Does Deliverables have any unpatched vulnerabilities?

No. All known vulnerabilities in Deliverables have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Deliverables compatible with WordPress 4.9.29?

According to WordPress.org data, Deliverables 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Deliverables updated?

Deliverables was last updated on Mar 21, 2022. Frequent updates are generally a positive security signal.

What is Deliverables's security score?

Deliverables has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Deliverables Security Review — Score 85/100 (safe)

Safety Verdict

Is Deliverables Safe to Use in 2026?

Generally Safe

Score 85/100

Deliverables has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "deliverables" plugin v1.0 presents a mixed security posture. On the positive side, it has no recorded vulnerabilities, and its code shows good practices such as a high percentage of prepared SQL statements and properly escaped output. The absence of external HTTP requests and dangerous functions is also reassuring. However, significant concerns arise from the static analysis. The plugin exposes a considerable attack surface with 8 AJAX handlers, a concerning 4 of which lack authentication checks. Furthermore, the taint analysis reveals 15 high-severity flows with unsanitized paths, indicating a significant risk of data manipulation or injection vulnerabilities. The plugin also relies on a bundled library, DataTables, which could be a vector for known vulnerabilities if outdated.

While the lack of a vulnerability history is a positive indicator, the presence of high-severity taint flows and unprotected AJAX endpoints suggests a high potential for undiscovered vulnerabilities. The plugin's strength lies in its structured approach to database interactions and output handling. Its weakness is the direct exposure of sensitive functionalities without proper access control and the potential for untrusted input to traverse the application in an unsafe manner. A thorough manual audit is strongly recommended to address the identified taint flow and AJAX endpoint risks.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Bundled library (DataTables)

Vulnerabilities

None known

Deliverables Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Deliverables Code Analysis

Dangerous Functions

0

Raw SQL Queries

13

51 prepared

Unescaped Output

129

352 escaped

Nonce Checks

8

Capability Checks

0

File Operations

1

External Requests

0

Bundled Libraries

1

Bundled Libraries

DataTables

SQL Query Safety

80% prepared64 total queries

Output Escaping

73% escaped481 total outputs

Data Flows

21 unsanitized

Data Flow Analysis

25 flows21 with unsanitized paths

trs_deliverables_custom_table_example_orders_page_handler (order_page.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Deliverables Attack Surface

Entry Points10

Unprotected4

AJAX Handlers 8

noprivwp_ajax_trs_deliverables_save_quotedeliverables.php:45

noprivwp_ajax_trs_deliverables_submit_to_datebasedeliverables.php:47

noprivwp_ajax_trs_deliverables_submit_to_datebase_order_statusdeliverables.php:49

authwp_ajax_trs_deliverables_save_quotedeliverables.php:53

authwp_ajax_trs_deliverables_submit_to_datebasedeliverables.php:55

authwp_ajax_trs_deliverables_submit_to_datebase_order_statusdeliverables.php:57

authwp_ajax_trs_deliverables_generate_pdf_in_admindeliverables.php:59

authwp_ajax_trs_deliverables_generate_pdf_in_admindeliverables.php:61

Shortcodes 2

[trs_deliverables_trs_deliverables_list_form] deliverables.php:43

[collection] trs_deliverables_list.php:243

WordPress Hooks 6

actionadmin_noticesdeliverables.php:20

actionadmin_initdeliverables.php:39

actionwp_enqueue_scriptsdeliverables.php:41

actionwp_headdeliverables.php:51

actionadmin_menudeliverables.php:63

filterwp_mail_content_typedeliverables.php:395

Maintenance & Trust

Deliverables Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 21, 2022

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Deliverables Alternatives

WP Change Email Sender

wp-change-email-sender

A

100

Easily change WordPress default mail sender name and email address

10K 1 CVE

Swift SMTP (formerly Welcome Email Editor)

welcome-email-editor

A

99

Swift SMTP is a free & simple SMTP Plugin for WordPress.

8K 2 CVEs

MailHawk — Simple SMTP, Email Delivery, and Email Logging

mailhawk

A

95

An easier SMTP service for WordPress. Improve your WordPress email deliverability!

400 1 CVE

Automatic Email Testing for WP

automatic-email-testing-for-wp

A

100

[UPDATED!] Automatic Email Testing for WP plugin allows you to set up a system inside wordpress to test your email server every day.

300 No CVEs

WP Feedburner Email Subscriber

wp-feedburner-email-subscriber

A

85

Just use Feedburner Email Subscriber service on your website sitebar widget..

100 No CVEs

Developer Profile

Deliverables Developer Profile

The Right Software

5 plugins · 110 total installs

91

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Deliverables

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/deliverables/css/custom-admin.css/wp-content/plugins/deliverables/js/custom-admin.js/wp-content/plugins/deliverables/js/bootstrap.min.js/wp-content/plugins/deliverables/js/bootstrap-datepicker.min.js/wp-content/plugins/deliverables/js/custom.js/wp-content/plugins/deliverables/css/bootstrap.min.css/wp-content/plugins/deliverables/css/custom.css/wp-content/plugins/deliverables/js/jquery.dataTables.min.js+3 more

Script Paths

js/custom-admin.jsjs/bootstrap.min.jsjs/bootstrap-datepicker.min.jsjs/custom.jsjs/jquery.dataTables.min.jsjs/jquery.accordion.js+1 more

Version Parameters

trs_deliverables_admin_custom_js?ver=trs_deliverables_bootstrape_min_js?ver=trs_deliverables_bootstrape_datepicker_min_js?ver=trs_deliverables_custom_js?ver=trs_deliverables_script_datatable?ver=trs_deliverables_script_accordion?ver=trs_deliverables_script_isotope?ver=

HTML / DOM Fingerprints

CSS Classes

trs_deliverables_custom_table_example_db_versiontrs_deliverables_settings

Data Attributes

data-toggledata-target

JS Globals

trs_deliverables_custom_table_example_db_versiontrs_deliverables_pluginname_ajaxurl

Shortcode Output

[trs_deliverables_trs_deliverables_list_form]

FAQ

Deliverables Security & Risk Analysis

Is Deliverables Safe to Use in 2026?

Generally Safe

Key Concerns

Deliverables Security Vulnerabilities

Deliverables Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Deliverables Attack Surface

AJAX Handlers 8

Shortcodes 2

Deliverables Maintenance & Trust

Maintenance Signals

Community Trust

Deliverables Alternatives

WP Change Email Sender

Swift SMTP (formerly Welcome Email Editor)

MailHawk — Simple SMTP, Email Delivery, and Email Logging

Automatic Email Testing for WP

WP Feedburner Email Subscriber

Deliverables Developer Profile

How We Detect Deliverables

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Deliverables