WP-Safety

Courier Address Security & Risk Analysis

wordpress.org/plugins/courier-address

[courier_address] Google address Autocomplete, [courier_distance] Google Map, [courier_result] price from configurable equation.

10 active installs v3.2 PHP + WP 4.0+ Updated Jun 27, 2017
addresscontact-formfieldformgoogle-map
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Courier Address Safe to Use in 2026?

Generally Safe

Score 85/100

Courier Address has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'courier-address' plugin version 3.2 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no known historical CVEs, which suggests a generally well-maintained codebase. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors. However, significant concerns arise from the static analysis. A notable weakness is the lack of proper output escaping, with only 15% of identified outputs being correctly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed to other users. Additionally, while the plugin has no unprotected entry points directly exposed by AJAX handlers or REST API routes, the presence of six shortcodes and a flow with unsanitized paths in the taint analysis warrants attention, as these could still be vectors for manipulation if not handled with care.

Key Concerns

  • Low output escaping percentage
  • Unsanitized path in taint flow
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Courier Address Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Courier Address Release Timeline

v3.2Current
v3.1
v3.0
v2.0
v1.0
Code Analysis
Analyzed Apr 16, 2026

Courier Address Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

15% escaped13 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<courier-address> (courier-address.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Courier Address Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[courier_address] courier-address.php:306
[courier_address*] courier-address.php:307
[courier_distance] courier-address.php:308
[courier_distance*] courier-address.php:309
[courier_result] courier-address.php:310
[courier_result*] courier-address.php:311
WordPress Hooks 10
actionadmin_menucourier-address.php:24
actionadmin_initcourier-address.php:25
actionwp_enqueue_scriptscourier-address.php:275
actionadmin_enqueue_scriptscourier-address.php:280
actioninitcourier-address.php:286
filterwpcf7_validate_courier_addresscourier-address.php:314
filterwpcf7_validate_courier_address*courier-address.php:315
actionplugins_loadedcourier-address.php:317
filterwpcf7_form_elementscourier-address.php:323
actionwpcf7_mail_sentcourier-address.php:642
Maintenance & Trust

Courier Address Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedJun 27, 2017
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Courier Address Alternatives

Map Field for Contact Form 7

Map Field for Contact Form 7

map-field-for-contact-form-7

A
100

Add a Google Maps autocomplete address field with a live interactive map to any Contact Form 7 form. Supports draggable marker, address components, an &hellip;

60 No CVEs
DCO Address Field for Contact Form 7

DCO Address Field for Contact Form 7

dco-address-field-for-contact-form-7

A
85

Adds a autocomplete suggestion address field for Contact Form 7

100 No CVEs
Conditional Fields for Contact Form 7

Conditional Fields for Contact Form 7

cf7-conditional-fields

A
97

Adds conditional logic to Contact Form 7.

100K 4 CVEs
Contact Form 7 – Dynamic Text Extension

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

B
74

Extends Contact Form 7 by adding dynamic form fields that accepts shortcodes to prepopulate form fields with default values and dynamic placeholders.

100K 1 unpatched
Country & Phone Field Contact Form 7

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

A
100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs
Developer Profile

Courier Address Developer Profile

anewholm

3 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Courier Address

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/courier-address/css/courier-address.css/wp-content/plugins/courier-address/js/courier-address.js
Script Paths
/wp-content/plugins/courier-address/js/courier-address.js
Version Parameters
courier-address/css/courier-address.css?ver=courier-address/js/courier-address.js?ver=

HTML / DOM Fingerprints

CSS Classes
courier_address_postcode_groupcourier_address_postcode_group_price
Data Attributes
courier_address_plugin_page
Shortcode Output
[courier_address[courier_distance[courier_result
FAQ

Frequently Asked Questions about Courier Address