WP-Safety

CDEKDelivery Security & Risk Analysis

wordpress.org/plugins/cdekdelivery

Integration with CDEK delivery for your WooCommerce store.

2K active installs v4.2.5 PHP 7.4+ WP 6.0+ Updated Nov 24, 2025
deliveryecommerceshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CDEKDelivery Safe to Use in 2026?

Generally Safe

Score 100/100

CDEKDelivery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "cdekdelivery" plugin v4.2.5 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good development practices by employing prepared statements for all SQL queries, a high percentage of properly escaped output, and robust nonce and capability checks. The absence of any recorded vulnerabilities (CVEs) further indicates a mature and secure development process or a lack of discovered weaknesses.

However, a significant concern arises from the presence of seven "dangerous functions," specifically the "assert" function, which can be exploited for code execution if not handled with extreme care. While the current static analysis did not identify any exploitable taint flows, the presence of "assert" itself introduces a potential risk vector that warrants scrutiny. The limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks, is a positive aspect that minimizes direct entry points for attackers.

In conclusion, "cdekdelivery" v4.2.5 is well-positioned from a security perspective due to its adherence to many security best practices and its clean vulnerability history. The primary area for improvement and heightened awareness lies in the identified use of the "assert" function, which, despite not manifesting in immediate vulnerabilities in this analysis, represents a latent risk that could be exploited in conjunction with other unforeseen issues or misconfigurations.

Key Concerns

  • Presence of dangerous function 'assert'
  • 16% of outputs not properly escaped
Vulnerabilities
None known

CDEKDelivery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CDEKDelivery Release Timeline

v4.2.5Current
v4.2.4
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.0.5
v3.22.5
Code Analysis
Analyzed Mar 16, 2026

CDEKDelivery Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
0 prepared
Unescaped Output
16
83 escaped
Nonce Checks
9
Capability Checks
10
File Operations
7
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

assertassert($item instanceof WC_Order_Item_Product);src\Actions\OrderCreateAction.php:314
assertassert($fieldsetInstance instanceof FieldsetContract);src\Helpers\CheckoutHelper.php:102
assertassert($method instanceof WC_Shipping_Rate);src\Helpers\CheckoutHelper.php:148
assertassert($meta instanceof WC_Meta_Data);src\Model\ShippingItem.php:65
assertassert($task instanceof Contracts\TaskContract);src\TaskManager.php:33
assertassert($task instanceof Contracts\TaskContract);src\TaskManager.php:57
assertassert($resp instanceof WP_Error);src\Transport\HttpClient.php:104

Output Escaping

84% escaped99 total outputs
Attack Surface

CDEKDelivery Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 35
actionadmin_enqueue_scriptssrc\Blocks\AdminOrderBox.php:110
actionadd_meta_boxessrc\Blocks\AdminOrderBox.php:142
actionupgrader_process_completesrc\Loader.php:205
actionplugins_loadedsrc\Loader.php:209
filterclearfy_rest_api_white_listsrc\Loader.php:216
filterplugin_row_metasrc\Loader.php:222
actionrest_api_initsrc\Loader.php:224
actionadmin_initsrc\Loader.php:226
actionadmin_initsrc\Loader.php:227
actionadmin_initsrc\Loader.php:228
actionadmin_initsrc\Loader.php:229
filterwoocommerce_hidden_order_itemmetasrc\Loader.php:233
filterwoocommerce_checkout_fieldssrc\Loader.php:234
actionwoocommerce_shipping_methodssrc\Loader.php:235
actionwoocommerce_checkout_processsrc\Loader.php:240
actionwoocommerce_store_api_checkout_update_order_metasrc\Loader.php:241
actionwoocommerce_order_before_calculate_totalssrc\Loader.php:242
actionwoocommerce_after_shipping_ratesrc\Loader.php:244
actionwoocommerce_checkout_create_ordersrc\Loader.php:245
actionwoocommerce_order_status_changedsrc\Loader.php:246
actionwoocommerce_checkout_order_processedsrc\Loader.php:247
actionwoocommerce_store_api_checkout_order_processedsrc\Loader.php:248
actionwoocommerce_blocks_loadedsrc\Loader.php:250
actionwoocommerce_blocks_checkout_block_registrationsrc\Loader.php:252
actionwoocommerce_blocks_loadedsrc\Loader.php:258
actionwoocommerce_store_api_checkout_update_order_from_requestsrc\Loader.php:260
actionwoocommerce_before_calculate_totalssrc\Loader.php:267
actionwoocommerce_before_order_itemmetasrc\Loader.php:269
actionwoocommerce_after_order_itemmetasrc\Loader.php:270
filterwoocommerce_cart_shipping_packagessrc\Loader.php:276
actionbefore_woocommerce_initsrc\Loader.php:287
actionwoocommerce_settings_startsrc\UI\Admin.php:85
actionadmin_noticessrc\UI\AdminNotices.php:48
actionwp_enqueue_scriptssrc\UI\CdekWidget.php:42
actionwp_enqueue_scriptssrc\UI\Frontend.php:31
Maintenance & Trust

CDEKDelivery Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 24, 2025
PHP min version7.4
Downloads26K

Community Trust

Rating44/100
Number of ratings10
Active installs2K
Alternatives

CDEKDelivery Alternatives

Flat Rate per State/Country/Region for WooCommerce

Flat Rate per State/Country/Region for WooCommerce

flat-rate-per-countryregion-for-woocommerce

A
92

This plugin allows you to set a flat delivery rate per States, Countries or World Regions on WooCommerce.

1K No CVEs
Shipping Additional Days for WooCommerce

Shipping Additional Days for WooCommerce

woo-shipping-additional-days

A
85

Allows you to set additional days to your delivery date into Products and Shipping Classes.

200 No CVEs
Armada Delivery For WooCommerce

Armada Delivery For WooCommerce

armada-delivery-for-woocommerce

A
100

A WooCommerce extension that integrates with Armada Delivery service, allowing merchants to easily ship orders, track deliveries, and manage shipping …

0 No CVEs
Lexiata Weight Based Shipping

Lexiata Weight Based Shipping

lexiata-weight-based-shipping

A
100

Flexible WooCommerce shipping plugin that calculates costs by weight, with free-shipping and COD control options.

0 No CVEs
mpaqt for WooCommerce

mpaqt for WooCommerce

mpaqt-for-woocommerce

A
92

mpaqt provides storage and fulfillment solutions for eCommerce merchants.

0 No CVEs
Developer Profile

CDEKDelivery Developer Profile

CDEK Integrator

1 plugin · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CDEKDelivery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cdekdelivery/build/cdek-widget.umd.js/wp-content/plugins/cdekdelivery/build/cdek-checkout-map.js/wp-content/plugins/cdekdelivery/build/cdek-checkout-map.css
Script Paths
/wp-content/plugins/cdekdelivery/build/cdek-widget.umd.js/wp-content/plugins/cdekdelivery/build/cdek-checkout-map.js
Version Parameters
cdekdelivery/build/cdek-checkout-map.js?ver=cdekdelivery/build/cdek-checkout-map.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-noncedata-prefix
JS Globals
cdek
REST Endpoints
/wp-json/cdekdelivery/cb
FAQ

Frequently Asked Questions about CDEKDelivery