WP-Safety

CheckoutGuard Security & Risk Analysis

wordpress.org/plugins/checkoutguard

Track incomplete WooCommerce checkouts, recover lost sales, block fraudulent orders, analyze courier success rates, and manage order statuses.

80 active installs v1.2.0 PHP 7.4+ WP 5.8+ Updated Mar 13, 2026
abandoned-cartcheckoutfraud-blockerorder-statuswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CheckoutGuard Safe to Use in 2026?

Generally Safe

Score 100/100

CheckoutGuard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago
Risk Assessment

The checkoutguard plugin, version 1.2.0, exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas like SQL query sanitization and output escaping, the sheer number of AJAX handlers exposed without any authentication or capability checks presents a significant attack surface. The taint analysis further highlights this concern, revealing a substantial number of flows with unsanitized paths, with 8 classified as high severity. This suggests a strong potential for attackers to exploit these vulnerabilities by injecting malicious data or manipulating plugin behavior.

The plugin's vulnerability history is currently clean, with no known CVEs. This is a positive indicator, suggesting that the developers may have a good understanding of security, or perhaps the plugin hasn't been a target for extensive analysis or exploitation. However, the static analysis findings, particularly the high number of unsanitized taint flows and the exposed AJAX endpoints, strongly suggest that vulnerabilities are likely to exist, even if they haven't been publicly documented or exploited yet. The plugin's strengths lie in its proper handling of SQL queries and output, but these are overshadowed by the critical risk posed by the unprotected entry points and unsanitized data flows.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Unsanitized paths in taint analysis
  • Large attack surface without auth
Vulnerabilities
None known

CheckoutGuard Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CheckoutGuard Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
120 prepared
Unescaped Output
67
630 escaped
Nonce Checks
34
Capability Checks
34
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

91% prepared132 total queries

Output Escaping

90% escaped697 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

17 flows11 with unsanitized paths
cg_handle_check_courier_success (includes\ajax-handlers.php:126)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
33 unprotected

