WP-Safety

Multiple Shipping And Billing Address For Woocommerce Security & Risk Analysis

wordpress.org/plugins/different-shipping-and-billing-address-for-woocommerce

Multiple Shipping And Billing Address For Woocommerce make address multiple address on checkout page.

200 active installs v1.6 PHP + WP 5.5+ Updated Feb 6, 2026
billing-shipping-addressbilling-addressdifferent-billing-addressdifferent-shipping-addressshipping-address
93
A · Safe
CVEs total3
Unpatched0
Last CVEMar 28, 2025
Download
Safety Verdict

Is Multiple Shipping And Billing Address For Woocommerce Safe to Use in 2026?

Generally Safe

Score 93/100

Multiple Shipping And Billing Address For Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 28, 2025Updated 1mo ago
Risk Assessment

The plugin "different-shipping-and-billing-address-for-woocommerce" v1.6 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and output escaping, significant concerns arise from its large attack surface and a history of critical vulnerabilities. The presence of 50 AJAX handlers, with a concerning 42 lacking authentication checks, presents a broad entry point for potential exploits. This is further exacerbated by the detection of 4 high-severity taint flows with unsanitized paths, indicating potential for data manipulation or code execution if these flows are triggered by user-controlled input.

The vulnerability history is a major red flag. Having 3 known CVEs, including one critical and two high-severity, suggests a recurring pattern of serious security flaws. The fact that all previously disclosed vulnerabilities are now patched is positive, but the nature of past vulnerabilities (Deserialization of Untrusted Data and SQL Injection) aligns with the code signals (unserialize) and taint analysis findings. This historical context strongly implies that similar weaknesses may still exist or could be reintroduced.

In conclusion, while the plugin benefits from secure SQL practices and diligent output escaping, the substantial unprotected attack surface and the historical prevalence of critical vulnerabilities demand caution. The identified taint flows with unsanitized paths are particularly worrying given the plugin's past issues. Further in-depth code review and dynamic analysis are recommended to fully assess the current risk.

Key Concerns

  • Large attack surface without auth checks
  • High severity taint flows with unsanitized paths
  • Critical vulnerability in history
  • High severity vulnerabilities in history
  • Dangerous function (unserialize) used
  • Low number of capability checks
Vulnerabilities
3

Multiple Shipping And Billing Address For Woocommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
2

3 total CVEs

CVE-2025-31087critical · 9.8Deserialization of Untrusted Data

Multiple Shipping And Billing Address For Woocommerce <= 1.5 - Unauthenticated PHP Object Injection

Mar 28, 2025 Patched in 1.6 (7d)
CVE-2025-26875high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple Shipping And Billing Address For Woocommerce <= 1.3 - Unauthenticated SQL Injection

Mar 3, 2025 Patched in 1.5 (8d)
CVE-2024-56290high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple Shipping And Billing Address For Woocommerce <= 1.2 - Unauthenticated SQL Injection

