WP-Safety

Delyva Security & Risk Analysis

wordpress.org/plugins/delyvax

The official Delyva plugin helps store owners to integrate WooCommerce store with Delyva delivery management platform for seamless service comparison …

200 active installs v1.2.4 PHP 7.4+ WP 6.0+ Updated Mar 25, 2026
courierdeliverydelyvashipping
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Delyva Safe to Use in 2026?

Generally Safe

Score 100/100

Delyva has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The delyvax plugin v1.2.3 presents a mixed security picture. While the absence of known CVEs and a lack of critical or high-severity code signals are positive indicators, the static analysis reveals potential areas of concern. The significant number of unsanitized paths identified in the taint analysis (4 out of 5 flows) is a notable risk, even though no critical or high severity issues were directly flagged. This suggests that user-supplied data might not be adequately validated before being used in file operations or other potentially sensitive contexts. Furthermore, the complete lack of nonce checks and capability checks across all identified entry points (though there are none) could become a significant vulnerability if any new entry points are introduced or if the plugin's functionality expands in the future. The plugin also performs a substantial number of external HTTP requests (10), which could be a vector for supply chain attacks if the external endpoints are compromised or malicious. Overall, while the plugin has a clean vulnerability history and demonstrates good practices in SQL querying and output escaping for the majority of outputs, the identified taint flow issues and the absence of basic security checks like nonces and capability checks on hypothetical entry points warrant caution.

Key Concerns

  • Unsanitized paths in taint analysis
  • No nonce checks found
  • No capability checks found
  • 10 external HTTP requests
  • 30% of output not properly escaped
Vulnerabilities
None known

Delyva Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Delyva Release Timeline

v1.2.4Current
v1.2.3
v1.2.2
v1.2.1
v1.1.60
v1.1.59
v1.1.58
v1.1.57
v1.1.56
Code Analysis
Analyzed Mar 16, 2026

Delyva Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
21
49 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
10
Bundled Libraries
0

Output Escaping

70% escaped70 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
sv_wc_cogs_add_order_profit_column_order_track (functions.php:1186)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Delyva Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 48
actionbefore_woocommerce_initdelyvax.php:47
actionplugins_loadeddelyvax.php:54
actionadmin_noticesdelyvax.php:75
actionwoocommerce_shipping_initdelyvax.php:83
filterwoocommerce_shipping_methodsdelyvax.php:84
filterparse_requestfunctions.php:7
actionwoocommerce_check_cart_itemsfunctions.php:9
actionwoocommerce_checkout_before_customer_detailsfunctions.php:10
actionwoocommerce_payment_completefunctions.php:12
actionwoocommerce_order_status_changedfunctions.php:13
filterwoocommerce_cod_process_payment_order_statusfunctions.php:14
actioninitfunctions.php:16
actioninitfunctions.php:1111
filterwoocommerce_reports_order_statusesfunctions.php:1114
filterwc_order_statusesfunctions.php:1147
filterwoocommerce_account_orders_columnsfunctions.php:1163
filtermanage_edit-shop_order_columnsfunctions.php:1183
filterwoocommerce_shop_order_list_table_columnsfunctions.php:1184
actionmanage_shop_order_posts_custom_columnfunctions.php:1258
actionmanage_woocommerce_page_wc-orders_custom_columnfunctions.php:1259
filterwoocommerce_shipping_fieldsfunctions.php:1262
actionwoocommerce_checkout_processfunctions.php:1302
actionwoocommerce_store_api_checkout_order_processedfunctions.php:1327
actionwoocommerce_after_checkout_validationfunctions.php:1357
filterwoocommerce_admin_order_actionsincludes\delyvax-dokan.php:22
actiondokan_order_listing_header_before_action_columnincludes\delyvax-dokan.php:23
actiondokan_order_listing_row_before_action_fieldincludes\delyvax-dokan.php:24
actionwp_footerincludes\delyvax-dokan.php:25
actioninitincludes\delyvax-dokan.php:27
filterbulk_actions-edit-shop_orderincludes\delyvax-label.php:13
filterbulk_actions-woocommerce_page_wc-ordersincludes\delyvax-label.php:14
filterhandle_bulk_actions-edit-shop_orderincludes\delyvax-label.php:55
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\delyvax-label.php:56
actionadmin_menuincludes\delyvax-label.php:69
actionadmin_noticesincludes\delyvax-label.php:166
filterwoocommerce_settings_tabs_arrayincludes\delyvax-shipping.php:53
filterwcfm_orders_actionsincludes\delyvax-wcfm.php:22
filterwcfmmarketplace_orders_actionsincludes\delyvax-wcfm.php:23
filterwcfm_orders_additional_info_column_labelincludes\delyvax-wcfm.php:26
filterwcfm_orders_additonal_data_hiddenincludes\delyvax-wcfm.php:27
filterwcfm_orders_additonal_dataincludes\delyvax-wcfm.php:28
actioninitincludes\delyvax-wcfm.php:30
actionparse_requestincludes\delyvax-webhook.php:8
actionparse_requestincludes\delyvax-webhook.php:9
filterwoocommerce_settings_api_sanitized_fields_delyvaxincludes\delyvax-webhook.php:11
actionwoocommerce_admin_order_data_after_order_detailsincludes\shipping-widget.php:4
actionwoocommerce_admin_order_data_after_order_detailsincludes\shipping-widget.php:5
actionadd_meta_boxesincludes\shipping-widget.php:10
Maintenance & Trust

Delyva Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 25, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Delyva Alternatives

Delyva

Delyva

delyva-com

A
85

THIS PLUGIN IS NOT ACTIVELY MAINTAINED ANYMORE, please use DelyvaX instead.

10 No CVEs
Local Delivery Drivers for WooCommerce

Local Delivery Drivers for WooCommerce

local-delivery-drivers-for-woocommerce

A
99

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K 1 CVE
[Niewspierana wersja – sprawdź nową] epaka.pl – Integracja z WooCommerce

[Niewspierana wersja – sprawdź nową] epaka.pl – Integracja z WooCommerce

epaka-pl

A
100

Integracja Woocommerce z epaka.pl. Składanie zamówień, generowanie etykiet, tracking przesyłek, mapa puntów odbioru dla klientów sklepu oraz o wiele w …

200 No CVEs
Woot

Woot

woot-ro

A
100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs
Uber Direct Integration

Uber Direct Integration

uber-direct-delivery-integration

A
100

Offer instant or scheduled delivery from your WooCommerce store with real-time quotes and Uber Direct integration

60 No CVEs
Developer Profile

Delyva Developer Profile

delyva

2 plugins · 210 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Delyva

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Delyva