WP-Safety

Features for WooCommerce Security & Risk Analysis

wordpress.org/plugins/features-for-woocommerce

Add setting into the WooCommerce Setting tab to Enable or Disable Multiple feature Like: Hide Coupon Code Change Quantity on Checkout Page BuddyPress …

10 active installs v3.0.1 PHP 7.4+ WP 6.0+ Updated Oct 19, 2023
checkoutproductquantitywoo-commercewoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Features for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Features for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "features-for-woocommerce" plugin version 3.0.1 exhibits a generally strong security posture based on the provided static analysis. The absence of raw SQL queries, file operations, and external HTTP requests are positive indicators. The presence of nonce checks and a healthy percentage of output escaping further contribute to a good security foundation. The lack of any recorded historical vulnerabilities further reinforces this positive assessment. However, a notable concern is the complete absence of capability checks, especially when considering the two AJAX handlers. While nonce checks are present, these do not authenticate the user's privilege level. This could potentially lead to privilege escalation vulnerabilities if an attacker can bypass or exploit the nonce mechanism, or if the functionality exposed by the AJAX handlers is sensitive and should be restricted to specific user roles.

The taint analysis showing zero unsanitized paths across zero flows is excellent, indicating no immediate critical or high-severity vulnerabilities from that perspective. Similarly, the absence of shortcodes and cron events reduces the overall attack surface significantly. The primary weakness identified is the reliance solely on nonce checks for the AJAX endpoints, without any authorization checks. This leaves a potential gap for unauthorized actions if the functionality accessed by these AJAX handlers is not adequately secured by other means. Therefore, while the plugin has many strong security practices, the lack of capability checks on AJAX handlers presents a clear risk that needs attention.

Key Concerns

  • AJAX handlers without capability checks
Vulnerabilities
None known

Features for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Features for WooCommerce Release Timeline

v3.0.1Current
v3.0.0
v2.0.20
v2.0.19
v2.0.18
v2.0.17
v2.0.16
v2.0.15
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
Code Analysis
Analyzed Mar 17, 2026

Features for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
4
5 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