Jan 3, 2025 Patched in 1.3 (6d)
Code Analysis
Analyzed Mar 16, 2026

Multiple Shipping And Billing Address For Woocommerce Code Analysis

Dangerous Functions
18
Raw SQL Queries
0
42 prepared
Unescaped Output
11
542 escaped
Nonce Checks
17
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$user_data = unserialize($userdata_bil);main\backend\dsabafw-backend.php:534
unserialize$user_data = unserialize($userdata_ship);main\backend\dsabafw-backend.php:577
unserialize$user_data = unserialize($user[0]->userdata);main\backend\dsabafw-backend.php:715
unserialize$user_data = unserialize($user[0]->userdata);main\backend\dsabafw-backend.php:783
unserialize$user_data = unserialize($userdata_bil);main\backend\dsabafw-backend.php:851
unserialize$user_data = unserialize($userdata_bil);main\backend\dsabafw-backend.php:888
unserialize$user_data = unserialize($userdata_bil);main\frontend\dsabafw-front.php:74
unserialize$user_data = unserialize($userdata_bil);main\frontend\dsabafw-front.php:123
unserialize$user_data = unserialize($userdata_bil);main\frontend\dsabafw-front.php:183
unserialize$user_data = unserialize($userdata_ship);main\frontend\dsabafw-front.php:249
unserialize$user_data = unserialize($user[0]->userdata);main\frontend\dsabafw-front.php:363
unserialize$user_data = unserialize($user[0]->userdata);main\frontend\dsabafw-front.php:430
unserialize$user_data = unserialize($user[0]->userdata);main\frontend\dsabafw-front.php:538
unserialize$user_data = unserialize($user[0]->userdata);main\frontend\dsabafw-front.php:558
unserialize$user_data = unserialize($userdata_bil);main\frontend\dsabafw-front.php:588
unserialize$user_data = unserialize($userdata_bil);main\frontend\dsabafw-front.php:617
unserialize$user_data = unserialize($userdata_ship);main\frontend\dsabafw-front.php:677
unserialize$user_data = unserialize($userdata_ship);main\frontend\dsabafw-front.php:703

SQL Query Safety

100% prepared42 total queries

Output Escaping

98% escaped553 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
DSABAFW_save_options (main\backend\dsabafw-backend.php:343)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
42 unprotected

