Does Custom WooCommerce Checkout Fields Editor have any unpatched vulnerabilities?

Yes — Custom WooCommerce Checkout Fields Editor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Custom WooCommerce Checkout Fields Editor compatible with WordPress 6.7.5?

According to WordPress.org data, Custom WooCommerce Checkout Fields Editor 1.3.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Custom WooCommerce Checkout Fields Editor updated?

Custom WooCommerce Checkout Fields Editor was last updated on Jan 1, 2025. Frequent updates are generally a positive security signal.

What is Custom WooCommerce Checkout Fields Editor's security score?

Custom WooCommerce Checkout Fields Editor has a WP-Safety security score of 66/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom WooCommerce Checkout Fields Editor Security & Risk Analysis

wordpress.org/plugins/add-fields-to-checkout-page-woocommerce

Custom WooCommerce Checkout Fields Editor

2K active installs v1.3.4 PHP + WP 4.5+ Updated Jan 1, 2025

checkout-field-editorwoocommerce-checkoutwoocommerce-checkout-fieldswoocommerce-checkout-managerwoocommerce-custom-fields

C · Use Caution

CVEs total4

Unpatched1

Last CVESep 5, 2025

Download

Safety Verdict

Is Custom WooCommerce Checkout Fields Editor Safe to Use in 2026?

Use With Caution

Score 66/100

Custom WooCommerce Checkout Fields Editor has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 1yr ago

Risk Assessment

The plugin 'add-fields-to-checkout-page-woocommerce' v1.3.4 presents a mixed security posture. While it demonstrates good practices like using prepared statements for SQL queries and implementing nonce and capability checks, there are significant areas of concern. The static analysis reveals a relatively small attack surface with no unprotected entry points, which is positive. However, a notable weakness is the low rate of proper output escaping (58%), suggesting potential for Cross-Site Scripting (XSS) vulnerabilities, especially when dealing with user-provided input.

The vulnerability history is a major red flag. The plugin has a history of four known CVEs, with one currently unpatched. The common vulnerability types listed (Missing Authorization, CSRF, XSS) align with the potential XSS risk identified in the static analysis and indicate a pattern of recurring security flaws. The presence of an unpatched vulnerability, even if medium severity, poses an immediate risk to users and suggests a lack of ongoing security maintenance or timely patching by the developers.

In conclusion, while the plugin has some strengths in its basic security implementations, the history of multiple vulnerabilities, particularly the unpatched one, and the concerning rate of unescaped output significantly elevate its risk profile. Users should exercise caution and prioritize updating or seeking alternative solutions.

Key Concerns

Unpatched CVE
Medium severity vulnerabilities in history (4)
Low output escaping rate (58%)
Bundled Freemius v1.0 library

Vulnerabilities

Custom WooCommerce Checkout Fields Editor Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-58799medium · 4.3Cross-Site Request Forgery (CSRF)

Custom WooCommerce Checkout Fields Editor <= 1.3.4 - Cross-Site Request Forgery

Sep 5, 2025Unpatched

CVE-2024-33956medium · 4.3Missing Authorization

Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Missing Authorization

Apr 30, 2024 Patched in 1.3.2 (8d)

CVE-2024-30518medium · 4.3Cross-Site Request Forgery (CSRF)

Custom WooCommerce Checkout Fields Editor <= 1.3.0 - Cross-Site Request Forgery

Mar 28, 2024 Patched in 1.3.1 (7d)

CVE-2024-1697medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Mar 22, 2024 Patched in 1.3.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Custom WooCommerce Checkout Fields Editor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

126 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

58% escaped218 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-wc-checkout-field-editor> (classes\class-wc-checkout-field-editor.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom WooCommerce Checkout Fields Editor Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_save_custom_form_fieldsclasses\class-wc-checkout-field-editor.php:31

