Does Hopewiser Address Lookup have any unpatched vulnerabilities?

No. All known vulnerabilities in Hopewiser Address Lookup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hopewiser Address Lookup compatible with WordPress 6.1.10?

According to WordPress.org data, Hopewiser Address Lookup 2.0.4 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Hopewiser Address Lookup compatible with PHP 7.0+?

Hopewiser Address Lookup requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hopewiser Address Lookup updated?

Hopewiser Address Lookup was last updated on Mar 21, 2023. Frequent updates are generally a positive security signal.

What is Hopewiser Address Lookup's security score?

Hopewiser Address Lookup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hopewiser Address Lookup Security & Risk Analysis

wordpress.org/plugins/hopewiser-address-lookup

This plugin integrates Hopewiser services including Address Lookup and AutoComplete in WordPress and WooCommerce.

20 active installs v2.0.4 PHP 7.0+ WP 5.3+ Updated Mar 21, 2023

addressaddress-validationautocompletehopewiserwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hopewiser Address Lookup Safe to Use in 2026?

Generally Safe

Score 85/100

Hopewiser Address Lookup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The hopewiser-address-lookup v2.0.4 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by not having any known vulnerabilities (CVEs) and utilizes prepared statements for all its SQL queries. The absence of file operations and external HTTP requests also reduces potential attack vectors. However, several significant concerns arise from the static analysis. The low percentage of properly escaped output (39%) is a major red flag, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the 38 total outputs analyzed.

The taint analysis reveals two flows with unsanitized paths, which, while not categorized as critical or high severity in this analysis, represent potential avenues for attackers to inject malicious code or manipulate application behavior. The lack of nonce checks and capability checks on its entry points (shortcodes) is another serious oversight. Even though there are no unprotected AJAX or REST API routes, shortcodes can still be triggered by users and, without proper authorization or nonce verification, could lead to unintended actions or information disclosure. The plugin's vulnerability history is clean, which is encouraging, but this does not negate the identified risks within the current codebase.

Key Concerns

Low percentage of properly escaped output
Taint flows with unsanitized paths found
Missing nonce checks on entry points (shortcodes)
Missing capability checks on entry points (shortcodes)

Vulnerabilities

None known

Hopewiser Address Lookup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hopewiser Address Lookup Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

39% escaped38 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

HPWAddrLookupPlugin_options_page (includes\hpw-admin-menu-general.php:6)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hopewiser Address Lookup Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[hpw-addrlookup] includes\shortcode-addresslookup.php:149

[hpw-autocomplete] includes\shortcode-autocomplete.php:65

WordPress Hooks 45

actionwp_footerincludes\contact-form-7\contact-form-7.php:42

actionwp_footerincludes\contact-form-7\contact-form-7.php:54

actionwpcf7_enqueue_scriptsincludes\contact-form-7\contact-form-7.php:63

actionwp_footerincludes\gravity-forms\gravity-forms.php:47

actionwp_footerincludes\gravity-forms\gravity-forms.php:53

filtergform_field_inputincludes\gravity-forms\gravity-forms.php:57

actionadmin_initincludes\hpw-admin-settings.php:13

actionadmin_menuincludes\hpw-admin-settings.php:20

actionhpwaddrlookup_settings_tabincludes\hpw-admin-settings.php:49

actionhpwaddrlookup_settings_contentincludes\hpw-admin-settings.php:57

actionhpwaddrlookup_settings_tabincludes\hpw-admin-settings.php:81

actionhpwaddrlookup_settings_contentincludes\hpw-admin-settings.php:89

actionhpwaddrlookup_settings_tabincludes\hpw-admin-settings.php:107

actionhpwaddrlookup_settings_contentincludes\hpw-admin-settings.php:115

actionhpwaddrlookup_settings_tabincludes\hpw-admin-settings.php:133

actionhpwaddrlookup_settings_contentincludes\hpw-admin-settings.php:141

filterwoocommerce_statesincludes\woocommerce\hpw-woo-addresses.php:4

actionwoocommerce_before_checkout_formincludes\woocommerce\hpw-woo-addresses.php:22

actionwoocommerce_before_edit_account_address_formincludes\woocommerce\hpw-woo-addresses.php:23

actionwoocommerce_admin_order_data_after_order_detailsincludes\woocommerce\hpw-woo-addresses.php:24

actionwoocommerce_after_edit_address_form_billingincludes\woocommerce\hpw-woo-addresses.php:42

actionwoocommerce_after_edit_address_form_shippingincludes\woocommerce\hpw-woo-addresses.php:43

actionwoocommerce_after_checkout_billing_formincludes\woocommerce\hpw-woo-addresses.php:45

actionwoocommerce_after_checkout_shipping_formincludes\woocommerce\hpw-woo-addresses.php:46

