Total Findings
53
Security Grade
Coding Score
100/100
SwftBundles is a WooCommerce plugin that adds product bundle functionality for cart and checkout. The plugin implements relatively sound security practices for a typical WordPress plugin with proper output escaping and basic input sanitization. However, several medium-severity security concerns exist around the bundle configuration handling, particularly the lack of proper nonce verification on the settings form and insufficient JSON validation that could lead to data corruption or injection attacks. The plugin also has some performance concerns with repeated cart scanning and could benefit from caching mechanisms. The admin interface uses inline JavaScript which presents minor XSS risks if the bundle data contains malicious content. Overall, the plugin follows WordPress coding standards reasonably well but needs security hardening around the configuration management system.
Show your audit status in your README or website.
<a href="https://wphealthkit.com/directory/swft-bundles"><img src="https://wphealthkit.com/api/badge/swft-bundles" alt="SwftBundles security audit by WP HealthKit" /></a>
Claim this listing to get a Verified badge, control public audits, and get automatic re-scans.
Claim This PluginGet a comprehensive security audit for your WordPress plugin or theme. Upload your zip and get results in minutes.
Start Free AuditProduction Ready
Needs WorkWP.org Ready
Needs ChangesCompliance
Needs WorkCoding Standards
100/100