Does WC Fields Factory have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Fields Factory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Fields Factory compatible with WordPress 6.4.8?

According to WordPress.org data, WC Fields Factory 4.1.8 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is WC Fields Factory updated?

WC Fields Factory was last updated on Aug 12, 2024. Frequent updates are generally a positive security signal.

What is WC Fields Factory's security score?

WC Fields Factory has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Fields Factory Security & Risk Analysis

wordpress.org/plugins/wc-fields-factory

Sell your products with personalised options. Add custom fields to your products, variations, checkout, order and your admin screens.

7K active installs v4.1.8 PHP + WP 3.5+ Updated Aug 12, 2024

custom-admin-fieldscustom-product-fieldscustom-woocommerce-feeoverriding-product-pricewc-fields-factory

A · Safe

CVEs total2

Unpatched0

Last CVEMar 28, 2023

Plugin page Download

Safety Verdict

Is WC Fields Factory Safe to Use in 2026?

Generally Safe

Score 90/100

WC Fields Factory has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 28, 2023Updated 1yr ago

Risk Assessment

The wc-fields-factory plugin v4.1.9 presents a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and output escaping, significant concerns arise from its attack surface and the results of taint analysis. The presence of two AJAX handlers without authentication checks creates a direct entry point for potential attackers. Furthermore, the taint analysis revealing three high-severity flows with unsanitized paths is a critical finding, suggesting potential vulnerabilities that could be exploited if these flows are triggered by malicious input. Although there are no currently unpatched CVEs, the plugin has a history of two high-severity vulnerabilities, both related to SQL injection. This pattern, combined with the taint analysis findings, indicates a recurring susceptibility to injection-style attacks. While the strong adherence to prepared statements and output escaping is commendable, the unprotected AJAX endpoints and the identified high-severity taint flows represent immediate and actionable risks that must be addressed.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
History of high severity SQL injection vulnerabilities
Missing nonce checks on AJAX

Vulnerabilities

WC Fields Factory Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

WF-5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc-wc-fields-factoryhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WC Fields Factory <= 4.1.5 - Authenticated(Subscriber+) SQL Injection

Mar 28, 2023 Patched in 4.1.6 (301d)

CVE-2023-0277high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WC Fields Factory <= 4.1.5 - Authenticated (Administrator+) SQL Injection

Mar 27, 2023 Patched in 4.1.6 (302d)

Code Analysis

Analyzed Mar 16, 2026

WC Fields Factory Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

636 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared12 total queries

Output Escaping

90% escaped706 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

15 flows11 with unsanitized paths

get_config_tab_container (includes\wcff_builder.php:878)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WC Fields Factory Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wcff_ajaxincludes\wcff_ajax.php:15

noprivwp_ajax_wcff_ajaxincludes\wcff_ajax.php:16

WordPress Hooks 93

actionadmin_enqueue_scriptsincludes\wcff_admin_fields.php:65

actionadmin_footerincludes\wcff_admin_fields.php:67

actionsave_postincludes\wcff_admin_fields.php:69

actionedited_product_catincludes\wcff_admin_fields.php:71

actioncreate_product_catincludes\wcff_admin_fields.php:72

actionwoocommerce_product_after_variable_attributesincludes\wcff_admin_fields.php:74

actionwoocommerce_save_product_variationincludes\wcff_admin_fields.php:75

filterwoocommerce_email_order_meta_fieldsincludes\wcff_admin_fields.php:76

filterwoocommerce_product_data_tabsincludes\wcff_admin_fields.php:78

actionwoocommerce_product_data_panelsincludes\wcff_admin_fields.php:79

actionwoocommerce_after_order_detailsincludes\wcff_admin_fields.php:83

actionadmin_initincludes\wcff_checkout_fields.php:21

actionedit_form_after_editorincludes\wcff_checkout_fields.php:22

filterbefore_render_common_metaincludes\wcff_checkout_fields.php:23

filterwoocommerce_admin_billing_fieldsincludes\wcff_checkout_fields.php:25

filterwoocommerce_admin_shipping_fieldsincludes\wcff_checkout_fields.php:26

filterwccpf_fields_factory_supported_fieldsincludes\wcff_checkout_fields.php:29

actionwoocommerce_admin_order_data_after_shipping_addressincludes\wcff_checkout_fields.php:31

