WP-Safety

CDI – Collect and Deliver Interface for Woocommerce Security & Risk Analysis

wordpress.org/plugins/collect-and-deliver-interface-for-woocommerce

L’indispensable entre votre site Woocommerce et vos transporteurs de colis

200 active installs v5.5.14 PHP 7.3+ WP 6.2+ Updated Feb 11, 2026
colissimocollectmondialrelayshippingups
98
A · Safe
CVEs total2
Unpatched0
Last CVENov 13, 2024
Download
Safety Verdict

Is CDI – Collect and Deliver Interface for Woocommerce Safe to Use in 2026?

Generally Safe

Score 98/100

CDI – Collect and Deliver Interface for Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 13, 2024Updated 1mo ago
Risk Assessment

This plugin exhibits a concerning security posture due to a significantly exposed attack surface. All 30 identified AJAX handlers lack authentication checks, creating a broad entry point for potential attackers to exploit. The presence of unsanitized paths in taint analysis, even without critical or high severity findings, indicates a potential for vulnerabilities if malicious data is passed through these flows. The use of the `unserialize` function is a known risk, especially when dealing with user-controlled input, as it can lead to remote code execution if not handled with extreme care. The plugin also shows a history of vulnerabilities, including a high severity one related to unrestricted file uploads and cross-site scripting, suggesting recurring issues with input validation and secure handling of uploaded content. While the plugin demonstrates good practices in output escaping and uses prepared statements for a majority of SQL queries, the critical lack of authorization on its AJAX endpoints and the historical vulnerability patterns outweigh these strengths, necessitating immediate attention.

Key Concerns

  • All AJAX handlers lack authentication checks
  • Unsanitized paths in taint flows
  • Use of unserialize function
  • Historical high severity vulnerability (unrestricted upload)
  • Historical medium severity vulnerability (XSS)
  • Low percentage of SQL queries using prepared statements
Vulnerabilities
2

CDI – Collect and Deliver Interface for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-52398high · 7.2Unrestricted Upload of File with Dangerous Type

CDI <= 5.5.3 - Authenticated (Shop Manager+) Arbitrary File Upload

Nov 13, 2024 Patched in 5.5.6 (9d)
CVE-2022-1933medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting

Jun 21, 2022 Patched in 5.1.10 (581d)
Code Analysis
Analyzed Mar 16, 2026

CDI – Collect and Deliver Interface for Woocommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
23
2 prepared
Unescaped Output
55
595 escaped
Nonce Checks
16
Capability Checks
19
File Operations
69
External Requests
19
Bundled Libraries
1

Dangerous Functions Found

unserializereturn (!is_null($s)) ? unserialize($s) : null;includes\CDI-Bibext\nusoap\nusoap.php:8553

Bundled Libraries

TCPDF

SQL Query Safety

8% prepared25 total queries

Output Escaping

92% escaped650 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

24 flows8 with unsanitized paths
cdi_Collect_callback_follow (includes\CDI-Carrier-collect\Collect-Follow.php:43)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
30 unprotected

