WP-Safety

Checkout Fields for Blocks Security & Risk Analysis

wordpress.org/plugins/checkout-fields-for-blocks

The Checkout Fields for Blocks plugin allows adding new fields to the checkout form.

1K active installs v1.2.2 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026
blockscheckout-blockcheckout-blocksedit-woocommerce-blockswoocommerce-checkout-blocks
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Checkout Fields for Blocks Safe to Use in 2026?

Generally Safe

Score 100/100

Checkout Fields for Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The plugin "checkout-fields-for-blocks" version 1.2.2 exhibits a generally strong security posture with several good practices in place. The absence of any known CVEs, critical or high severity taint flows, and a relatively small attack surface with all entry points appearing to be protected are positive indicators. The plugin also demonstrates good use of nonces and capability checks in its code.

However, there are areas for concern that slightly detract from an otherwise solid security profile. The presence of two SQL queries that do not utilize prepared statements is a notable risk, as it could open the door to SQL injection vulnerabilities, especially if user input is ever directly incorporated into these queries. While 65% output escaping is decent, the remaining 35% that are not properly escaped could lead to Cross-Site Scripting (XSS) vulnerabilities. The file operations, while not inherently problematic, warrant careful review in the context of how they are implemented, as improper handling could lead to security issues.

Overall, the plugin's lack of historical vulnerabilities is a strong positive signal, suggesting a commitment to security or simply a history of robust development. Nevertheless, the identified areas of concern regarding unescaped output and raw SQL queries represent potential weaknesses that should be addressed to further harden the plugin's security.

Key Concerns

  • SQL queries without prepared statements
  • Percentage of unescaped output
Vulnerabilities
None known

Checkout Fields for Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Checkout Fields for Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
13
24 escaped
Nonce Checks
4
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

65% escaped37 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Checkout Fields for Blocks Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 23
actionwoocommerce_initinc\Hookable\Integration.php:20
actionwoocommerce_store_api_checkout_update_order_from_requestinc\Hookable\OrderSaver.php:29
filterblock_categories_allinc\Hookable\Registrator\BlockCategories.php:22
filter__experimental_woocommerce_blocks_add_data_attributes_to_namespaceinc\Hookable\Registrator\BlockNamespace.php:23
actionwoocommerce_blocks_checkout_block_registrationinc\Hookable\Registrator\Blocks.php:28
actionsave_postinc\Hookable\SettingsSaver.php:23
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Checkout Fields for Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads11K

Community Trust

Rating88/100
Number of ratings9
Active installs1K
Alternatives

Checkout Fields for Blocks Alternatives

Custom Payment Gateways for WooCommerce

Custom Payment Gateways for WooCommerce

custom-payment-gateways-woocommerce

A
100

Custom payment gateways for WooCommerce - create custom payment gateways to never miss out any payments for your WooCommerce Store.

9K No CVEs
Czech QR Payments for WooCommerce

Czech QR Payments for WooCommerce

czech-qr-code-bank-transfer-payment-for-woocommerce

A
100

Payment method for fast QR code bank transfer payment from Czech banking mobile apps

100 No CVEs
Clean Checkout for WooCommerce

Clean Checkout for WooCommerce

clean-checkout-for-woocommerce

A
100

Simplify WooCommerce checkout by disabling fields and adding a Full Name field — supports both classic and block checkout.

0 No CVEs
Pigee Shipping & Payments

Pigee Shipping & Payments

pigee-shipping-payments

A
100

Pigee integration for WooCommerce – provide real-time shipping rates, insurance, and payments at checkout.

0 No CVEs
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Developer Profile

Checkout Fields for Blocks Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect Checkout Fields for Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/checkout-fields-for-blocks/build/css/admin.css/wp-content/plugins/checkout-fields-for-blocks/build/css/frontend.css
Version Parameters
checkout-fields-for-blocks/build/css/admin.asset.phpcheckout-fields-for-blocks/build/css/frontend.asset.php

HTML / DOM Fingerprints

JS Globals
wp
REST Endpoints
/wp-json/checkout-fields-for-blocks/v1/settings
FAQ

Frequently Asked Questions about Checkout Fields for Blocks