WP-Safety

FooSales – Point of Sale (POS) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/foosales

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 active installs v1.41.14 PHP 7.4+ WP 6.3+ Updated Feb 12, 2026
point-of-saleposwoocommerce-point-of-salewoocommerce-poswoocommerce-square
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FooSales – Point of Sale (POS) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

FooSales – Point of Sale (POS) for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The foosales plugin v1.41.14 demonstrates a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities (CVEs) in its history is a positive indicator, suggesting a history of secure development or proactive patching. The code analysis reveals a commendable adherence to secure coding practices, with all SQL queries utilizing prepared statements and a high percentage of output being properly escaped. The presence of nonce and capability checks, along with a limited number of file operations and external HTTP requests, further contributes to a robust defense against common web vulnerabilities. There are no identified critical or high-severity taint flows, which is a significant positive finding. The primary concern arises from the identified cron event, which, while not explicitly stated as unprotected, represents a potential entry point that warrants careful scrutiny to ensure proper authorization and sanitization within its execution context.

While the plugin excels in secure query handling and output escaping, the sole identified cron event is the only area that could potentially harbor an overlooked vulnerability if not properly secured. The total attack surface is reported as zero unprotected entry points, which is an excellent sign, but the presence of a cron event means that this count might be an oversimplification if the cron event itself doesn't have adequate checks. The lack of historical vulnerabilities is highly encouraging, but it's crucial to remain vigilant. The plugin's strengths lie in its disciplined approach to data handling and its clean vulnerability history. The sole weakness is the potential, albeit unconfirmed, risk associated with the cron event.

Key Concerns

  • Cron event without explicit auth check
Vulnerabilities
None known

FooSales – Point of Sale (POS) for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

FooSales – Point of Sale (POS) for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
43
1460 escaped
Nonce Checks
9
Capability Checks
5
File Operations
5
External Requests
12
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared20 total queries

Output Escaping

97% escaped1503 total outputs
Attack Surface

FooSales – Point of Sale (POS) for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 35
filterwoocommerce_analytics_orders_query_argsadmin\apps\wc_analytics\class-foosales-analytics.php:31
filterwoocommerce_analytics_orders_stats_query_argsadmin\apps\wc_analytics\class-foosales-analytics.php:32
filterwoocommerce_analytics_clauses_join_orders_subqueryadmin\apps\wc_analytics\class-foosales-analytics.php:34
filterwoocommerce_analytics_clauses_join_orders_stats_totaladmin\apps\wc_analytics\class-foosales-analytics.php:35
filterwoocommerce_analytics_clauses_join_orders_stats_intervaladmin\apps\wc_analytics\class-foosales-analytics.php:36
filterwoocommerce_analytics_clauses_where_orders_subqueryadmin\apps\wc_analytics\class-foosales-analytics.php:38
filterwoocommerce_analytics_clauses_where_orders_stats_totaladmin\apps\wc_analytics\class-foosales-analytics.php:39
filterwoocommerce_analytics_clauses_where_orders_stats_intervaladmin\apps\wc_analytics\class-foosales-analytics.php:40
filterwoocommerce_analytics_clauses_select_orders_subqueryadmin\apps\wc_analytics\class-foosales-analytics.php:42
filterwoocommerce_analytics_clauses_select_orders_stats_totaladmin\apps\wc_analytics\class-foosales-analytics.php:43
filterwoocommerce_analytics_clauses_select_orders_stats_intervaladmin\apps\wc_analytics\class-foosales-analytics.php:44
filterwoocommerce_stock_amountadmin\class-foosales-admin.php:2475
actionadmin_initadmin\class-foosales-fooevents-integration.php:36
actionwoocommerce_process_product_metaadmin\class-foosales-fooevents-integration.php:37
actionrest_api_initadmin\class-foosales-fooevents-integration.php:38
actionmanage_edit-foosales_payment_columnsadmin\class-foosales-payments.php:40
actionmanage_foosales_payment_posts_custom_columnadmin\class-foosales-payments.php:41
actionpre_get_postsadmin\class-foosales-payments.php:42
filtermanage_edit-foosales_payment_sortable_columnsadmin\class-foosales-payments.php:44
filtermanage_posts_columnsadmin\class-foosales-payments.php:45
filterpost_row_actionsadmin\class-foosales-payments.php:46
filterbulk_actions-edit-foosales_paymentadmin\class-foosales-payments.php:47
filterlist_table_primary_columnadmin\class-foosales-payments.php:48
filterquery_varsadmin\class-foosales-payments.php:49
actionrest_api_initadmin\class-foosales-rest-api.php:56
filterrest_pre_serve_requestadmin\class-foosales-rest-api.php:57
filterwoocommerce_variation_is_purchasableadmin\class-foosales-rest-api.php:401
actionadmin_noticesadmin\class-foosales-xmlrpc.php:40
filterxmlrpc_methodsadmin\foosales-fooevents-xmlrpc-functions.php:63
filterxmlrpc_methodsadmin\foosales-xmlrpc-functions.php:644
filtercomments_clausesadmin\helpers\foosales-api-helper.php:2652
actionbefore_woocommerce_initfoosales.php:34
actionadmin_initfoosales.php:71
actionactivated_pluginfoosales.php:72
actioninitfoosales.php:159