CDI – Collect and Deliver Interface for Woocommerce Attack Surface

Entry Points30
Unprotected30

AJAX Handlers 30

authwp_ajax_cdi_collect_followincludes\CDI-Carrier-collect\Collect-Follow.php:20
noprivwp_ajax_cdi_collect_followincludes\CDI-Carrier-collect\Collect-Follow.php:21
authwp_ajax_cdi_collect_deliveredincludes\CDI-Carrier-collect\Collect-Follow.php:22
noprivwp_ajax_cdi_collect_deliveredincludes\CDI-Carrier-collect\Collect-Follow.php:23
authwp_ajax_cdi_bremise_open_viewincludes\CDI-Gateway-Bordereaux.php:19
authwp_ajax_cdi_bremise_close_viewincludes\CDI-Gateway-Bordereaux.php:20
authwp_ajax_cdi_bremise_add_selectincludes\CDI-Gateway-Bordereaux.php:21
authwp_ajax_cdi_bremise_clear_selectincludes\CDI-Gateway-Bordereaux.php:22
authwp_ajax_cdi_bcarrier_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:24
authwp_ajax_cdi_btransport_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:26
authwp_ajax_cdi_bpreparation_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:27
authwp_ajax_cdi_blivraison_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:28
authwp_ajax_cdi_bremise_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:29
authwp_ajax_cdi_bbulklabelpdf_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:31
authwp_ajax_cdi_bbulkcn23pdf_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:32
authwp_ajax_cdi_bhistocsv_exec_bordereauincludes\CDI-Gateway-Bordereaux.php:33
authwp_ajax_cdi_debug_open_viewincludes\CDI-Gateway-Debug.php:19
authwp_ajax_cdi_debug_close_viewincludes\CDI-Gateway-Debug.php:20
authwp_ajax_cdi_debug_clear_fileincludes\CDI-Gateway-Debug.php:21
authwp_ajax_cdi_debug_refresh_viewincludes\CDI-Gateway-Debug.php:22
authwp_ajax_cdi_ajax_gatewayincludes\CDI-Gateway.php:26
authwp_ajax_cdi_orderlist_buttonincludes\CDI-Orderlist.php:24
authwp_ajax_set_pickuplocationincludes\CDI-Reference-Livraisons.php:25
noprivwp_ajax_set_pickuplocationincludes\CDI-Reference-Livraisons.php:26
authwp_ajax_set_pickupgooglemapsincludes\CDI-Reference-Livraisons.php:27
noprivwp_ajax_set_pickupgooglemapsincludes\CDI-Reference-Livraisons.php:28
authwp_ajax_woocommerce_review_order_after_cart_contentsincludes\CDI-Reference-Livraisons.php:36
noprivwp_ajax_woocommerce_review_order_after_cart_contentsincludes\CDI-Reference-Livraisons.php:37
authwp_ajax_woocommerce_cart_shipping_method_full_labelincludes\CDI-Shipping.php:36
noprivwp_ajax_woocommerce_cart_shipping_method_full_labelincludes\CDI-Shipping.php:37
WordPress Hooks 149
actionadmin_noticescdi.php:55
actioninitcdi.php:67
actionbefore_woocommerce_initcdi.php:93
filtersafe_style_csscdi.php:159
filterwp_kses_allowed_htmlcdi.php:181
filterjs_escapecdi.php:192
actionadmin_enqueue_scriptscdi.php:202
actionwpmu_new_blogcdi.php:239
actionadmin_initcdi.php:303
filterplugin_row_metacdi.php:317
actionadmin_initcdi.php:338
actionadmin_initcdi.php:402
actionwp_footerexamples\CDI-filters-example.php:18
filtercdi_filterhtml_retrait_selectoptionsexamples\CDI-filters-example.php:28
filtercdi_filterjava_retrait_selectorpickupexamples\CDI-filters-example.php:39
filtercdi_filterarray_retrait_mapparamexamples\CDI-filters-example.php:45
filtercdi_filterhtml_retrait_displayselectedexamples\CDI-filters-example.php:51
filtercdi_filterurl_retrait_iconmarkerexamples\CDI-filters-example.php:60
filtercdi_filterhtml_retrait_descpickupexamples\CDI-filters-example.php:66
filtercdi_filterhtml_retrait_desccustomerexamples\CDI-filters-example.php:72
filtercdi_filterurl_shipping_iconexamples\CDI-filters-example.php:78
filtercdi_filterarray_shipping_rateexamples\CDI-filters-example.php:84
filtercdi_filterarray_shipping_altercartviewexamples\CDI-filters-example.php:99
filtercdi_filterstring_auto_mobilenumberexamples\CDI-filters-example.php:131
filtercdi_filterarray_orderlist_before_metaboxexamples\CDI-filters-example.php:139
filtercdi_filterarray_orderlist_before_metaboxexamples\CDI-filters-example.php:150
filtercdi_filterarray_orderlist_before_metaboxcn23examples\CDI-filters-example.php:169
filtercdi_filterarray_orderlist_before_metaboxcn23artexamples\CDI-filters-example.php:179
filtercdi_filterarray_orderlist_before_metaboxcn23artexamples\CDI-filters-example.php:188
filtercdi_filterstring_retourcolis_eligibleexamples\CDI-filters-example.php:208
filtercdi_filterstring_retourcolis_eligible_forceexamples\CDI-filters-example.php:219
