[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHka60No-PDfaIHfzi4PVgqSLfqGi5N61mPwlV_PkBeI":3,"$fyzzU6wmgj5aQuf4E1FsX1IXEfdj97hhRrKeX2GPiIy8":567,"$ftrTTcLg8FG5vnYb4gfBK93wkjmDry8pUH6dVxMJqLMQ":571},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":52,"crawl_stats":39,"alternatives":58,"analysis":59,"fingerprints":515},"check-pincode-for-woocommerce","Check Pincode For WooCommerce","1.0","silverplugins217","https:\u002F\u002Fprofiles.wordpress.org\u002Fsilverplugins217\u002F","\u003Cp>\u003Cstrong>Check Pincode For WooCommerce\u003C\u002Fstrong> adds a delivery availability checker directly to your WooCommerce product pages. Before placing an order, customers simply type their pincode (zip code \u002F postal code) and instantly see whether delivery is available in their area, when their order will arrive, and whether Cash on Delivery is offered at their location.\u003C\u002Fp>\n\u003Cp>Stop losing customers who abandon their cart because they were unsure about delivery to their area. Give shoppers the confidence they need at the exact moment they need it — right on the product page.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>📄 \u003Ca href=\"https:\u002F\u002Fwww.plugin999.com\u002Fdocs\u002Fcheck-pincode-for-woocommerce\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | 🛒 \u003Ca href=\"https:\u002F\u002Fplugin999.com\u002Fdemo\u002Fcheck-pincode-for-woocommerce\u002Fproduct\u002Fsingle\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | 🛍 \u003Ca href=\"https:\u002F\u002Fwww.plugin999.com\u002Fplugin\u002Fcheck-pincode-for-woocommerce-2\u002F\" rel=\"nofollow ugc\">Get Pro\u003C\u002Fa> | 💬 \u003Ca href=\"https:\u002F\u002Fwww.plugin999.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>💡 WHY YOUR STORE NEEDS THIS PLUGIN\u003C\u002Fh3>\n\u003Cp>Customers in South Asia, Southeast Asia, and many other markets expect to verify delivery serviceability before committing to a purchase — just like major e-commerce platforms such as Amazon and Flipkart offer. Without this feature, shoppers may assume delivery is unavailable and leave without buying.\u003C\u002Fp>\n\u003Cp>**Check Pincode For WooCommerce ** fills that gap by letting you define exactly which pincodes you serve, how many days delivery takes, what the shipping amount is, and whether Cash on Delivery is available — all manageable from a single, modern admin panel.\u003C\u002Fp>\n\u003Ch3>🔑 KEY FEATURES\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Pincode Database Management\u003C\u002Fstrong>\u003Cbr \u002F>\n* Add individual pincodes manually with city, state, delivery days, shipping amount, and COD status\u003Cbr \u002F>\n* \u003Cstrong>Bulk import\u003C\u002Fstrong> an unlimited number of pincodes at once via CSV file upload\u003Cbr \u002F>\n* Download a ready-to-use \u003Cstrong>sample CSV template\u003C\u002Fstrong> to get started immediately\u003Cbr \u002F>\n* Edit any pincode entry inline without leaving the admin panel\u003Cbr \u002F>\n* Delete a single pincode or wipe the entire list with one click\u003Cbr \u002F>\n* Paginated pincode list with configurable entries per page (5 \u002F 10 \u002F 20 \u002F 50 \u002F 100)\u003Cbr \u002F>\n* Dashboard stat cards showing total pincodes, COD-enabled count, and total pages at a glance\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Product Page Pincode Widget\u003C\u002Fstrong>\u003Cbr \u002F>\n* Displays a clean pincode input box on the WooCommerce single product page\u003Cbr \u002F>\n* Shows \u003Cstrong>estimated delivery date\u003C\u002Fstrong> calculated from the delivery days value in your database\u003Cbr \u002F>\n* Shows \u003Cstrong>Cash on Delivery available \u002F not available\u003C\u002Fstrong> status per pincode\u003Cbr \u002F>\n* Displays the matched \u003Cstrong>city and state name\u003C\u002Fstrong> for the entered pincode\u003Cbr \u002F>\n* Remembers the