WP-Safety

Direct Checkout for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-direct-checkout

Formerly "WooCommerce Direct Checkout". This plugin simplifies the entire WooCommerce checkout process to improve your sales rate.

80K active installs v3.6.3 PHP 5.6+ WP 4.7+ Updated Mar 11, 2026
woocommerce-ajaxwoocommerce-ajax-cartwoocommerce-direct-checkoutwoocommerce-one-page-checkoutwoocommerce-quick-buy
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Direct Checkout for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Direct Checkout for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The WooCommerce Direct Checkout plugin version 3.6.3 exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded CVEs and the plugin's minimal attack surface, with no unprotected entry points, are significant positive indicators. Code analysis also reveals a high percentage of properly escaped output and adequate nonce and capability checks, suggesting careful development practices. The plugin also refrains from bundling external libraries, which can sometimes introduce vulnerabilities.

However, a key concern lies in the handling of SQL queries. All two detected SQL queries are performed without using prepared statements. This practice, especially when dealing with user-provided input, creates a significant risk of SQL injection vulnerabilities. While the taint analysis did not reveal any exploitable flows, the raw SQL queries represent a potential weakness that could be exploited if any part of the query logic is ever exposed to unsanitized data. The single external HTTP request, while not inherently a vulnerability, warrants careful review to ensure it is not being used to exfiltrate sensitive data or interact with untrusted endpoints.

Key Concerns

  • SQL queries not using prepared statements
Vulnerabilities
None known

Direct Checkout for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Direct Checkout for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
3
77 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

96% escaped80 total outputs
Attack Surface

Direct Checkout for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
actionwp_default_scriptsjetpack_vendor\automattic\jetpack-assets\actions.php:11
actionplugins_loadedjetpack_vendor\automattic\jetpack-assets\actions.php:12
filterwp_resource_hintsjetpack_vendor\automattic\jetpack-assets\src\class-assets.php:182
actionwp_loadedjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:38
actionenqueue_block_editor_assetsjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:52
actionshutdownjetpack_vendor\automattic\jetpack-status\src\class-errors.php:38
actionwp_network_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:36
actionwp_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:37
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:95
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:104
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-required\src\Load.php:40
filterinstall_plugins_tabsjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:33
actioninstall_plugins_quadlayersjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:34
actionplugins_loadedjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:47
actionadmin_menujetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:50
actionadmin_initjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:55
filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:56
filterself_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:52
filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:53
filterplugin_row_metajetpack_vendor\quadlayers\wp-plugin-table-links\src\Load.php:36
actioninitvendor_packages\wp-notice-plugin-promote.php:4
actioninitvendor_packages\wp-plugin-table-links.php:4
actionwp_loadedwc-direct-checkout.php:22
actionbefore_woocommerce_initwoocommerce-direct-checkout.php:77
actionbefore_woocommerce_initwoocommerce-direct-checkout.php:89
Maintenance & Trust

Direct Checkout for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version5.6
Downloads3.2M

Community Trust

Rating96/100
Number of ratings403
Active installs80K
Alternatives

Direct Checkout for WooCommerce Alternatives

Quick Buy Now Button for WooCommerce

Quick Buy Now Button for WooCommerce

quick-buy-now-button-for-woocommerce

A
100

WooCommerce Buy Now Button makes your customers' checkout process easier and faster.

20K No CVEs
Ajax add to cart for WooCommerce

Ajax add to cart for WooCommerce

woo-ajax-add-to-cart

A
100

Ajax add to cart for WooCommerce products

10K No CVEs
NC Ajax Cart for woocommerce

NC Ajax Cart for woocommerce

nc-ajax-cart-for-woocommerce

A
85

This plugin allows you to add ajax driven drop down cart for your woocommerce store using shortcode [nc_ajax_cart]

30 No CVEs
Ajax instant buy checkout for WooCommerce

Ajax instant buy checkout for WooCommerce

bss-ajax-checkout-instant

A
92

Ajax instant buy checkout for WooCommerce

0 No CVEs
Add to Cart Redirect for WooCommerce

Add to Cart Redirect for WooCommerce

add-to-cart-direct-checkout-for-woocommerce

A
100

Features offered: Add to cart redirect, Quick purchase button, Buy now button, Quick View product, option to change quantity on checkout page.

9K 1 CVE
Developer Profile

Direct Checkout for WooCommerce Developer Profile

quadlayers

17 plugins · 654K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
501 days
View full developer profile
Detection Fingerprints

How We Detect Direct Checkout for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-direct-checkout/assets/css/qlwcdc-checkout.css/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-checkout.js/wp-content/plugins/woocommerce-direct-checkout/assets/css/qlwcdc-quick-buy.css/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-quick-buy.js/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-scripts.js/wp-content/plugins/woocommerce-direct-checkout/assets/js/frontend.js
Script Paths
/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-checkout.js/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-quick-buy.js/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-scripts.js/wp-content/plugins/woocommerce-direct-checkout/assets/js/frontend.js
Version Parameters
/wp-content/plugins/woocommerce-direct-checkout/assets/css/qlwcdc-checkout.css?ver=/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-checkout.js?ver=/wp-content/plugins/woocommerce-direct-checkout/assets/css/qlwcdc-quick-buy.css?ver=/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-quick-buy.js?ver=/wp-content/plugins/woocommerce-direct-checkout/assets/js/qlwcdc-scripts.js?ver=/wp-content/plugins/woocommerce-direct-checkout/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
qlwcdc-checkout-wrapperqlwcdc-quick-buy-buttonqlwcdc-button-style
Data Attributes
data-qlwcdc-iddata-qlwcdc-product-id
JS Globals
qlwcdc_checkout_paramsqlwcdc_quickbuy_params
Shortcode Output
[qlwcdc_buy_now][qlwcdc_add_to_cart]
FAQ

Frequently Asked Questions about Direct Checkout for WooCommerce