WP-Safety

Kustom Checkout for WooCommerce Security & Risk Analysis

wordpress.org/plugins/klarna-checkout-for-woocommerce

The leading checkout in the Nordics, built for higher conversion and returning shoppers. Easy to integrate, supports Klarna and all popular payment me …

10K active installs v2.19.0 PHP 7.4+ WP 5.0+ Updated Apr 13, 2026
checkoute-commerceecommerceklarnawoocommerce
99
A · Safe
CVEs total2
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is Kustom Checkout for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Kustom Checkout for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Mar 27, 2025Updated 1mo ago
Risk Assessment

The Klarna Checkout for WooCommerce plugin, version 2.18.4, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and achieving a high percentage (94%) of properly escaped output. The absence of critical or high-severity taint flows is also reassuring, suggesting that common code injection vulnerabilities are not immediately apparent.

However, several concerns warrant attention. The presence of two AJAX handlers without authentication checks presents a significant attack vector. While the plugin has a history of medium-severity vulnerabilities, including missing authorization, the fact that these are currently patched is a mitigating factor. The plugin's vulnerability history, particularly the prevalence of "Missing Authorization" and "Uncontrolled Resource Consumption," suggests a need for ongoing vigilance in access control and resource management.

In conclusion, while the plugin implements some strong security measures, the unprotected AJAX endpoints and past medium-severity vulnerabilities indicate that it is not without risk. Further investigation into the function of these unprotected AJAX handlers and continuous monitoring for new vulnerabilities are recommended.

Key Concerns

  • 2 unprotected AJAX handlers found
  • 2 medium severity CVEs historically
  • Previous vulnerabilities include Missing Authorization
Vulnerabilities
2 published

Kustom Checkout for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-13925medium · 5.3Uncontrolled Resource Consumption

Klarna Checkout for WooCommerce <= 2.13.4 - Denial of Service

Mar 27, 2025 Patched in 2.13.5 (27d)
WF-819e2a4a-d282-4c52-852a-e3a2051a04e9-klarna-checkout-for-woocommercemedium · 5.4Missing Authorization

Klarna Checkout for WooCommerce <= 2.0.9 - Arbitrary Plugin Installation, Activation and Deactivation

Apr 8, 2020 Patched in 2.0.10 (1385d)
Version History

Kustom Checkout for WooCommerce Release Timeline

v2.19.0Current
v2.18.4
v2.18.3
v2.18.2
v2.18.1
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.16.0
v2.15.0-beta.1
v2.15.0
v2.14.4
v2.14.3
v2.14.2
v2.14.1
v2.14.0
v2.13.11
Code Analysis
Analyzed Mar 16, 2026

Kustom Checkout for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
268 escaped
Nonce Checks
9
Capability Checks
5
File Operations
3
External Requests
14
Bundled Libraries
0