WordPress Hooks 40

actionbefore_woocommerce_initcheckout-form-editor.php:84

actioninitcheckout-form-editor.php:159

actionwp_enqueue_scriptscheckout-form-editor.php:211

filterwoocommerce_enable_order_notes_fieldcheckout-form-editor.php:244

filterwoocommerce_default_address_fieldscheckout-form-editor.php:274

filterwoocommerce_get_country_locale_defaultcheckout-form-editor.php:314

filterwoocommerce_get_country_locale_basecheckout-form-editor.php:315

filterwoocommerce_get_country_localecheckout-form-editor.php:325

filterwoocommerce_billing_fieldscheckout-form-editor.php:344

filterwoocommerce_shipping_fieldscheckout-form-editor.php:363

filterwoocommerce_checkout_fieldscheckout-form-editor.php:397

actionwoocommerce_register_postcheckout-form-editor.php:511

actionsave_account_detailscheckout-form-editor.php:534

actionwoocommerce_after_checkout_validationcheckout-form-editor.php:639

actionwoocommerce_after_checkout_formcheckout-form-editor.php:640

filterwoocommerce_billing_fieldscheckout-form-editor.php:841

filterwoocommerce_shipping_fieldscheckout-form-editor.php:882

actionwoocommerce_email_order_metacheckout-form-editor.php:984

filterwc_admin_custom_order_field_optionscheckout-form-editor.php:985

actionwoocommerce_order_details_after_order_tablecheckout-form-editor.php:1069

actionwoocommerce_admin_order_data_after_order_detailscheckout-form-editor.php:1151

actionadd_meta_boxescheckout-form-editor.php:1168

filterwc_customer_order_csv_export_order_headersclasses\class-wc-checkout-field-editor-export-handler.php:18

filterwc_customer_order_csv_export_order_rowclasses\class-wc-checkout-field-editor-export-handler.php:19

actionadmin_menuclasses\class-wc-checkout-field-editor.php:26

filterwoocommerce_screen_idsclasses\class-wc-checkout-field-editor.php:27

actionwoocommerce_checkout_update_order_metaclasses\class-wc-checkout-field-editor.php:28

actionwp_enqueue_scriptsclasses\class-wc-checkout-field-editor.php:29

filterwoocommerce_form_field_textclasses\class-wc-checkout-field-editor.php:32

filterwoocommerce_form_field_checkboxclasses\class-wc-checkout-field-editor.php:33

filterwoocommerce_form_field_checkboxgroupclasses\class-wc-checkout-field-editor.php:34

filterwoocommerce_form_field_dateclasses\class-wc-checkout-field-editor.php:35

filterwoocommerce_form_field_timepickerclasses\class-wc-checkout-field-editor.php:36

filterwoocommerce_form_field_radioclasses\class-wc-checkout-field-editor.php:37

filterwoocommerce_form_field_selectclasses\class-wc-checkout-field-editor.php:38

filterwoocommerce_form_field_multiselectclasses\class-wc-checkout-field-editor.php:39

filterwoocommerce_form_field_headingclasses\class-wc-checkout-field-editor.php:40

filterwoocommerce_form_field_paragraphclasses\class-wc-checkout-field-editor.php:41

filterwoocommerce_form_field_urlclasses\class-wc-checkout-field-editor.php:42

actionadmin_enqueue_scriptsclasses\class-wc-checkout-field-editor.php:55

Maintenance & Trust

Custom WooCommerce Checkout Fields Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 1, 2025

PHP min version

Downloads76K

Community Trust

Rating68/100

Number of ratings18

Active installs2K

Alternatives

Custom WooCommerce Checkout Fields Editor Alternatives

Checkout Field Editor for WooCommerce – Checkout Page Manager

woo-checkout-regsiter-field-editor

Checkout Field Editor for WooCommerce is the leading plugin for customizing, editing, removing, and managing your WooCommerce checkout fields.

2K 1 CVE

Checkout Field Editor and Manager for WooCommerce

extra-checkout-fields-for-woocommerce

A simple WooCommerce Checkout Field Editor and Manager plugin to edit WooCommerce checkout fields, add custom checkout fields and more.

200 No CVEs

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs

FEWC – Extra Checkout Fields For WooCommerce

fewc-extra-checkout-fields-for-woocommerce

100

Easily customize your checkout page: add custom fields, enable/disable fields, rearrange their positions, and preview changes in the WP Customizer

600 No CVEs

Qodax Checkout Manager – Checkout Field Editor for WooCommerce

qodax-checkout-manager

100

Customize and manage checkout fields in your WooCommerce store with a simple and user-friendly interface.

400 No CVEs

Developer Profile

Custom WooCommerce Checkout Fields Editor Developer Profile

themelocation

6 plugins · 10K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

111 days

View full developer profile

Detection Fingerprints

How We Detect Custom WooCommerce Checkout Fields Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-fields-to-checkout-page-woocommerce/assets/js/wcfe-checkout-field-editor-frontend.js

Script Paths