Does Flexible Pickup have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Flexible Pickup compatible with WordPress 4.8.28?

According to WordPress.org data, Flexible Pickup 1.0.3 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

Is Flexible Pickup compatible with PHP 5.6+?

Flexible Pickup requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Flexible Pickup updated?

Flexible Pickup was last updated on Dec 6, 2017. Frequent updates are generally a positive security signal.

What is Flexible Pickup's security score?

Flexible Pickup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flexible Pickup Security & Risk Analysis

wordpress.org/plugins/flexible-pickup

Adds multiple pickup points to shipping in woocommerce

0 active installs v1.0.3 PHP 5.6+ WP 4.5+ Updated Dec 6, 2017

flexible-shippingpickup-pointshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Flexible Pickup Safe to Use in 2026?

Generally Safe

Score 85/100

Flexible Pickup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "flexible-pickup" plugin v1.0.3 exhibits a generally good security posture with several positive indicators. Notably, all identified entry points (AJAX handlers) include authentication checks, and all SQL queries utilize prepared statements, mitigating common injection risks. The plugin also demonstrates a commitment to security with a substantial number of nonce and capability checks in place. However, the static analysis reveals a significant concern regarding output escaping, with only 50% of outputs being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if unsanitized user input is directly rendered in the output. Additionally, the presence of the `unserialize` function, while not directly exploited in the analyzed taint flows, is inherently risky and requires careful handling of serialized data to prevent object injection vulnerabilities. The absence of any recorded vulnerability history is a positive sign, suggesting that past development has likely been secure, but it does not negate the risks identified in the current static analysis. In conclusion, while the plugin has strong foundations in authentication and data sanitization for SQL, the prevalent output escaping issues and the risky `unserialize` function represent notable security weaknesses that warrant attention.

Key Concerns

Output escaping is only 50% proper
Use of dangerous function (unserialize)

Vulnerabilities

None known

Flexible Pickup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Flexible Pickup Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Flexible Pickup Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

134

135 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$fs_method = unserialize( $shipping_method['item_meta']['_fs_method'][0] );classes\class-flexible-pickup.php:200

unserialize$fs_method = unserialize( $shipping_method['item_meta']['_fs_method'][0] );classes\class-flexible-pickup.php:251

unserialize$fs_method = unserialize( $shipping_method['item_meta']['_fs_method'][0] );classes\class-flexible-pickup.php:532

unserialize$fs_method = unserialize( $shipping_method['item_meta']['_fs_method'][0] );classes\class-flexible-pickup.php:562

Output Escaping

50% escaped269 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<class-flexible-pickup> (classes\class-flexible-pickup.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Flexible Pickup Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_flexible_pickupclasses\class-flexible-pickup.php:50

authwp_ajax_flexible_pickup_pointclasses\class-flexible-pickup.php:52

noprivwp_ajax_flexible_pickup_pointclasses\class-flexible-pickup.php:53

authwp_ajax_flexible_pickup_order_pointclasses\class-flexible-pickup.php:55

WordPress Hooks 66

actioninitclasses\class-cpt.php:15

actionadd_meta_boxesclasses\class-cpt.php:19

actionsave_postclasses\class-cpt.php:21

filtermanage_edit-pickup_point_columnsclasses\class-cpt.php:23

actionmanage_pickup_point_posts_custom_columnclasses\class-cpt.php:25

actionpre_get_postsclasses\class-cpt.php:27

filterposts_whereclasses\class-cpt.php:255

actionadmin_menuclasses\class-flexible-pickup.php:19

filterwoocommerce_screen_idsclasses\class-flexible-pickup.php:21

filterwoocommerce_shipping_methodsclasses\class-flexible-pickup.php:23

actionwoocommerce_review_order_after_order_totalclasses\class-flexible-pickup.php:26

actionwoocommerce_review_order_after_shippingclasses\class-flexible-pickup.php:32

actionwoocommerce_checkout_processclasses\class-flexible-pickup.php:38

actionwoocommerce_checkout_update_order_reviewclasses\class-flexible-pickup.php:40

actionadd_meta_boxesclasses\class-flexible-pickup.php:48

actionflexible_shipping_add_shipping_optionsclasses\class-flexible-pickup.php:57

actionadmin_footerclasses\class-flexible-pickup.php:59

actionadmin_noticesclasses\class-flexible-pickup.php:61

actionflexible_shipping_shipping_actions_htmlclasses\class-flexible-printing-integration.php:15

actionflexible_shipping_shipment_status_updatedclasses\class-flexible-printing-integration.php:16

filterflexible_shipping_integration_optionsclasses\class-flexible-shipping-hooks.php:11

filterflexible_shipping_method_settingsclasses\class-flexible-shipping-hooks.php:13

actionflexible_shipping_method_scriptclasses\class-flexible-shipping-hooks.php:15

filterflexible_shipping_process_admin_optionsclasses\class-flexible-shipping-hooks.php:17

filterflexible_shipping_method_integration_colclasses\class-flexible-shipping-hooks.php:19

filterflexible_shipping_method_rate_idclasses\class-flexible-shipping-hooks.php:21

