Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wt-woocommerce-related-products

This WooCommerce related products plugin, lets you create upsells, and cross-sells with smart WooCommerce product recommendations widget.

10K active installs v1.7.6 PHP 5.6+ WP 3.0.1+ Updated Dec 4, 2025

product-recommendationsrelated-productswoocommerce-product-recommendationswoocommerce-recommendationswoocommerce-related-products

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "wt-woocommerce-related-products" plugin version 1.7.6 exhibits a strong security posture based on the provided static analysis. The absence of critical or high severity taint flows, zero unpatched CVEs, and a near-perfect output escaping rate of 99% are significant strengths. The presence of nonce and capability checks on all identified entry points (AJAX handlers and shortcodes) further bolsters its defenses. The plugin appears to follow many best practices for secure WordPress development, with no dangerous functions or file operations detected.

However, a notable concern is the handling of SQL queries. With two total SQL queries and 0% using prepared statements, this presents a significant risk of SQL injection vulnerabilities. While no specific taint flows leading to SQL injection were detected in the limited analysis, the lack of prepared statements creates a clear potential entry point for attackers. The plugin's vulnerability history is clean, which is positive, but it doesn't mitigate the immediate risk posed by the unparameterized SQL queries. Overall, the plugin is well-defended against common attack vectors like XSS and CSRF, but the raw SQL queries represent a critical weakness that requires immediate attention.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

432 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

99% escaped438 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

update_banner_state (admin\modules\banners\class-wt-bfcm-twenty-twenty-five.php:182)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 7

authwp_ajax_wt_crp_ajax_attribute_searchadmin\class-custom-related-products-admin.php:33

authwp_ajax_wt_dismiss_product_ie_cta_banneradmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:32

authwp_ajax_wt_dismiss_invoice_cta_banneradmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:31

authwp_ajax_wt_dismiss_smart_coupon_cta_banneradmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:32

authwp_ajax_wbte_ema_banner_analytics_page_dismissadmin\modules\banners\class-wbte-ema-banner.php:39

authwp_ajax_wt_crp_dismiss_upsell_banneradmin\modules\banners\class-wt-crp-upsell-banner.php:21

authwp_ajax_relatedproducts_submit_uninstall_reasonincludes\class-wt-relatedproducts-uninstall-feedback.php:11

Shortcodes 1

[wt-related-products] includes\class-custom-related-products.php:36

WordPress Hooks 56

actionwt_crp_before_settings_blockadmin\class-custom-related-products-admin.php:425

actionadmin_headadmin\class-custom-related-products-admin.php:853

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:30

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:31

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:29

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:30

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:30

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:31

actionadmin_enqueue_scriptsadmin\modules\banners\class-wbte-ema-banner.php:37

actionadmin_footeradmin\modules\banners\class-wbte-ema-banner.php:38

actionadmin_initadmin\modules\banners\class-wbte-ema-banner.php:174

actionadmin_enqueue_scriptsadmin\modules\banners\class-wt-bfcm-twenty-twenty-five.php:79

actionadmin_noticesadmin\modules\banners\class-wt-bfcm-twenty-twenty-five.php:81

actionadmin_enqueue_scriptsadmin\modules\banners\class-wt-crp-upsell-banner.php:22

actionadmin_initadmin\modules\import-export\import-export.php:28

actioninitadmin\modules\import-export\import-export.php:29

filterwoocommerce_product_export_meta_valueadmin\modules\import-export\import-export.php:68

filterwoocommerce_product_importer_parsed_dataadmin\modules\import-export\import-export.php:69

filterwt_batch_product_export_row_dataadmin\modules\import-export\import-export.php:70

filterwt_woocommerce_product_import_process_item_dataadmin\modules\import-export\import-export.php:71

actionpmxi_update_post_metaadmin\modules\import-export\import-export.php:392

filterwp_all_export_csv_rowsadmin\modules\import-export\import-export.php:393

actionin_plugin_update_message-wt-woocommerce-related-products/custom-related-products.phpcustom-related-products.php:55

actionadmin_print_footer_scriptscustom-related-products.php:60

actionadmin_noticescustom-related-products.php:138

actioninitincludes\class-custom-related-products-review-request.php:53

actionadmin_noticesincludes\class-custom-related-products-review-request.php:259

actionadmin_print_footer_scriptsincludes\class-custom-related-products-review-request.php:260

actionadmin_noticesincludes\class-custom-related-products-survey-request.php:48

actionadmin_print_footer_scriptsincludes\class-custom-related-products-survey-request.php:49

