Does Checkout Field Customizer have any unpatched vulnerabilities?

No. All known vulnerabilities in Checkout Field Customizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Checkout Field Customizer compatible with WordPress 6.0.11?

According to WordPress.org data, Checkout Field Customizer 1.0.1 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Checkout Field Customizer compatible with PHP 7.0+?

Checkout Field Customizer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Checkout Field Customizer updated?

Checkout Field Customizer was last updated on Jun 13, 2022. Frequent updates are generally a positive security signal.

What is Checkout Field Customizer's security score?

Checkout Field Customizer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checkout Field Customizer Security & Risk Analysis

wordpress.org/plugins/checkout-field-customizer

Customize your checkout fields easily !!

0 active installs v1.0.1 PHP 7.0+ WP 4.0+ Updated Jun 13, 2022

checkoutedit-checkout-fieldwoocommerce-checkout-customizer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Checkout Field Customizer Safe to Use in 2026?

Generally Safe

Score 85/100

Checkout Field Customizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The 'checkout-field-customizer' plugin version 1.0.1 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries with prepared statements and properly escaping all output. The absence of known CVEs and vulnerability history is also a strong indicator of past security diligence. However, significant concerns arise from the identified attack surface. The presence of 6 AJAX handlers, with 3 completely lacking authentication checks, creates a substantial entry point for potential attacks. The use of the dangerous `unserialize` function without explicit mention of sanitization or validation in the provided data is a high-risk signal, especially when combined with unsanitized taint flows. While no critical or high severity taint flows were detected, the potential for abuse of the unserialized data, coupled with unprotected AJAX endpoints, warrants careful consideration. The lack of capability checks on AJAX handlers further exacerbates these risks, meaning any authenticated user could potentially trigger these functions. Overall, while the plugin avoids common pitfalls like raw SQL and unescaped output, the unprotected AJAX endpoints and the use of `unserialize` significantly elevate its risk profile.

Key Concerns

Unprotected AJAX handlers (3/6)
Use of 'unserialize' function
Flow with unsanitized path in taint analysis
Missing capability checks on AJAX handlers
Unprotected AJAX handlers (3/6) without nonce checks

Vulnerabilities

None known

Checkout Field Customizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Checkout Field Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$default_billing_fields = unserialize($default_billing_fields);includes\Installer.php:31

unserialize$default_shipping_fields = unserialize($default_shipping_fields);includes\Installer.php:42

unserialize$default_order_fields = unserialize($default_order_fields);includes\Installer.php:53

unserialize$default_admin_fields = unserialize($default_admin_fields);includes\Installer.php:63

Output Escaping

100% escaped51 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

cfc_create_field (includes\Ajax.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Checkout Field Customizer Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 6

authwp_ajax_cfc_create_fieldincludes\Ajax.php:16

authwp_ajax_cfc_update_fieldincludes\Ajax.php:17

authwp_ajax_cfc_get_fieldsincludes\Ajax.php:18

authwp_ajax_cfc_get_admin_fieldsincludes\Ajax.php:19

authwp_ajax_cfc_update_fieldsincludes\Ajax.php:20

authwp_ajax_cfc_delete_fieldincludes\Ajax.php:21

WordPress Hooks 13

actionplugins_loadedcheckout-field-customizer.php:82

actioninitcheckout-field-customizer.php:205

actioninitcheckout-field-customizer.php:208

actionadmin_menuincludes\Admin\Menu.php:18

actionadmin_enqueue_scriptsincludes\Admin\Menu.php:43

actionwoocommerce_admin_order_data_after_order_detailsincludes\Admin\Order.php:11

actionrest_api_initincludes\Api.php:16

actionadmin_enqueue_scriptsincludes\Assets.php:16

actionwp_enqueue_scriptsincludes\Assets.php:18

filterwoocommerce_checkout_fieldsincludes\Frontend\Checkout.php:20

actionwoocommerce_checkout_update_order_metaincludes\Frontend\Checkout.php:21

actionwoocommerce_order_details_after_order_tableincludes\Frontend\Order.php:18

actionwoocommerce_email_after_order_tableincludes\Illuminate\Email.php:12

Maintenance & Trust

Checkout Field Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJun 13, 2022

PHP min version7.0

Downloads949

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Checkout Field Customizer Alternatives

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs

Direct Checkout for WooCommerce

woocommerce-direct-checkout

100

Formerly "WooCommerce Direct Checkout". This plugin simplifies the entire WooCommerce checkout process to improve your sales rate.

80K No CVEs

Brazilian Market on WooCommerce

woocommerce-extra-checkout-fields-for-brazil

Adds Brazilian checkout fields in WooCommerce

70K No CVEs

Developer Profile

Checkout Field Customizer Developer Profile

Abu Huraira Bin Aman

7 plugins · 9K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

238 days

View full developer profile

Detection Fingerprints

How We Detect Checkout Field Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/checkout-field-customizer/assets/css/backend.css/wp-content/plugins/checkout-field-customizer/assets/css/frontend.css/wp-content/plugins/checkout-field-customizer/assets/js/backend.js

Script Paths

/wp-content/plugins/checkout-field-customizer/assets/js/backend.js

Version Parameters

checkout-field-customizer/assets/css/backend.css?ver=checkout-field-customizer/assets/css/frontend.css?ver=checkout-field-customizer/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

cfc-field-wrapcfc-field-labelcfc-field-input

Data Attributes

data-cfc-field-id

JS Globals

cfc_helper_obj

FAQ