Does Simple Cart Fees have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Cart Fees compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Cart Fees 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Cart Fees compatible with PHP 7.4+?

Simple Cart Fees requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Cart Fees updated?

Simple Cart Fees was last updated on Dec 16, 2025. Frequent updates are generally a positive security signal.

What is Simple Cart Fees's security score?

Simple Cart Fees has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Cart Fees Security & Risk Analysis

wordpress.org/plugins/simple-cart-fees

Add extra fees to your WooCommerce checkout. Simple, flexible, and works with both classic and block checkout.

0 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated Dec 16, 2025

cartcheckoutfeessurchargewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Cart Fees Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Cart Fees has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "simple-cart-fees" plugin version 1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the plugin demonstrates good practices in output escaping, with 97% of outputs properly handled, and a low number of flows analyzed with no identified sanitization issues. The presence of nonce and capability checks on its AJAX handlers, despite them being exposed, is a positive indicator.

However, a potential area for concern lies within the attack surface. While all three AJAX handlers are reported as having security checks, the data states that 0 are without auth checks, which implies the remaining 3 *do* have auth checks. The critical point is that the analysis doesn't explicitly state *what* kind of auth checks are in place for these AJAX handlers. If these checks are weak or improperly implemented, it could still leave them vulnerable. The lack of any recorded vulnerabilities in its history is a significant strength, suggesting a history of stable and secure development, or simply that it hasn't been a target or discovered to have flaws yet.

In conclusion, the plugin shows promising security fundamentals. The main weakness is the potential ambiguity around the effectiveness of authentication on its AJAX endpoints. Its clean vulnerability history is a strong positive, but developers should remain vigilant and continue to implement robust security measures, especially concerning input validation and authorization on all entry points.

Key Concerns

Ambiguity on AJAX auth check robustness

Vulnerabilities

None known

Simple Cart Fees Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Cart Fees Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Simple Cart Fees Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

92 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped95 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-frontend> (includes\class-frontend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Cart Fees Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_simpcafe_save_feesincludes\class-admin.php:23

authwp_ajax_simpcafe_toggle_feeincludes\class-frontend.php:29

noprivwp_ajax_simpcafe_toggle_feeincludes\class-frontend.php:30

WordPress Hooks 19

actionadmin_menuincludes\class-admin.php:21

actionadmin_enqueue_scriptsincludes\class-admin.php:22

actionadd_meta_boxesincludes\class-admin.php:24

filtermanage_edit-shop_order_columnsincludes\class-admin.php:25

actionmanage_shop_order_posts_custom_columnincludes\class-admin.php:26

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-admin.php:28

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-admin.php:29

actionwoocommerce_blocks_loadedincludes\class-blocks.php:23

actionwoocommerce_blocks_checkout_block_registrationincludes\class-blocks.php:34

actionwoocommerce_blocks_cart_block_registrationincludes\class-blocks.php:41

actionwoocommerce_cart_calculate_feesincludes\class-frontend.php:26

actionwoocommerce_review_order_before_paymentincludes\class-frontend.php:27

actionwp_enqueue_scriptsincludes\class-frontend.php:28

actionwoocommerce_checkout_create_orderincludes\class-frontend.php:31

actionwoocommerce_email_after_order_tableincludes\class-frontend.php:32

actionwoocommerce_initincludes\class-frontend.php:34

actionbefore_woocommerce_initsimple-cart-fees.php:35

actionadmin_noticessimple-cart-fees.php:80

actionplugins_loadedsimple-cart-fees.php:93

Maintenance & Trust

Simple Cart Fees Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 16, 2025

PHP min version7.4

Downloads99

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Simple Cart Fees Alternatives

Flexible Fees Manager for WooCommerce

flexible-fees-manager-for-woocommerce

100

Add conditional fees to WooCommerce based on cart, products, shipping, payment methods, location, and more — without writing any code.

0 No CVEs

Direct Checkout for WooCommerce

woocommerce-direct-checkout

100

Formerly "WooCommerce Direct Checkout". This plugin simplifies the entire WooCommerce checkout process to improve your sales rate.

80K No CVEs

Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

cart-for-woocommerce

100

FunnelKit Cart adds a beautiful sliding cart to your WooCommerce store. Let the buyers add items, edit quantity and add upsells on the side cart.

30K No CVEs

Disable cart page for WooCommerce

disable-cart-page-for-woocommerce

Disable WooCommerce cart page and force customers to buy single products.

6K No CVEs

Force Authentification Before Checkout for WooCommerce

woo-force-authentification-before-checkout

100

Force customer to log in or register before checkout

6K No CVEs

Developer Profile

Simple Cart Fees Developer Profile

Anxo Sánchez

3 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Cart Fees

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-cart-fees/assets/css/admin.css/wp-content/plugins/simple-cart-fees/assets/js/admin.js

Script Paths

/wp-content/plugins/simple-cart-fees/assets/js/admin.js

Version Parameters

simple-cart-fees/assets/css/admin.css?ver=simple-cart-fees/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

scf-admin-wrapscf-admin-containerscf-noticesscf-fees-formscf-fees-tablescf-col-dragscf-col-namescf-col-price+6 more

Data Attributes

id="scf-fees-form"id="scf-fees-table"id="scf-fees-list"id="scf-notices"id="scf-add-fee"id="scf-save-fees"

JS Globals

simpcafeAdmin

FAQ