WP-Safety

Controlled COD Restriction Security & Risk Analysis

wordpress.org/plugins/controlled-cod-restriction

A smart WooCommerce plugin that gives you total control over Cash on Delivery (COD) payments — restrict by category, limit by order's total, and more!

0 active installs v1.1.0 PHP 7.4+ WP 5.8+ Updated Dec 23, 2025
category-restrictioncod-blockingcod-restrictionpayment-restrictionwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Controlled COD Restriction Safe to Use in 2026?

Generally Safe

Score 100/100

Controlled COD Restriction has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "controlled-cod-restriction" v1.1.0 plugin exhibits a concerning security posture due to a significant attack surface exposed without proper authentication. While the plugin demonstrates good practices in SQL query handling and largely proper output escaping, the presence of 4 AJAX handlers without any authorization checks presents a critical vulnerability. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure depending on their functionality.

The lack of reported CVEs and past vulnerabilities is a positive indicator, suggesting the developers may have a history of producing relatively secure code. However, this should not overshadow the immediate risks identified in the static analysis. The absence of taint analysis results is neutral, as it doesn't confirm or deny the presence of taint issues but rather indicates no critical flows were detected by the specific tool used.

In conclusion, while the plugin avoids some common pitfalls like raw SQL queries and has good output escaping percentages, the unprotected AJAX endpoints are a major weakness. This plugin requires immediate attention to implement proper authentication and authorization mechanisms for all its AJAX handlers to mitigate the substantial risk of unauthorized access and potential exploitation.

Key Concerns

  • AJAX handlers without auth checks
  • Large attack surface without auth
  • Bundled outdated Freemius library
Vulnerabilities
None known

Controlled COD Restriction Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Controlled COD Restriction Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Controlled COD Restriction Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
32 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

84% escaped38 total outputs
Attack Surface
4 unprotected

Controlled COD Restriction Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_ccodr_remind_latercontrolled-cod-restriction.php:143
authwp_ajax_ccodr_dismiss_review_noticecontrolled-cod-restriction.php:154
authwp_ajax_ccodr_remind_laterinc\class-ccodr-admin-notices.php:75
authwp_ajax_ccodr_dismiss_review_noticeinc\class-ccodr-admin-notices.php:82
WordPress Hooks 15
actionwoocommerce_blocks_loadedcontrolled-cod-restriction.php:67
actionwp_enqueue_scriptscontrolled-cod-restriction.php:73
actionbefore_woocommerce_initcontrolled-cod-restriction.php:85
actionadmin_enqueue_scriptscontrolled-cod-restriction.php:95
actionadmin_noticesinc\class-ccodr-admin-notices.php:9
actionadmin_noticesinc\class-ccodr-admin-notices.php:10
actionadmin_enqueue_scriptsinc\class-ccodr-admin-notices.php:11
actionwoocommerce_blocks_payment_method_type_registrationinc\class-ccodr-blocks-bridge.php:37
filterwoocommerce_payment_gatewaysinc\class-ccodr-gateway.php:3
actionplugins_loadedinc\class-ccodr-gateway.php:10
actionwoocommerce_new_orderinc\class-ccodr-restrictions.php:54
actionadmin_menuinc\class-ccodr-ui.php:7
actionadmin_menuinc\class-ccodr-ui.php:12
actionadmin_post_ccodr_save_settingsinc\class-ccodr-ui.php:13
actionadmin_post_ccodr_send_support_messageinc\class-ccodr-ui.php:296
Maintenance & Trust

Controlled COD Restriction Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 23, 2025
PHP min version7.4
Downloads192

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Controlled COD Restriction Alternatives

H6 Smart Shipping & Payment Control for WooCommerce

H6 Smart Shipping & Payment Control for WooCommerce

h6-smart-shipping-payment-control-for-woocommerce

A
100

Conditionally disable shipping methods and payment gateways based on cart total, weight, country, or user status.

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

A
98

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
Developer Profile

Controlled COD Restriction Developer Profile

Anything Makers

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Controlled COD Restriction

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/controlled-cod-restriction/public/css/ccodr_checkout.css/wp-content/plugins/controlled-cod-restriction/admin/css/ccodr-admin-notice.css/wp-content/plugins/controlled-cod-restriction/admin/css/select2.min.css/wp-content/plugins/controlled-cod-restriction/admin/js/select2.min.js/wp-content/plugins/controlled-cod-restriction/admin/css/ccodr-admin.css/wp-content/plugins/controlled-cod-restriction/admin/js/ccodr-admin.js/wp-content/plugins/controlled-cod-restriction/admin/js/ccodr-admin-notices.js
Script Paths
/wp-content/plugins/controlled-cod-restriction/admin/js/select2.min.js/wp-content/plugins/controlled-cod-restriction/admin/js/ccodr-admin.js/wp-content/plugins/controlled-cod-restriction/admin/js/ccodr-admin-notices.js
Version Parameters
controlled-cod-restriction/public/css/ccodr_checkout.css?ver=controlled-cod-restriction/admin/css/ccodr-admin-notice.css?ver=controlled-cod-restriction/admin/css/select2.min.css?ver=controlled-cod-restriction/admin/js/select2.min.js?ver=controlled-cod-restriction/admin/css/ccodr-admin.css?ver=controlled-cod-restriction/admin/js/ccodr-admin.js?ver=controlled-cod-restriction/admin/js/ccodr-admin-notices.js?ver=

HTML / DOM Fingerprints

CSS Classes
ccodr-review-notice
Data Attributes
data-ccodr-remind-laterdata-ccodr-dismiss
JS Globals
ccodrAdmin
FAQ

Frequently Asked Questions about Controlled COD Restriction