actionwoocommerce_admin_order_data_after_billing_addressincludes\woocommerce\hpw-woo-addresses.php:50

actionwoocommerce_admin_order_data_after_shipping_addressincludes\woocommerce\hpw-woo-addresses.php:51

actionwoocommerce_before_checkout_billing_formincludes\woocommerce\hpw-woo-addresses.php:56

actionwoocommerce_before_checkout_shipping_formincludes\woocommerce\hpw-woo-addresses.php:57

actionwoocommerce_before_edit_address_form_billingincludes\woocommerce\hpw-woo-addresses.php:59

actionwoocommerce_before_edit_address_form_shippingincludes\woocommerce\hpw-woo-addresses.php:60

actionwoocommerce_after_checkout_billing_formincludes\woocommerce\hpw-woo-addresses.php:63

actionwoocommerce_after_checkout_shipping_formincludes\woocommerce\hpw-woo-addresses.php:64

actionwoocommerce_after_edit_address_form_billingincludes\woocommerce\hpw-woo-addresses.php:65

actionwoocommerce_after_edit_address_form_shippingincludes\woocommerce\hpw-woo-addresses.php:66

actionwoocommerce_before_checkout_billing_formincludes\woocommerce\hpw-woo-addresses.php:70

actionwoocommerce_before_checkout_shipping_formincludes\woocommerce\hpw-woo-addresses.php:71

actionwoocommerce_before_edit_address_form_billingincludes\woocommerce\hpw-woo-addresses.php:73

actionwoocommerce_before_edit_address_form_shippingincludes\woocommerce\hpw-woo-addresses.php:74

actionwoocommerce_after_checkout_billing_formincludes\woocommerce\hpw-woo-addresses.php:77

actionwoocommerce_after_checkout_shipping_formincludes\woocommerce\hpw-woo-addresses.php:78

actionwoocommerce_after_edit_address_form_billingincludes\woocommerce\hpw-woo-addresses.php:79

actionwoocommerce_after_edit_address_form_shippingincludes\woocommerce\hpw-woo-addresses.php:80

filterwoocommerce_default_address_fieldsincludes\woocommerce\hpw-woo-addresses.php:88

actionwp_enqueue_scriptsmain.php:74

actionadmin_enqueue_scriptsmain.php:75

Maintenance & Trust

Hopewiser Address Lookup Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 21, 2023

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Hopewiser Address Lookup Alternatives

Address Validation and Autocomplete for WooCommerce | Addressfinder

addressfinder-woo

100

Prevent failed deliveries and streamline checkout with verified address autocomplete for Australian and New Zealand WooCommerce stores.

900 No CVEs

Checkout Address AutoFill For WooCommerce

checkout-address-autofill-for-woocommerce

Checkout Address AutoFill For WooCommerce is a WooCommerce add-on which allows your user to autofill both Billing and Shipping address fields in the c …

400 No CVEs

AddySolution's address Autocomplete for WooCommerce

addy-autocomplete-woocommerce

100

AddySolutions's NZ Address Autocomplete will validate and suggest addresses as a user types to make online checkouts fast, easy and accurate.

300 No CVEs

Addresser | Auto complete and address validation

addresser-autocomplete-and-address-validation

Addresser plugin for Wordpress & Woocommerce provides address lookup capabilities to your Wordpress websites to improve data quality of shipping a …

0 No CVEs

Hopewiser Address Lookup Search

hopewiser-address-lookup-search

100

This plugin integrates Hopewiser services including AutoComplete, Address Lookup and International Address Lookup in WordPress.

0 No CVEs

Developer Profile

Hopewiser Address Lookup Developer Profile

Koonming Leung

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hopewiser Address Lookup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hopewiser-address-lookup/includes/js2/bootstrap.min.js/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-autoc-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-autoc-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-intl-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-intl-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup/js2/hpw-jsclient2.min.js+3 more

Script Paths

/wp-content/plugins/hopewiser-address-lookup/includes/js2/bootstrap.min.js/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-autoc-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/js2/hpw-intl-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/js2/hpw-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup/includes/js2/authcode.min.js

Version Parameters

/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-autoc-jsclient2.min.css?ver=/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-jsclient2.min.css?ver=/wp-content/plugins/hopewiser-address-lookup/includes/css/hpw-intl-jsclient2.min.css?ver=/wp-content/plugins/hopewiser-address-lookup/css/hpw-jsclient2.min.css?ver=/wp-content/plugins/hopewiser-address-lookup/includes/css/jquery-ui.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

hpwaddrlookup-general-settings-page

HTML Comments

Data Attributes

data-hpw-address-lookupdata-hpw-autocompletedata-hpw-intl-address-lookup

JS Globals

hpwaddrlookup_active_tab

Shortcode Output

[hpw-addrlookup][hpw-autocomplete]

FAQ