customer’s pincode via cookie so they don’t have to re-enter it\u003Cbr \u002F>\n* “Change” button lets customers update their pincode without a page reload\u003Cbr \u002F>\n* Hide the Add to Cart \u002F Place Order button if the entered pincode is not serviceable\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pincode Popup\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional popup that prompts visitors to enter their pincode when they land on a page\u003Cbr \u002F>\n* Force popup display to ensure every visitor checks delivery availability\u003Cbr \u002F>\n* Exclude specific pages from triggering the popup\u003Cbr \u002F>\n* Fully customisable popup text, placeholder, submit button, and availability message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two Frontend Layouts\u003C\u002Fstrong>\u003Cbr \u002F>\n* Layout 1 — compact inline widget below the product details\u003Cbr \u002F>\n* Layout 2 — alternative display style for different theme setups\u003Cbr \u002F>\n* Choose the position on the product page: before or after the Add to Cart button\u003Cbr \u002F>\n* Place the widget anywhere using the shortcode \u003Ccode>[cpiw-pincode-checker]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Complete Colour Customisation\u003C\u002Fstrong>\u003Cbr \u002F>\n* Main widget background colour\u003Cbr \u002F>\n* Check availability text colour\u003Cbr \u002F>\n* Delivery message colour and background colour\u003Cbr \u002F>\n* Check \u002F Change button text and background colour\u003Cbr \u002F>\n* Delivery date text colour\u003Cbr \u002F>\n* Cash on Delivery text colour\u003Cbr \u002F>\n* Popup background and text colour\u003Cbr \u002F>\n* Submit button background and text colour\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full Text & Label Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Input field placeholder text\u003Cbr \u002F>\n* “Check Availability” button label\u003Cbr \u002F>\n* Not-serviceable \u002F unavailable message\u003Cbr \u002F>\n* Delivery available confirmation text (supports \u003Ccode>{city_name}\u003C\u002Fcode> and \u003Ccode>{state_name}\u003C\u002Fcode> dynamic placeholders)\u003Cbr \u002F>\n* Delivery date label text\u003Cbr \u002F>\n* COD available and COD not available text\u003Cbr \u002F>\n* Popup info heading, submit button label, input placeholder, availability message, and empty-field error message\u003Cbr \u002F>\n* Customisable delivery date format\u003C\u002Fp>\n\u003Cp>\u003Cstrong>General Settings\u003C\u002Fstrong>\u003Cbr \u002F>\n* Enable or disable the entire plugin without deactivating it\u003Cbr \u002F>\n* Toggle delivery date display on or off\u003Cbr \u002F>\n* Toggle Cash on Delivery indicator on or off\u003Cbr \u002F>\n* Enable or disable the popup independently of the widget\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer & Admin Friendly\u003C\u002Fstrong>\u003Cbr \u002F>\n* React-powered admin UI with tabbed navigation — no page reloads on save\u003Cbr \u002F>\n* REST API-based CRUD for pincode management (add, get, update, delete, bulk import)\u003Cbr \u002F>\n* Custom database table (\u003Ccode>wp_cpiw_pincode\u003C\u002Fcode>) — no post meta bloat\u003Cbr \u002F>\n* Nonce-verified AJAX for all frontend pincode check requests\u003Cbr \u002F>\n* WPML support for multilingual WooCommerce stores\u003Cbr \u002F>\n* Compatible with all major WooCommerce themes\u003C\u002Fp>\n\u003Ch3>🚀 HOW IT WORKS\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Go to \u003Cstrong>Setting Pincodes\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Use the \u003Cstrong>Add Pincode\u003C\u002Fstrong> tab to add pincodes one by one, or upload a CSV to bulk-import your entire serviceable zone list.