Does g-FFL Cockpit have any unpatched vulnerabilities?

No. All known vulnerabilities in g-FFL Cockpit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is g-FFL Cockpit compatible with WordPress 6.9.4?

According to WordPress.org data, g-FFL Cockpit 2.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is g-FFL Cockpit compatible with PHP 7.0+?

g-FFL Cockpit requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is g-FFL Cockpit updated?

g-FFL Cockpit was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is g-FFL Cockpit's security score?

g-FFL Cockpit has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

g-FFL Cockpit Security & Risk Analysis

wordpress.org/plugins/g-ffl-cockpit

Built by a FFL, for FFL's. Automate inventory synchronization and order fulfillment with multiple distributors.

500 active installs v2.0.5 PHP 7.0+ WP 5.0+ Updated Mar 11, 2026

distributorfflfirearmsfulfillmentwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEDec 5, 2025

Plugin page Download

Safety Verdict

Is g-FFL Cockpit Safe to Use in 2026?

Generally Safe

Score 98/100

g-FFL Cockpit has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 5, 2025Updated 26d ago

Risk Assessment

The 'g-ffl-cockpit' v2.0.6 plugin demonstrates a generally good security posture with a low attack surface and strong adherence to best practices in areas like SQL query preparation and output escaping. The static analysis reveals a very low number of unprotected entry points, which is commendable. However, the absence of nonce checks across all entry points is a significant concern, potentially leaving the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks if any of its actions are sensitive. While taint analysis found no critical or high severity flows, the plugin's history of two medium-severity vulnerabilities, specifically related to improper authorization and missing authorization, warrants attention. These past issues, even if currently patched, suggest a pattern where authorization logic might be a recurring weak point. The presence of bundled libraries like Select2 and TinyMCE, while common, adds a dependency that could introduce vulnerabilities if not kept up-to-date by the plugin developer.

Key Concerns

Missing nonce checks on entry points
History of medium severity authorization vulnerabilities
Bundled libraries (Select2, TinyMCE)

Vulnerabilities

g-FFL Cockpit Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-12720medium · 5.3Improper Authorization

g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion

Dec 5, 2025 Patched in 1.8.0 (4d)

CVE-2025-12721medium · 5.3Missing Authorization

g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

Dec 5, 2025 Patched in 1.8.0 (4d)

Code Analysis

Analyzed Mar 16, 2026

g-FFL Cockpit Code Analysis

Dangerous Functions

Raw SQL Queries

137 prepared

Unescaped Output

121 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2TinyMCE

SQL Query Safety

96% prepared142 total queries

Output Escaping

98% escaped124 total outputs

Attack Surface

g-FFL Cockpit Attack Surface

Entry Points22

Unprotected0

REST API Routes 22

GET/wp-json/fflcockpit/v1/cartincludes\class-g-ffl-cockpit-cart.php:44

POST/wp-json/fflcockpit/v1/cart/addincludes\class-g-ffl-cockpit-cart.php:50

POST/wp-json/fflcockpit/v1/cart/updateincludes\class-g-ffl-cockpit-cart.php:56

POST/wp-json/fflcockpit/v1/cart/removeincludes\class-g-ffl-cockpit-cart.php:62

POST/wp-json/fflcockpit/v1/cart/clearincludes\class-g-ffl-cockpit-cart.php:68

POST/wp-json/fflcockpit/v1/cart/checkoutincludes\class-g-ffl-cockpit-cart.php:74

POST/wp-json/fflcockpit/v1/queueincludes\class-sync-endpoint.php:81

POST/wp-json/fflcockpit/v1/processincludes\class-sync-endpoint.php:87

POST/wp-json/fflcockpit/v1/stopincludes\class-sync-endpoint.php:93

POST/wp-json/fflcockpit/v1/clearincludes\class-sync-endpoint.php:99

POST/wp-json/fflcockpit/v1/statusincludes\class-sync-endpoint.php:105

POST/wp-json/fflcockpit/v1/exportincludes\class-sync-endpoint.php:111

GET/wp-json/fflcockpit/v1/download-exportincludes\class-sync-endpoint.php:117

POST/wp-json/fflcockpit/v1/remote-file-existsincludes\class-sync-endpoint.php:123

POST/wp-json/fflcockpit/v1/cleanup-orphaned-mediaincludes\class-sync-endpoint.php:129

GET/wp-json/fflcockpit/v1/server_statusincludes\class-sync-endpoint.php:135

POST/wp-json/fflcockpit/v1/rebuild-woocommerce-dataincludes\class-sync-endpoint.php:141

POST/wp-json/fflcockpit/v1/cleanup-sku-conflictsincludes\class-sync-endpoint.php:147

POST/wp-json/fflcockpit/v1/update-term-countsincludes\class-sync-endpoint.php:153