filtercdi_filterstring_orderlist_eligibleexamples\CDI-filters-example.php:230
filtercdi_filterstring_gateway_companyandorderidexamples\CDI-filters-example.php:239
filtercdi_filterstring_gateway_companyandorderidexamples\CDI-filters-example.php:247
filtercdi_filterarray_gateway_sortresultsexamples\CDI-filters-example.php:259
filtercdi_filterstring_gateway_displayorderexamples\CDI-filters-example.php:268
filtercdi_filterjava_retrait_whereselectorpickupexamples\CDI-filters-example.php:275
filtercdi_filterhtml_printlabel_labeldataexamples\CDI-filters-example.php:282
actioncdi_actionorderlist_after_updateorderexamples\CDI-filters-example.php:290
filtercdi_filterarray_itemslist_ordered_shippingpackageexamples\CDI-filters-example.php:300
actioncdi_filterarray_auto_arrayforcarrierexamples\CDI-filters-example.php:320
actioncdi_filterstring_sender_parcel_refexamples\CDI-filters-example.php:330
actioncdi_filterstring_carrier_instructionsexamples\CDI-filters-example.php:342
filtercdi_filterarray_auto_arrayforcarrierexamples\CDI-filters-example.php:349
actioncdi_filterbool_multipackage_rateexamples\CDI-filters-example.php:373
filtercdi_filterhtml_retrait_selectoptionsexamples\CDI-responsivedropdown-example.php:20
filtercdi_notcdi_initexamples\CDI-structure-custom-carrier.php:34
filtercdi_notcdi_build_label_forparcelexamples\CDI-structure-custom-carrier.php:51
filtercdi_notcdi_carrier_update_settingsexamples\CDI-structure-custom-carrier.php:56
filtercdi_notcdi_isit_pickup_authorizedexamples\CDI-structure-custom-carrier.php:57
filtercdi_notcdi_test_carrierexamples\CDI-structure-custom-carrier.php:58
filtercdi_notcdi_get_points_livraisonexamples\CDI-structure-custom-carrier.php:59
filtercdi_notcdi_check_pickup_and_locationexamples\CDI-structure-custom-carrier.php:60
filtercdi_notcdi_text_preceding_trackingcodeexamples\CDI-structure-custom-carrier.php:65
filtercdi_notcdi_url_trackingcodeexamples\CDI-structure-custom-carrier.php:66
filtercdi_notcdi_metabox_initforcarrierexamples\CDI-structure-custom-carrier.php:71
filtercdi_notcdi_metabox_tracking_zoneexamples\CDI-structure-custom-carrier.php:72
filtercdi_notcdi_metabox_parcel_settingsexamples\CDI-structure-custom-carrier.php:73
filtercdi_notcdi_metabox_optional_choicesexamples\CDI-structure-custom-carrier.php:74
filtercdi_notcdi_metabox_shipping_customer_choicesexamples\CDI-structure-custom-carrier.php:75
filtercdi_notcdi_metabox_shipping_cn23examples\CDI-structure-custom-carrier.php:76
filtercdi_notcdi_metabox_parcel_returnexamples\CDI-structure-custom-carrier.php:77
filtercdi_notcdi_metabox_shipping_updatepickupaddressexamples\CDI-structure-custom-carrier.php:78
filtercdi_notcdi_prodlabel_parcelreturnexamples\CDI-structure-custom-carrier.php:83
filtercdi_notcdi_isitopen_parcelreturnexamples\CDI-structure-custom-carrier.php:84
filtercdi_notcdi_isitvalidorder_parcelreturnexamples\CDI-structure-custom-carrier.php:85
filtercdi_notcdi_text_inviteprint_parcelreturnexamples\CDI-structure-custom-carrier.php:86
filtercdi_notcdi_url_carrier_following_parcelreturnexamples\CDI-structure-custom-carrier.php:87
filtercdi_notcdi_whichproducttouse_parcelreturnexamples\CDI-structure-custom-carrier.php:88
filtercdi_notcdi_text_preceding_parcelreturnexamples\CDI-structure-custom-carrier.php:89
filtercdi_notcdi_function_withoutsign_countryexamples\CDI-structure-custom-carrier.php:94
filtercdi_notcdi_whereis_parcelexamples\CDI-structure-custom-carrier.php:95
filtercdi_notcdi_nochoicereturn_countryexamples\CDI-structure-custom-carrier.php:96
filtercdi_notcdi_prod_remise_bordereauexamples\CDI-structure-custom-carrier.php:101
filtercdi_notcdi_prod_remise_formatexamples\CDI-structure-custom-carrier.php:106
actionadmin_initincludes\CDI-Carrier-colissimo\Colissimo-Affranchissement.php:20
actionadmin_enqueue_scriptsincludes\CDI-Carrier-collect\CDI-Collect-Points-Edit.php:19
actionadmin_initincludes\CDI-Carrier-collect\Collect-Affranchissement.php:20
actionadmin_initincludes\CDI-Carrier-mondialrelay\Mondialrelay-Affranchissement.php:27
actionadmin_initincludes\CDI-Carrier-ups\Ups-Affranchissement.php:20
actionwoocommerce_view_orderincludes\CDI-Frontend.php:21
actionwoocommerce_email_before_order_tableincludes\CDI-Frontend.php:23
actionwoocommerce_email_after_order_tableincludes\CDI-Frontend.php:25
