diff --git a/includes/managers/class-fs-checkout-manager.php b/includes/managers/class-fs-checkout-manager.php
index 75ad9d63..359bc25e 100644
--- a/includes/managers/class-fs-checkout-manager.php
+++ b/includes/managers/class-fs-checkout-manager.php
@@ -12,7 +12,36 @@
 
 	class FS_Checkout_Manager {
 
-		# region Singleton
+        /**
+         * Allowlist of query parameters for checkout.
+         */
+        private $_allowed_custom_params = array(
+            // currency
+            'currency'                      => true,
+            'default_currency'              => true,
+            // cart
+            'always_show_renewals_amount'   => true,
+            'annual_discount'               => true,
+            'billing_cycle'                 => true,
+            'billing_cycle_selector'        => true,
+            'bundle_discount'               => true,
+            'maximize_discounts'            => true,
+            'multisite_discount'            => true,
+            'show_inline_currency_selector' => true,
+            'show_monthly'                  => true,
+            // appearance
+            'form_position'                 => true,
+            'is_bundle_collapsed'           => true,
+            'layout'                        => true,
+            'refund_policy_position'        => true,
+            'show_refund_badge'             => true,
+            'show_reviews'                  => true,
+            'show_upsells'                  => true,
+            'title'                         => true,
+        );
+
+
+        # region Singleton
 
 		/**
 		 * @var FS_Checkout_Manager
@@ -153,7 +182,12 @@ public function get_query_params( Freemius $fs, $plugin_id, $plan_id, $licenses
 				( $fs->is_theme() && current_user_can( 'install_themes' ) )
 			);
 
-			return array_merge( $context_params, $_GET, array(
+            $filtered_params = $fs->apply_filters('checkout/parameters', $context_params);
+
+            // Allowlist only allowed query params.
+            $filtered_params = array_intersect_key($filtered_params, $this->_allowed_custom_params);
+
+            return array_merge( $context_params, $filtered_params, $_GET, array(
 				// Current plugin version.
 				'plugin_version' => $fs->get_plugin_version(),
 				'sdk_version'    => WP_FS__SDK_VERSION,
@@ -239,4 +273,4 @@ public function get_pending_activation_url( Freemius $fs, $plugin_id ) {
 		private function get_checkout_redirect_nonce_action( Freemius $fs ) {
 			return $fs->get_unique_affix() . '_checkout_redirect';
 		}
-	}
\ No newline at end of file
+	}
diff --git a/start.php b/start.php
index 7615ebaa..e47e0fa4 100644
--- a/start.php
+++ b/start.php
@@ -15,7 +15,7 @@
 	 *
 	 * @var string
 	 */
-	$this_sdk_version = '2.12.2.3';
+	$this_sdk_version = '2.12.2.4';
 
 	#region SDK Selection Logic --------------------------------------------------------------------
 
@@ -446,6 +446,7 @@ function_exists( 'wp_is_json_request' ) &&
 	 *      fs_plugin_icon_{plugin_slug}
 	 *      fs_show_trial_{plugin_slug}
 	 *      fs_is_pricing_page_visible_{plugin_slug}
+	 *      fs_checkout/parameters_{plugin_slug}
 	 *
 	 * --------------------------------------------------------
 	 *