Multiple Shipping And Billing Address For Woocommerce Attack Surface

Entry Points50
Unprotected42

AJAX Handlers 50

noprivwp_ajax_wg_roles_ajaxmain\backend\dsabafw-backend.php:426
authwp_ajax_wg_roles_ajaxmain\backend\dsabafw-backend.php:427
authwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\backend\dsabafw-backend.php:439
noprivwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\backend\dsabafw-backend.php:440
authwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\backend\dsabafw-backend.php:628
noprivwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\backend\dsabafw-backend.php:629
authwp_ajax_productscommentsbilling_adminmain\backend\dsabafw-backend.php:686
noprivwp_ajax_productscommentsbilling_adminmain\backend\dsabafw-backend.php:687
authwp_ajax_productscommentsshipping_adminmain\backend\dsabafw-backend.php:758
noprivwp_ajax_productscommentsshipping_adminmain\backend\dsabafw-backend.php:759
authwp_ajax_productscommentsbillingmain\frontend\dsabafw-ajax.php:33
noprivwp_ajax_productscommentsbillingmain\frontend\dsabafw-ajax.php:34
authwp_ajax_productscommentsshippingmain\frontend\dsabafw-ajax.php:35
noprivwp_ajax_productscommentsshippingmain\frontend\dsabafw-ajax.php:36
authwp_ajax_productscommentsbilling_selectmain\frontend\dsabafw-ajax.php:41
noprivwp_ajax_productscommentsbilling_selectmain\frontend\dsabafw-ajax.php:42
authwp_ajax_productscommentsshipping_selectmain\frontend\dsabafw-ajax.php:43
noprivwp_ajax_productscommentsshipping_selectmain\frontend\dsabafw-ajax.php:44
authwp_ajax_dsabafw_validate_billing_form_fieldsmain\frontend\dsabafw-ajax.php:45
noprivwp_ajax_dsabafw_validate_billing_form_fieldsmain\frontend\dsabafw-ajax.php:46
authwp_ajax_dsabafw_validate_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:47
noprivwp_ajax_dsabafw_validate_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:48
authwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\frontend\dsabafw-ajax.php:49
noprivwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\frontend\dsabafw-ajax.php:50
authwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:51
noprivwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:52
authwp_ajax_dsabafw_default_addressmain\frontend\dsabafw-ajax.php:53
noprivwp_ajax_dsabafw_default_addressmain\frontend\dsabafw-ajax.php:54
authwp_ajax_dsabafw_default_address_shippingmain\frontend\dsabafw-ajax.php:55
noprivwp_ajax_dsabafw_default_address_shippingmain\frontend\dsabafw-ajax.php:56
authwp_ajax_productscommentsbillingmain\frontend\dsabafw-ajax.php:79
noprivwp_ajax_productscommentsbillingmain\frontend\dsabafw-ajax.php:80
authwp_ajax_productscommentsshippingmain\frontend\dsabafw-ajax.php:81
noprivwp_ajax_productscommentsshippingmain\frontend\dsabafw-ajax.php:82
authwp_ajax_productscommentsbilling_selectmain\frontend\dsabafw-ajax.php:96
noprivwp_ajax_productscommentsbilling_selectmain\frontend\dsabafw-ajax.php:97
authwp_ajax_productscommentsshipping_selectmain\frontend\dsabafw-ajax.php:98
noprivwp_ajax_productscommentsshipping_selectmain\frontend\dsabafw-ajax.php:99
authwp_ajax_dsabafw_validate_billing_form_fieldsmain\frontend\dsabafw-ajax.php:100
noprivwp_ajax_dsabafw_validate_billing_form_fieldsmain\frontend\dsabafw-ajax.php:101
authwp_ajax_dsabafw_validate_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:102
noprivwp_ajax_dsabafw_validate_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:103
authwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\frontend\dsabafw-ajax.php:104
noprivwp_ajax_dsabafw_validate_edit_billing_form_fieldsmain\frontend\dsabafw-ajax.php:105
authwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:106
noprivwp_ajax_dsabafw_validate_edit_shipping_form_fieldsmain\frontend\dsabafw-ajax.php:107
authwp_ajax_dsabafw_default_addressmain\frontend\dsabafw-ajax.php:108
noprivwp_ajax_dsabafw_default_addressmain\frontend\dsabafw-ajax.php:109
authwp_ajax_dsabafw_default_address_shippingmain\frontend\dsabafw-ajax.php:110
noprivwp_ajax_dsabafw_default_address_shippingmain\frontend\dsabafw-ajax.php:111
WordPress Hooks 32
filterplugin_row_metadsabafw-multiple-address.php:60
actionadmin_menumain\backend\dsabafw-backend.php:8
actioninitmain\backend\dsabafw-backend.php:342
actionshow_user_profilemain\backend\dsabafw-backend.php:498
actionedit_user_profilemain\backend\dsabafw-backend.php:499
actionadmin_footermain\backend\dsabafw-backend.php:617
actionwoocommerce_admin_order_data_after_billing_addressmain\backend\dsabafw-backend.php:825
actionwoocommerce_admin_order_data_after_shipping_addressmain\backend\dsabafw-backend.php:862
actioninitmain\backend\dsabafw-comman.php:8
actionwoocommerce_blocks_loadedmain\block\block.php:6
actionwoocommerce_blocks_checkout_block_registrationmain\block\block.php:10
actioninitmain\frontend\dsabafw-ajax.php:7
filterwoocommerce_account_menu_itemsmain\frontend\dsabafw-ajax.php:30
actionwoocommerce_account_edit-address_endpointmain\frontend\dsabafw-ajax.php:31
actionwp_footermain\frontend\dsabafw-ajax.php:32
actionwoocommerce_before_checkout_billing_formmain\frontend\dsabafw-ajax.php:38
actionwoocommerce_before_checkout_shipping_formmain\frontend\dsabafw-ajax.php:39
actionwpmain\frontend\dsabafw-ajax.php:58
filterwoocommerce_account_menu_itemsmain\frontend\dsabafw-ajax.php:76
actionwoocommerce_account_edit-address_endpointmain\frontend\dsabafw-ajax.php:77
actionwp_footermain\frontend\dsabafw-ajax.php:78
actionwoocommerce_before_checkout_billing_formmain\frontend\dsabafw-ajax.php:85
actionwoocommerce_after_checkout_billing_formmain\frontend\dsabafw-ajax.php:87
actionwoocommerce_before_checkout_shipping_formmain\frontend\dsabafw-ajax.php:91
actionwoocommerce_after_checkout_shipping_formmain\frontend\dsabafw-ajax.php:93
actionwpmain\frontend\dsabafw-ajax.php:113
actionadmin_initmain\resources\dsabafw-installation-require.php:7
actionadmin_noticesmain\resources\dsabafw-installation-require.php:15
actionplugins_loadedmain\resources\dsabafw-language.php:4
filterload_textdomain_mofilemain\resources\dsabafw-language.php:17
actionadmin_enqueue_scriptsmain\resources\dsabafw-load-js-css.php:7
actionwp_enqueue_scriptsmain\resources\dsabafw-load-js-css.php:28
Maintenance & Trust