filterwoocommerce_checkout_fieldsincludes\wcff_checkout_fields.php:36

filterwoocommerce_form_field_argsincludes\wcff_checkout_fields.php:38

actionwoocommerce_checkout_shippingincludes\wcff_checkout_fields.php:41

actionwoocommerce_after_checkout_validationincludes\wcff_checkout_fields.php:43

actionwoocommerce_order_details_after_customer_detailsincludes\wcff_checkout_fields.php:45

filterwoocommerce_form_field_checkboxincludes\wcff_checkout_fields.php:47

filterwoocommerce_form_field_datepickerincludes\wcff_checkout_fields.php:48

filterwoocommerce_form_field_colorpickerincludes\wcff_checkout_fields.php:49

filterwoocommerce_form_field_radioincludes\wcff_checkout_fields.php:50

filterwoocommerce_form_field_emailincludes\wcff_checkout_fields.php:51

filterwoocommerce_form_field_labelincludes\wcff_checkout_fields.php:52

filterwoocommerce_form_field_numberincludes\wcff_checkout_fields.php:53

filterwoocommerce_form_field_hiddenincludes\wcff_checkout_fields.php:54

filterwoocommerce_form_field_selectincludes\wcff_checkout_fields.php:55

actionwoocommerce_checkout_update_order_metaincludes\wcff_checkout_fields.php:59

filterwoocommerce_order_formatted_billing_addressincludes\wcff_checkout_fields.php:62

filterwoocommerce_order_formatted_shipping_addressincludes\wcff_checkout_fields.php:63

filterwoocommerce_formatted_address_replacementsincludes\wcff_checkout_fields.php:65

filterwoocommerce_email_order_meta_fieldsincludes\wcff_checkout_fields.php:66

actionsave_postincludes\wcff_dao.php:85

actionadmin_noticesincludes\wcff_loader.php:61

actionadmin_initincludes\wcff_options.php:11

filterwoocommerce_order_item_get_formatted_meta_dataincludes\wcff_order_fields.php:26

