Does Checkout Fields and File Upload for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Checkout Fields and File Upload for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Checkout Fields and File Upload for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Checkout Fields and File Upload for WooCommerce 1.2.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Checkout Fields and File Upload for WooCommerce compatible with PHP 7.0+?

Checkout Fields and File Upload for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Checkout Fields and File Upload for WooCommerce's security score?

Checkout Fields and File Upload for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checkout Fields and File Upload for WooCommerce Security & Risk Analysis

wordpress.org/plugins/fields-and-file-upload

Easily add general or item-specific detail inputs and file uploads to the WooCommerce checkout page's additional information section.

100 active installs v1.2.3 PHP 7.0+ WP 4.6+ Updated Sep 23, 2025

checkoutfile-uploadorder-detailswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Checkout Fields and File Upload for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Checkout Fields and File Upload for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The 'fields-and-file-upload' plugin version 1.2.3 demonstrates a generally good security posture with a small attack surface and robust output escaping. All identified AJAX handlers have authentication checks, and there are no unprotected entry points. The absence of known CVEs and vulnerability history further contributes to this positive assessment, suggesting a history of stable and secure development.

However, the code analysis reveals a significant concern regarding SQL query security. All five SQL queries are executed without the use of prepared statements. This leaves the plugin vulnerable to SQL injection attacks, particularly if any of the data used in these queries originates from user input. While taint analysis did not reveal any unsanitized paths, the lack of prepared statements is a critical oversight that could be exploited through clever input manipulation.

Despite the excellent output escaping and controlled attack surface, the lack of prepared statements for all SQL queries is a notable weakness. The plugin benefits from a clean history and good practices in other areas, but this specific SQL vulnerability presents a tangible risk that should be addressed. Overall, the plugin is well-developed in many respects, but this critical oversight in database interaction necessitates caution.

Key Concerns

SQL queries without prepared statements

Vulnerabilities

None known

Checkout Fields and File Upload for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Checkout Fields and File Upload for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared5 total queries

Output Escaping

100% escaped44 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

process (src\includes\class-upload-api.php:133)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Checkout Fields and File Upload for WooCommerce Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cffu_file_uploadsrc\includes\class-upload-api.php:22

noprivwp_ajax_cffu_file_uploadsrc\includes\class-upload-api.php:23

WordPress Hooks 14

actionwoocommerce_checkout_create_ordersrc\includes\class-data-hooks.php:24

actionbefore_delete_postsrc\includes\class-data-hooks.php:25

actionwoocommerce_before_delete_ordersrc\includes\class-data-hooks.php:26

actionwoocommerce_cleanup_sessionssrc\includes\class-data-hooks.php:28

filterwoocommerce_checkout_fieldssrc\includes\class-display.php:28

filterwoocommerce_form_field_cffu_file_uploadsrc\includes\class-display.php:29

actionwoocommerce_after_order_detailssrc\includes\class-display.php:30

actionadd_meta_boxessrc\includes\class-display.php:31

actionwoocommerce_email_after_order_tablesrc\includes\class-display.php:32

actioninitsrc\includes\class-settings.php:110

actionadmin_initsrc\includes\class-settings.php:111

actionadmin_menusrc\includes\class-settings.php:112

filterupload_dirsrc\includes\class-upload-api.php:175

filterwp_check_filetype_and_extsrc\includes\class-upload-api.php:176

Maintenance & Trust

Checkout Fields and File Upload for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 23, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Checkout Fields and File Upload for WooCommerce Alternatives

File Upload For WooCommerce

file-upload-for-woocommerce

A plugin For Uploading The Files On Product Pages And Checkout Pages of WooCommerce. Admin have so many controls over the plugin with a beatiful UI

10 No CVEs

RedFox Thank You Page for WooCommerce

redfox-thank-you

100

Create beautiful, customizable WooCommerce thank you pages with powerful Gutenberg blocks and responsive controls.

0 No CVEs

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs

Developer Profile

Checkout Fields and File Upload for WooCommerce Developer Profile

Brandon Fowler

2 plugins · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Checkout Fields and File Upload for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fields-and-file-upload/src/css/checkout.css/wp-content/plugins/fields-and-file-upload/src/js/checkout.js/wp-content/plugins/fields-and-file-upload/src/css/order.css

Script Paths

/wp-content/plugins/fields-and-file-upload/src/js/checkout.js

Version Parameters

fields-and-file-upload/src/css/checkout.css?ver=fields-and-file-upload/src/js/checkout.js?ver=fields-and-file-upload/src/css/order.css?ver=

HTML / DOM Fingerprints

CSS Classes

cffu-clear-fileinput-cffu-file-uploadcffu-order-detailscffu-order-detailcffu-file-field

Data Attributes

data-name

JS Globals

cffu_checkout_params

FAQ