Does g-FFL Checkout have any unpatched vulnerabilities?

No. All known vulnerabilities in g-FFL Checkout have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is g-FFL Checkout compatible with WordPress 6.9.4?

According to WordPress.org data, g-FFL Checkout 2.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is g-FFL Checkout compatible with PHP 7.0+?

g-FFL Checkout requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is g-FFL Checkout updated?

g-FFL Checkout was last updated on Feb 21, 2026. Frequent updates are generally a positive security signal.

What is g-FFL Checkout's security score?

g-FFL Checkout has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

g-FFL Checkout Security & Risk Analysis

wordpress.org/plugins/g-ffl-checkout

Built by a FFL, for FFL's. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.

600 active installs v2.1.4 PHP 7.0+ WP 5.0+ Updated Feb 21, 2026

ecommerce-checkoutfflffl-gun-dealersmap-apiwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEJan 15, 2026

Plugin page Download

Safety Verdict

Is g-FFL Checkout Safe to Use in 2026?

Generally Safe

Score 94/100

g-FFL Checkout has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 15, 2026Updated 1mo ago

Risk Assessment

The g-ffl-checkout v2.1.4 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping (92% properly escaped) and has a relatively low number of critical taint flows, several areas raise significant concerns. The plugin has a substantial attack surface with 14 unprotected AJAX handlers, representing a considerable risk for unauthorized actions. The complete absence of prepared statements for its single SQL query is a major vulnerability that could lead to SQL injection attacks. The plugin's vulnerability history includes one critical CVE related to unrestricted file uploads with dangerous types, and while it is currently patched, this pattern suggests potential for similar vulnerabilities if not rigorously monitored. The presence of file operations and external HTTP requests also warrants careful scrutiny to ensure these functions are not exploited.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements
Critical CVE in history (Unrestricted Upload)

Vulnerabilities

g-FFL Checkout Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2025-68001critical · 9.8Unrestricted Upload of File with Dangerous Type

g-FFL Checkout <= 2.1.0 - Unauthenticated Arbitrary File Upload

Jan 15, 2026 Patched in 2.1.1 (5d)

Code Analysis

Analyzed Mar 16, 2026

g-FFL Checkout Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

411 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

92% escaped448 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths

<ffl_ordering> (includes\ffl_ordering.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