Multiple Shipping And Billing Address For Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version
Downloads4K

Community Trust

Rating94/100
Number of ratings7
Active installs200
Alternatives

Multiple Shipping And Billing Address For Woocommerce Alternatives

OBULKiT – Bulk Edit WooCommerce Orders

OBULKiT – Bulk Edit WooCommerce Orders

ithemeland-woo-bulk-orders-editing-lite

A
100

Streamline order management by editing and updating multiple orders simultaneously, ensuring smooth operations.

300 No CVEs
Happy Coders Multi Address for WooCommerce

Happy Coders Multi Address for WooCommerce

happycoders-multiple-addresses

A
100

Allow logged-in WooCommerce customers to manage multiple addresses in an address book and select them easily during checkout.

60 No CVEs
DS Woocommerce Order Email Export

DS Woocommerce Order Email Export

ds-woocommerce-order-email-export

A
85

An essential plugin to export customer's emails and other information from admin panel.

40 No CVEs
Multiple Billing and Shipping Addresses For WooCommerce

Multiple Billing and Shipping Addresses For WooCommerce

multiple-addresses-for-woocommerce

A
92

The plugin lets customers save and select multiple billing/shipping addresses at checkout, speeding up the process and improving the experience.

10 No CVEs
AddWeb Woo Multi-address

AddWeb Woo Multi-address

addweb-woo-multi-address

A
100

Manage and use multiple billing and shipping addresses in WooCommerce — with full support for classic, Elementor, and block-based checkouts.

0 No CVEs
Developer Profile

Multiple Shipping And Billing Address For Woocommerce Developer Profile

silverplugins217

21 plugins · 12K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect Multiple Shipping And Billing Address For Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/assets/css/back_style.css/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/assets/js/back.js/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/assets/css/front_style.css/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/assets/js/front.js
Script Paths
/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/main/block/build/backend.js/wp-content/plugins/different-shipping-and-billing-address-for-woocommerce/main/block/build/frontend.js
Version Parameters
different-shipping-and-billing-address-for-woocommerce/assets/css/back_style.css?ver=different-shipping-and-billing-address-for-woocommerce/assets/js/wp-color-picker-alpha.min.js?ver=different-shipping-and-billing-address-for-woocommerce/assets/js/back.js?ver=different-shipping-and-billing-address-for-woocommerce/assets/css/front_style.css?ver=different-shipping-and-billing-address-for-woocommerce/assets/js/front.js?ver=different-shipping-and-billing-address-for-woocommerce/main/block/build/backend.js?ver=different-shipping-and-billing-address-for-woocommerce/main/block/build/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
dsabafw-billing-choose-address
Data Attributes
data-dsabafw-billing-user-datadata-dsabafw-shipping-user-datadata-max-billing-countdata-max-shipping-countdata-dsabafw-billing-choose-address-txtdata-dsabafw-shipping-choose-address-txt+1 more
JS Globals
DSABAFW_VARSDSABAFWscript_adminDSABAFWscript
FAQ

Frequently Asked Questions about Multiple Shipping And Billing Address For Woocommerce