WP-Safety

Custom Registration Fields for WooCommerce Security & Risk Analysis

wordpress.org/plugins/custom-registration-fields-for-woocommerce

Add custom registration fields to WooCommerce and WordPress user registration forms, capturing additional information from users with ease.

70 active installs v1.0 PHP 7.4+ WP 6.5+ Updated Nov 25, 2024
custom-fieldscustom-registration-fieldsmy-accountregistration-formswoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Custom Registration Fields for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Custom Registration Fields for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "custom-registration-fields-for-woocommerce" v1.0 exhibits a strong security posture based on the provided static analysis. The complete absence of unprotected entry points across AJAX, REST API, shortcodes, and cron events is a significant strength. Furthermore, the code demonstrates excellent practices regarding SQL queries (100% prepared statements) and output escaping (98% properly escaped), minimizing common injection and XSS vulnerabilities. The limited use of dangerous functions and file operations also contributes positively to its security. The presence of nonce and capability checks indicates a conscious effort to implement authorization and prevent CSRF attacks.

While the overall static analysis is very promising, one concerning signal is the presence of an external HTTP request. The nature and destination of this request are unknown and could potentially introduce risks if not handled securely. Additionally, a taint flow with an unsanitized path was identified, though it is not classified as critical or high severity. This warrants further investigation to understand the potential impact. The complete lack of known vulnerabilities in its history is an excellent indicator of past security diligence. However, the absence of any recorded vulnerabilities should be viewed in conjunction with the current analysis, and ongoing vigilance remains crucial, especially given the single identified taint flow.

In conclusion, this plugin appears to be developed with security in mind, adhering to many best practices. The minimal attack surface and robust handling of SQL and output are commendable. The identified external HTTP request and the unsanitized taint flow are the primary areas that require attention and potential mitigation to maintain its high security standing. The vulnerability history is a strong positive, but the present static analysis findings should be addressed proactively.

Key Concerns

  • Taint flow with unsanitized path
  • External HTTP request detected
Vulnerabilities
None known

Custom Registration Fields for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Custom Registration Fields for WooCommerce Release Timeline

v1.0Current
Code Analysis
Analyzed Mar 16, 2026

Custom Registration Fields for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
212 escaped
Nonce Checks
5
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

98% escaped216 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
crfw_validate_new_registration_fields (includes\class-crfw-registration-custom-fields-frontend.php:304)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom Registration Fields for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 33
actionedit_user_profileincludes\class-crfw-register-custom-fields-admin.php:24
actionshow_user_profileincludes\class-crfw-register-custom-fields-admin.php:27
actionprofile_updateincludes\class-crfw-register-custom-fields-admin.php:28
actionadmin_enqueue_scriptsincludes\class-crfw-register-custom-fields-admin.php:30
actionuser_edit_form_tagincludes\class-crfw-register-custom-fields-admin.php:31
actionadmin_headincludes\class-crfw-register-custom-fields-admin.php:32
actionadmin_initincludes\class-crfw-register-custom-fields-settings.php:22
actionadmin_menuincludes\class-crfw-register-custom-fields-settings.php:23
actioninitincludes\class-crfw-register-post-type.php:20
actionadd_meta_boxesincludes\class-crfw-register-post-type.php:21
actionsave_post_crf-custom-fieldsincludes\class-crfw-register-post-type.php:22
filtermanage_crf-custom-fields_posts_columnsincludes\class-crfw-register-post-type.php:23
filtermanage_crf-custom-fields_posts_custom_columnincludes\class-crfw-register-post-type.php:24
actiontrashed_postincludes\class-crfw-register-post-type.php:25
filterpost_row_actionsincludes\class-crfw-register-post-type.php:26
filterwp_insert_post_dataincludes\class-crfw-register-post-type.php:27
actionwoocommerce_register_formincludes\class-crfw-registration-custom-fields-frontend.php:22
actionuser_registerincludes\class-crfw-registration-custom-fields-frontend.php:23
actionwoocommerce_edit_account_formincludes\class-crfw-registration-custom-fields-frontend.php:27
actionwoocommerce_save_account_detailsincludes\class-crfw-registration-custom-fields-frontend.php:28
actionwoocommerce_register_form_tagincludes\class-crfw-registration-custom-fields-frontend.php:30
actionwoocommerce_edit_account_form_tagincludes\class-crfw-registration-custom-fields-frontend.php:31
actionwp_enqueue_scriptsincludes\class-crfw-registration-custom-fields-frontend.php:32
actionregister_formincludes\class-crfw-registration-custom-fields-frontend.php:34
filterwoocommerce_checkout_fieldsincludes\class-crfw-registration-custom-fields-frontend.php:37
filterwoocommerce_form_field_texthtmlincludes\class-crfw-registration-custom-fields-frontend.php:38
actionlogin_enqueue_scriptsincludes\class-crfw-registration-custom-fields-frontend.php:40
filterwoocommerce_registration_errorsincludes\class-crfw-registration-custom-fields-frontend.php:41
actionwoocommerce_save_account_details_errorsincludes\class-crfw-registration-custom-fields-frontend.php:42
filterregistration_errorsincludes\class-crfw-registration-custom-fields-frontend.php:43
actionadmin_noticeswocommerce-custom-registration-fields.php:36
actionadmin_enqueue_scriptswocommerce-custom-registration-fields.php:41
actionshutdownwocommerce-custom-registration-fields.php:80
Maintenance & Trust

Custom Registration Fields for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 25, 2024
PHP min version7.4
Downloads908

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

Custom Registration Fields for WooCommerce Alternatives

Custom Fields Account Registration For Woocommerce

Custom Fields Account Registration For Woocommerce

custom-fields-account-registration-for-woocommerce

A
97

Add unlimited custom fields to the WooCommerce registration form and My Account page — text, checkbox, radio button, file upload, select, and more.

700 2 CVEs
POI ACF for WP

POI ACF for WP

poi-acf-for-wp

A
92

Allows you to add fields to the WooCommerce Checkout and My Account pages, or display fields you setup on a Product Category, on the Archive Product p …

0 No CVEs
Checkout Field Editor (Checkout Manager) for WooCommerce

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

A
93

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs
Admin Columns

Admin Columns

codepress-admin-columns

A
100

Take control of your WordPress admin list tables. Add, remove, and reorder columns for posts, users, media, and more - no coding needed.

100K No CVEs
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

A
99

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs
Developer Profile

Custom Registration Fields for WooCommerce Developer Profile

Dickens Ayieko

1 plugin · 70 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom Registration Fields for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/css/switchify.css/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/css/vtp-admin-style.css/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/vtp-admin-script.js/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/switchify.js/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/css/backend_style.css/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/backend_script.js
Script Paths
/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/vtp-admin-script.js/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/switchify.js/wp-content/plugins/custom-registration-fields-for-woocommerce/assets/js/backend_script.js
Version Parameters
custom-registration-fields-for-woocommerce/style.css?ver=custom-registration-fields-for-woocommerce/assets/css/switchify.css?ver=custom-registration-fields-for-woocommerce/assets/css/vtp-admin-style.css?ver=custom-registration-fields-for-woocommerce/assets/js/vtp-admin-script.js?ver=custom-registration-fields-for-woocommerce/assets/js/switchify.js?ver=custom-registration-fields-for-woocommerce/assets/css/backend_style.css?ver=custom-registration-fields-for-woocommerce/assets/js/backend_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
crfw_admin_profile_photocrfw_upload_profile_photocrfw_profile_picture
Data Attributes
enctype="multipart/form-data"
FAQ

Frequently Asked Questions about Custom Registration Fields for WooCommerce