56% escaped9 total outputs
Attack Surface

Features for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

noprivwp_ajax_ffw_change_quantity_on_checkoutincludes\ffw_change_quantity_on_checkout\ffw_change_quantity_on_checkout.php:15
authwp_ajax_ffw_change_quantity_on_checkoutincludes\ffw_change_quantity_on_checkout\ffw_change_quantity_on_checkout.php:16
WordPress Hooks 35
filterwoocommerce_get_settings_pagesfeatures-for-woocommerce.php:122
actionadmin_enqueue_scriptsfeatures-for-woocommerce.php:127
actionwp_enqueue_scriptsfeatures-for-woocommerce.php:128
actionwoocommerce_checkout_initincludes\ffw_change_quantity_on_checkout\ffw_change_quantity_on_checkout.php:14
filterwoocommerce_checkout_cart_item_quantityincludes\ffw_change_quantity_on_checkout\ffw_change_quantity_on_checkout.php:21
actionwoocommerce_checkout_processincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:11
filterwoocommerce_thankyou_order_received_textincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:12
filterwoocommerce_register_formincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:16
actionwp_loadedincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:17
filterwoocommerce_add_messageincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:31
filterwoocommerce_registration_auth_new_customerincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:36
filtersend_auth_cookiesincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:87
filterwoocommerce_new_customer_dataincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:92
filterwoocommerce_email_enabled_customer_new_accountincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:97
actionwoocommerce_created_customerincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:102
filterbp_email_set_content_htmlincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:121
filterbp_email_set_content_plaintextincludes\ffw_checkout_with_buddypress\ffw_checkout_with_buddypress.php:122
actionadmin_menuincludes\ffw_exclude_product_from_coupon_code\ffw_exclude_product_from_coupon_code.php:11
actionadmin_initincludes\ffw_exclude_product_from_coupon_code\ffw_exclude_product_from_coupon_code.php:16
filterwoocommerce_coupon_get_excluded_product_idsincludes\ffw_exclude_product_from_coupon_code\ffw_exclude_product_from_coupon_code.php:21
actionwoocommerce_coupon_optionsincludes\ffw_exclude_product_from_coupon_code\ffw_exclude_product_from_coupon_code.php:23
actionwoocommerce_coupon_options_saveincludes\ffw_exclude_product_from_coupon_code\ffw_exclude_product_from_coupon_code.php:25
actionwoocommerce_helper_loadedincludes\ffw_hide_coupon_code\ffw_hide_coupon_code.php:22
actionwoocommerce_update_couponincludes\ffw_hide_coupon_code\ffw_hide_coupon_code.php:31
actionwoocommerce_coupon_optionsincludes\ffw_hide_coupon_code\ffw_hide_coupon_code.php:32
filterwoocommerce_cart_totals_coupon_labelincludes\ffw_hide_coupon_code\ffw_hide_coupon_code.php:33
filterwoocommerce_coupons_enabledincludes\ffw_remove_apply_coupon_box_from_cart_page\ffw_remove_apply_coupon_box_from_cart_page.php:22
filterwoocommerce_coupons_enabledincludes\ffw_remove_apply_coupon_box_from_checkout_page\ffw_remove_apply_coupon_box_from_checkout_page.php:22
actionwoocommerce_checkout_initincludes\ffw_remove_product_on_checkout\ffw_remove_product_on_checkout.php:14
filterffw_change_quantity_on_checkout_dropboxincludes\ffw_remove_product_on_checkout\ffw_remove_product_on_checkout.php:15
filterwoocommerce_checkout_cart_item_quantityincludes\ffw_remove_product_on_checkout\ffw_remove_product_on_checkout.php:20
filtermanage_edit-shop_coupon_sortable_columnsincludes\ffw_sorting_coupons\ffw_sorting_coupons.php:18
filterrequestincludes\ffw_sorting_coupons\ffw_sorting_coupons.php:19
actionwoocommerce_before_single_productincludes\ffw_update_product_price_on_the_fly\ffw_update_product_price_on_the_fly.php:15
filterffw_frontend_localize_scriptincludes\loader.php:44
Maintenance & Trust

Features for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedOct 19, 2023
PHP min version7.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Features for WooCommerce Alternatives

Change Quantity on Checkout for WooCommerce

Change Quantity on Checkout for WooCommerce

change-quantity-on-checkout-for-woocommerce

A
100

Allow customers to change product quantities and remove products directly from both Classic and Block-based WooCommerce checkout pages.

5K No CVEs
Saphali Woocommerce Lite

Saphali Woocommerce Lite

saphali-woocommerce-lite

A
100

A set of additions to the WooCommerce online store. Adds localization & special tools in WooCommerce.

10K 1 CVE
Checkout Files Upload for WooCommerce

Checkout Files Upload for WooCommerce

checkout-files-upload-woocommerce

A
95

Let your customers upload files on (or after) WooCommerce checkout.

7K 3 CVEs
Product Visibility by User Role for WooCommerce

Product Visibility by User Role for WooCommerce

product-visibility-by-user-role-for-woocommerce

A
100

Display WooCommerce products by customer's user role.

7K No CVEs
Disable cart page for WooCommerce

Disable cart page for WooCommerce

disable-cart-page-for-woocommerce

A
92

Disable WooCommerce cart page and force customers to buy single products.

6K No CVEs
Developer Profile

Features for WooCommerce Developer Profile

AcrossWP

3 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Features for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/features-for-woocommerce/assets/js/admin.js/wp-content/plugins/features-for-woocommerce/assets/js/frontend.js
Script Paths
/wp-content/plugins/features-for-woocommerce/assets/js/admin.js/wp-content/plugins/features-for-woocommerce/assets/js/frontend.js
Version Parameters
features-for-woocommerce/assets/js/admin.js?ver=features-for-woocommerce/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce-checkout-quantity
Data Attributes
data-ffw-action
JS Globals
ffw
REST Endpoints
/wp-json/ffw/v1/products/wp-json/ffw/v1/categories
Shortcode Output
[ffw_product_gallery][ffw_category_grid][ffw_single_product_gallery]
FAQ

Frequently Asked Questions about Features for WooCommerce