PLUGIN SECURITY
Is Woocommerce Checkout Manager safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Woocommerce Checkout Manager WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
woocommerce-checkout-manager - Requires PHP: 5.6+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 4.3 [CVE-2019-11807, WooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion, WooCommerce Checkout Manager <= 4.2.6 - Arbitrary File Upload]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 4.2.7 [WordPress WooCommerce Checkout Manager plugin 4.2.6 (latest) - Arbitrary File Upload vulnerability]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 5.5.7 [WordPress Checkout Fields Manager for WooCommerce plugin <= 5.5.6 - Reflected Cross-Site Scripting (XSS) vulnerability]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 5.5.7 [Checkout Fields Manager for WooCommerce <= 5.5.6 - Reflected Cross-Site Scripting]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 5.5.7 [Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting]
+ 3 more known vulnerabilities
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 7.3.1 [CVE-2023-47681, WordPress WooCommerce Checkout Manager Plugin <= 7.3.0 is vulnerable to Broken Access Control, WooCommerce Checkout Manager <= 7.3.0 - Missing Authorization, WooCommerce Checkout Manager < 7.3.1 - Missing Authorization]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 7.8.2 [CVE-2025-12500, Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload]
- Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager] < 7.8.6 [CVE-2025-13930, Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager — 80000+ active installs — max PHP 8.4
- Checkout Field Editor for WooCommerce – Checkout Manager — 20000+ active installs — max PHP 8.4
- Checkout Field Editor (Checkout Page Manager) for WooCommerce — 2000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.