Scheduled Events 1

fsfwc_update_order_square_fees
Maintenance & Trust

FooSales – Point of Sale (POS) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version7.4
Downloads81K

Community Trust

Rating64/100
Number of ratings13
Active installs700
Alternatives

FooSales – Point of Sale (POS) for WooCommerce Alternatives

wePOS – Point Of Sale (POS) for WooCommerce

wePOS – Point Of Sale (POS) for WooCommerce

wepos

A
100

WooCommerce point of sale WordPress plugin.

2K 1 CVE
Oliver POS – A WooCommerce Point of Sale (POS)

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

A
94

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store …

1K 3 CVEs
Final POS – Drag & Drop Point of Sale Builder

Final POS – Drag & Drop Point of Sale Builder

finalpos

A
100

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 No CVEs
Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
Media API for WooCommerce

Media API for WooCommerce

woo-media-api

A
100

Media endpoint for WooCommerce API. Upload and list media file by WooCommerce REST API.

400 No CVEs
Developer Profile

FooSales – Point of Sale (POS) for WooCommerce Developer Profile

FooSales

1 plugin · 700 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FooSales – Point of Sale (POS) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/foosales/admin/css/foosales-admin.css/wp-content/plugins/foosales/admin/js/foosales-admin.js/wp-content/plugins/foosales/admin/js/pages/foosales-general-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-products-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-payments-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-tax-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-receipt-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-security-settings.js+48 more
Script Paths
/wp-content/plugins/foosales/admin/js/foosales-admin.js/wp-content/plugins/foosales/admin/js/pages/foosales-general-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-products-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-payments-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-tax-settings.js/wp-content/plugins/foosales/admin/js/pages/foosales-receipt-settings.js+48 more
Version Parameters
foosales/css/foosales-admin.css?ver=foosales/js/foosales-admin.js?ver=foosales/js/pages/foosales-general-settings.js?ver=foosales/js/pages/foosales-products-settings.js?ver=foosales/js/pages/foosales-payments-settings.js?ver=foosales/js/pages/foosales-tax-settings.js?ver=foosales/js/pages/foosales-receipt-settings.js?ver=foosales/js/pages/foosales-security-settings.js?ver=foosales/js/pages/foosales-woo-sync-settings.js?ver=foosales/js/pages/foosales-sync-logs.js?ver=foosales/js/pages/foosales-user-permissions.js?ver=foosales/js/pages/foosales-sync-queue.js?ver=foosales/js/pages/foosales-woo-products.js?ver=foosales/js/pages/foosales-woo-orders.js?ver=foosales/js/pages/foosales-woo-customers.js?ver=foosales/js/pages/foosales-reports.js?ver=foosales/js/pages/foosales-payment-gateway-stripe.js?ver=foosales/js/pages/foosales-payment-gateway-square.js?ver=foosales/js/pages/foosales-payment-gateway-manual.js?ver=foosales/js/pages/foosales-payment-gateway-paypal.js?ver=foosales/js/pages/foosales-payment-gateway-paypal-checkout.js?ver=foosales/js/pages/foosales-payment-gateway-paypal-standard.js?ver=foosales/js/pages/foosales-payment-gateway-woocommerce-gateway.js?ver=foosales/js/pages/foosales-payment-gateway-woocommerce-paypal-standard.js?ver=foosales/js/pages/foosales-payment-gateway-woocommerce-stripe.js?ver=foosales/js/pages/foosales-payment-gateway-woocommerce-square.js?ver=foosales/js/pages/foosales-payment-gateway-woocommerce-manual.js?ver=foosales/js/pages/foosales-payment-gateway-paypal-checkout.js?ver=foosales/js/pages/foosales-payment-gateway-paypal.js?ver=foosales/css/foosales-public.css?ver=foosales/js/foosales-public.js?ver=foosales/js/foosales-checkout.js?ver=foosales/js/foosales-cart.js?ver=foosales/js/foosales-product-detail.js?ver=foosales/js/foosales-woo-cart.js?ver=foosales/js/foosales-woo-checkout.js?ver=foosales/js/foosales-woo-product-detail.js?ver=foosales/js/foosales-payment-popup.js?ver=foosales/js/foosales-payment-popup-woo.js?ver=foosales/js/foosales-payment-popup-woo-checkout.js?ver=foosales/js/foosales-payment-popup-woo-cart.js?ver=foosales/js/foosales-payment-popup-woo-product-detail.js?ver=foosales/js/foosales-payment-popup-woo-payment-gateway.js?ver=foosales/js/foosales-payment-popup-woo-stripe.js?ver=foosales/js/foosales-payment-popup-woo-square.js?ver=foosales/js/foosales-payment-popup-woo-manual.js?ver=foosales/js/foosales-payment-popup-woo-paypal.js?ver=foosales/js/foosales-payment-popup-woo-paypal-checkout.js?ver=foosales/js/foosales-payment-popup-woo-paypal-standard.js?ver=foosales/js/foosales-payment-popup-woo-woocommerce-gateway.js?ver=foosales/js/foosales-payment-popup-woo-woocommerce-paypal-standard.js?ver=foosales/js/foosales-payment-popup-woo-woocommerce-stripe.js?ver=foosales/js/foosales-payment-popup-woo-woocommerce-square.js?ver=foosales/js/foosales-payment-popup-woo-woocommerce-manual.js?ver=foosales/js/foosales-payment-popup-woo-paypal-checkout.js?ver=foosales/js/foosales-payment-popup-woo-paypal.js?ver=

HTML / DOM Fingerprints

CSS Classes
foosales-admin-settings-pagefoosales-product-settings-pagefoosales-payments-settings-pagefoosales-tax-settings-pagefoosales-receipt-settings-pagefoosales-security-settings-pagefoosales-woo-sync-settings-pagefoosales-sync-logs-page+52 more
Data Attributes
data-foosales-noncedata-foosales-product-iddata-foosales-cart-item-keydata-foosales-payment-gateway
JS Globals
foosales_paramsFooSalesFooSalesAdminFooSalesGeneralSettingsFooSalesProductsSettingsFooSalesPaymentsSettings+54 more
REST Endpoints
/wp-json/foosales/v1/settings/wp-json/foosales/v1/products/wp-json/foosales/v1/orders/wp-json/foosales/v1/customers/wp-json/foosales/v1/reports/wp-json/foosales/v1/payment-gateways/wp-json/foosales/v1/sync/status/wp-json/foosales/v1/sync/logs/wp-json/foosales/v1/sync/queue/wp-json/foosales/v1/payment/wp-json/foosales/v1/payment/stripe/wp-json/foosales/v1/payment/square/wp-json/foosales/v1/payment/manual/wp-json/foosales/v1/payment/paypal/wp-json/foosales/v1/payment/paypal-checkout/wp-json/foosales/v1/payment/paypal-standard/wp-json/foosales/v1/payment/woocommerce-gateway/wp-json/foosales/v1/payment/woocommerce-paypal-standard/wp-json/foosales/v1/payment/woocommerce-stripe/wp-json/foosales/v1/payment/woocommerce-square/wp-json/foosales/v1/payment/woocommerce-manual
FAQ

Frequently Asked Questions about FooSales – Point of Sale (POS) for WooCommerce