CheckoutGuard Attack Surface

Entry Points33
Unprotected33

AJAX Handlers 33

authwp_ajax_cg_save_checkout_datacheckoutguard.php:116
noprivwp_ajax_cg_save_checkout_datacheckoutguard.php:117
authwp_ajax_cg_get_checkout_detailscheckoutguard.php:118
authwp_ajax_cg_get_incomplete_checkout_detailscheckoutguard.php:119
authwp_ajax_cg_recover_ordercheckoutguard.php:120
authwp_ajax_cg_mark_holdcheckoutguard.php:121
authwp_ajax_cg_mark_cancelledcheckoutguard.php:122
authwp_ajax_cg_fetch_dashboard_datacheckoutguard.php:123
authwp_ajax_cg_edit_follow_up_datecheckoutguard.php:124
authwp_ajax_cg_reopen_checkoutcheckoutguard.php:125
authwp_ajax_cg_fetch_follow_up_entriescheckoutguard.php:126
authwp_ajax_cg_fetch_incomplete_entriescheckoutguard.php:127
authwp_ajax_cg_fetch_recovered_entriescheckoutguard.php:128
authwp_ajax_cg_fetch_cancelled_entriescheckoutguard.php:129
authwp_ajax_cg_check_courier_successcheckoutguard.php:130
authwp_ajax_cg_check_order_success_ratiocheckoutguard.php:131
authwp_ajax_cg_add_blocked_itemcheckoutguard.php:132
authwp_ajax_cg_delete_blocked_itemcheckoutguard.php:133
authwp_ajax_cg_delete_blocked_logcheckoutguard.php:134
authwp_ajax_cg_get_blocked_order_detailscheckoutguard.php:136
authwp_ajax_cg_save_page_settingscheckoutguard.php:139
authwp_ajax_cg_live_ratio_checkcheckoutguard.php:141
noprivwp_ajax_cg_live_ratio_checkcheckoutguard.php:142
authwp_ajax_cg_export_blocklistcheckoutguard.php:151
authwp_ajax_cg_import_blocklistcheckoutguard.php:152
authwp_ajax_cg_bulk_delete_blocked_itemscheckoutguard.php:153
authwp_ajax_cg_force_sync_ajaxcheckoutguard.php:155
authwp_ajax_cg_fetch_blocked_orderscheckoutguard.php:157
authwp_ajax_cg_save_order_statuscheckoutguard.php:162
authwp_ajax_cg_delete_order_statuscheckoutguard.php:163
authwp_ajax_cg_fetch_order_status_countscheckoutguard.php:164
authwp_ajax_cg_get_order_statuscheckoutguard.php:165
authwp_ajax_cg_reset_order_statusescheckoutguard.php:166
WordPress Hooks 44
filtercron_schedulescheckoutguard.php:47
actionadmin_noticescheckoutguard.php:55
actionadmin_enqueue_scriptscheckoutguard.php:71
actionadmin_menucheckoutguard.php:72
actionadmin_footercheckoutguard.php:97
actionwp_enqueue_scriptscheckoutguard.php:111
actionadmin_enqueue_scriptscheckoutguard.php:112
actionadmin_menucheckoutguard.php:113
actionadmin_noticescheckoutguard.php:114
actionwoocommerce_thankyoucheckoutguard.php:144
actionwoocommerce_checkout_processcheckoutguard.php:145
actiontemplate_redirectcheckoutguard.php:148
filterbulk_actions-edit-shop_ordercheckoutguard.php:168
filterbulk_actions-woocommerce_page_wc-orderscheckoutguard.php:169
actionadmin_noticescheckoutguard.php:173
actionplugins_loadedcheckoutguard.php:205
actioninitcheckoutguard.php:209
filterwc_order_statusescheckoutguard.php:210
actionadmin_initcheckoutguard.php:214
filterwp_privacy_personal_data_exporterscheckoutguard.php:215
filterwp_privacy_personal_data_eraserscheckoutguard.php:216
actioncg_daily_sync_hookcheckoutguard.php:218
actioncg_cleanup_expired_blockscheckoutguard.php:219
actionadmin_initincludes\admin\admin-settings-page.php:158
actioncurrent_screenincludes\admin\admin-settings-page.php:666
actionswitch_themeincludes\admin\appsero\src\Insights.php:135
actionswitch_themeincludes\admin\appsero\src\Insights.php:136
actionadmin_footerincludes\admin\appsero\src\Insights.php:146
actionadmin_noticesincludes\admin\appsero\src\Insights.php:161
actionadmin_initincludes\admin\appsero\src\Insights.php:164
filtercron_schedulesincludes\admin\appsero\src\Insights.php:168
actionadmin_menuincludes\admin\appsero\src\License.php:219
actionafter_switch_themeincludes\admin\appsero\src\License.php:781
actionswitch_themeincludes\admin\appsero\src\License.php:782
actionwp_dashboard_setupincludes\admin\dashboard-widget.php:20
filtermanage_edit-shop_order_columnsincludes\admin\woocommerce-integration.php:17
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\woocommerce-integration.php:18
actionmanage_shop_order_posts_custom_columnincludes\admin\woocommerce-integration.php:41
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\woocommerce-integration.php:42
actionadd_meta_boxesincludes\admin\woocommerce-integration.php:50
actionadd_meta_boxesincludes\admin\woocommerce-integration.php:94
actionwoocommerce_checkout_processincludes\admin\woocommerce-integration.php:281
actionwoocommerce_checkout_order_processedincludes\admin\woocommerce-integration.php:301
actionwoocommerce_before_checkout_formincludes\checkout-integration.php:459

Scheduled Events 3

cg_daily_sync_hook
cg_daily_sync_hook
cg_cleanup_expired_blocks
Maintenance & Trust

CheckoutGuard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads858

Community Trust

Rating100/100
Number of ratings1
Active installs80
Alternatives

CheckoutGuard Alternatives

Order Test For Woocommerce

Order Test For Woocommerce

order-test-for-woocommerce

A
85

Ensure that your checkout process is functioning properly by testing your WooCommerce order process in just a few seconds.

10 No CVEs
Incomplete Order Lead Capture

Incomplete Order Lead Capture

live-lead-capture-recovery

A
100

Real-time checkout data capture. Automatically saves user input (phone, name) to a WooCommerce order even if they don't submit the form.