\u003C\u002Fli>\n\u003Cli>Configure display options, colours, and text labels in \u003Cstrong>General Settings\u003C\u002Fstrong> and \u003Cstrong>Text & Labels\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>The pincode checker widget appears automatically on your WooCommerce product pages — customers can check serviceability instantly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>📦 CSV IMPORT FORMAT\u003C\u002Fh3>\n\u003Cp>The CSV file must contain the following six columns in order:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Pincode, City, State, Delivery within Days, Shipping Amount, Cash on Delivery\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>Cash on Delivery\u003C\u002Fstrong> column accepts \u003Ccode>1\u003C\u002Fcode> (available) or \u003Ccode>0\u003C\u002Fcode> (not available). A sample CSV file is available to download directly from the Add Pincode tab in the admin panel.\u003C\u002Fp>\n\u003Ch3>📌 SHORTCODE\u003C\u002Fh3>\n\u003Cp>Place the pincode checker widget anywhere on your site — pages, posts, or widget areas:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[cpiw-pincode-checker]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Let WooCommerce shoppers check delivery availability, estimated delivery date, and Cash on Delivery status by entering their pincode \u002F zip code \u002F post …",400,8736,88,5,"2026-04-08T08:55:00.000Z","6.9.4","5.5","7.4",[20,21,22,23,24],"cash-on-delivery-woocommerce","delivery-availability","woocommerce-pincode-checker","woocommerce-postal-code","zip-code-checker","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheck-pincode-for-woocommerce.zip",99,1,0,"2024-12-11 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-54333","check-pincode-for-woocommerce-reflected-cross-site-scripting","Check Pincode For Woocommerce \u003C= 1.1 - Reflected Cross-Site Scripting","The Check Pincode For Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1","1.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-19 16:13:15",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffc060a36-7e51-4868-8179-d75e80cc6528?source=api-prod",9,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":27,"avg_patch_time_days":55,"trust_score":56,"computed_at":57},21,11470,10,93,"2026-05-20T01:15:30.346Z",[],{"attackSurface":60,"codeSignals":165,"taintFlows":187,"riskAssessment":505,"analyzedAt":514},{"hooks":61,"ajaxHandlers":142,"restRoutes":158,"shortcodes":159,"cronEvents":164,"entryPointCount":78,"unprotectedCount":89},[62,68,74,79,83,86,90,94,98,102,106,110,114,118,123,127,131,134,138],{"type":63,"name":64,"callback":65,"priority":55,"file":66,"line":67},"filter","plugin_row_meta","CPIW_support_and_rating_links","check-pincode-in-woocommerce.php",54,{"type":69,"name":70,"callback":71,"file":72,"line":73},"action","admin_menu","CPIW_AdminMenu","main\\backend\\cpiw-backend.php",8,{"type":69,"name":75,"callback":76,"file":77,"line":78},"init","cpiw_InitialSave","main\\backend\\cpiw-comman.php",7,{"type":69,"name":75,"callback":80,"file":81,"line":82},"CPIW_SavePincodeOption","main\\backend\\cpiw-initial.php",243,{"type":69,"name":75,"callback":84,"file":81,"line":85},"cpiw_SaveOption",246,{"type":69,"name":70,"callback":87,"file":88,"line":89},"CPIW_pincode_list","main\\backend\\cpiw-postcode-list.php",6,{"type":69,"name":70,"callback":91,"file":92,"line":93},"CPIW_PincodeAdd","main\\backend\\cpiw-postcode.php",2,{"type":69,"name":75,"callback":95,"file":96,"line":97},"CPIW_enable_disable_plugin","main\\front\\cpiw-front.php",107,{"type":69,"name":99,"callback":100,"file":96,"line":101},"woocommerce_after_add_to_cart_button","CPIW_ZipcodeValidatorAfterAddtoCart",111,{"type":69,"name":75,"callback":103,"file":104,"line":105},"CPIW_enable_disable_shipping_price","main\\front\\cpiw-pincode-cart.php",15,{"type":69,"name":107,"callback":108,"file":104,"line":109},"woocommerce_cart_calculate_fees","CPIW_PincodeWiseAddFee",19,{"type":69,"name":75,"callback":111,"file":112,"line":113},"CPIW_enable_disable_plugin_popup_box","main\\front