Output Escaping

94% escaped285 total outputs
Attack Surface
2 unprotected

Kustom Checkout for WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_change_klarna_addon_statusclasses\admin\class-klarna-for-woocommerce-addons.php:40
authwp_ajax_hide_klarna_bannerclasses\admin\class-wc-klarna-banners.php:24
noprivwp_ajax_hide_klarna_bannerclasses\admin\class-wc-klarna-banners.php:25
WordPress Hooks 86
actionrest_api_initblocks\src\Api\Registry.php:26
actionwoocommerce_blocks_loadedblocks\src\BlockExtension.php:54
actionwoocommerce_blocks_loadedblocks\src\BlockExtension.php:55
actionwoocommerce_blocks_payment_method_type_registrationblocks\src\BlockExtension.php:125
filterkco_wc_api_request_argsblocks\src\Overrides.php:21
actionadmin_initclasses\admin\class-kco-admin-notices.php:57
actionadmin_initclasses\admin\class-kco-admin-notices.php:58
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:59
actionwoocommerce_settings_savedclasses\admin\class-kco-admin-notices.php:66
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:67
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:69
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:70
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:71
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:72
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:73
actionadmin_noticesclasses\admin\class-kco-admin-notices.php:74
actionadmin_menuclasses\admin\class-klarna-for-woocommerce-addons.php:38
actionadmin_enqueue_scriptsclasses\admin\class-klarna-for-woocommerce-addons.php:39
actionadmin_noticesclasses\admin\class-wc-klarna-banners.php:22
actionadmin_enqueue_scriptsclasses\admin\class-wc-klarna-banners.php:23
actionwoocommerce_api_kco_wc_pushclasses\class-kco-api-callbacks.php:43
actionwoocommerce_api_kco_wc_notificationclasses\class-kco-api-callbacks.php:44
actionwoocommerce_api_kco_wc_address_updateclasses\class-kco-api-callbacks.php:45
actionkco_wc_punted_notificationclasses\class-kco-api-callbacks.php:46
filterwoocommerce_checkout_fieldsclasses\class-kco-checkout.php:20
actionwoocommerce_before_calculate_totalsclasses\class-kco-checkout.php:21
actionwoocommerce_after_calculate_totalsclasses\class-kco-checkout.php:22
filterwoocommerce_shipping_chosen_methodclasses\class-kco-checkout.php:25
actionwoocommerce_shipping_method_chosenclasses\class-kco-checkout.php:26
filterwoocommerce_order_needs_paymentclasses\class-kco-checkout.php:27
filterwoocommerce_cart_needs_paymentclasses\class-kco-checkout.php:28
actioninitclasses\class-kco-confirmation.php:42
actioninitclasses\class-kco-confirmation.php:43
actionwoocommerce_email_after_order_tableclasses\class-kco-email.php:21
actionwp_enqueue_scriptsclasses\class-kco-gateway.php:91
actionadmin_enqueue_scriptsclasses\class-kco-gateway.php:92
actionwoocommerce_admin_order_data_after_billing_addressclasses\class-kco-gateway.php:93
actionwoocommerce_admin_order_data_after_billing_addressclasses\class-kco-gateway.php:94
actionwoocommerce_admin_order_data_after_billing_addressclasses\class-kco-gateway.php:95
actionwoocommerce_admin_order_data_after_shipping_addressclasses\class-kco-gateway.php:96
actionwoocommerce_checkout_initclasses\class-kco-gateway.php:98
actionwoocommerce_thankyouclasses\class-kco-gateway.php:100
filteradmin_footer_textclasses\class-kco-gateway.php:103
filterbody_classclasses\class-kco-gateway.php:106
filterkco_wc_api_request_argsclasses\class-kco-gateway.php:108
actionwoocommerce_after_checkout_validationclasses\class-kco-gateway.php:111
actionadmin_initclasses\class-kco-gdpr.php:19
actioninitclasses\class-kco-gdpr.php:20
actionkco_wc_before_snippetclasses\class-kco-gdpr.php:56
actionkco_wc_after_snippetclasses\class-kco-gdpr.php:58
actionwoocommerce_update_options_checkout_kcoclasses\class-kco-settings-saved.php:35
actionwoocommerce_update_options_checkout_kcoclasses\class-kco-settings-saved.php:36
actionwoocommerce_update_options_checkout_kcoclasses\class-kco-settings-saved.php:37
actionwoocommerce_system_status_reportclasses\class-kco-status.php:23
filterkco_wc_api_request_argsclasses\class-kco-subscription.php:26
filterkco_wc_api_request_argsclasses\class-kco-subscription.php:27
filterkco_wc_api_hpp_request_argsclasses\class-kco-subscription.php:28
actionkco_wc_payment_completeclasses\class-kco-subscription.php:29
actionwoocommerce_scheduled_subscription_payment_kcoclasses\class-kco-subscription.php:30
actionwoocommerce_admin_order_data_after_billing_addressclasses\class-kco-subscription.php:31
actionwoocommerce_process_shop_order_metaclasses\class-kco-subscription.php:32
actionwc_klarna_push_cbclasses\class-kco-subscription.php:34
actioninitclasses\class-kco-subscription.php:35
actionwoocommerce_account_view-subscription_endpointclasses\class-kco-subscription.php:36
filterallowed_redirect_hostsclasses\class-kco-subscription.php:37
actionwcs_renewal_order_createdclasses\class-kco-subscription.php:40
filterwc_get_templateclasses\class-kco-templates.php:57
actionwp_footerclasses\class-kco-templates.php:58
actionkco_wc_after_order_reviewclasses\class-kco-templates.php:61
actionkco_wc_after_order_reviewclasses\class-kco-templates.php:62
actionkco_wc_before_snippetclasses\class-kco-templates.php:63
actionkco_wc_before_snippetclasses\class-kco-templates.php:64
actionkco_wc_before_snippetclasses\class-kco-templates.php:65
filterwoocommerce_billing_fieldsclasses\class-kco-templates.php:67
filterwoocommerce_shipping_fieldsclasses\class-kco-templates.php:69
filterbody_classclasses\class-kco-templates.php:72
filterwoocommerce_generate_krokedil_section_start_htmldependencies\krokedil\settings-page\src\Gateway.php:54
filterwoocommerce_generate_krokedil_section_end_htmldependencies\krokedil\settings-page\src\Gateway.php:55
actionadd_meta_boxesdependencies\krokedil\woocommerce\src\OrderMetabox.php:59
actionadmin_initdependencies\krokedil\woocommerce\src\OrderMetabox.php:60
actionplugins_loadedklarna-checkout-for-woocommerce.php:155
filterwoocommerce_checkout_cart_item_quantityklarna-checkout-for-woocommerce.php:158
actionbefore_woocommerce_initklarna-checkout-for-woocommerce.php:170
filterwoocommerce_payment_gatewaysklarna-checkout-for-woocommerce.php:298
actionbefore_woocommerce_initklarna-checkout-for-woocommerce.php:299
actionadmin_noticesklarna-checkout-for-woocommerce.php:414

