitwc-bulk-order-form.php:47

actionbefore_woocommerce_initwc-bulk-order-form.php:49

actionwp_loadedwc-bulk-order-form.php:53

Maintenance & Trust

Bulk Order Form for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version7.4

Downloads74K

Community Trust

Rating92/100

Number of ratings19

Active installs900

Alternatives

Bulk Order Form for WooCommerce Alternatives

Product Table for WooCommerce by WBW

woo-product-tables

Show your products in the searchable and sortable product table. WooCommerce product listings and flexible order forms with WBW Product Table

2K 4 CVEs

B2B Quick Order Matrix

b2bqom-quick-order-matrix

100

A fast SKU-based order matrix for B2B and wholesale WooCommerce stores. Paste SKUs, validate stock, and add all items to cart instantly.

0 No CVEs

Product Table For WooCommerce

product-table-for-woocommerce

WooCommerce Product Table plugin helps you to showcase the products in a table layout. Gone are those days where the default grid layouts ruled WooCom …

600 2 CVEs

Display Shipping Class in Cart for Woocommerce

display-shipping-class-in-cart-woo

Display product shipping classes in Cart, Checkout, and Order details. Now fully compatible with WooCommerce HPOS.

40 No CVEs

PhoneMe Order WooCommerce

phoneme-order-woocommerce

NO registrations, NO passwords.

40 No CVEs

Developer Profile

Bulk Order Form for WooCommerce Developer Profile

WP Overnight

7 plugins · 390K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

430 days

View full developer profile

Detection Fingerprints

How We Detect Bulk Order Form for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-bulk-order-form/assets/css/woocommerce-bulk-order-form.css/wp-content/plugins/woocommerce-bulk-order-form/assets/js/woocommerce-bulk-order-form.js/wp-content/plugins/woocommerce-bulk-order-form/assets/js/wc-bof-script.js

Script Paths

/wp-content/plugins/woocommerce-bulk-order-form/assets/js/woocommerce-bulk-order-form.js/wp-content/plugins/woocommerce-bulk-order-form/assets/js/wc-bof-script.js

Version Parameters

woocommerce-bulk-order-form/assets/css/woocommerce-bulk-order-form.css?ver=woocommerce-bulk-order-form/assets/js/woocommerce-bulk-order-form.js?ver=woocommerce-bulk-order-form/assets/js/wc-bof-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-bof-product-formwc-bof-single-product-formwc-bof-variationswc-bof-variation-template

HTML Comments

Data Attributes

data-countdata-currencydata-fpricedata-price

JS Globals

wc_bof_params

Shortcode Output

[wcbulkorder]

FAQ