filterupload_dirincludes\wcff_persister.php:228

actionadmin_head-post.phpincludes\wcff_post_handler.php:16

actionadmin_head-post-new.phpincludes\wcff_post_handler.php:17

actionwcff_admin_headincludes\wcff_post_handler.php:18

filtermanage_edit-wccpf_columnsincludes\wcff_post_handler.php:19

actionmanage_wccpf_posts_custom_columnincludes\wcff_post_handler.php:20

filtermanage_edit-wccaf_columnsincludes\wcff_post_handler.php:21

actionmanage_wccaf_posts_custom_columnincludes\wcff_post_handler.php:22

filtermanage_edit-wccvf_columnsincludes\wcff_post_handler.php:23

actionmanage_wccvf_posts_custom_columnincludes\wcff_post_handler.php:24

actionadmin_head-edit.phpincludes\wcff_post_handler.php:25

actionadmin_enqueue_scriptsincludes\wcff_post_handler.php:26

actionadd_meta_boxesincludes\wcff_post_handler.php:28

actionadd_meta_boxesincludes\wcff_post_handler.php:29

actionadd_meta_boxesincludes\wcff_post_handler.php:30

actionadd_meta_boxesincludes\wcff_post_handler.php:31

actionadd_meta_boxesincludes\wcff_post_handler.php:32

actionadd_meta_boxesincludes\wcff_post_handler.php:33

actionadd_meta_boxesincludes\wcff_post_handler.php:34

filterviews_edit-wccvfincludes\wcff_post_list_table.php:26

actionwp_footerincludes\wcff_product_fields.php:84

filterwoocommerce_product_tabsincludes\wcff_product_fields.php:96

actionwoocommerce_after_shop_loop_item_titleincludes\wcff_product_fields.php:116

actionwoocommerce_before_add_to_cart_buttonincludes\wcff_product_fields.php:119

filterwoocommerce_add_to_cart_validationincludes\wcff_product_fields.php:127

filterwoocommerce_add_cart_item_dataincludes\wcff_product_fields.php:133

actionwoocommerce_add_to_cartincludes\wcff_product_fields.php:136

filterwoocommerce_cart_item_nameincludes\wcff_product_fields.php:147

filterwoocommerce_checkout_cart_item_quantityincludes\wcff_product_fields.php:148

filterwoocommerce_get_item_dataincludes\wcff_product_fields.php:152

filterwoocommerce_add_cart_itemincludes\wcff_product_fields.php:161

filterwoocommerce_get_cart_item_from_sessionincludes\wcff_product_fields.php:162

actionwoocommerce_cart_calculate_feesincludes\wcff_product_fields.php:165

filtertier_pricing_table/cart/product_cart_priceincludes\wcff_product_fields.php:168

actionwoocommerce_add_order_item_metaincludes\wcff_product_fields.php:175

actionwoocommerce_new_order_itemincludes\wcff_product_fields.php:177

filtercocart_prepare_product_object_v2includes\wcff_product_fields.php:183

filtercocart_prepare_product_objectincludes\wcff_product_fields.php:184

filtercocart_prepare_product_variation_object_v2includes\wcff_product_fields.php:186

filtercocart_prepare_product_variation_objectincludes\wcff_product_fields.php:187

filterwcff_requestincludes\wcff_request.php:16

filterwcff_responseincludes\wcff_response.php:15

actionadmin_menuincludes\wcff_setup.php:22

filterpage_row_actionsincludes\wcff_setup.php:25

actionadmin_action_wcff_clone_groupincludes\wcff_setup.php:26

actionmanage_posts_extra_tablenavincludes\wcff_setup.php:27

filterdisable_months_dropdownincludes\wcff_setup.php:28

filterparse_queryincludes\wcff_setup.php:29

filterthe_postsincludes\wcff_setup.php:30

actionadmin_enqueue_scriptsviews\meta_box_option.php:7

actioninitwcff.php:88

actionbefore_woocommerce_initwcff.php:232

Maintenance & Trust

WC Fields Factory Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedAug 12, 2024

PHP min version

Downloads286K

Community Trust

Rating86/100

Number of ratings168

Active installs7K

Alternatives

WC Fields Factory Alternatives

Luma Product Fields

luma-product-fields

100

Add WooCommerce product fields and product specifications in minutes, with inline editing, clickable values, and searchable specs.

0 No CVEs

Developer Profile

WC Fields Factory Developer Profile

Saravana Kumar K

3 plugins · 7K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

302 days

View full developer profile

Detection Fingerprints

How We Detect WC Fields Factory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-fields-factory/assets/css/frontend.css/wp-content/plugins/wc-fields-factory/assets/css/admin.css/wp-content/plugins/wc-fields-factory/assets/js/frontend.js/wp-content/plugins/wc-fields-factory/assets/js/admin.js

Script Paths

/wp-content/plugins/wc-fields-factory/assets/js/frontend.js/wp-content/plugins/wc-fields-factory/assets/js/admin.js

Version Parameters

wc-fields-factory/assets/css/frontend.css?ver=wc-fields-factory/assets/css/admin.css?ver=wc-fields-factory/assets/js/frontend.js?ver=wc-fields-factory/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcff_frontend_form_wrapperwcff_field_wrapperwcff_admin_form_wrapperwcff-products-page-fields-wrapperwcff-product-variations-fields-wrapper

Data Attributes

data-wcff-field-iddata-wcff-field-typedata-wcff-field-name

JS Globals

wcff_frontend_paramswcff_admin_params

Shortcode Output

[wcff_product_fields][wcff_checkout_fields][wcff_order_fields]

FAQ