\\cpiw-pincode-popup.php",52,{"type":69,"name":115,"callback":116,"file":112,"line":117},"wp_footer","cpiw_popup_div_footer",56,{"type":69,"name":119,"callback":120,"file":121,"line":122},"admin_init","CPIW_check_plugin_state","main\\resources\\cpiw-installation-require.php",4,{"type":69,"name":124,"callback":125,"file":121,"line":126},"admin_notices","CPIW_show_notice",12,{"type":69,"name":128,"callback":129,"file":130,"line":122},"plugins_loaded","CPIW_load_textdomain","main\\resources\\cpiw-language.php",{"type":63,"name":132,"callback":133,"priority":55,"file":130,"line":105},"load_textdomain_mofile","CPIW_load_my_own_textdomain",{"type":69,"name":135,"callback":136,"file":137,"line":122},"admin_enqueue_scripts","CPIW_LoadCssAdmin","main\\resources\\cpiw-load-js-css.php",{"type":69,"name":139,"callback":140,"file":137,"line":141},"wp_enqueue_scripts","CPIW_LoadFrontCss",17,[143,147,149,152,154,156],{"action":144,"nopriv":51,"callback":144,"hasNonce":51,"hasCapCheck":51,"file":145,"line":146},"CPIW_CheckPincodeSingleProduct","main\\front\\cpiw-check-pincode.php",92,{"action":144,"nopriv":148,"callback":144,"hasNonce":51,"hasCapCheck":51,"file":145,"line":56},true,{"action":150,"nopriv":51,"callback":150,"hasNonce":51,"hasCapCheck":51,"file":151,"line":109},"CPIW_OnCheckoutPincodeCheck","main\\front\\cpiw-pincode-checkout.php",{"action":150,"nopriv":148,"callback":150,"hasNonce":51,"hasCapCheck":51,"file":151,"line":153},20,{"action":155,"nopriv":51,"callback":155,"hasNonce":51,"hasCapCheck":51,"file":112,"line":13},"CPIW_PopupCheckZipCode",{"action":155,"nopriv":148,"callback":155,"hasNonce":51,"hasCapCheck":51,"file":112,"line":157},89,[],[160],{"tag":161,"callback":162,"file":96,"line":163},"cpiw-pincode-checker","CPIW_pincode_checker_callbackfunc",3,[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":175,"fileOperations":29,"externalRequests":29,"nonceChecks":89,"capabilityChecks":28,"bundledLibraries":186},[],{"prepared":126,"raw":93,"locations":168},[169,172],{"file":88,"line":170,"context":171},118,"$wpdb->get_results() with variable interpolation",{"file":88,"line":173,"context":174},212,"$wpdb->query() with variable interpolation",{"escaped":176,"rawEcho":122,"locations":177},213,[178,180,182,184],{"file":145,"line":157,"context":179},"raw output",{"file":96,"line":181,"context":179},104,{"file":112,"line":183,"context":179},34,{"file":112,"line":185,"context":179},84,[],[188,207,215,226,234,275,294,339,365,377,387,407,423,433,443,453,463,476,487],{"entryPoint":189,"graph":190,"unsanitizedCount":29,"severity":206},"CPIW_PincodeImport (main\\backend\\cpiw-postcode-import.php:2)",{"nodes":191,"edges":204},[192,198],{"id":193,"type":194,"label":195,"file":196,"line":197},"n0","source","$_GET","main\\backend\\cpiw-postcode-import.php",13,{"id":199,"type":200,"label":201,"file":196,"line":202,"wp_function":203},"n1","sink","echo() [XSS]",16,"echo",[205],{"from":193,"to":199,"sanitized":148},"low",{"entryPoint":208,"graph":209,"unsanitizedCount":29,"severity":206},"\u003Ccpiw-postcode-import> (main\\backend\\cpiw-postcode-import.php:0)",{"nodes":210,"edges":213},[211,212],{"id":193,"type":194,"label":195,"file":196,"line":197},{"id":199,"type":200,"label":201,"file":196,"line":202,"wp_function":203},[214],{"from":193,"to":199,"sanitized":148},{"entryPoint":216,"graph":217,"unsanitizedCount":29,"severity":206},"process_bulk_action (main\\backend\\cpiw-postcode-list.php:199)",{"nodes":218,"edges":224},[219,221],{"id":193,"type":194,"label":220,"file":88,"line":176},"$_SERVER['HTTP_REFERER'] (x2)",{"id":199,"type":200,"label":222,"file":88,"line":176,"wp_function":223},"wp_redirect() [Open