Does CoopCycle have any unpatched vulnerabilities?

No. All known vulnerabilities in CoopCycle have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CoopCycle compatible with WordPress 6.7.5?

According to WordPress.org data, CoopCycle 1.1.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is CoopCycle compatible with PHP 7.4+?

CoopCycle requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CoopCycle updated?

CoopCycle was last updated on Unknown. Frequent updates are generally a positive security signal.

What is CoopCycle's security score?

CoopCycle has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CoopCycle Security & Risk Analysis

wordpress.org/plugins/coopcycle

CoopCycle plugin for WordPress.

10 active installs v1.1.1 PHP 7.4+ WP 6.2+ Updated Unknown

ecommerceshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CoopCycle Safe to Use in 2026?

Generally Safe

Score 100/100

CoopCycle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The Coopcycle plugin v1.1.1 exhibits a concerning security posture, despite some positive indicators. The static analysis reveals a significant concern with its attack surface, specifically one unprotected REST API route. This single unprotected entry point represents a direct pathway for potential attackers to interact with the plugin's functionality without proper authorization, which is a critical oversight.

While the plugin demonstrates good practices in avoiding dangerous functions and using prepared statements for SQL queries, the low percentage of properly escaped output (44%) is a significant weakness. This indicates a risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected through user-provided data that is not adequately sanitized before being displayed. The absence of nonce checks and capability checks on any entry points further exacerbates this risk, leaving the plugin vulnerable to various attacks that rely on unauthenticated or unauthorized actions.

The vulnerability history being completely clear is a positive sign, suggesting that the plugin has not had publicly disclosed vulnerabilities. However, this should not be mistaken for perfect security. The identified weaknesses in the code analysis, particularly the unprotected REST API and insufficient output escaping, represent inherent risks that could be exploited. The plugin's overall security is thus a mixed bag, with strengths in some areas but critical weaknesses in others that demand immediate attention.

Key Concerns

Unprotected REST API route
Low percentage of properly escaped output
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

CoopCycle Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CoopCycle Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

44% escaped18 total outputs

Attack Surface

1 unprotected

CoopCycle Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/coopcycle/v1/shipping-date-optionscoopcycle.php:49

WordPress Hooks 22

actionwoocommerce_store_api_checkout_update_order_from_requestcoopcycle-extend-woo-core.php:34

actionwoocommerce_admin_order_data_after_shipping_addresscoopcycle-extend-woo-core.php:55

actionwoocommerce_order_details_after_customer_addresscoopcycle-extend-woo-core.php:79

actionwoocommerce_email_after_order_tablecoopcycle-extend-woo-core.php:106

actionplugins_loadedcoopcycle.php:22

actioninitcoopcycle.php:26

actionrest_api_initcoopcycle.php:48

actionwoocommerce_blocks_loadedcoopcycle.php:55

actionwoocommerce_blocks_cart_block_registrationcoopcycle.php:63

actionwoocommerce_blocks_checkout_block_registrationcoopcycle.php:69

actionwoocommerce_shipping_initcoopcycle.php:97

filterwoocommerce_shipping_methodscoopcycle.php:104

actionwoocommerce_order_status_changedcoopcycle.php:224

filtermanage_woocommerce_page_wc-orders_columnscustom_colums.php:19

actionmanage_woocommerce_page_wc-orders_custom_columncustom_colums.php:20

actionwoocommerce_review_order_after_shippinglegacy_shortcode.php:68

actionwoocommerce_checkout_processlegacy_shortcode.php:70

actionwoocommerce_checkout_create_orderlegacy_shortcode.php:72

actionwp_enqueue_scriptslegacy_shortcode.php:74

actionadmin_menusrc\CoopCycleSettingsPage.php:17

actionadmin_initsrc\CoopCycleSettingsPage.php:18

actionpre_update_optionsrc\CoopCycleSettingsPage.php:20

Maintenance & Trust

CoopCycle Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedUnknown

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

CoopCycle Alternatives

The Courier Guy Shipping for WooCommerce

the-courier-guy

100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs

AppScenic – Smart AI Dropshipping

appscenic

Expand your store catalogue with no upfront inventory cost. Source high-quality products from verified domestic suppliers and use AI in the process.

2K No CVEs

CDEKDelivery

cdekdelivery

100

Integration with CDEK delivery for your WooCommerce store.

2K No CVEs

DHL eCommerce (Benelux) for WooCommerce

dhlpwc

100

DHL eCommerce (Benelux) presents: The official DHL eCommerce for WooCommerce plugin to automate your e-commerce shipping process.

2K No CVEs

Flat Rate per State/Country/Region for WooCommerce

flat-rate-per-countryregion-for-woocommerce

100

This plugin allows you to set a flat delivery rate per States, Countries or World Regions on WooCommerce.

1K No CVEs

Developer Profile

CoopCycle Developer Profile

alexmex

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CoopCycle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/coopcycle/build/shipping-date-picker/index.js/wp-content/plugins/coopcycle/build/shipping-date-picker/index.asset.php

Script Paths

/wp-content/plugins/coopcycle/coopcycle-blocks-integration.php/wp-content/plugins/coopcycle/coopcycle-extend-store-endpoint.php/wp-content/plugins/coopcycle/coopcycle-extend-woo-core.php/wp-content/plugins/coopcycle/legacy_shortcode.php/wp-content/plugins/coopcycle/custom_colums.php/wp-content/plugins/coopcycle/src/ShippingMethod.php+3 more

Version Parameters

coopcycle/style.css?ver=coopcycle/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

coopcycle-shipping-date-picker

HTML Comments

+3 more

Data Attributes

data-enqueue-shipping-date-picker

JS Globals

coopcycle_shipping_date_picker_params

REST Endpoints

/coopcycle/v1/shipping-date-options

FAQ

CoopCycle Security & Risk Analysis

Is CoopCycle Safe to Use in 2026?

Generally Safe

Key Concerns

CoopCycle Security Vulnerabilities

CoopCycle Code Analysis

Output Escaping

CoopCycle Attack Surface

REST API Routes 1

CoopCycle Maintenance & Trust

Maintenance Signals

Community Trust

CoopCycle Alternatives

The Courier Guy Shipping for WooCommerce

AppScenic – Smart AI Dropshipping

CDEKDelivery

DHL eCommerce (Benelux) for WooCommerce

Flat Rate per State/Country/Region for WooCommerce

CoopCycle Developer Profile

How We Detect CoopCycle

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about CoopCycle