Country Code Selector Security & Risk Analysis
wordpress.org/plugins/country-code-selectorCountry Code Selector uses a JavaScript base to allow customers checking out in WooCommerce, Shopp eCommerce, Contact form 7, Gravity form plugins sel …
Is Country Code Selector Safe to Use in 2026?
Generally Safe
Score 92/100Country Code Selector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "country-code-selector" plugin v1.7 exhibits a generally positive security posture, with no recorded vulnerabilities or critical issues identified in static analysis or taint flows. The absence of dangerous functions, SQL injection risks (all queries use prepared statements), file operations, and external HTTP requests is commendable. However, a significant area of concern is the low percentage (27%) of properly escaped output. This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data or dynamic content is not adequately sanitized before being displayed to the user.
The plugin also lacks nonce and capability checks on its entry points, which, although currently a small attack surface (0 entry points found), could become a significant risk if new functionalities are added without proper security measures. The vulnerability history being clean is a positive sign, suggesting responsible development and maintenance. Nevertheless, the unescaped output remains the most prominent weakness, requiring immediate attention to mitigate potential XSS attacks.
Key Concerns
- Low output escaping percentage
- No nonce checks
- No capability checks
Country Code Selector Security Vulnerabilities
Country Code Selector Code Analysis
Output Escaping
Country Code Selector Attack Surface
WordPress Hooks 12
Maintenance & Trust
Country Code Selector Maintenance & Trust
Maintenance Signals
Community Trust
Country Code Selector Alternatives
WP Contact Slider – Contact Form Slider Widget
wp-contact-slider
Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.
Forms: 3rd-Party Integration
forms-3rdparty-integration
Send contact form submissions from other plugins to multiple external services e.g. CRM. Configurable, custom field mapping, pre/post processing.
Autopreenchimento de endereço em formulários
cf7-cep-autofill
Preenchimento automático de campos de endereço baseado no CEP informado.
Forms: 3rd-Party Xml Post
forms-3rd-party-xpost
Converts submission from Forms 3rdparty Integration to xml/json, add headers, or nest fields.
Exact Match Disallowed Comment & Contact Forms
exact-match-disallowed-comment-contact-forms
Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.
Country Code Selector Developer Profile
2 plugins · 3K total installs
How We Detect Country Code Selector
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/country-code-selector/admin/css/country-code-selector-admin.css/wp-content/plugins/country-code-selector/admin/js/country-code-selector-admin.jshttps://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.jshttps://cdn.jsdelivr.net/npm/select2@4.1.0-beta.1/dist/js/select2.min.jshttps://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.jscountry-code-selector/admin/css/country-code-selector-admin.css?ver=country-code-selector/admin/js/country-code-selector-admin.js?ver=