actionplugins_loadedincludes\class-custom-related-products.php:37

actionwoocommerce_after_cartincludes\class-custom-related-products.php:38

filterrender_blockincludes\class-custom-related-products.php:39

actionadmin_enqueue_scriptsincludes\class-custom-related-products.php:128

actionadmin_enqueue_scriptsincludes\class-custom-related-products.php:129

actionwoocommerce_process_product_metaincludes\class-custom-related-products.php:132

actionwoocommerce_product_options_relatedincludes\class-custom-related-products.php:133

actionadmin_menuincludes\class-custom-related-products.php:136

actionadmin_initincludes\class-custom-related-products.php:137

filterplugin_row_metaincludes\class-custom-related-products.php:140

filterwoocommerce_screen_idsincludes\class-custom-related-products.php:141

filterwt_bfcm_banner_screensincludes\class-custom-related-products.php:147

actionwp_enqueue_scriptsincludes\class-custom-related-products.php:162

actionwp_enqueue_scriptsincludes\class-custom-related-products.php:163

filterwoocommerce_related_products_argsincludes\class-custom-related-products.php:168

filterwoocommerce_locate_templateincludes\class-custom-related-products.php:170

filterwoocommerce_product_related_posts_force_displayincludes\class-custom-related-products.php:172

filterwoocommerce_product_related_posts_relate_by_categoryincludes\class-custom-related-products.php:173

filterwoocommerce_product_related_posts_relate_by_tagincludes\class-custom-related-products.php:174

filterwoocommerce_product_related_posts_queryincludes\class-custom-related-products.php:175

filterpre_render_blockincludes\class-custom-related-products.php:176

actionwoocommerce_after_single_product_summaryincludes\class-custom-related-products.php:186

filterwoocommerce_related_products_argsincludes\class-custom-related-products.php:190

filterdo_shortcode_tagincludes\class-custom-related-products.php:449

actionadmin_footerincludes\class-wt-relatedproducts-uninstall-feedback.php:10

actionwp_footerpublic\class-custom-related-products-public.php:44

Maintenance & Trust

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version5.6

Downloads334K

Community Trust

Rating92/100

Number of ratings82

Active installs10K

Alternatives

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Alternatives

WPB Related Products Slider for WooCommerce

wpb-woocommerce-related-products-slider

100

Replace the default WooCommerce related products with a responsive, dynamic slider to boost product engagement and conversions.

1K No CVEs

Leo Product Recommendations for WooCommerce

leo-product-recommendations

100

Boost WooCommerce sales with smart product recommendation popups on add to cart.

500 No CVEs

Easy Upsells, Related Products & Product Recommendations for WooCommerce

easy-upsells-for-woocommerce

100

Boost sales and increase average order value with WooCommerce upsells, related products, product recommendations, product addons, cross-sells.

10 No CVEs

DEiXTo Recommender for WooCommerce

deixto-recommender-for-woocommerce

DEiXTo Recommender recommends products in WooCommerce based e-shops, using the following methods: Best Selling, Top Rated, Recently Added, Featured, R …

0 No CVEs

UpsellWP – WooCommerce Upsell and Related Products Offers

checkout-upsell-and-order-bumps

Best WooCommerce Upsell plugin to create checkout upsells, cross-sells, order bumps and frequently bought together bundles to increase AOV.

5K 1 unpatched

Developer Profile

Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce Developer Profile

WebToffee

17 plugins · 377K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

155 days

View full developer profile

Detection Fingerprints

How We Detect Related Products – Create Upsells, Cross-sells, and Product Recommendations for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wt-woocommerce-related-products/admin/css/custom-related-products-admin.css/wp-content/plugins/wt-woocommerce-related-products/admin/js/custom-related-products-admin.js/wp-content/plugins/wt-woocommerce-related-products/public/css/wt-woocommerce-related-products.css/wp-content/plugins/wt-woocommerce-related-products/public/js/wt-woocommerce-related-products.js

Script Paths

/wp-content/plugins/wt-woocommerce-related-products/admin/js/custom-related-products-admin.js/wp-content/plugins/wt-woocommerce-related-products/public/js/wt-woocommerce-related-products.js

Version Parameters

wt-woocommerce-related-products/admin/css/custom-related-products-admin.css?ver=wt-woocommerce-related-products/admin/js/custom-related-products-admin.js?ver=wt-woocommerce-related-products/public/css/wt-woocommerce-related-products.css?ver=wt-woocommerce-related-products/public/js/wt-woocommerce-related-products.js?ver=

HTML / DOM Fingerprints

CSS Classes

wt-woocommerce-related-products-blockwtcrp-frontend

HTML Comments

Data Attributes

data-product-id

JS Globals

WTCRPwt_crp_plugin_obj

REST Endpoints

/wp-json/wt-woocommerce-related-products/v1/get-related-products

Shortcode Output

[wt_woocommerce_related_products]

FAQ