Does GIFTiT – Free Gifts for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in GIFTiT – Free Gifts for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GIFTiT – Free Gifts for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, GIFTiT – Free Gifts for WooCommerce 4.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GIFTiT – Free Gifts for WooCommerce compatible with PHP 7.0+?

GIFTiT – Free Gifts for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GIFTiT – Free Gifts for WooCommerce updated?

GIFTiT – Free Gifts for WooCommerce was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is GIFTiT – Free Gifts for WooCommerce's security score?

GIFTiT – Free Gifts for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GIFTiT – Free Gifts for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ithemeland-free-gifts-for-woo

Free Gifts for WooCommerce allows you to offer Free Gifts to your customers whenever they make a purchase on your site.

2K active installs v4.0.0 PHP 7.0+ WP 4.6.1+ Updated Feb 25, 2026

boost-salebuy-one-get-onefree-giftgift-product-woocommercewoocommerce-gift

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GIFTiT – Free Gifts for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

GIFTiT – Free Gifts for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'ithemeland-free-gifts-for-woo' plugin v4.0.0 exhibits a generally good security posture with several strengths. The vast majority of output is properly escaped, dangerous functions are not present, and there are no recorded vulnerabilities in its history, suggesting diligent development practices. The presence of nonce checks and capability checks, although limited in scope, is also a positive sign. However, a significant concern arises from the attack surface, with 40 AJAX handlers, 8 of which lack authentication checks. This presents a direct avenue for potential unauthorized actions if these handlers can be triggered externally without proper validation. Additionally, while SQL queries are largely prepared, 28% is a notable portion that is not, and the taint analysis indicates two flows with unsanitized paths, even if they are not classified as critical or high severity. These untrusted data flows, particularly when combined with unprotected AJAX endpoints, warrant careful investigation.

Key Concerns

Unprotected AJAX handlers
SQL queries not using prepared statements
Taint flows with unsanitized paths

Vulnerabilities

None known

GIFTiT – Free Gifts for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GIFTiT – Free Gifts for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

951 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

28% prepared18 total queries

Output Escaping

99% escaped965 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

shortcode_show_popup (frontend\classes\shortcodes.php:204)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

GIFTiT – Free Gifts for WooCommerce Attack Surface

Entry Points40

Unprotected8

AJAX Handlers 40

authwp_ajax_wgb_get_customersclasses\controllers\WGBL_Ajax.php:30

authwp_ajax_wgb_get_payment_methodsclasses\controllers\WGBL_Ajax.php:31

authwp_ajax_wgb_get_shipping_countryclasses\controllers\WGBL_Ajax.php:32

authwp_ajax_wgb_get_user_rolesclasses\controllers\WGBL_Ajax.php:33

authwp_ajax_wgb_get_user_capabilitiesclasses\controllers\WGBL_Ajax.php:34

authwp_ajax_wgb_get_productsclasses\controllers\WGBL_Ajax.php:35

authwp_ajax_wgb_get_products_variationsclasses\controllers\WGBL_Ajax.php:36

authwp_ajax_wgb_get_taxonomiesclasses\controllers\WGBL_Ajax.php:37

authwp_ajax_wgb_get_variationsclasses\controllers\WGBL_Ajax.php:38

authwp_ajax_wgb_get_tagsclasses\controllers\WGBL_Ajax.php:39

authwp_ajax_wgb_get_categoriesclasses\controllers\WGBL_Ajax.php:40

authwp_ajax_wgb_get_attributesclasses\controllers\WGBL_Ajax.php:41

authwp_ajax_wgb_get_shipping_classclasses\controllers\WGBL_Ajax.php:42

authwp_ajax_wgb_get_couponsclasses\controllers\WGBL_Ajax.php:43

authwp_ajax_wgb_get_reportsclasses\controllers\WGBL_Ajax.php:44

authwp_ajax_wgb_get_new_rule_htmlclasses\controllers\WGBL_Ajax.php:45

authwp_ajax_wgb_get_new_condition_htmlclasses\controllers\WGBL_Ajax.php:46

authwp_ajax_wgb_get_condition_extra_field_htmlclasses\controllers\WGBL_Ajax.php:47

