Does Easy Upload Files During Checkout have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Upload Files During Checkout have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Upload Files During Checkout compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Upload Files During Checkout 3.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Easy Upload Files During Checkout compatible with PHP 7.0+?

Easy Upload Files During Checkout requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Easy Upload Files During Checkout updated?

Easy Upload Files During Checkout was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Easy Upload Files During Checkout's security score?

Easy Upload Files During Checkout has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Upload Files During Checkout Security & Risk Analysis

wordpress.org/plugins/easy-upload-files-during-checkout

Attach files during checkout process on cart page with ease.

600 active installs v3.0.1 PHP 7.0+ WP 3.0+ Updated Feb 5, 2026

attach-filescheckout-processduring-checkout-processloginupload-files

A · Safe

CVEs total2

Unpatched0

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is Easy Upload Files During Checkout Safe to Use in 2026?

Generally Safe

Score 93/100

Easy Upload Files During Checkout has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 31, 2025Updated 1mo ago

Risk Assessment

The 'easy-upload-files-during-checkout' plugin v3.0.1 presents a mixed security posture. While it demonstrates some good practices like a significant percentage of properly escaped outputs and a majority of SQL queries using prepared statements, there are notable concerns. The presence of two AJAX handlers without authentication checks creates an immediate attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis revealed one high-severity flow with unsanitized paths, indicating a potential for privilege escalation or unauthorized file access. The plugin's vulnerability history, including a past critical vulnerability and a general pattern of missing authorization and unrestricted file uploads, is a significant red flag. Although there are no currently unpatched CVEs, the recurring nature of these vulnerability types suggests persistent coding weaknesses that could be re-introduced or exploited in future versions. The plugin's strengths lie in its relative lack of dangerous functions and no obvious REST API vulnerabilities. However, the combination of unprotected entry points, high-severity taint flows, and historical vulnerability patterns warrants caution.

Key Concerns

Unprotected AJAX handlers
High severity taint flow
Past critical CVE
Historical missing authorization
Historical unrestricted file upload

Vulnerabilities

Easy Upload Files During Checkout Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-62078medium · 4.3Missing Authorization

Easy Upload Files During Checkout <= 3.0.0 - Missing Authorization

Dec 31, 2025 Patched in 3.0.1 (38d)

CVE-2025-12682critical · 9.8Unrestricted Upload of File with Dangerous Type

Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload

Nov 3, 2025 Patched in 2.9.9 (2d)

Code Analysis

Analyzed Mar 16, 2026

Easy Upload Files During Checkout Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

124 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared6 total queries

Output Escaping

77% escaped162 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

file_during_checkout (inc\functions.php:685)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Easy Upload Files During Checkout Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 7

authwp_ajax_eufdc_connect_to_amazoninc\functions-inner.php:65

noprivwp_ajax_eufdc_update_file_captioninc\functions.php:1566

authwp_ajax_eufdc_update_file_captioninc\functions.php:1567

noprivwp_ajax_eufdc_get_file_upload_errorinc\functions.php:1751

authwp_ajax_eufdc_get_file_upload_errorinc\functions.php:1752

authwp_ajax_eufdc_delete_orphan_filesinc\functions.php:1771

authwp_ajax_eufdc_get_orphan_files_statisticsinc\functions.php:1827

WordPress Hooks 40

actionadmin_initinc\functions-inner.php:91

filterwoo_salesforce_crmperks_post_datainc\functions-inner.php:196

actionwoocommerce_register_postinc\functions.php:383

actionwoocommerce_created_customerinc\functions.php:415

filterintermediate_image_sizesinc\functions.php:892

actionwoocommerce_email_before_order_tableinc\functions.php:1031

actionwp_headinc\functions.php:1201

filterwoocommerce_checkout_fieldsinc\functions.php:1203

actionwoocommerce_order_details_after_order_tableinc\functions.php:1251

actionwpinc\functions.php:1373

actionshow_user_profileinc\functions.php:1447

actionedit_user_profileinc\functions.php:1448

filterwp_handle_upload_prefilterinc\functions.php:1697

actionadmin_menuindex.php:149

actioninitindex.php:151

actionwpindex.php:152

actionwoocommerce_checkout_after_customer_detailsindex.php:158

actionwoocommerce_after_cart_tableindex.php:162

actionwp_footerindex.php:163

actionwoocommerce_after_order_notesindex.php:166

actionwoocommerce_register_form_startindex.php:169

actionwoocommerce_view_orderindex.php:177

actionwp_footerindex.php:196

actionwoocommerce_before_checkout_formindex.php:207

filterthe_contentindex.php:220

actionwp_footerindex.php:226

actionwpindex.php:230

actionwoocommerce_order_status_pendingindex.php:231

actionwoocommerce_order_status_failedindex.php:232

actionwoocommerce_order_status_on-holdindex.php:233

actionwoocommerce_order_status_processingindex.php:234

actionwoocommerce_order_status_completedindex.php:235

actionwoocommerce_order_status_cancelledindex.php:236

actionsave_postindex.php:240

actionwp_enqueue_scriptsindex.php:247

actionwp_enqueue_scriptsindex.php:248

actionwp_enqueue_scriptsindex.php:249

actionadd_meta_boxesindex.php:251

actionadmin_enqueue_scriptsindex.php:253

actionadmin_enqueue_scriptsindex.php:255

Maintenance & Trust

Easy Upload Files During Checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.0

Downloads127K

Community Trust

Rating94/100

Number of ratings60

Active installs600

Alternatives

Easy Upload Files During Checkout Alternatives

File Uploader for WooCommerce

file-uploader-for-woocommerce

Allows to attach files from different sources to WooCommerce customer orders.

100 1 CVE

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

WPS Hide Login

wps-hide-login

Change wp-login.php to anything you want.

2.0M 10 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Developer Profile

Easy Upload Files During Checkout Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

237 days

View full developer profile

Detection Fingerprints

How We Detect Easy Upload Files During Checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-upload-files-during-checkout/css/jquery-ui.css/wp-content/plugins/easy-upload-files-during-checkout/css/style.css/wp-content/plugins/easy-upload-files-during-checkout/js/main.js/wp-content/plugins/easy-upload-files-during-checkout/js/upload.js/wp-content/plugins/easy-upload-files-during-checkout/js/jquery-ui.js

Script Paths

/wp-content/plugins/easy-upload-files-during-checkout/js/main.js/wp-content/plugins/easy-upload-files-during-checkout/js/upload.js/wp-content/plugins/easy-upload-files-during-checkout/js/jquery-ui.js

Version Parameters

easy-upload-files-during-checkout/css/jquery-ui.css?ver=easy-upload-files-during-checkout/css/style.css?ver=easy-upload-files-during-checkout/js/main.js?ver=easy-upload-files-during-checkout/js/upload.js?ver=easy-upload-files-during-checkout/js/jquery-ui.js?ver=

HTML / DOM Fingerprints

CSS Classes

eufdc-upload-main-diveufdc-upload-content

HTML Comments

Easy Upload Files During CheckoutAttach files during checkout process on cart page with ease.Author: Fahad MahmoodPlugin URI: https://androidbubble.com/blog/wordpress/plugins/easy-upload-files-during-checkout+2 more

Data Attributes

data-eufdc-iddata-max-sizedata-file-typesdata-is-required

JS Globals

eufdc_obj

FAQ