Does DeliveryPlus have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DeliveryPlus compatible with WordPress 6.0.11?

According to WordPress.org data, DeliveryPlus 1.7 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is DeliveryPlus compatible with PHP 5.6+?

DeliveryPlus requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DeliveryPlus updated?

DeliveryPlus was last updated on Dec 12, 2024. Frequent updates are generally a positive security signal.

What is DeliveryPlus's security score?

DeliveryPlus has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DeliveryPlus Security & Risk Analysis

wordpress.org/plugins/deliveryplus-by-invisible-dragon

DeliveryPlus provides a delivery option with rate calculation and filter rules. Also integrates with Gravity Forms and Advanced Custom Fields.

10 active installs v1.7 PHP 5.6+ WP 6.0+ Updated Dec 12, 2024

acfadvancedcustomfieldsdeliverygravityformswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DeliveryPlus Safe to Use in 2026?

Generally Safe

Score 92/100

DeliveryPlus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The deliveryplus-by-invisible-dragon plugin, version 1.7, presents a mixed security posture. While it shows strengths in its avoidance of dangerous functions, SQL injection vulnerabilities through prepared statements, and no recorded historical CVEs, significant concerns arise from its attack surface and output escaping. The plugin exposes two AJAX handlers without any authentication checks, creating a direct entry point for unauthorized actions or information disclosure if these handlers perform sensitive operations. Furthermore, a concerning 62% of its output is not properly escaped, posing a high risk of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers exacerbates the risk associated with these unprotected entry points. The lack of historical vulnerabilities might indicate past diligence or simply a lack of exploitation attempts, but the current static analysis reveals clear areas for improvement.

Key Concerns

AJAX handlers without authentication
Unescaped output detected
Missing nonce checks on AJAX handlers

Vulnerabilities

None known

DeliveryPlus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DeliveryPlus Release Timeline

v1.6

v1.5

v1.4

v1.2.2

v1.2.1

v1.2

v1.0

Code Analysis

Analyzed Mar 17, 2026

DeliveryPlus Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped26 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

get_values_ajax (class.DeliveryPlus_Filters.php:94)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

DeliveryPlus Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_deliveryplus_get_conditionsclass.DeliveryPlus_Filters.php:72

authwp_ajax_deliveryplus_get_valuesclass.DeliveryPlus_Filters.php:73

WordPress Hooks 24

filterdeliveryplus_categoriesclass.DeliveryPlus_Filters.php:41

filterwoocommerce_shipping_settingsclass.DeliveryPlus_Filter_Distance.php:11

actionwoocommerce_admin_field_deliveryplus_rateclass.DeliveryPlus_Shipping_Method.php:159

actionwoocommerce_admin_field_deliveryplus_filterclass.DeliveryPlus_Shipping_Method.php:160

actionwoocommerce_after_shipping_rateclass.DeliveryPlus_Shipping_Method.php:162

filterpre_do_shortcode_tagclass.DeliveryPlus_Shipping_Method.php:398

actionplugins_loadedid-delivery.php:18

filterplugin_row_metaid-delivery.php:87

actionwoocommerce_shipping_initid-delivery.php:88

filterwoocommerce_shipping_methodsid-delivery.php:89

actionwoocommerce_before_order_itemmetaid-delivery.php:92

actionwoocommerce_review_order_after_shippingid-delivery.php:95

actionwoocommerce_after_checkout_validationid-delivery.php:96

actionwoocommerce_checkout_update_order_metaid-delivery.php:97

actionwoocommerce_admin_order_data_after_shipping_addressid-delivery.php:98

actionwoocommerce_thankyouid-delivery.php:99

actionadmin_initid-delivery.php:103

filteracf/location/rule_typesid-delivery.php:104

filteracf/location/rule_values/deliveryplusid-delivery.php:105

filteracf/location/rule_match/deliveryplusid-delivery.php:106

actionbefore_woocommerce_initid-delivery.php:110

filtercomments_clausesid-delivery.php:149

filterwoocommerce_new_order_note_dataid-delivery.php:183

filtergform_submit_buttonid-delivery.php:263

Maintenance & Trust

DeliveryPlus Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedDec 12, 2024

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

DeliveryPlus Alternatives

Smart COD for WooCommerce

wc-smart-cod

100

All the COD restrictions and extra fees you'll ever need, in a single plugin.

30K No CVEs

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs

Order Delivery Date for WooCommerce

order-delivery-date-for-woocommerce

Let customers choose delivery dates & times on checkout. Simplify delivery management by blocking holidays & setting max deliveries per day.

10K 5 CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

Developer Profile

DeliveryPlus Developer Profile

invisibledragonltd

2 plugins · 20 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DeliveryPlus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/deliveryplus-by-invisible-dragon/assets/css/deliveryplus.css/wp-content/plugins/deliveryplus-by-invisible-dragon/assets/js/deliveryplus.js

Version Parameters

deliveryplus-by-invisible-dragon/assets/css/deliveryplus.css?ver=deliveryplus-by-invisible-dragon/assets/js/deliveryplus.js?ver=

HTML / DOM Fingerprints

CSS Classes

deliveryplus_shipping_form

Data Attributes

data-gform_iddata-gform_form_id

JS Globals

deliveryplus_shipping

REST Endpoints

/wp-json/deliveryplus/v1/shipping_rates

FAQ