Redirect]","wp_redirect",[225],{"from":193,"to":199,"sanitized":148},{"entryPoint":227,"graph":228,"unsanitizedCount":29,"severity":206},"\u003Ccpiw-postcode-list> (main\\backend\\cpiw-postcode-list.php:0)",{"nodes":229,"edges":232},[230,231],{"id":193,"type":194,"label":220,"file":88,"line":176},{"id":199,"type":200,"label":222,"file":88,"line":176,"wp_function":223},[233],{"from":193,"to":199,"sanitized":148},{"entryPoint":235,"graph":236,"unsanitizedCount":163,"severity":274},"CPIW_SavePincodeOption (main\\backend\\cpiw-initial.php:17)",{"nodes":237,"edges":268},[238,241,243,246,251,254,259,262,266],{"id":193,"type":194,"label":239,"file":81,"line":240},"$_REQUEST (x3)",33,{"id":199,"type":200,"label":222,"file":81,"line":242,"wp_function":223},66,{"id":244,"type":194,"label":245,"file":81,"line":185},"n2","$_REQUEST",{"id":247,"type":200,"label":248,"file":81,"line":249,"wp_function":250},"n3","get_results() [SQLi]",97,"get_results",{"id":252,"type":194,"label":245,"file":81,"line":253},"n4",229,{"id":255,"type":200,"label":256,"file":81,"line":257,"wp_function":258},"n5","query() [SQLi]",230,"query",{"id":260,"type":194,"label":239,"file":81,"line":261},"n6",46,{"id":263,"type":264,"label":265,"file":81,"line":261},"n7","transform","→ CPIW_CommonQuery()",{"id":267,"type":200,"label":248,"file":81,"line":49,"wp_function":250},"n8",[269,270,271,272,273],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":148},{"from":252,"to":255,"sanitized":148},{"from":260,"to":263,"sanitized":51},{"from":263,"to":267,"sanitized":51},"high",{"entryPoint":276,"graph":277,"unsanitizedCount":163,"severity":274},"\u003Ccpiw-initial> (main\\backend\\cpiw-initial.php:0)",{"nodes":278,"edges":288},[279,280,281,282,283,284,285,286,287],{"id":193,"type":194,"label":239,"file":81,"line":240},{"id":199,"type":200,"label":222,"file":81,"line":242,"wp_function":223},{"id":244,"type":194,"label":245,"file":81,"line":185},{"id":247,"type":200,"label":248,"file":81,"line":249,"wp_function":250},{"id":252,"type":194,"label":245,"file":81,"line":253},{"id":255,"type":200,"label":256,"file":81,"line":257,"wp_function":258},{"id":260,"type":194,"label":239,"file":81,"line":261},{"id":263,"type":264,"label":265,"file":81,"line":261},{"id":267,"type":200,"label":248,"file":81,"line":49,"wp_function":250},[289,290,291,292,293],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":148},{"from":252,"to":255,"sanitized":148},{"from":260,"to":263,"sanitized":51},{"from":263,"to":267,"sanitized":51},{"entryPoint":295,"graph":296,"unsanitizedCount":28,"severity":274},"CPIW_PincodeAddCallback (main\\backend\\cpiw-postcode.php:17)",{"nodes":297,"edges":331},[298,300,302,304,306,309,310,313,314,317,319,323,325,329],{"id":193,"type":194,"label":245,"file":92,"line":299},23,{"id":199,"type":200,"label":248,"file":92,"line":301,"wp_function":250},24,{"id":244,"type":194,"label":303,"file":92,"line":299},"$_REQUEST (x6)",{"id":247,"type":200,"label":201,"file":92,"line":305,"wp_function":203},57,{"id":252,"type":194,"label":307,"file":92,"line":308},"$_GET['cpiwpincode']",150,{"id":255,"type":200,"label":201,"file":92,"line":308,"wp_function":203},{"id":260,"type":194,"label":311,"file":92,"line":312},"$_GET['cpiwstate']",159,{"id":263,"type":200,"label":201,"file":92,"line":312,"wp_function":203},{"id":267,"type":194,"label":315,"file":92,"line":316},"$_GET['cpiwcity']",168,{"id":318,"type":200,"label":201,"file":92,"line":316,"wp_function":203},"n9",{"id":320,"type":194,"label":321,"file":92,"line":322},"n10","$_GET['cpiwshipping']",177,{"id":324,"type":200,"label":201,"file":92,"line":322,"wp_function":203},"n11",{"id":326,"type":194,"label":327,"file":92,"line":328},"n12","$_GET['cpiwddate']",186,{"id":330,"type":200,"label":201,"file":92,"line":328,"wp_function":203},"n13",[332,333,334,335,336,337,338],{"from":193,"to":199,"sanitized":51},{"from":244,"to":247,"sanitized":148},{"from":252,"to":255,"sanitized":148},{"from":260,"to":263,"sanitized":148},{"from":267,"to":318,"sanitized":148},{"from":320,"to":324,"sanitized":148},{"from":326,"to":330,"sanitized":148},{"entryPoint":340,"graph