filterwoocommerce_checkout_fieldsincludes\CDI-Frontend.php:27
filterwoocommerce_default_address_fieldsincludes\CDI-Frontend.php:28
filterwoocommerce_my_account_my_address_formatted_addressincludes\CDI-Frontend.php:29
filterwoocommerce_cart_shipping_packagesincludes\CDI-Frontend.php:30
filterwoocommerce_formatted_address_replacementsincludes\CDI-Frontend.php:31
filterwoocommerce_localisation_address_formatsincludes\CDI-Frontend.php:32
filterwoocommerce_order_formatted_billing_addressincludes\CDI-Frontend.php:33
filterwoocommerce_order_formatted_shipping_addressincludes\CDI-Frontend.php:34
filterwoocommerce_admin_billing_fieldsincludes\CDI-Frontend.php:35
filterwoocommerce_admin_shipping_fieldsincludes\CDI-Frontend.php:36
filterwoocommerce_get_order_addressincludes\CDI-Frontend.php:37
filterwoocommerce_privacy_export_order_personal_dataincludes\CDI-Frontend.php:38
actionwoocommerce_privacy_remove_order_personal_dataincludes\CDI-Frontend.php:39
actionwoocommerce_countriesincludes\CDI-Frontend.php:40
actionwoocommerce_continentsincludes\CDI-Frontend.php:41
actionwoocommerce_checkout_fieldsincludes\CDI-Frontend.php:42
filtergettextincludes\CDI-Frontend.php:43
actionwp_footerincludes\CDI-Frontend.php:47
actionadmin_noticesincludes\CDI-Function.php:20
actionbefore_delete_postincludes\CDI-Function.php:21
actionadmin_initincludes\CDI-Gateway-Bordereaux.php:35
actionadmin_initincludes\CDI-Gateway-Custom.php:19
actionadmin_initincludes\CDI-Gateway-Manual.php:19
actionadmin_initincludes\CDI-Gateway-Printlabel.php:19
actionadmin_enqueue_scriptsincludes\CDI-Gateway.php:22
actionadmin_menuincludes\CDI-Gateway.php:23
actionadmin_initincludes\CDI-Gateway.php:24
actionadmin_initincludes\CDI-Gateway.php:25
actionadd_meta_boxesincludes\CDI-Metabox-subscription.php:22
actionwoocommerce_process_shop_order_metaincludes\CDI-Metabox-subscription.php:23
actionadd_meta_boxesincludes\CDI-Metabox.php:21
actionwoocommerce_process_shop_order_metaincludes\CDI-Metabox.php:22
actionadmin_footer-edit.phpincludes\CDI-Orderlist-Bulkactions.php:19
filterwoocommerce_bulk_action_idsincludes\CDI-Orderlist-Bulkactions.php:20
actionadmin_enqueue_scriptsincludes\CDI-Orderlist.php:21
filterwoocommerce_admin_order_buyer_nameincludes\CDI-Orderlist.php:22
actionwoocommerce_admin_order_actions_endincludes\CDI-Orderlist.php:23
actionadmin_noticesincludes\CDI-Orderlist.php:25
actionadmin_initincludes\CDI-Orderlist.php:26
actionadmin_initincludes\CDI-Pdf-Workshop.php:31
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:26
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:27
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:28
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:29
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:30
actionadmin_initincludes\CDI-Print-Localpdf-Labelandcn23.php:31
actionwoocommerce_cart_calculate_feesincludes\CDI-Reference-Livraisons.php:21
actionwoocommerce_review_order_after_cart_contentsincludes\CDI-Reference-Livraisons.php:22
filterwoocommerce_checkout_posted_dataincludes\CDI-Reference-Livraisons.php:23
actionwoocommerce_checkout_update_order_metaincludes\CDI-Reference-Livraisons.php:24
actionwp_enqueue_scriptsincludes\CDI-Reference-Livraisons.php:29
actionwp_footerincludes\CDI-Reference-Livraisons.php:30
filterwoocommerce_package_ratesincludes\CDI-Reference-Livraisons.php:31
filtercdi_filterbool_tobeornottobe_shipping_rateincludes\CDI-Reference-Livraisons.php:32
actionwoocommerce_store_api_checkout_order_processedincludes\CDI-Reference-Livraisons.php:38
actionwoocommerce_view_orderincludes\CDI-Retour-Colis.php:20
actioninitincludes\CDI-Retour-Colis.php:21
actionadmin_enqueue_scriptsincludes\CDI-Settings.php:51
filterwoocommerce_settings_tabs_arrayincludes\CDI-Settings.php:52
actionwoocommerce_settings_tabs_cdi_tab_settingsincludes\CDI-Settings.php:53
actionwoocommerce_sections_cdi_tab_settingsincludes\CDI-Settings.php:54
actionwoocommerce_update_options_cdi_tab_settingsincludes\CDI-Settings.php:55
actionwoocommerce_settings_savedincludes\CDI-Settings.php:56
actionwoocommerce_shipping_initincludes\CDI-Shipping.php:30
filterwoocommerce_shipping_methodsincludes\CDI-Shipping.php:31
filterwoocommerce_cart_shipping_method_full_labelincludes\CDI-Shipping.php:32
Maintenance & Trust

