WP-Safety

WPC Smart Upsell Funnel for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-smart-upsell-funnel

Suggest additional products and offer discounts to customers on the checkout page with flexible and smart conditions.

100 active installs v3.0.9 PHP + WP 4.0+ Updated Mar 15, 2026
funnelupsellwoocommercewpc
98
A · Safe
CVEs total1
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is WPC Smart Upsell Funnel for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

WPC Smart Upsell Funnel for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 27, 2025Updated 19d ago
Risk Assessment

The "wpc-smart-upsell-funnel" plugin v3.0.9 presents a mixed security posture. While it demonstrates good practices in several areas, such as 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of a single AJAX handler without authentication checks creates a potential entry point for unauthorized actions. Furthermore, the use of the `unserialize` function, even without immediate evidence of exploitable taint flows in the static analysis, is a known risk and warrants careful attention due to potential deserialization vulnerabilities. The plugin's vulnerability history, showing a past high-severity vulnerability related to missing authorization, reinforces the concern around authorization checks. This pattern suggests a recurring area of weakness that attackers might target. Overall, the plugin has strengths in data handling and output sanitization, but the identified attack vector and the continued potential for deserialization issues necessitate caution.

Key Concerns

  • AJAX handler without authentication checks
  • Use of unserialize function
  • Past high severity vulnerability (Missing Authorization)
Vulnerabilities
1

WPC Smart Upsell Funnel for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-30772high · 8.8Missing Authorization

WPC Smart Upsell Funnel for WooCommerce <= 3.0.4 - Authenticated (Subscriber+) Arbitrary Options Update

Mar 27, 2025 Patched in 3.0.5 (8d)
Code Analysis
Analyzed Mar 16, 2026

WPC Smart Upsell Funnel for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
18
388 escaped
Nonce Checks
14
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

96% escaped406 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
ajax_export (includes\dashboard\wpc-dashboard.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WPC Smart Upsell Funnel for WooCommerce Attack Surface

Entry Points13
Unprotected1

AJAX Handlers 11

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
authwp_ajax_wpcuf_add_rulewpc-smart-upsell-funnel.php:84
authwp_ajax_wpcuf_add_combinationwpc-smart-upsell-funnel.php:85
authwp_ajax_wpcuf_search_termwpc-smart-upsell-funnel.php:86
authwp_ajax_wpcuf_import_exportwpc-smart-upsell-funnel.php:87
authwp_ajax_wpcuf_import_export_savewpc-smart-upsell-funnel.php:88
authwp_ajax_wpcuf_add_timewpc-smart-upsell-funnel.php:89

Shortcodes 2

[wpcuf_uf] wpc-smart-upsell-funnel.php:177
[wpcuf_ob] wpc-smart-upsell-funnel.php:178
WordPress Hooks 42
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionadmin_initincludes\log\wpc-log.php:6
actionplugins_loadedwpc-smart-upsell-funnel.php:39
actionadmin_noticeswpc-smart-upsell-funnel.php:43
actioninitwpc-smart-upsell-funnel.php:69
actionadmin_initwpc-smart-upsell-funnel.php:72
filterpre_update_optionwpc-smart-upsell-funnel.php:73
actionadmin_menuwpc-smart-upsell-funnel.php:74
actionadmin_enqueue_scriptswpc-smart-upsell-funnel.php:77
filterplugin_action_linkswpc-smart-upsell-funnel.php:80
filterplugin_row_metawpc-smart-upsell-funnel.php:81
actionwp_enqueue_scriptswpc-smart-upsell-funnel.php:92
actionwc_ajax_wpcuf_add_to_cartwpc-smart-upsell-funnel.php:95
actionwc_ajax_wpcuf_remove_from_cartwpc-smart-upsell-funnel.php:96
actionwoocommerce_before_cartwpc-smart-upsell-funnel.php:101
actionwoocommerce_after_cart_tablewpc-smart-upsell-funnel.php:104
actionwoocommerce_before_cart_totalswpc-smart-upsell-funnel.php:107
actionwoocommerce_after_cartwpc-smart-upsell-funnel.php:110
actionwoocommerce_before_checkout_formwpc-smart-upsell-funnel.php:117
actionwoocommerce_before_order_noteswpc-smart-upsell-funnel.php:120
actionwoocommerce_checkout_after_customer_detailswpc-smart-upsell-funnel.php:123
actionwoocommerce_checkout_before_order_review_headingwpc-smart-upsell-funnel.php:126
actionwoocommerce_after_checkout_formwpc-smart-upsell-funnel.php:129
actionwoocommerce_before_checkout_formwpc-smart-upsell-funnel.php:136
actionwoocommerce_before_order_noteswpc-smart-upsell-funnel.php:139
actionwoocommerce_checkout_after_customer_detailswpc-smart-upsell-funnel.php:142
actionwoocommerce_checkout_before_order_review_headingwpc-smart-upsell-funnel.php:145
actionwoocommerce_checkout_order_reviewwpc-smart-upsell-funnel.php:148
actionwoocommerce_after_checkout_formwpc-smart-upsell-funnel.php:151
actionwoocommerce_add_to_cartwpc-smart-upsell-funnel.php:156
actionwoocommerce_cart_item_removedwpc-smart-upsell-funnel.php:157
actionwoocommerce_cart_item_restoredwpc-smart-upsell-funnel.php:158
actionwoocommerce_check_cart_itemswpc-smart-upsell-funnel.php:159
actionwoocommerce_before_mini_cart_contentswpc-smart-upsell-funnel.php:160
actionwoocommerce_before_calculate_totalswpc-smart-upsell-funnel.php:161
filterwoocommerce_update_order_review_fragmentswpc-smart-upsell-funnel.php:162
actionwoocommerce_checkout_create_order_line_itemwpc-smart-upsell-funnel.php:165
filterwoocommerce_hidden_order_itemmetawpc-smart-upsell-funnel.php:169
Maintenance & Trust