0 No CVEs
Zibad Smart Notifier

Zibad Smart Notifier

zibad-smart-notifier

A
100

Smart Notifier helps WooCommerce stores send automated SMS notifications for order events.

0 No CVEs
Checkout Field Editor (Checkout Manager) for WooCommerce

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

A
93

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs
Checkout Field Manager (Checkout Manager) for WooCommerce

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

A
92

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs
Developer Profile

CheckoutGuard Developer Profile

Coder Zone BD

1 plugin · 80 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CheckoutGuard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/checkoutguard/assets/css/checkoutguard-admin.css/wp-content/plugins/checkoutguard/assets/css/checkoutguard-frontend.css/wp-content/plugins/checkoutguard/assets/js/checkoutguard-admin.js/wp-content/plugins/checkoutguard/assets/js/checkoutguard-frontend.js/wp-content/plugins/checkoutguard/assets/js/checkoutguard-utils.js
Script Paths
/wp-content/plugins/checkoutguard/assets/js/checkoutguard-frontend.js/wp-content/plugins/checkoutguard/assets/js/checkoutguard-admin.js
Version Parameters
checkoutguard/assets/css/checkoutguard-admin.css?ver=checkoutguard/assets/css/checkoutguard-frontend.css?ver=checkoutguard/assets/js/checkoutguard-admin.js?ver=checkoutguard/assets/js/checkoutguard-frontend.js?ver=checkoutguard/assets/js/checkoutguard-utils.js?ver=

HTML / DOM Fingerprints

CSS Classes
cg-lockdown-overlaycg_admin_wrappercg_dashboard_widgetcg_block_formcg_block_item_rowcg_add_block_item_buttoncg_blocked_order_details
HTML Comments
<!-- CheckoutGuard Admin CSS --><!-- CheckoutGuard Frontend CSS --><!-- CheckoutGuard Admin JS --><!-- CheckoutGuard Frontend JS -->+1 more
Data Attributes
data-cg-pagedata-cg-statusdata-cg-order-iddata-cg-blocklist-item-iddata-cg-action
JS Globals
CheckoutGuardAdminCheckoutGuardFrontendcg_admin_varscg_frontend_vars
REST Endpoints
/wp-json/checkoutguard/v1/save-checkout-data/wp-json/checkoutguard/v1/get-checkout-details/wp-json/checkoutguard/v1/recover-order/wp-json/checkoutguard/v1/mark-hold/wp-json/checkoutguard/v1/mark-cancelled/wp-json/checkoutguard/v1/fetch-dashboard-data/wp-json/checkoutguard/v1/edit-follow-up-date/wp-json/checkoutguard/v1/reopen-checkout/wp-json/checkoutguard/v1/fetch-follow-up-entries/wp-json/checkoutguard/v1/fetch-incomplete-entries/wp-json/checkoutguard/v1/fetch-recovered-entries/wp-json/checkoutguard/v1/fetch-cancelled-entries/wp-json/checkoutguard/v1/check-courier-success/wp-json/checkoutguard/v1/check-order-success-ratio/wp-json/checkoutguard/v1/add-blocked-item/wp-json/checkoutguard/v1/delete-blocked-item/wp-json/checkoutguard/v1/delete-blocked-log/wp-json/checkoutguard/v1/get-blocked-order-details/wp-json/checkoutguard/v1/save-page-settings/wp-json/checkoutguard/v1/live-ratio-check/wp-json/checkoutguard/v1/export-blocklist/wp-json/checkoutguard/v1/import-blocklist/wp-json/checkoutguard/v1/bulk-delete-blocked-items/wp-json/checkoutguard/v1/force-sync/wp-json/checkoutguard/v1/fetch-blocked-orders/wp-json/checkoutguard/v1/save-order-status/wp-json/checkoutguard/v1/delete-order-status/wp-json/checkoutguard/v1/fetch-order-status-counts/wp-json/checkoutguard/v1/get-order-status/wp-json/checkoutguard/v1/reset-order-statuses
FAQ

Frequently Asked Questions about CheckoutGuard