Does Final POS – Drag & Drop Point of Sale Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in Final POS – Drag & Drop Point of Sale Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Final POS – Drag & Drop Point of Sale Builder compatible with WordPress 6.8.5?

According to WordPress.org data, Final POS – Drag & Drop Point of Sale Builder 1.3.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Final POS – Drag & Drop Point of Sale Builder compatible with PHP 7.4+?

Final POS – Drag & Drop Point of Sale Builder requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Final POS – Drag & Drop Point of Sale Builder updated?

Final POS – Drag & Drop Point of Sale Builder was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is Final POS – Drag & Drop Point of Sale Builder's security score?

Final POS – Drag & Drop Point of Sale Builder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Final POS – Drag & Drop Point of Sale Builder Security & Risk Analysis

wordpress.org/plugins/finalpos

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 active installs v1.3.7 PHP 7.4+ WP 6.5+ Updated Jan 19, 2026

point-of-salepospos-pluginwoocommerce-point-of-salewoocommerce-pos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Final POS – Drag & Drop Point of Sale Builder Safe to Use in 2026?

Generally Safe

Score 100/100

Final POS – Drag & Drop Point of Sale Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "finalpos" v1.3.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries and a high percentage (90%) of properly escaped output. The absence of any known historical vulnerabilities or CVEs is also a good indicator. The use of nonces and capability checks on four occasions suggests an attempt to protect critical actions.

However, significant concerns arise from the static analysis. The plugin has a notable attack surface with one unprotected AJAX handler, representing a direct entry point for unauthenticated requests. Furthermore, the taint analysis reveals five flows with unsanitized paths, which, while not classified as critical or high severity in this specific scan, represent potential pathways for malicious data to enter the application without proper validation or sanitization. The presence of file operations and external HTTP requests, though not explicitly flagged as problematic in this scan, always warrants careful scrutiny.

In conclusion, while "finalpos" v1.3.7 benefits from good SQL and output sanitization practices and a clean vulnerability history, the unprotected AJAX handler and unsanitized taint flows introduce tangible risks. These elements suggest that an attacker could potentially exploit the application through the exposed AJAX endpoint or by manipulating data that flows through the unsanitized paths. Further investigation into the exact nature of these taint flows is recommended.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths (5)

Vulnerabilities

None known

Final POS – Drag & Drop Point of Sale Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Final POS – Drag & Drop Point of Sale Builder Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

109 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared21 total queries

Output Escaping

90% escaped121 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

render (includes\admin\wizard\class-finalpos-wizard.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Final POS – Drag & Drop Point of Sale Builder Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_finalpos_check_sync_statusfinalpos.php:165

WordPress Hooks 43

actionadmin_noticesfinalpos.php:76

actioninitfinalpos.php:92

actionplugins_loadedfinalpos.php:94

actionwoocommerce_loadedfinalpos.php:97

actionadmin_noticesfinalpos.php:154

actionadmin_menufinalpos.php:158

filterwoocommerce_max_webhook_delivery_failuresfinalpos.php:168

actionadmin_enqueue_scriptsincludes\admin\class-finalpos-admin-assets.php:14

actionadmin_enqueue_scriptsincludes\admin\class-finalpos-admin-assets.php:15

actionadmin_post_final_verify_activation_keyincludes\admin\wizard\class-finalpos-wizard.php:16

actionadmin_post_finalpos_complete_setupincludes\admin\wizard\class-finalpos-wizard.php:17

actioninitincludes\ajax\wc-api-handler.php:25

actionrest_api_initincludes\api\class-finalpos-stock-api.php:57

actionfinalpos_trigger_product_webhooksincludes\api\class-finalpos-stock-api.php:60

actionadmin_noticesincludes\lifecycle.php:48

filtermanage_edit-shop_order_columnsintegrations\readonly-orders.php:63

filtermanage_woocommerce_page_wc-orders_columnsintegrations\readonly-orders.php:65