authwp_ajax_wgb_get_new_product_buy_htmlclasses\controllers\WGBL_Ajax.php:48

authwp_ajax_wgb_get_product_buy_extra_field_htmlclasses\controllers\WGBL_Ajax.php:49

authwp_ajax_wgb_get_brandsclasses\controllers\WGBL_Ajax.php:50

authwp_ajax_wgb_ithemeland_onboarding_pluginframework\onboarding\Onboarding.php:24

authwp_ajax_update_block_cart_contentfrontend\blocks\WGBL_Blocks.php:36

authwp_ajax_it_wc_gift_to_orderfrontend\classes\admin-order.php:25

authwp_ajax_handel_pw_gift_show_variationfrontend\classes\front-order.php:33

noprivwp_ajax_handel_pw_gift_show_variationfrontend\classes\front-order.php:34

authwp_ajax_handel_pw_gift_show_popup_checkoutfrontend\classes\front-order.php:40

noprivwp_ajax_handel_pw_gift_show_popup_checkoutfrontend\classes\front-order.php:41

authwp_ajax_ajax_add_free_giftsfrontend\classes\front-order.php:44

noprivwp_ajax_ajax_add_free_giftsfrontend\classes\front-order.php:45

authwp_ajax_itg_reloaditempopupfrontend\classes\front-order.php:48

noprivwp_ajax_itg_reloaditempopupfrontend\classes\front-order.php:49

authwp_ajax_itg_test_ajaxfrontend\classes\front-order.php:52

noprivwp_ajax_itg_test_ajaxfrontend\classes\front-order.php:53

authwp_ajax_wgb_check_rule_after_update_checkoutfrontend\classes\front-order.php:58

noprivwp_ajax_wgb_check_rule_after_checkoutfrontend\classes\front-order.php:59

authwp_ajax_load_rulesfrontend\classes\services\apply_rule\helpers\AjaxHandler.php:11

noprivwp_ajax_load_rulesfrontend\classes\services\apply_rule\helpers\AjaxHandler.php:12

authwp_ajax_it_gift_shortcode_show_popupfrontend\classes\shortcodes.php:27

noprivwp_ajax_it_gift_shortcode_show_popupfrontend\classes\shortcodes.php:28

WordPress Hooks 71

actionrest_api_initclasses\api\Api_Handler.php:20

actionadmin_enqueue_scriptsclasses\bootstrap\WGBL.php:40

filtersafe_style_cssclasses\bootstrap\WGBL.php:42

actionadmin_menuclasses\bootstrap\WGBL.php:50

filterposts_whereclasses\bootstrap\WGBL_Custom_Queries.php:13

actionall_admin_noticesclasses\bootstrap\WGBL_Top_Banners.php:22

actionadmin_post_wgb_activate_core_pluginclasses\bootstrap\WGBL_Top_Banners.php:23

actionadmin_post_wgb_save_rulesclasses\controllers\WGBL_Post.php:28

actionadmin_post_wgb_save_offer_rulesclasses\controllers\WGBL_Post.php:29

actionadmin_post_wgb_save_settings_generalclasses\controllers\WGBL_Post.php:30

actionadmin_post_wgb_save_settings_localizationclasses\controllers\WGBL_Post.php:31

actionadmin_post_wgb_save_settings_notificationclasses\controllers\WGBL_Post.php:32

actionadmin_post_wgb_save_settings_promotionclasses\controllers\WGBL_Post.php:33

actionadmin_post_wgb_addons_requestsclasses\controllers\WGBL_Post.php:34

actionadmin_initframework\analytics\AnalyticsTracker.php:22

actioninitframework\analytics\AnalyticsTracker.php:23

actionenqueue_block_editor_assetsfrontend\blocks\carousel\WGBL_Block_Carousel.php:18

actioninitfrontend\blocks\carousel\WGBL_Block_Carousel.php:19

actionenqueue_block_editor_assetsfrontend\blocks\datatable\WGBL_Block_Datatable.php:18