filterflexible_shipping_add_methodclasses\class-flexible-shipping-hooks.php:23

actiontemplate_redirectclasses\class-map-selector.php:15

actioninitclasses\class-tgm-plugin-activation.php:268

filterload_textdomain_mofileclasses\class-tgm-plugin-activation.php:269

actioninitclasses\class-tgm-plugin-activation.php:272

actionadmin_menuclasses\class-tgm-plugin-activation.php:421

actionadmin_headclasses\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionsclasses\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionsclasses\class-tgm-plugin-activation.php:426

actionadmin_noticesclasses\class-tgm-plugin-activation.php:429

actionadmin_initclasses\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptsclasses\class-tgm-plugin-activation.php:431

actionload-plugins.phpclasses\class-tgm-plugin-activation.php:436

actionswitch_themeclasses\class-tgm-plugin-activation.php:439

actionswitch_themeclasses\class-tgm-plugin-activation.php:442

actionadmin_initclasses\class-tgm-plugin-activation.php:447

actionswitch_themeclasses\class-tgm-plugin-activation.php:452

actionload_textdomain_mofileclasses\class-tgm-plugin-activation.php:475

filterupgrader_source_selectionclasses\class-tgm-plugin-activation.php:889

actionplugins_loadedclasses\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemsclasses\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectionclasses\class-tgm-plugin-activation.php:2977

actionadmin_initclasses\class-tgm-plugin-activation.php:3147

actionupgrader_process_completeclasses\class-tgm-plugin-activation.php:3242

filterupgrader_post_installclasses\class-tgm-plugin-activation.php:3301

filterupgrader_post_installclasses\class-tgm-plugin-activation.php:3446

actionadmin_noticesclasses\wpdesk\class-helper.php:43

actionadmin_enqueue_scriptsclasses\wpdesk\class-plugin.php:111

actionwp_enqueue_scriptsclasses\wpdesk\class-plugin.php:113

actionplugins_loadedclasses\wpdesk\class-plugin.php:115

actionadmin_menuclasses\wpdesk\settings-api\class.s214-settings.php:113

actionadmin_initclasses\wpdesk\settings-api\class.s214-settings.php:116

actionadmin_enqueue_scriptsclasses\wpdesk\settings-api\class.s214-settings.php:120

actionadmin_initclasses\wpdesk\settings-api\class.s214-settings.php:123

actionplugins_loadedflexible-pickup.php:75

filterflexible_printing_integrationsflexible-pickup.php:76

actiontgmpa_registerflexible-pickup.php:226

filterwoocommerce_form_field_radiotemplates\select-pickup-point-review_order_after_order_total.php:17

filterwoocommerce_form_field_radiotemplates\select-pickup-point-review_order_after_shipping.php:18

filterwoocommerce_form_field_radiotemplates\select-pickup-point.php:18

Maintenance & Trust

Flexible Pickup Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedDec 6, 2017

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Flexible Pickup Alternatives

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

advanced-rule-based-shipping

100

Transform your WooCommerce store with Advanced Rule Based Shipping methods! Enjoy flexible options like table rates, weight-based, and flat rates!

90 No CVEs

City Express Shipment

city-express-shipment

100

WooCommerce integration with City Express Pickup Point and Home Delivery shipping services.

0 No CVEs

Express One Shipment

express-one-shipment

100

WooCommerce integration with Express One Pickup Point and Home Delivery shipping services.

0 No CVEs

NowPost Click & Collect

nowpost-click-collect

100

Flexible pickup-point delivery for WooCommerce stores, reducing failed deliveries and improving customer satisfaction.

0 No CVEs

Overseas Express Shipment

overseas-express-shipment

100

WooCommerce integration with Overseas Express Pickup Point and Home Delivery shipping services.

0 No CVEs

Developer Profile

Flexible Pickup Developer Profile

Roland Murg

5 plugins · 32K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

327 days

View full developer profile

Detection Fingerprints

How We Detect Flexible Pickup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flexible-pickup/js/checkout.js/wp-content/plugins/flexible-pickup/css/style.css/wp-content/plugins/flexible-pickup/js/admin.js/wp-content/plugins/flexible-pickup/css/admin.css

Script Paths

/wp-content/plugins/flexible-pickup/js/checkout.js/wp-content/plugins/flexible-pickup/js/admin.js

Version Parameters

?ver=4

HTML / DOM Fingerprints

CSS Classes

flexible_pickup_map

Data Attributes

data-id

JS Globals

flexible_pickup_checkoutflexible_pickup

FAQ

Flexible Pickup Security & Risk Analysis

Is Flexible Pickup Safe to Use in 2026?

Generally Safe

Key Concerns

Flexible Pickup Security Vulnerabilities

Flexible Pickup Release Timeline

Flexible Pickup Code Analysis

Dangerous Functions Found

Output Escaping

Data Flow Analysis

Flexible Pickup Attack Surface

AJAX Handlers 4

Flexible Pickup Maintenance & Trust

Maintenance Signals

Community Trust

Flexible Pickup Alternatives

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

City Express Shipment

Express One Shipment

NowPost Click & Collect

Overseas Express Shipment

Flexible Pickup Developer Profile

How We Detect Flexible Pickup

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Flexible Pickup