WPC Smart Upsell Funnel for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

WPC Smart Upsell Funnel for WooCommerce Alternatives

CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

cartflows

A
97

1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.

200K 6 CVEs
FunnelKit – Funnel Builder for WooCommerce Checkout

FunnelKit – Funnel Builder for WooCommerce Checkout

funnel-builder

B
82

Create high-converting WooCommerce checkout pages, WooCommerce thank you pages & sales funnels with the highest-rated WordPress funnel builder.

40K 12 CVEs
WPC Frequently Bought Together for WooCommerce

WPC Frequently Bought Together for WooCommerce

woo-bought-together

A
99

WPC Frequently Bought Together helps you increase your sales with personalized product recommendations.

10K 2 CVEs
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

wpfunnels

A
89

WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c &hellip;

6K 11 CVEs
Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.

Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.

upsell-order-bump-offer-for-woocommerce

A
98

Upsell Funnel Builder lets you create WooCommerce Upsells, Order Bumps, One Click upsell, Cross-Sells, Frequently Bought, and Popups.

3K 2 CVEs
Developer Profile

WPC Smart Upsell Funnel for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Smart Upsell Funnel for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpc-smart-upsell-funnel/assets/css/wpcuf-frontend.css/wp-content/plugins/wpc-smart-upsell-funnel/assets/js/wpcuf-frontend.js/wp-content/plugins/wpc-smart-upsell-funnel/assets/css/wpcuf-backend.css/wp-content/plugins/wpc-smart-upsell-funnel/assets/js/wpcuf-backend.js
Script Paths
/wp-content/plugins/wpc-smart-upsell-funnel/assets/js/wpcuf-frontend.js/wp-content/plugins/wpc-smart-upsell-funnel/assets/js/wpcuf-backend.js
Version Parameters
wpc-smart-upsell-funnel/assets/css/wpcuf-frontend.css?ver=wpc-smart-upsell-funnel/assets/js/wpcuf-frontend.js?ver=wpc-smart-upsell-funnel/assets/css/wpcuf-backend.css?ver=wpc-smart-upsell-funnel/assets/js/wpcuf-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcuf-popupwpcuf-popup-contentwpcuf-popup-closewpcuf-uf-wrapperwpcuf-ob-wrapperwpcuf-uf-productwpcuf-ob-product
HTML Comments
WPC Smart Upsell Funnel for WooCommerceWPCUF AJAX
Data Attributes
data-wpcuf-popupdata-wpcuf-product-iddata-wpcuf-variation-id
JS Globals
WPCUF_AJAX_URLwpcuf_frontend_params
REST Endpoints
/wp-json/wpcuf/v1/add-to-cart/wp-json/wpcuf/v1/remove-from-cart
FAQ

Frequently Asked Questions about WPC Smart Upsell Funnel for WooCommerce