WP-Safety

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Security & Risk Analysis

wordpress.org/plugins/advanced-checkout-for-woo

Turn sluggish checkouts into conversion gold! ✨ Advance Checkout: multi-step magic, instant cart edits, and thank yous that wow.

10 active installs v1.3 PHP 7.0+ WP 4.7+ Updated Feb 17, 2024
multi-step-checkout-for-woocommercewoocommerce-advance-checkout
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Safe to Use in 2026?

Generally Safe

Score 85/100

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'advanced-checkout-for-woo' v1.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having no recorded vulnerabilities or CVEs in its history, suggesting a generally secure development and maintenance process. The static analysis also shows a lack of dangerous functions, file operations, and external HTTP requests, which are common vectors for compromise.

However, there are significant concerns regarding the plugin's attack surface. It exposes two AJAX handlers without proper authentication checks. This is a critical weakness as it allows any user, potentially even unauthenticated ones, to trigger these handlers, which could lead to unintended actions or information disclosure if not properly secured. While the taint analysis showed no critical or high-severity flows, the presence of unsanitized paths in any flow, even if currently benign, warrants vigilance. The percentage of properly escaped output (68%) also leaves room for improvement, as unescaped output can lead to cross-site scripting (XSS) vulnerabilities.

In conclusion, while the plugin's vulnerability history and handling of SQL queries are strengths, the unprotected AJAX endpoints represent a notable security risk. Addressing these unprotected entry points and improving output escaping should be a priority to further strengthen the plugin's security.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 68% of output properly escaped
Vulnerabilities
None known

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
39 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

68% escaped57 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
WAWC_checkout_dashboard (advance-checkout-wc.php:45)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_inline_ajax_logoutadvance-checkout-wc.php:708
noprivwp_ajax_inline_ajax_logoutadvance-checkout-wc.php:709
authwp_ajax_one_time_offeradvance-checkout-wc.php:902
noprivwp_ajax_one_time_offeradvance-checkout-wc.php:903

Shortcodes 1

[WAWC_order_bump] advance-checkout-wc.php:887
WordPress Hooks 27
actionadmin_menuadvance-checkout-wc.php:23
actionadmin_initadvance-checkout-wc.php:24
actionadmin_enqueue_scriptsadvance-checkout-wc.php:335
actionwp_headadvance-checkout-wc.php:351
actionadmin_footeradvance-checkout-wc.php:354
actionwp_loadedadvance-checkout-wc.php:470
actionwoocommerce_before_checkout_formadvance-checkout-wc.php:479
actionwoocommerce_before_checkout_formadvance-checkout-wc.php:485
actionwoocommerce_after_checkout_formadvance-checkout-wc.php:571
actionwoocommerce_after_checkout_formadvance-checkout-wc.php:574
actionwoocommerce_after_checkout_formadvance-checkout-wc.php:578
actionwoocommerce_after_checkout_formadvance-checkout-wc.php:581
filterwoocommerce_cart_item_nameadvance-checkout-wc.php:586
actionwoocommerce_thankyouadvance-checkout-wc.php:625
filterwoocommerce_checkout_fieldsadvance-checkout-wc.php:650
filtergettextadvance-checkout-wc.php:671
filterwoocommerce_checkout_fieldsadvance-checkout-wc.php:684
actionwp_enqueue_scriptsadvance-checkout-wc.php:712
actionwp_headadvance-checkout-wc.php:720
actionwp_enqueue_scriptsadvance-checkout-wc.php:722
filterscript_loader_tagadvance-checkout-wc.php:743
filterpage_templateadvance-checkout-wc.php:807
filterwoocommerce_checkout_fieldsadvance-checkout-wc.php:836
filterwoocommerce_checkout_fieldsadvance-checkout-wc.php:850
actionwoocommerce_before_checkout_formadvance-checkout-wc.php:853
actionwoocommerce_review_order_before_paymentadvance-checkout-wc.php:871
actionwoocommerce_cart_calculate_feesadvance-checkout-wc.php:891
Maintenance & Trust

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 17, 2024
PHP min version7.0
Downloads770

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Alternatives

No alternatives data available yet.

Developer Profile

Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout Developer Profile

Sky Plugins

6 plugins · 130 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-checkout-for-woo/assets/css/admin-style.css/wp-content/plugins/advanced-checkout-for-woo/assets/js/admin-script.js/wp-content/plugins/advanced-checkout-for-woo/assets/js/frontend.js/wp-content/plugins/advanced-checkout-for-woo/assets/css/frontend.css
Script Paths
/wp-content/plugins/advanced-checkout-for-woo/assets/js/admin-script.js/wp-content/plugins/advanced-checkout-for-woo/assets/js/frontend.js
Version Parameters
advanced-checkout-for-woo/assets/css/admin-style.css?ver=advanced-checkout-for-woo/assets/js/admin-script.js?ver=advanced-checkout-for-woo/assets/js/frontend.js?ver=advanced-checkout-for-woo/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
WAWCWAWC-containerWAWC-headerWAWC-footerbeta-warninguseful-metaWAWC-inner
HTML Comments
<!-- Exit if accessed directly --><!-- Check if WooCommerce is active --><!-- require_once dirname( __FILE__ ) . '/includes/license.php'; --><!-- Invalid License. Please activate your license to use this plugin. -->+6 more
Data Attributes
id="image-preview"id="upload_image_button"id="image_attachment_id"name="logo-width-px"id="logo-width-px"
JS Globals
WAWC_checkout_menuWAWC_checkout_settingsWAWC_checkout_dashboardWAWC_page_namesWAWC_page_linksWAWC_logo_selector+16 more
FAQ

Frequently Asked Questions about Multi-step checkout For Woocommerce and Shopify-like WooCommerce checkout