Does Cocolis Officiel : Méthodes de livraison pour WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Cocolis Officiel : Méthodes de livraison pour WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cocolis Officiel : Méthodes de livraison pour WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Cocolis Officiel : Méthodes de livraison pour WooCommerce 1.1.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Cocolis Officiel : Méthodes de livraison pour WooCommerce compatible with PHP 5.6.0+?

Cocolis Officiel : Méthodes de livraison pour WooCommerce requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Cocolis Officiel : Méthodes de livraison pour WooCommerce Security & Risk Analysis

wordpress.org/plugins/cocolis

L’extension Cocolis pour WooCommerce offre une livraison économique et écologique, intégrée à votre site pour une meilleure expérience client.

40 active installs v1.1.5 PHP 5.6.0+ WP 4.7+ Updated Dec 23, 2025

cocolisdeliverylivraisonwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cocolis Officiel : Méthodes de livraison pour WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Cocolis Officiel : Méthodes de livraison pour WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "cocolis" plugin version 1.1.5 exhibits a concerning security posture primarily due to a significantly exposed attack surface. All 8 REST API routes lack permission callbacks, making them directly accessible to any user, including unauthenticated ones. This represents a critical weakness as it allows for potential manipulation or unintended execution of plugin functionality by unauthorized actors. While the plugin does not utilize dangerous functions, performs SQL queries using prepared statements, and has no file operations or external HTTP requests, these strengths are overshadowed by the lack of authorization on its primary interaction points. The absence of nonces and capability checks further exacerbates the risk of cross-site request forgery (CSRF) and privilege escalation, especially in conjunction with the unprotected REST API endpoints. The taint analysis revealed two flows with unsanitized paths, which could potentially lead to path traversal vulnerabilities if not properly handled within the application context, although the severity was not classified as critical or high. The lack of any recorded vulnerability history, while positive, does not mitigate the inherent risks identified in the current static analysis. This plugin requires immediate attention to implement proper authentication and authorization mechanisms on its REST API endpoints to secure its functionality.

Key Concerns

REST API routes without permission callbacks
Unsanitized paths in taint flows
Missing nonce checks
Missing capability checks
Low output escaping percentage

Vulnerabilities

None known

Cocolis Officiel : Méthodes de livraison pour WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cocolis Officiel : Méthodes de livraison pour WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

6% escaped16 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

custom_metabox_content (class\wc-cocolis-payment.php:366)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Cocolis Officiel : Méthodes de livraison pour WooCommerce Attack Surface

Entry Points8

Unprotected8

REST API Routes 8

POST/wp-json/cocolis/v1/webhook_offer_acceptedclass\wc-cocolis-webhooks.php:234

POST/wp-json/cocolis/v1/webhook_offer_completedclass\wc-cocolis-webhooks.php:241

POST/wp-json/cocolis/v1/webhook_ride_publishedclass\wc-cocolis-webhooks.php:246

POST/wp-json/cocolis/v1/webhook_offer_cancelledclass\wc-cocolis-webhooks.php:251

POST/wp-json/cocolis/v1/webhook_ride_publishedclass\wc-cocolis-webhooks.php:256

POST/wp-json/cocolis/v1/webhook_pickup_slot_accepted_by_senderclass\wc-cocolis-webhooks.php:261

POST/wp-json/cocolis/v1/webhook_deposit_slot_accepted_by_recipientclass\wc-cocolis-webhooks.php:266

POST/wp-json/cocolis/v1/webhook_ride_availabilities_pendingclass\wc-cocolis-webhooks.php:271

WordPress Hooks 13

filterwoocommerce_checkout_fieldsclass\wc-cocolis-payment.php:11

actionwoocommerce_checkout_update_order_metaclass\wc-cocolis-payment.php:13

actionwoocommerce_after_checkout_validationclass\wc-cocolis-payment.php:15

actionwoocommerce_order_status_processingclass\wc-cocolis-payment.php:17

actionwoocommerce_order_refundedclass\wc-cocolis-payment.php:19

actionadd_meta_boxesclass\wc-cocolis-payment.php:21

actionrest_api_initclass\wc-cocolis-webhooks.php:10

actionadmin_noticeswc-cocolis-shipping.php:90

actioninitwc-cocolis-shipping.php:470

filterwoocommerce_shipping_methodswc-cocolis-shipping.php:472

filterwoocommerce_cart_shipping_method_full_labelwc-cocolis-shipping.php:474

actionactivated_pluginwc-cocolis-shipping.php:476

actionwoocommerce_shipping_initwc-cocolis-shipping.php:478

Maintenance & Trust

Cocolis Officiel : Méthodes de livraison pour WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 23, 2025

PHP min version5.6.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Cocolis Officiel : Méthodes de livraison pour WooCommerce Alternatives

Smart COD for WooCommerce

wc-smart-cod

100

All the COD restrictions and extra fees you'll ever need, in a single plugin.

30K No CVEs

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs

Order Delivery Date for WooCommerce

order-delivery-date-for-woocommerce

Let customers choose delivery dates & times on checkout. Simplify delivery management by blocking holidays & setting max deliveries per day.

10K 4 CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

Developer Profile

Cocolis Officiel : Méthodes de livraison pour WooCommerce Developer Profile

Cocolis

1 plugin · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cocolis Officiel : Méthodes de livraison pour WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cocolis/assets/css/admin-cocolis.css/wp-content/plugins/cocolis/assets/css/shipping-cocolis.css/wp-content/plugins/cocolis/assets/js/admin-cocolis.js/wp-content/plugins/cocolis/assets/js/shipping-cocolis.js

Script Paths

/wp-content/plugins/cocolis/assets/js/admin-cocolis.js/wp-content/plugins/cocolis/assets/js/shipping-cocolis.js

Version Parameters

cocolis/assets/css/admin-cocolis.css?ver=cocolis/assets/css/shipping-cocolis.css?ver=cocolis/assets/js/admin-cocolis.js?ver=cocolis/assets/js/shipping-cocolis.js?ver=

HTML / DOM Fingerprints

CSS Classes

cocolis-admin-notice

HTML Comments

+5 more

Data Attributes

data-noncedata-order-id

JS Globals

cocolis_admin_paramscocolis_shipping_params

REST Endpoints

/wp-json/cocolis/v1/shipping-rates/wp-json/cocolis/v1/orders

FAQ