":341,"unsanitizedCount":28,"severity":274},"\u003Ccpiw-postcode> (main\\backend\\cpiw-postcode.php:0)",{"nodes":342,"edges":357},[343,344,345,346,347,348,349,350,351,352,353,354,355,356],{"id":193,"type":194,"label":245,"file":92,"line":299},{"id":199,"type":200,"label":248,"file":92,"line":301,"wp_function":250},{"id":244,"type":194,"label":303,"file":92,"line":299},{"id":247,"type":200,"label":201,"file":92,"line":305,"wp_function":203},{"id":252,"type":194,"label":307,"file":92,"line":308},{"id":255,"type":200,"label":201,"file":92,"line":308,"wp_function":203},{"id":260,"type":194,"label":311,"file":92,"line":312},{"id":263,"type":200,"label":201,"file":92,"line":312,"wp_function":203},{"id":267,"type":194,"label":315,"file":92,"line":316},{"id":318,"type":200,"label":201,"file":92,"line":316,"wp_function":203},{"id":320,"type":194,"label":321,"file":92,"line":322},{"id":324,"type":200,"label":201,"file":92,"line":322,"wp_function":203},{"id":326,"type":194,"label":327,"file":92,"line":328},{"id":330,"type":200,"label":201,"file":92,"line":328,"wp_function":203},[358,359,360,361,362,363,364],{"from":193,"to":199,"sanitized":51},{"from":244,"to":247,"sanitized":148},{"from":252,"to":255,"sanitized":148},{"from":260,"to":263,"sanitized":148},{"from":267,"to":318,"sanitized":148},{"from":320,"to":324,"sanitized":148},{"from":326,"to":330,"sanitized":148},{"entryPoint":366,"graph":367,"unsanitizedCount":28,"severity":274},"CPIW_CheckPincodeSingleProduct (main\\front\\cpiw-check-pincode.php:24)",{"nodes":368,"edges":374},[369,371,373],{"id":193,"type":194,"label":245,"file":145,"line":370},30,{"id":199,"type":264,"label":372,"file":145,"line":370},"→ CPIW_PincodeCheckInDataTable()",{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[375,376],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":378,"graph":379,"unsanitizedCount":28,"severity":274},"\u003Ccpiw-check-pincode> (main\\front\\cpiw-check-pincode.php:0)",{"nodes":380,"edges":384},[381,382,383],{"id":193,"type":194,"label":245,"file":145,"line":370},{"id":199,"type":264,"label":372,"file":145,"line":370},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[385,386],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":388,"graph":389,"unsanitizedCount":93,"severity":274},"CPIW_pincode_checker_callbackfunc (main\\front\\cpiw-front.php:4)",{"nodes":390,"edges":402},[391,393,394,396,398,400,401],{"id":193,"type":194,"label":392,"file":96,"line":153},"$_COOKIE['Cpiw_Pincode']",{"id":199,"type":200,"label":201,"file":96,"line":153,"wp_function":203},{"id":244,"type":194,"label":395,"file":96,"line":183},"$_COOKIE",{"id":247,"type":200,"label":201,"file":96,"line":397,"wp_function":203},70,{"id":252,"type":194,"label":395,"file":96,"line":399},35,{"id":255,"type":264,"label":372,"file":96,"line":399},{"id":260,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[403,404,405,406],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":51},{"from":252,"to":255,"sanitized":51},{"from":255,"to":260,"sanitized":51},{"entryPoint":408,"graph":409,"unsanitizedCount":93,"severity":274},"\u003Ccpiw-front> (main\\front\\cpiw-front.php:0)",{"nodes":410,"edges":418},[411,412,413,414,415,416,417],{"id":193,"type":194,"label":392,"file":96,"line":153},{"id":199,"type":200,"label":201,"file":96,"line":153,"wp_function":203},{"id":244,"type":194,"label":395,"file":96,"line":183},{"id":247,"type":200,"label":201,"file":96,"line":397,"wp_function":203},{"id":252,"type":194,"label":395,"file":96,"line":399},{"id":255,"type":264,"label":372,"file":96,"line":399},{"id":260,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[419,420,421,422],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":51},{"from":252,"to":255,"sanitized":51},{"from":255,"to":260,"sanitized":51},{"entryPoint":424,"graph":425,"unsanitizedCount":28,"severity":274},"CPIW_PincodeWiseAddFee (main\\front\\cpiw-pincode-cart.php:2)",{"nodes":426,"edges":430},[427,428,429],{"id":193,"type":194,"label":395,"file":104,"line":78},{"id":199,"type":264,"label":372,"file":104,"line":78},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[431,432],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":434,"graph":435,"unsanitizedCount":28,"severity":274},"\u003Ccpiw-pincode-cart> (main\\front\\cpiw-pincode-cart.php:0)",{"nodes":436,"edges":440},[437,438,439],{"id":193,"type":194,"label":395,"file":104,"line":78},{"id":199,"type":264,"label":372,"file":104,"line":78},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[441,442],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":444,"graph":445,"unsanitizedCount":28,"severity":274},"CPIW_OnCheckoutPincodeCheck (main\\front\\cpiw-pincode-checkout.php:2)",{"nodes":446,"edges":450},[447,448,449],{"id":193,"type":194,"label":245,"file":151,"line":73},{"id":199,"type":264,"label":372,"file":151,"line":73},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[451,452],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":454,"graph":455,"unsanitizedCount":28,"severity":274},"\u003Ccpiw-pincode-checkout> (main\\front\\cpiw-pincode-checkout.php:0)",{"nodes":456,"edges":460},[457,458,459],{"id":193,"type":194,"label":245,"file":151,"line":73},{"id":199,"type":264,"label":372,"file":151,"line":73},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[461,462],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":464,"graph":465,"unsanitizedCount":28,"severity":274},"cpiw_popup_div_footer (main\\front\\cpiw-pincode-popup.php:2)",{"nodes":466,"edges":472},[467,468,469,470,471],{"id":193,"type":194,"label":395,"file":112,"line":73},{"id":199,"type":200,"label":201,"file":112,"line":370,"wp_function":203},{"id":244,"type":194,"label":395,"file":112,"line":49},{"id":247,"type":264,"label":372,"file":112,"line":49},{"id":252,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[473,474,475],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":51},{"from":247,"to":252,"sanitized":51},{"entryPoint":477,"graph":478,"unsanitizedCount":28,"severity":274},"CPIW_PopupCheckZipCode (main\\front\\cpiw-pincode-popup.php:61)",{"nodes":479,"edges":484},[480,482,483],{"id":193,"type":194,"label":245,"file":112,"line":481},64,{"id":199,"type":264,"label":372,"file":112,"line":481},{"id":244,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[485,486],{"from":193,"to":199,"sanitized":51},{"from":199,"to":244,"sanitized":51},{"entryPoint":488,"graph":489,"unsanitizedCount":93,"severity":274},"\u003Ccpiw-pincode-popup> (main\\front\\cpiw-pincode-popup.php:0)",{"nodes":490,"edges":499},[491,492,493,494,495,496,497,498],{"id":193,"type":194,"label":395,"file":112,"line":73},{"id":199,"type":200,"label":201,"file":112,"line":370,"wp_function":203},{"id":244,"type":194,"label":395,"file":112,"line":49},{"id":247,"type":264,"label":372,"file":112,"line":49},{"id":252,"type":200,"label":248,"file":145,"line":73,"wp_function":250},{"id":255,"type":194,"label":245,"file":112,"line":481},{"id":260,"type":264,"label":372,"file":112,"line":481},{"id":263,"type":200,"label":248,"file":145,"line":73,"wp_function":250},[500,501,502,503,504],{"from":193,"to":199,"sanitized":148},{"from":244,"to":247,"sanitized":51},{"from":247,"to":252,"sanitized":51},{"from":255,"to":260,"sanitized":51},{"from":260,"to":263,"sanitized":51},{"summary":506,"deductions":507},"The 'check-pincode-for-woocommerce' plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, with a high percentage of prepared statements, and a near-perfect output escaping rate, indicating a strong defense against common injection and XSS vulnerabilities at the output stage. The absence of file operations and external HTTP requests also reduces the attack surface in those areas.