Scheduled Events 1

kco_wc_punted_notification
Maintenance & Trust

Kustom Checkout for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.4
Downloads1.4M

Community Trust

Rating70/100
Number of ratings15
Active installs10K
Alternatives

Kustom Checkout for WooCommerce Alternatives

Klarna for WooCommerce

Klarna for WooCommerce

klarna-payments-for-woocommerce

A
100

Grow your business for increased sales and enhanced shopping experiences at no extra costs.

30K 1 CVE
Dintero Checkout for WooCommerce Payment Methods

Dintero Checkout for WooCommerce Payment Methods

dintero-checkout-for-woocommerce

A
100

Accept Visa, MasterCard, Vipps, Apple Pay, Google Pay, Click to Pay, Swish, MobilePay,

600 No CVEs
Qliro for WooCommerce

Qliro for WooCommerce

qliro-for-woocommerce

A
100

Qliro Checkout payment gateway for WooCommerce.

200 No CVEs
Qvickly Checkout for WooCommerce

Qvickly Checkout for WooCommerce

billmate-checkout-for-woocommerce

A
100

Qvickly Checkout is an embedded checkout solution and includes all popular payment methods, Debit & Credicard, Swish, Invoice, Installment and dir &hellip;

100 No CVEs
Qvickly Order Management for WooCommerce

Qvickly Order Management for WooCommerce

billmate-order-management-for-woocommerce

A
85

Provides post-purchase order management for Qvickly Checkout for WooCommerce payment gateway.

90 No CVEs
Developer Profile

Kustom Checkout for WooCommerce Developer Profile

Kustom

1 plugin · 10K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
706 days
View full developer profile
Detection Fingerprints

How We Detect Kustom Checkout for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/klarna-checkout-for-woocommerce/build/klarna-checkout-for-woocommerce.css/wp-content/plugins/klarna-checkout-for-woocommerce/build/klarna-checkout-for-woocommerce.js/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-frontend.js/wp-content/plugins/klarna-checkout-for-woocommerce/assets/css/kco-frontend.css/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-admin.js/wp-content/plugins/klarna-checkout-for-woocommerce/assets/css/kco-admin.css
Generator Patterns
Kustom Checkout for WooCommerce by Kustom
Script Paths
/wp-content/plugins/klarna-checkout-for-woocommerce/build/klarna-checkout-for-woocommerce.js/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-frontend.js/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-admin.js
Version Parameters
/wp-content/plugins/klarna-checkout-for-woocommerce/build/klarna-checkout-for-woocommerce.css?ver=/wp-content/plugins/klarna-checkout-for-woocommerce/build/klarna-checkout-for-woocommerce.js?ver=/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-frontend.js?ver=/wp-content/plugins/klarna-checkout-for-woocommerce/assets/css/kco-frontend.css?ver=/wp-content/plugins/klarna-checkout-for-woocommerce/assets/js/kco-admin.js?ver=/wp-content/plugins/klarna-checkout-for-woocommerce/assets/css/kco-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
kco-checkout-containerklarna-checkout-iframe
HTML Comments
<!-- Klarna Checkout for WooCommerce --><!-- Klarna Checkout iframe -->
Data Attributes
data-klarna-checkout-urldata-klarna-modal-url
JS Globals
window.KCO_Frontend
REST Endpoints
/wp-json/klarna/checkout/v1/get_klarna_order_data/wp-json/klarna/checkout/v1/update_order_meta
Shortcode Output
[klarna_checkout]
FAQ

Frequently Asked Questions about Kustom Checkout for WooCommerce