actioninitfrontend\blocks\datatable\WGBL_Block_Datatable.php:19

actionenqueue_block_editor_assetsfrontend\blocks\grid\WGBL_Block_Grid.php:18

actioninitfrontend\blocks\grid\WGBL_Block_Grid.php:19

actionenqueue_block_editor_assetsfrontend\blocks\notice\WGBL_Block_Notice.php:20

actioninitfrontend\blocks\notice\WGBL_Block_Notice.php:21

actionwoocommerce_blocks_loadedfrontend\blocks\WGBL_Blocks.php:27

actionenqueue_block_editor_assetsfrontend\blocks\WGBL_Blocks.php:28

actionenqueue_block_editor_assetsfrontend\blocks\WGBL_Blocks.php:31

actionwp_enqueue_scriptsfrontend\blocks\WGBL_Blocks.php:34

filterwoocommerce_store_api_product_quantity_minimumfrontend\blocks\WGBL_Blocks_Store_API.php:24

filterwoocommerce_store_api_product_quantity_maximumfrontend\blocks\WGBL_Blocks_Store_API.php:25

filterwoocommerce_order_item_display_meta_keyfrontend\classes\admin-order.php:13

filterwoocommerce_order_item_display_meta_valuefrontend\classes\admin-order.php:18

actionadmin_initfrontend\classes\admin-order.php:23

actionwoocommerce_variation_options_pricingfrontend\classes\admin-order.php:29

actionwoocommerce_product_options_general_product_datafrontend\classes\admin-order.php:30

actionwoocommerce_process_product_metafrontend\classes\admin-order.php:33

actionwoocommerce_save_product_variationfrontend\classes\admin-order.php:34

actionwoocommerce_checkout_create_order_line_itemfrontend\classes\cart_hook.php:14

