Does WPBulky – WordPress Bulk Edit Post Types have any unpatched vulnerabilities?

No. All known vulnerabilities in WPBulky – WordPress Bulk Edit Post Types have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPBulky – WordPress Bulk Edit Post Types compatible with WordPress 6.9.4?

According to WordPress.org data, WPBulky – WordPress Bulk Edit Post Types 1.1.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPBulky – WordPress Bulk Edit Post Types compatible with PHP 7.0+?

WPBulky – WordPress Bulk Edit Post Types requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPBulky – WordPress Bulk Edit Post Types updated?

WPBulky – WordPress Bulk Edit Post Types was last updated on Jan 10, 2026. Frequent updates are generally a positive security signal.

What is WPBulky – WordPress Bulk Edit Post Types's security score?

WPBulky – WordPress Bulk Edit Post Types has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPBulky – WordPress Bulk Edit Post Types Security & Risk Analysis

wordpress.org/plugins/wpbulky-wp-bulk-edit-post-types

A helpful tool that allows you to bulk edit post types (posts, pages, media, comments….)

300 active installs v1.1.15 PHP 7.0+ WP 5.0+ Updated Jan 10, 2026

bulk-editbulk-post-typeeditorpost-type-bulkwordpress-edit

A · Safe

CVEs total2

Unpatched0

Last CVEDec 23, 2025

Plugin page Download

Safety Verdict

Is WPBulky – WordPress Bulk Edit Post Types Safe to Use in 2026?

Generally Safe

Score 98/100

WPBulky – WordPress Bulk Edit Post Types has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 23, 2025Updated 2mo ago

Risk Assessment

The wpbulky-wp-bulk-edit-post-types plugin v1.1.15 generally exhibits good security practices, with a strong emphasis on prepared SQL statements and output escaping. The presence of numerous nonce and capability checks across its entry points is a positive indicator. The limited attack surface, particularly the lack of unprotected AJAX handlers and REST API routes, further contributes to a relatively secure foundation.

However, the taint analysis reveals potential concerns. Three flows with unsanitized paths, while not categorized as critical or high severity in this scan, still represent potential avenues for malicious input to be processed in an unsafe manner. The plugin's history of two medium severity CVEs, specifically SQL Injection and Cross-site Scripting, coupled with the presence of unsanitized paths in the current analysis, suggests a pattern where improper input handling, despite overall good practices, has been a past issue and remains a subtle concern.

Overall, the plugin is well-defended against common web vulnerabilities with robust input sanitization and security checks in place. The absence of unpatched vulnerabilities and the high percentage of prepared SQL statements are significant strengths. The main area of caution lies in the identified unsanitized paths, which warrant careful review to ensure they do not present a latent risk, especially considering the plugin's historical vulnerability types.

Key Concerns

Taint flow with unsanitized path (High Severity)
Taint flow with unsanitized path (High Severity)
Taint flow with unsanitized path (High Severity)
Known CVEs in history (2 medium)

Vulnerabilities

WPBulky – WordPress Bulk Edit Post Types Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-68550medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WPBulky <= 1.1.13 - Authenticated (Author+) SQL Injection

Dec 23, 2025 Patched in 1.1.14 (14d)

CVE-2023-30482medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 17, 2023 Patched in 1.0.10 (190d)

Code Analysis

Analyzed Mar 16, 2026

WPBulky – WordPress Bulk Edit Post Types Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

338 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

93% prepared15 total queries

Output Escaping

99% escaped340 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths

set_full_screen_option (admin\ajax.php:96)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPBulky – WordPress Bulk Edit Post Types Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_vi_wpbulky_ajaxadmin\ajax.php:17

WordPress Hooks 20

actionadmin_menuadmin\admin.php:14

actionadmin_noticesadmin\editor.php:16

filteradmin_body_classadmin\editor.php:17

filterposts_whereadmin\filters.php:13

actionvi_wpbulky_remove_revisionadmin\history.php:26

actionadmin_enqueue_scriptsincludes\enqueue.php:14

actionadmin_enqueue_scriptsincludes\enqueue.php:15

actionadmin_enqueue_scriptssupport\support.php:32

actionadmin_noticessupport\support.php:33

actionadmin_initsupport\support.php:34

actionadmin_menusupport\support.php:35

filterplugin_row_metasupport\support.php:37

actionadmin_initsupport\support.php:39

actionadmin_bar_menusupport\support.php:41

actionadmin_noticessupport\support.php:52

actionadmin_footersupport\support.php:669

actionadmin_bar_menusupport\support.php:807

actionadmin_noticessupport\support.php:953

actionplugins_loadedwpbulky-wp-bulk-edit-post-types.php:46

actioninitwpbulky-wp-bulk-edit-post-types.php:100

Scheduled Events 1

vi_wpbulky_remove_revision

Maintenance & Trust

WPBulky – WordPress Bulk Edit Post Types Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 10, 2026

PHP min version7.0

Downloads15K

Community Trust

Rating74/100

Number of ratings3

Active installs300

Alternatives

WPBulky – WordPress Bulk Edit Post Types Alternatives

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

woo-bulk-editor

BEAR - WooCommerce Bulk Editor Professional (former WOOBE) is plugin for bulk edit/manage woocommerce products their data in the flexible way

40K 17 CVEs

TinyMCE Clear Float

tinymce-clear-buttons

Adds a button to the WordPress TinyMCE editor to clear floats.

10K No CVEs

Bulk Edit Products for WooCommerce – WP Sheet Editor

woo-bulk-edit-products

100

Modern Bulk Editor for WooCommerce products, create and edit hundreds of products in a spreadsheet inside wp-admin. No need to export/import

10K No CVEs

Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

bulk-edit-categories-tags

100

Modern Bulk Editor for Blog Categories and Tags, create and edit hundreds of categories in a spreadsheet inside wp-admin. Quick edits.

4K No CVEs

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

WOLF (formerly WPBE) - a WordPress plugin for managing posts, pages, and custom types easily. Perfect for real estate, cars, etc.

4K 13 CVEs

Developer Profile

WPBulky – WordPress Bulk Edit Post Types Developer Profile

VillaTheme

58 plugins · 167K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

214 days

View full developer profile

Detection Fingerprints

How We Detect WPBulky – WordPress Bulk Edit Post Types

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/dist/admin.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/dist/admin.js/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/select2.min.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/popup.min.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/transition.min.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/checkbox.min.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/dropdown.min.css/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/segment.min.css+7 more

Script Paths

/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/dist/admin.js

Version Parameters

/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/dist/admin.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/select2.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/popup.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/transition.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/checkbox.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/dropdown.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/segment.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/table.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/menu.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/tab.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/form.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/header.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/accordion.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/libs/butt.min.css?ver=/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/assets/dist/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpbulky-notice-wrapper

Data Attributes

data-wpbulky

JS Globals

wpBulkyParams

FAQ