\n\nHowever, a significant concern lies in its attack surface. With a total of 7 entry points, 6 of which are AJAX handlers, and alarmingly, all 6 of these AJAX handlers lack authentication checks. This presents a substantial risk, as any unauthenticated user can potentially interact with these endpoints. Furthermore, the taint analysis reveals 15 high-severity flows with unsanitized paths, suggesting that input is not being adequately validated or sanitized before being processed in critical operations, even though no critical severity issues were flagged. This combination of an exposed AJAX surface and unsanitized input paths is a clear indicator of potential vulnerabilities.\n\nThe plugin's vulnerability history, while showing no currently unpatched CVEs, does list one past medium-severity CVE related to Cross-site Scripting. The fact that a past XSS vulnerability existed, coupled with the current taint analysis showing high-severity unsanitized paths, suggests a recurring pattern of input validation weaknesses. While the output escaping is generally good, the unsanitized input flow is the primary area of concern. The plugin's strengths in prepared statements and output escaping are commendable, but the lack of authentication on a majority of its entry points and the presence of high-severity unsanitized input flows significantly elevate its risk profile.",[508,510,512],{"reason":509,"points":55},"Unprotected AJAX handlers",{"reason":511,"points":105},"High severity unsanitized input flows",{"reason":513,"points":14},"Past medium severity CVE","2026-03-16T19:48:56.080Z",{"wat":516,"direct":535},{"assetPaths":517,"generatorPatterns":526,"scriptPaths":527,"versionParams":528},[518,519,520,521,522,523,524,525],"\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fback.js","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fcss\u002Fback.css","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fwp_media_uploader.js","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fwp-color-picker-alpha.js","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Ffront.js","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fcss\u002Ffront.css","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fimage\u002Flocation.png","\u002Fwp-content\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fassets\u002Fimage\u002Floading-load.gif",[],[518,520,521,522],[529,530,531,532,533,534],"check-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fback.js?ver=","check-pincode-for-woocommerce\u002Fassets\u002Fcss\u002Fback.css?ver=","check-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fwp_media_uploader.js?ver=","check-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Fwp-color-picker-alpha.js?ver=","check-pincode-for-woocommerce\u002Fassets\u002Fjs\u002Ffront.js?ver=","check-pincode-for-woocommerce\u002Fassets\u002Fcss\u002Ffront.css?ver=",{"cssClasses":536,"htmlComments":547,"htmlAttributes":548,"restEndpoints":562,"jsGlobals":564,"shortcodeOutput":566},[537,538,539,540,541,542,543,544,545,546],"cpiw-modal","cpiw_pincode_popup_class","cpiw_popup_header","cpiw_popup_check_div","popuppincoderesponce","wczp_empty","cpiwc_maindiv_popup","cpiwc_spinner","cpiwopuppinzip","cpiwinzipsubmit",[],[549,550,551,552,553,554,555,556,557,558,559,560,561],"id=\"cpiwModal\"","id=\"cpiw_pincode_popup\"","class=\"cpiw_pincode_popup_class\"","class=\"cpiw-modal\"","class=\"cpiw_popup_header\"","class=\"cpiw_popup_check_div\"","class=\"cpiwopuppinzip\"","class=\"cpiwinzipsubmit\"","class=\"popuppincoderesponce\"","class=\"wczp_empty\"","class=\"cpiwc_maindiv_popup\"","class=\"cpiwc_spinner\"","data-cpiw-popup-enabled",[563],"\u002Fwp-json\u002Fcheck-pincode-for-woocommerce\u002Fv1\u002Fcheck",[565],"CpiwData",[],{"error":148,"url":568,"statusCode":569,"statusMessage":570,"message":570},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcheck-pincode-for-woocommerce\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":29,"versions":572},[]]