WP-Safety

Custom Dokan Fields Security & Risk Analysis

wordpress.org/plugins/custom-dokan-fields

Custom Dokan Fields Plugin is a comprehensive tool for adding, editing, and managing additional fields on dokan product edit page.

10 active installs v1.0.0 PHP 5.2+ WP 3.3+ Updated Mar 10, 2023
acfacf-for-dokanadd-new-fieldscusto-fieldsdokan
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom Dokan Fields Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Dokan Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "custom-dokan-fields" v1.0.0 plugin demonstrates a strong adherence to secure coding practices in several key areas. The absence of direct SQL queries, reliance on prepared statements for any database interactions, and a lack of file operations or external HTTP requests significantly reduce the potential for common web vulnerabilities. Furthermore, the static analysis found no critical or high severity taint flows, indicating that user-supplied data is likely being handled safely within the analyzed code paths. The plugin also has no recorded vulnerability history, which suggests a historically stable security record.

However, there are some notable areas for improvement and potential concern. The presence of 2 capability checks but 0 nonce checks on its single AJAX handler is a significant security weakness. AJAX endpoints without nonce verification are highly susceptible to Cross-Site Request Forgery (CSRF) attacks, allowing attackers to trick authenticated users into performing unintended actions. Additionally, the static analysis indicates that only 57% of output is properly escaped. While not as severe as unescaped input leading to XSS, this can still leave the plugin vulnerable to Cross-Site Scripting (XSS) attacks in certain contexts, particularly if sensitive data is being displayed.

In conclusion, while the plugin exhibits good security fundamentals regarding database and external interactions, the lack of nonce checks on its AJAX endpoint and the moderate output escaping percentage represent exploitable weaknesses. Addressing these specific issues would considerably enhance the plugin's security posture.

Key Concerns

  • Missing nonce check on AJAX handler
  • Moderate output escaping (57% properly escaped)
Vulnerabilities
None known

Custom Dokan Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom Dokan Fields Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
168
224 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

57% escaped392 total outputs
Attack Surface

Custom Dokan Fields Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_restore_billing_fieldsinclude\admin\dcfpp_admin_settings.php:25
WordPress Hooks 25
filterplugin_row_metacustom-dokan-fields.php:56
actioninitinclude\admin\dcfpp_admin_settings.php:18
actionadmin_initinclude\admin\dcfpp_admin_settings.php:19
actionadmin_initinclude\admin\dcfpp_admin_settings.php:20
actionadmin_menuinclude\admin\dcfpp_admin_settings.php:22
actionadmin_enqueue_scriptsinclude\admin\dcfpp_admin_settings.php:23
actionadmin_enqueue_scriptsinclude\admin\dcfpp_admin_settings.php:24
filterwoocommerce_form_field_textinclude\manage_extrafield_class.php:5
filterwoocommerce_form_field_headinginclude\manage_extrafield_class.php:6
filterwoocommerce_form_field_passwordinclude\manage_extrafield_class.php:7
filterwoocommerce_form_field_emailinclude\manage_extrafield_class.php:8
filterwoocommerce_form_field_numberinclude\manage_extrafield_class.php:9
filterwoocommerce_form_field_textareainclude\manage_extrafield_class.php:10
filterwoocommerce_form_field_checkboxinclude\manage_extrafield_class.php:11
filterwoocommerce_form_field_radioinclude\manage_extrafield_class.php:12
filterwoocommerce_form_field_dcfppselectinclude\manage_extrafield_class.php:13
filterwoocommerce_form_field_datepickerinclude\manage_extrafield_class.php:14
filterwoocommerce_form_field_datetimepickerinclude\manage_extrafield_class.php:15
filterwoocommerce_form_field_timepickerinclude\manage_extrafield_class.php:16
filterwoocommerce_form_field_daterangepickerinclude\manage_extrafield_class.php:17
filterwoocommerce_form_field_datetimerangepickerinclude\manage_extrafield_class.php:18
filterwoocommerce_form_field_multiselectinclude\manage_extrafield_class.php:19
filterwoocommerce_form_field_paragraphinclude\manage_extrafield_class.php:20
actiondokan_product_edit_after_maininclude\update_checkout_fields_class.php:12
actiondokan_product_updatedinclude\update_checkout_fields_class.php:14
Maintenance & Trust

Custom Dokan Fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedMar 10, 2023
PHP min version5.2
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Custom Dokan Fields Alternatives

Advanced Custom Fields (ACF®)

Advanced Custom Fields (ACF®)

advanced-custom-fields

A
93

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs
ACF Content Analysis for Yoast SEO

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

A
100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs
Advanced Custom Fields: Extended

Advanced Custom Fields: Extended

acf-extended

B
84

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 4 CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
ACF Photo Gallery Field

ACF Photo Gallery Field

navz-photo-gallery

A
95

A lightweight extension of Advanced Custom Field (ACF) that adds Photo Gallery field to any post/pages on your WordPress website.

60K 4 CVEs
Developer Profile

Custom Dokan Fields Developer Profile

SysBasics

3 plugins · 9K total installs

80
trust score
Avg Security Score
89/100
Avg Patch Time
32 days
View full developer profile
Detection Fingerprints

How We Detect Custom Dokan Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-dokan-fields/assets/css/admin_menu.css/wp-content/plugins/custom-dokan-fields/assets/js/admin_menu.js/wp-content/plugins/custom-dokan-fields/assets/css/select2.css/wp-content/plugins/custom-dokan-fields/assets/js/select2.js/wp-content/plugins/custom-dokan-fields/assets/js/custom.js/wp-content/plugins/custom-dokan-fields/assets/js/jquery.tag-editor.js/wp-content/plugins/custom-dokan-fields/assets/css/jquery.tag-editor.css/wp-content/plugins/custom-dokan-fields/assets/js/dcfppadmin.js+5 more
Script Paths
/wp-content/plugins/custom-dokan-fields/assets/js/admin_menu.js/wp-content/plugins/custom-dokan-fields/assets/js/select2.js/wp-content/plugins/custom-dokan-fields/assets/js/custom.js/wp-content/plugins/custom-dokan-fields/assets/js/jquery.tag-editor.js/wp-content/plugins/custom-dokan-fields/assets/js/dcfppadmin.js/wp-content/plugins/custom-dokan-fields/assets/js/frontend1.js

HTML / DOM Fingerprints

CSS Classes
checkout_field_rule_parentfield
Data Attributes
data-id
JS Globals
dcfpp_admin_data
REST Endpoints
/wp-json/custom-dokan-fields/v1/get_posts
FAQ

Frequently Asked Questions about Custom Dokan Fields