WP-Safety

FFL Dealers Security & Risk Analysis

wordpress.org/plugins/ff-dealers

FFL Dealers simplifies the checkout phase on online gun stores that can implement user-friendly features for the benefit to the dealers and their cus …

10 active installs v2.0.2 PHP 7.4+ WP 5.8+ Updated Unknown
atf-govecommerce-checkoutffl-dealersffl-gun-dealerswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FFL Dealers Safe to Use in 2026?

Generally Safe

Score 100/100

FFL Dealers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'ff-dealers' plugin v2.0.2 exhibits a generally positive security posture due to its adherence to secure coding practices. The absence of known CVEs and its use of prepared statements for all SQL queries are significant strengths. The plugin also demonstrates good practices regarding output escaping, with a substantial portion of outputs being properly handled, and the inclusion of nonce and capability checks where applicable. The limited attack surface is also a favorable factor.

However, the static analysis reveals areas of concern, particularly in the taint analysis. Three high-severity taint flows were identified, indicating potential vulnerabilities where unsanitized data could be processed in a risky manner. While the overall number of flows with unsanitized paths is moderate, the high severity of three flows warrants attention. The presence of file operations and external HTTP requests, while not inherently insecure, become riskier when coupled with potential taint issues. The low percentage of properly escaped outputs also suggests a risk of cross-site scripting (XSS) vulnerabilities, although the severity of these specific instances is not detailed.

Overall, 'ff-dealers' v2.0.2 is a plugin that demonstrates good foundational security but has specific areas requiring immediate review. The lack of historical vulnerabilities is encouraging, but the high-severity taint flows are a critical signal that must be addressed to prevent potential exploits. Future development should focus on robust input validation and sanitization for all data entering the plugin.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths in taint flows
  • Moderate output escaping coverage
Vulnerabilities
None known

FFL Dealers Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

FFL Dealers Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
134
306 escaped
Nonce Checks
4
Capability Checks
0
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared6 total queries

Output Escaping

70% escaped440 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
ffl_dealers_add_new (admin\class-ffl-dealers-admin.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

FFL Dealers Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[dealers-locator] includes\functions.php:388
WordPress Hooks 24
actionadmin_noticesadmin\class-ffl-dealers-admin.php:104
actionwoocommerce_initffl-dealers.php:108
actionadmin_noticesffl-dealers.php:111
actionplugins_loadedincludes\class-ffl-dealers.php:146
actionadmin_enqueue_scriptsincludes\class-ffl-dealers.php:161
actionadmin_enqueue_scriptsincludes\class-ffl-dealers.php:162
actionadmin_initincludes\class-ffl-dealers.php:163
actionadmin_menuincludes\class-ffl-dealers.php:164
actionadmin_post_ffl_dealersincludes\class-ffl-dealers.php:165
actionadmin_post_nopriv_ffl_dealersincludes\class-ffl-dealers.php:166
filterffl_menu_settings_tabsincludes\class-ffl-dealers.php:167
filterffl_menu_settings_fieldsincludes\class-ffl-dealers.php:168
actionadmin_initincludes\class-ffl-dealers.php:169
actionffl_dealers_settings_page_noticeincludes\class-ffl-dealers.php:170
actionadmin_initincludes\class-ffl-dealers.php:171
actionsave_settings_ffl_fieldsincludes\class-ffl-dealers.php:172
actionsave_settings_ffl_fieldsincludes\class-ffl-dealers.php:173
actionwp_enqueue_scriptsincludes\class-ffl-dealers.php:189
actionwp_enqueue_scriptsincludes\class-ffl-dealers.php:190
actionwoocommerce_before_checkout_billing_formincludes\class-ffl-dealers.php:193
actiondealer_locators_positionincludes\class-ffl-dealers.php:194
actionrest_api_initincludes\class-ffl-dealers.php:199
actionwp_footerpublic\class-ffl-dealers-public.php:156
actionwoocommerce_before_checkout_shipping_formpublic\class-ffl-dealers-public.php:157
Maintenance & Trust

FFL Dealers Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedUnknown
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

FFL Dealers Alternatives

g-FFL Checkout

g-FFL Checkout

g-ffl-checkout

A
94

Built by a FFL, for FFL's. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.

600 1 CVE
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Developer Profile

FFL Dealers Developer Profile

Shafiq

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FFL Dealers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ff-dealers/admin/css/ffl-dealers-admin-notice.css/wp-content/plugins/ff-dealers/admin/css/select2.min.css/wp-content/plugins/ff-dealers/admin/css/spectrum.min.css/wp-content/plugins/ff-dealers/admin/css/ffl-dealers-admin.css/wp-content/plugins/ff-dealers/admin/js/select2.min.js/wp-content/plugins/ff-dealers/admin/js/spectrum.min.js/wp-content/plugins/ff-dealers/admin/js/ffl-dealers-admin.js
Script Paths
//maps.googleapis.com/maps/api/js?key=.*&callback=initFFLMap&libraries=places,drawing&language=.*
Version Parameters
ffl-dealers-admin-notice.css?ver=select2.min.css?ver=spectrum.min.css?ver=ffl-dealers-admin.css?ver=select2.min.js?ver=spectrum.min.js?ver=ffl-dealers-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ffl-dealer-main-wrapperffl-dealer-location-listingffl-dealer-custom-titleffl-dealer-map-wrapper
HTML Comments
<!-- The code that runs during plugin activation. --><!-- The code that runs during plugin deactivation. --><!-- Begins execution of the plugin. -->
Data Attributes
data-noncedata-modal-enabledata-plugin-namedata-plugin-versiondata-map-keydata-target-map-id+10 more
JS Globals
ffl_dealers_objffl_dealers_noticesinitFFLMap
FAQ

Frequently Asked Questions about FFL Dealers