g-FFL Checkout Attack Surface

Entry Points43

Unprotected14

AJAX Handlers 43

authwp_ajax_search_ffl_for_blacklistadmin\class-ffl-api-admin.php:67

authwp_ajax_add_ffl_to_blacklistadmin\class-ffl-api-admin.php:68

authwp_ajax_remove_ffl_from_blacklistadmin\class-ffl-api-admin.php:69

authwp_ajax_get_blacklist_contentadmin\class-ffl-api-admin.php:70

authwp_ajax_bulk_remove_ffl_from_blacklistadmin\class-ffl-api-admin.php:71

authwp_ajax_ffl_management_upload_ffl_documentadmin\class-ffl-api-admin.php:72

authwp_ajax_ffl_download_documentadmin\class-ffl-api-admin.php:75

authwp_ajax_ffl_admin_download_documentadmin\class-ffl-api-admin.php:76

authwp_ajax_ffl_admin_upload_documentadmin\class-ffl-api-admin.php:77

authwp_ajax_ffl_admin_delete_documentadmin\class-ffl-api-admin.php:78

authwp_ajax_ffl_admin_delete_admin_documentadmin\class-ffl-api-admin.php:79

authwp_ajax_ffl_cleanup_documents_nowadmin\class-ffl-api-admin.php:82

authwp_ajax_ffl_get_cleanup_statsadmin\class-ffl-api-admin.php:83

authwp_ajax_ffl_admin_upload_documentincludes\class-ffl-api.php:154

authwp_ajax_ffl_admin_delete_documentincludes\class-ffl-api.php:155

authwp_ajax_ffl_admin_delete_admin_documentincludes\class-ffl-api.php:156

authwp_ajax_ffl_admin_download_documentincludes\class-ffl-api.php:157

authwp_ajax_ffl_admin_download_admin_documentincludes\class-ffl-api.php:158

authwp_ajax_ffl_upload_documentincludes\class-ffl-api.php:179

noprivwp_ajax_ffl_upload_documentincludes\class-ffl-api.php:180

authwp_ajax_ffl_delete_documentincludes\class-ffl-api.php:181

noprivwp_ajax_ffl_delete_documentincludes\class-ffl-api.php:182

authwp_ajax_update_order_fflincludes\ffl_ordering.php:691

authwp_ajax_check_cart_ammunitionincludes\ffl_ordering.php:2938

noprivwp_ajax_check_cart_ammunitionincludes\ffl_ordering.php:2939

authwp_ajax_check_cart_complianceincludes\ffl_ordering.php:2942

noprivwp_ajax_check_cart_complianceincludes\ffl_ordering.php:2943

authwp_ajax_search_ffl_dealersincludes\ffl_ordering.php:3007

noprivwp_ajax_search_ffl_dealersincludes\ffl_ordering.php:3008

authwp_ajax_get_mapbox_tokenincludes\ffl_ordering.php:3011

noprivwp_ajax_get_mapbox_tokenincludes\ffl_ordering.php:3012

authwp_ajax_check_cart_ammunitionpublic\class-ffl-api-public.php:93

noprivwp_ajax_check_cart_ammunitionpublic\class-ffl-api-public.php:94

authwp_ajax_ffl_upload_documentpublic\class-ffl-api-public.php:97

noprivwp_ajax_ffl_upload_documentpublic\class-ffl-api-public.php:98

authwp_ajax_ffl_delete_documentpublic\class-ffl-api-public.php:99

noprivwp_ajax_ffl_delete_documentpublic\class-ffl-api-public.php:100

authwp_ajax_ffl_upload_candr_documentpublic\class-ffl-api-public.php:103

noprivwp_ajax_ffl_upload_candr_documentpublic\class-ffl-api-public.php:104

authwp_ajax_test_candr_ajaxpublic\class-ffl-api-public.php:107

authwp_ajax_refresh_document_upload_sectionpublic\class-ffl-api-public.php:110

noprivwp_ajax_refresh_document_upload_sectionpublic\class-ffl-api-public.php:111

noprivwp_ajax_test_candr_ajaxpublic\class-ffl-api-public.php:116

WordPress Hooks 52

actionadmin_noticesadmin\class-ffl-api-admin.php:58

actionadmin_initadmin\class-ffl-api-admin.php:61

actionadmin_noticesadmin\class-ffl-api-admin.php:64

actionadmin_initadmin\class-ffl-api-admin.php:139

actionwoocommerce_product_options_general_product_dataadmin\class-ffl-api-admin.php:140

actionwoocommerce_process_product_metaadmin\class-ffl-api-admin.php:141

filterbulk_actions-edit-productadmin\class-ffl-api-admin.php:144

filterhandle_bulk_actions-edit-productadmin\class-ffl-api-admin.php:145

actionbefore_woocommerce_initg-ffl-api.php:82

actionwp_loadedincludes\class-ffl-api.php:85

actionadmin_enqueue_scriptsincludes\class-ffl-api.php:148

actionadmin_enqueue_scriptsincludes\class-ffl-api.php:149

actionadmin_menuincludes\class-ffl-api.php:151

actionwp_enqueue_scriptsincludes\class-ffl-api.php:173

actionwp_enqueue_scriptsincludes\class-ffl-api.php:174

actionwoocommerce_before_checkout_formincludes\class-ffl-api.php:175

actionwoocommerce_after_checkout_validationincludes\class-ffl-api.php:185

actionwoocommerce_checkout_order_processedincludes\class-ffl-api.php:186

filterbulk_actions-edit-productincludes\class-ffl-api.php:283

filterhandle_bulk_actions-edit-productincludes\class-ffl-api.php:294

actionadmin_noticesincludes\class-ffl-api.php:334

filtermanage_edit-product_columnsincludes\class-ffl-api.php:369

actionmanage_product_posts_custom_columnincludes\class-ffl-api.php:378

filtermanage_edit-product_sortable_columnsincludes\class-ffl-api.php:396

filterwoocommerce_checkout_fieldsincludes\ffl_ordering.php:20

actionwoocommerce_checkout_create_orderincludes\ffl_ordering.php:347

actionwoocommerce_checkout_order_processedincludes\ffl_ordering.php:475

filterwoocommerce_order_formatted_shipping_addressincludes\ffl_ordering.php:521

actionwoocommerce_after_checkout_validationincludes\ffl_ordering.php:556

actionadd_meta_boxesincludes\ffl_ordering.php:674

actionwoocommerce_email_order_metaincludes\ffl_ordering.php:1324

actionwoocommerce_admin_order_data_after_shipping_addressincludes\ffl_ordering.php:1898