actionmanage_shop_order_posts_custom_columnintegrations\readonly-orders.php:86

actionmanage_woocommerce_page_wc-orders_custom_columnintegrations\readonly-orders.php:88

actionadmin_noticesintegrations\readonly-orders.php:122

actionwoocommerce_order_action_make_readonlyintegrations\readonly-orders.php:136

filteradmin_body_classintegrations\readonly-orders.php:159

filterpost_classintegrations\readonly-orders.php:182

actionadmin_enqueue_scriptsintegrations\readonly-orders.php:239

actionwoocommerce_before_order_object_saveintegrations\readonly-orders.php:258

actionadd_post_metaintegrations\readonly-orders.php:282

actiondelete_post_metaintegrations\readonly-orders.php:283

actionwp_trash_postintegrations\readonly-orders.php:306

actionbefore_delete_postintegrations\readonly-orders.php:307

actionwp_trash_postintegrations\readonly-orders.php:333

actionbefore_delete_postintegrations\readonly-orders.php:334

actiontrashed_postintegrations\readonly-orders.php:335

filterbulk_actions-edit-shop_orderintegrations\readonly-orders.php:355

filterwoocommerce_bulk_actionsintegrations\readonly-orders.php:356

actionwoocommerce_before_delete_orderintegrations\readonly-orders.php:375

actionwoocommerce_before_trash_orderintegrations\readonly-orders.php:376

filterwoocommerce_can_restock_refunded_itemsintegrations\readonly-orders.php:408

actionwoocommerce_rest_insert_shop_orderintegrations\readonly-orders.php:450

actionwoocommerce_rest_insert_shop_order_objectintegrations\readonly-orders.php:451

actionwoocommerce_order_after_calculate_totalsintegrations\readonly-orders.php:452

filterwoocommerce_order_get_tax_totalsintegrations\readonly-orders.php:471

actionwoocommerce_refund_createdintegrations\refund-restock.php:25

filterwoocommerce_hidden_order_itemmetaintegrations\refund-restock.php:26

Scheduled Events 1

finalpos_trigger_product_webhooks

Maintenance & Trust

Final POS – Drag & Drop Point of Sale Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 19, 2026

PHP min version7.4

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs60

Alternatives

Final POS – Drag & Drop Point of Sale Builder Alternatives

wePOS – Point Of Sale (POS) for WooCommerce

wepos

100

WooCommerce point of sale WordPress plugin.

2K 1 CVE

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store …

1K 3 CVEs

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs

FooSales – Point of Sale (POS) for WooCommerce

foosales

100

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 No CVEs

ConnectPOS | Point of Sale for WooCommerce

connectpos-pos-system-for-woocommerce

ConnectPOS is a global-awarded Point of Sale (POS) tailor-made for WooCommerce users in Fashion industry. We are the Bronze winner of 2021 Stevie Awar …

80 No CVEs

Developer Profile

Final POS – Drag & Drop Point of Sale Builder Developer Profile

Final POS

1 plugin · 60 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Final POS – Drag & Drop Point of Sale Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/finalpos/assets/css/admin-style.css/wp-content/plugins/finalpos/assets/css/wizard-style.css/wp-content/plugins/finalpos/assets/js/admin-scripts.js/wp-content/plugins/finalpos/assets/js/wizard-scripts.js

Script Paths

/wp-content/plugins/finalpos/assets/js/admin-scripts.js/wp-content/plugins/finalpos/assets/js/wizard-scripts.js

Version Parameters

finalpos/assets/css/admin-style.css?ver=finalpos/assets/css/wizard-style.css?ver=finalpos/assets/js/admin-scripts.js?ver=finalpos/assets/js/wizard-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

finalpos-wizard-wrapper

HTML Comments

Data Attributes

data-finalpos-active

JS Globals

FinalPOS_Admin

REST Endpoints

/wp-json/finalpos/v1/stock

FAQ