CDI – Collect and Deliver Interface for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.3
Downloads19K

Community Trust

Rating100/100
Number of ratings3
Active installs200
Alternatives

CDI – Collect and Deliver Interface for Woocommerce Alternatives

Colissimo Officiel : Méthodes de livraison pour WooCommerce

Colissimo Officiel : Méthodes de livraison pour WooCommerce

colissimo-shipping-methods-for-woocommerce

A
100

Ce plugin permet d'utiliser les méthodes de livraison Colissimo dans WooCommerce

10K No CVEs
Shipping Live Rates and Access Points for UPS for WooCommerce

Shipping Live Rates and Access Points for UPS for WooCommerce

flexible-shipping-ups

A
99

Provide auto-calculated UPS rates and Access Point options. Easy 5-minute setup. Show real prices and nearest pickup points at WooCommerce checkout.

7K 2 CVEs
Shiptastic Integration for DHL

Shiptastic Integration for DHL

shiptastic-integration-for-dhl

A
100

Connect Shiptastic to the DHL API and create DHL labels to shipments and returns.

7K No CVEs
La Poste Pro Expéditions WooCommerce

La Poste Pro Expéditions WooCommerce

la-poste-pro-expeditions-woocommerce

A
100

Manage your ecommerce shipments. No subscription, no hidden fees.

1K No CVEs
TrackingMore Order Tracking for WooCommerce (Free plan available)

TrackingMore Order Tracking for WooCommerce (Free plan available)

trackingmore-woocommerce-tracking

A
85

All in one eCommerce order tracking, tracking page, customer notification and EDD. Support USPS, FedEx, UPS, DHL and 1100 carriers.

800 No CVEs
Developer Profile

CDI – Collect and Deliver Interface for Woocommerce Developer Profile

Halyra

2 plugins · 300 total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
295 days
View full developer profile
Detection Fingerprints

How We Detect CDI – Collect and Deliver Interface for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/collect-and-deliver-interface-for-woocommerce/css/admincdi.css
Version Parameters
collect-and-deliver-interface-for-woocommerce/css/admincdi.css?ver=collect-and-deliver-interface-for-woocommerce/languages/collect-and-deliver-interface-for-woocommerce

HTML / DOM Fingerprints

CSS Classes
noticenotice-erroris-dismissiblenotice-info
HTML Comments
multisite EvENTUELLEMENT A CHANGER A LA PLACE DE L'EXISTANT ? this plugin is network activated - Woo must be network activatedthis plugin is locally activated - Woo can be network or locally activatedthis plugin runs on a single site+16 more
Data Attributes
nameidstylevaluesrctype
FAQ

Frequently Asked Questions about CDI – Collect and Deliver Interface for Woocommerce