actionwoocommerce_order_details_after_customer_detailsincludes\ffl_ordering.php:1956

actionwp_headincludes\ffl_ordering.php:2462

actionwp_headincludes\ffl_ordering.php:2514

actionwp_footerincludes\ffl_ordering.php:2575

actionwp_footerincludes\ffl_ordering.php:2669

actionwp_enqueue_scriptsincludes\ffl_ordering.php:2890

actionwp_loadedpublic\class-ffl-api-public.php:74

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:78

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:79

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:80

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:81

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:82

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:83

actionwoocommerce_after_checkout_validationpublic\class-ffl-api-public.php:84

actionwoocommerce_checkout_order_processedpublic\class-ffl-api-public.php:87

filterwoocommerce_checkout_fieldspublic\class-ffl-api-public.php:90

actionffl_document_cleanuppublic\class-ffl-api-public.php:119

actionwoocommerce_checkout_shippingpublic\class-ffl-api-public.php:461

actionwoocommerce_checkout_before_order_reviewpublic\class-ffl-api-public.php:473

actionwp_footerpublic\class-ffl-api-public.php:474

Scheduled Events 2

ffl_document_cleanup

Maintenance & Trust

g-FFL Checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 21, 2026

PHP min version7.0

Downloads12K

Community Trust

Rating100/100

Number of ratings4

Active installs600

Alternatives

g-FFL Checkout Alternatives

FFL Dealers

ff-dealers

100

FFL Dealers simplifies the checkout phase on online gun stores that can implement user-friendly features for the benefit to the dealers and their cus …

10 No CVEs

Advance Bank Payment Transfer Gateway

advance-bank-payment-transfer-gateway

100

Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later

1K No CVEs

g-FFL Cockpit

g-ffl-cockpit

Built by a FFL, for FFL's. Automate inventory synchronization and order fulfillment with multiple distributors.

500 2 CVEs

Raffle Ticket Generator – Woocommerce

raffle-ticket-generator

This plugin is used with WooCommerce to generate raffle ticket numbers that are emailed to customers.

200 No CVEs

Phone Order Gateway for WooCommerce

woocommerce-phone-order-gateway

100

This plugin adds Phone Order gateway to the WooCommerce plugin.

80 No CVEs

Developer Profile

g-FFL Checkout Developer Profile

garidium

2 plugins · 1K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect g-FFL Checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/g-ffl-checkout/admin/css/ffl-api-admin.css

Version Parameters

g-ffl-checkout/admin/css/ffl-api-admin.css?ver=g-ffl-api?ver=

HTML / DOM Fingerprints

CSS Classes

ffl-api-settings

Data Attributes

data-g-ffl-api-field

JS Globals

g_ffl_api_params

REST Endpoints

/wp-json/g-ffl-api/v1/ffl/check/wp-json/g-ffl-api/v1/ffl/submit/wp-json/g-ffl-api/v1/ffl/upload/wp-json/g-ffl-api/v1/ffl/get/wp-json/g-ffl-api/v1/ffl/delete/wp-json/g-ffl-api/v1/ffl/bulk_delete/wp-json/g-ffl-api/v1/documents/upload/wp-json/g-ffl-api/v1/documents/download/wp-json/g-ffl-api/v1/documents/admin/download/wp-json/g-ffl-api/v1/documents/admin/upload/wp-json/g-ffl-api/v1/documents/admin/delete/wp-json/g-ffl-api/v1/documents/admin/delete_admin/wp-json/g-ffl-api/v1/cleanup/now/wp-json/g-ffl-api/v1/cleanup/stats/wp-json/g-ffl-api/v1/blacklist/search/wp-json/g-ffl-api/v1/blacklist/add/wp-json/g-ffl-api/v1/blacklist/remove/wp-json/g-ffl-api/v1/blacklist/get/wp-json/g-ffl-api/v1/blacklist/bulk_remove

FAQ