POST/wp-json/fflcockpit/v1/ai-helpdeskincludes\class-sync-endpoint.php:160

POST/wp-json/fflcockpit/v1/ai-helpdesk-pollincludes\class-sync-endpoint.php:169

POST/wp-json/fflcockpit/v1/ai-knowledgeincludes\class-sync-endpoint.php:178

WordPress Hooks 31

filterwoocommerce_product_tabsadmin\custom-product-section.php:31

actionwoocommerce_duplicate_productadmin\custom-product-section.php:152

actionadmin_noticesg-ffl-cockpit.php:64

actionrest_api_initg-ffl-cockpit.php:148

actionrest_api_initg-ffl-cockpit.php:149

actioninitg-ffl-cockpit.php:152

actionbefore_delete_postg-ffl-cockpit.php:156

actionwp_trash_postg-ffl-cockpit.php:176

actionshutdowng-ffl-cockpit.php:197

actionbefore_woocommerce_initg-ffl-cockpit.php:225

actionwp_headg-ffl-cockpit.php:494

filterwp_kses_allowed_htmlg-ffl-cockpit.php:499

actionwp_headg-ffl-cockpit.php:587

filterlogin_redirectg-ffl-cockpit.php:648

actiontemplate_redirectg-ffl-cockpit.php:675

actionplugins_loadedg-ffl-cockpit.php:740

actionplugins_loadedincludes\class-g-ffl-cockpit.php:157

actionadmin_enqueue_scriptsincludes\class-g-ffl-cockpit.php:173

actionadmin_enqueue_scriptsincludes\class-g-ffl-cockpit.php:175

actionadmin_enqueue_scriptsincludes\class-g-ffl-cockpit.php:177

actionadmin_initincludes\class-g-ffl-cockpit.php:184

actionwp_footerincludes\class-g-ffl-cockpit.php:185

actionadmin_initincludes\class-g-ffl-cockpit.php:188

actionadmin_menuincludes\class-g-ffl-cockpit.php:192

actionadmin_headincludes\class-g-ffl-cockpit.php:193

actionadmin_footerincludes\class-g-ffl-cockpit.php:194

actionafter_setup_themeincludes\class-g-ffl-cockpit.php:195

actionadmin_menuincludes\class-g-ffl-cockpit.php:197

actionwp_enqueue_scriptsincludes\class-g-ffl-cockpit.php:212

actionwp_enqueue_scriptsincludes\class-g-ffl-cockpit.php:213

actionadd_meta_boxesincludes\fulfillment_options.php:6

Maintenance & Trust

g-FFL Cockpit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.0

Downloads21K

Community Trust

Rating100/100

Number of ratings2

Active installs500

Alternatives

g-FFL Cockpit Alternatives

eCheckpoint

echeckpoint

100

Robust compliance checks for firearms eCommerce. Verifies whether your customers can purchase products based on federal, state, and local sales laws.

0 No CVEs

Advance Bank Payment Transfer Gateway

advance-bank-payment-transfer-gateway

100

Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later

1K No CVEs

eCommerce Shipping Dashboard by UPS for WooCommerce

ecommerce-shipping-dashboard-by-ups-for-woocommerce

Connect your WooCommerce Store to all the UPS Services you require and manage your orders, shipments and labels in your Shipping Dashboard.

1K No CVEs

Bob Go smart shipping solution for WooCommerce

uafrica-shipping

100

Smart shipping and order management solution in South Africa

1K No CVEs

g-FFL Checkout

g-ffl-checkout

Built by a FFL, for FFL's. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.

600 1 CVE

Developer Profile

g-FFL Cockpit Developer Profile

garidium

2 plugins · 1K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect g-FFL Cockpit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/g-ffl-cockpit/assets/css/ffl-cockpit.css/wp-content/plugins/g-ffl-cockpit/assets/js/ffl-cockpit.js

Script Paths

/wp-content/plugins/g-ffl-cockpit/assets/js/ffl-cockpit.js

Version Parameters

/wp-content/plugins/g-ffl-cockpit/assets/css/ffl-cockpit.css?ver=/wp-content/plugins/g-ffl-cockpit/assets/js/ffl-cockpit.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-ffl-cockpit-api-urldata-ffl-cockpit-site-iddata-ffl-cockpit-site-token

JS Globals

FFLCockpitSyncEndpointGFFLCockpitCart

REST Endpoints

/wp-json/g-ffl-cockpit/v1/sync/wp-json/g-ffl-cockpit/v1/cart

FAQ

g-FFL Cockpit Security & Risk Analysis

Is g-FFL Cockpit Safe to Use in 2026?

Generally Safe

Key Concerns

g-FFL Cockpit Security Vulnerabilities

CVEs by Year

Severity Breakdown

g-FFL Cockpit Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

g-FFL Cockpit Attack Surface

REST API Routes 22

g-FFL Cockpit Maintenance & Trust

Maintenance Signals

Community Trust

g-FFL Cockpit Alternatives

eCheckpoint

Advance Bank Payment Transfer Gateway

eCommerce Shipping Dashboard by UPS for WooCommerce

Bob Go smart shipping solution for WooCommerce

g-FFL Checkout

g-FFL Cockpit Developer Profile

How We Detect g-FFL Cockpit

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about g-FFL Cockpit