WP-Safety

COD Default Status for WooCommerce Security & Risk Analysis

wordpress.org/plugins/cod-default-status-for-woocommerce

Set default status for Cash on Delivery (COD) orders. Also manage inventory reduction behavior for COD orders.

100 active installs v1.0.1 PHP 5.2+ WP 4.8+ Updated Nov 17, 2019
cash-on-delvierycodorder-statuswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is COD Default Status for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

COD Default Status for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin "cod-default-status-for-woocommerce" v1.0.1 demonstrates a generally strong security posture in its static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface and therefore no immediate points of entry for attackers. The code also shows good practices by not using dangerous functions, performing file operations, or making external HTTP requests. All SQL queries are handled with prepared statements, and there are no known vulnerabilities or CVEs associated with this plugin, suggesting a history of responsible development. However, a significant concern arises from the low percentage of properly escaped output (17%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the user interface. Furthermore, the taint analysis reveals two flows with unsanitized paths, which could potentially lead to vulnerabilities if these paths are user-controlled and not adequately validated or escaped. While the lack of entry points is a positive, the unescaped output and unsanitized paths are critical weaknesses that require immediate attention.

Key Concerns

  • Low percentage of properly escaped output
  • Taint analysis shows unsanitized paths
Vulnerabilities
None known

COD Default Status for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

COD Default Status for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

17% escaped12 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
process_options (admin\class-cod-default-status-for-woocommerce-admin.php:104)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

COD Default Status for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionplugins_loadedincludes\class-cod-default-status-for-woocommerce.php:155
actionwoocommerce_settings_checkoutincludes\class-cod-default-status-for-woocommerce.php:171
actionwoocommerce_update_options_payment_gateways_codincludes\class-cod-default-status-for-woocommerce.php:174
filterwoocommerce_cod_process_payment_order_statusincludes\class-cod-default-status-for-woocommerce.php:177
filterwoocommerce_payment_complete_reduce_order_stockincludes\class-cod-default-status-for-woocommerce.php:180
actionwoocommerce_order_status_changedincludes\class-cod-default-status-for-woocommerce.php:183
Maintenance & Trust

COD Default Status for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedNov 17, 2019
PHP min version5.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

COD Default Status for WooCommerce Alternatives

Order Tracking – WordPress Status Tracking Plugin

Order Tracking – WordPress Status Tracking Plugin

order-tracking

A
98

Order tracking, status and project management plugin. Create tickets and tracking numbers. Send email updates. Works standalone and with WooCommerce.

3K 3 CVEs
YITH WooCommerce Ajax Search

YITH WooCommerce Ajax Search

yith-woocommerce-ajax-search

A
95

YITH WooCommerce Ajax Search allows your users to search products in real time.

40K 4 CVEs
Ultimate FAQ Accordion Plugin

Ultimate FAQ Accordion Plugin

ultimate-faqs

A
89

Full-featured FAQ and accordion plugin with advanced search, simple UI and easy-to-use FAQ blocks and shortcodes.

30K 6 CVEs
Smart COD for WooCommerce

Smart COD for WooCommerce

wc-smart-cod

A
100

All the COD restrictions and extra fees you'll ever need, in a single plugin.

30K No CVEs
Futurio Extra

Futurio Extra

futurio-extra

A
96

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs
Developer Profile

COD Default Status for WooCommerce Developer Profile

woofx

2 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect COD Default Status for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters
cod-default-status-for-woocommerce

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about COD Default Status for WooCommerce