actionwoocommerce_checkout_update_order_metafrontend\classes\cart_hook.php:15

filterwoocommerce_cart_item_quantityfrontend\classes\cart_hook.php:16

filterwoocommerce_cart_item_remove_linkfrontend\classes\cart_hook.php:18

actionwoocommerce_before_calculate_totalsfrontend\classes\cart_hook.php:20

filterwoocommerce_cart_item_pricefrontend\classes\cart_hook.php:22

filterwoocommerce_cart_item_classfrontend\classes\cart_hook.php:23

actionwoocommerce_checkout_order_processedfrontend\classes\cart_hook.php:25

filterwoocommerce_cart_item_pricefrontend\classes\cart_hook.php:29

filterwoocommerce_product_get_pricefrontend\classes\cart_hook.php:30

filterwoocommerce_product_variation_get_pricefrontend\classes\cart_hook.php:31

filterwoocommerce_cart_item_subtotalfrontend\classes\cart_hook.php:34

filterwoocommerce_add_cart_itemfrontend\classes\cart_hook.php:37

filterwoocommerce_get_cart_item_from_sessionfrontend\classes\cart_hook.php:38

actionwoocommerce_get_item_datafrontend\classes\cart_hook.php:45

actionwp_enqueue_scriptsfrontend\classes\enqueue-js-css.php:15

actionwoocommerce_after_calculate_totalsfrontend\classes\front-order.php:29

actionwpfrontend\classes\front-order.php:31

filterwoocommerce_package_ratesfrontend\classes\front-order.php:37

actionwoocommerce_after_cart_tablefrontend\classes\front-order.php:213

actionwoocommerce_before_cart_tablefrontend\classes\front-order.php:216

actionwoocommerce_cart_couponfrontend\classes\front-order.php:218

actionwp_footerfrontend\classes\front-order.php:222

actioninitfrontend\classes\shortcodes.php:26

filteritgift_redirect_linkfrontend\hooks\hooks.php:22

filteritgift_args_data_giftfrontend\hooks\hooks.php:29

filteritgift_permalink_add_to_cart_urlfrontend\hooks\hooks.php:43

filteritg_gift_product_namefrontend\hooks\hooks.php:50

actioninitithemeland-free-gifts-for-woo.php:61

actionwp_loadedithemeland-free-gifts-for-woo.php:62

actionplugins_loadedithemeland-free-gifts-for-woo.php:64

actionbefore_woocommerce_initithemeland-free-gifts-for-woo.php:74

actionbefore_woocommerce_initithemeland-free-gifts-for-woo.php:81

actionadmin_noticesviews\alerts\woocommerce_required.php:12

Maintenance & Trust

GIFTiT – Free Gifts for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.0

Downloads83K

Community Trust

Rating84/100

Number of ratings42

Active installs2K

Alternatives

GIFTiT – Free Gifts for WooCommerce Alternatives

MH Free Gifts for WooCommerce

mh-free-gifts-for-woocommerce

100

Offer free gifts automatically in WooCommerce! Set up smart rules based on cart value, items, or user roles — fully supports WooCommerce Blocks.

100 No CVEs

Free Gift Product For Woocommerce

free-gifts-product-for-woocommerce

100

Free Gifts Product For Woocommerce Set a fee for gift and up your revenue with every order. WooCommerce Multiple Free Gift make to many way to gift p …

800 No CVEs

Free Gift for WooCommerce

woo-free-gift

100

Boost your WooCommerce store's conversions by offering automatic free gifts! This plugin lets you reward customers with free products based on ca …

300 No CVEs

Jagif – WooCommerce Free Gift

jagif-woo-free-gift

100

Offer free gifts with purchases using custom rules. Highlight eligible products with visual gift icons to inform and entice customers

90 No CVEs

SMNTCS Free Gift for WooCommerce

smntcs-woocommerce-free-gift

100

Give free gifts to your WooCommerce customers.

10 No CVEs

Developer Profile

GIFTiT – Free Gifts for WooCommerce Developer Profile

ithemelandco

8 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect GIFTiT – Free Gifts for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/css/wgb-admin-style.css/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/css/wgb-frontend.css/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/js/wgb-admin.js/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/js/wgb-frontend.js/wp-content/plugins/ithemeland-free-gifts-for-woo/framework/analytics/assets/js/analytics.js/wp-content/plugins/ithemeland-free-gifts-for-woo/framework/onboarding/assets/js/onboarding.js/wp-content/plugins/ithemeland-free-gifts-for-woo/blocks/wgb-blocks.js

Script Paths

/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/js/wgb-admin.js/wp-content/plugins/ithemeland-free-gifts-for-woo/assets/js/wgb-frontend.js/wp-content/plugins/ithemeland-free-gifts-for-woo/framework/analytics/assets/js/analytics.js/wp-content/plugins/ithemeland-free-gifts-for-woo/framework/onboarding/assets/js/onboarding.js/wp-content/plugins/ithemeland-free-gifts-for-woo/blocks/wgb-blocks.js

Version Parameters

ithemeland-free-gifts-for-woo/ithemeland-free-gifts-for-woo.php?ver=ithemeland-free-gifts-for-woo/assets/css/wgb-admin-style.css?ver=ithemeland-free-gifts-for-woo/assets/css/wgb-frontend.css?ver=ithemeland-free-gifts-for-woo/assets/js/wgb-admin.js?ver=ithemeland-free-gifts-for-woo/assets/js/wgb-frontend.js?ver=ithemeland-free-gifts-for-woo/framework/analytics/assets/js/analytics.js?ver=ithemeland-free-gifts-for-woo/framework/onboarding/assets/js/onboarding.js?ver=ithemeland-free-gifts-for-woo/blocks/wgb-blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes

wgb-admin-stylewgb-frontend-stylewgb-gift-containerwgb-gift-item

HTML Comments

Data Attributes

data-wgb-gift-iddata-wgb-rule-id

JS Globals

wgb_admin_paramswgb_frontend_paramsWGBL_Blocks

REST Endpoints

/wp-json/wgb/v1/get-gifts/wp-json/wgb/v1/save-settings/wp-json/wgb/v1/get-rules

Shortcode Output

[ithemeland_free_gift]

FAQ