Does Hopewiser Address Lookup Search have any unpatched vulnerabilities?

No. All known vulnerabilities in Hopewiser Address Lookup Search have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hopewiser Address Lookup Search compatible with WordPress 6.8.5?

According to WordPress.org data, Hopewiser Address Lookup Search 2.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Hopewiser Address Lookup Search compatible with PHP 7.0+?

Hopewiser Address Lookup Search requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hopewiser Address Lookup Search updated?

Hopewiser Address Lookup Search was last updated on May 30, 2025. Frequent updates are generally a positive security signal.

What is Hopewiser Address Lookup Search's security score?

Hopewiser Address Lookup Search has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hopewiser Address Lookup Search Security & Risk Analysis

wordpress.org/plugins/hopewiser-address-lookup-search

This plugin integrates Hopewiser services including AutoComplete, Address Lookup and International Address Lookup in WordPress.

0 active installs v2.0.3 PHP 7.0+ WP 6.1+ Updated May 30, 2025

address-lookupaddress-validationaddress-verificationautocompletehopewiser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hopewiser Address Lookup Search Safe to Use in 2026?

Generally Safe

Score 100/100

Hopewiser Address Lookup Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "hopewiser-address-lookup-search" plugin v2.0.3 presents a generally good security posture, with no known vulnerabilities in its history and a strong adherence to secure coding practices in its static analysis. Notably, it utilizes prepared statements for all its SQL queries and a high percentage of its output is properly escaped, significantly mitigating common risks like SQL injection and cross-site scripting. The absence of file operations and external HTTP requests, along with no critical or high-severity taint flows, further strengthens its security profile. The plugin's attack surface is also minimal, with all identified entry points (shortcodes) not inherently requiring authentication checks, implying they are designed to be safe for public interaction.

However, there are specific areas that warrant attention. The complete lack of nonce checks and capability checks across all entry points, including the AJAX handlers and REST API routes (which are reported as having 0 without auth checks), represents a significant oversight. While there are no reported unprotected entry points, the absence of these fundamental security mechanisms means that actions performed via these interfaces are not protected against CSRF attacks or unauthorized access by less privileged users. The presence of two flows with unsanitized paths, even without critical or high severity, suggests a potential for information leakage or manipulation if these paths are exploited.

Given the clean vulnerability history, it's plausible that the absence of nonce and capability checks has not been exploited to date, or that the plugin's functionality doesn't expose highly sensitive data or actions. Nevertheless, the lack of these crucial security measures is a weakness that should be addressed to ensure robust protection against potential attacks. The plugin's strengths lie in its database query safety and output escaping, but the gaps in authorization and CSRF protection are a notable concern.

Key Concerns

No nonce checks implemented
No capability checks implemented
Unsanitized paths in taint analysis

Vulnerabilities

None known

Hopewiser Address Lookup Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Hopewiser Address Lookup Search Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped58 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

HPWAAddrLookupPlugin_options_page (includes\hpw-admin-menu-general.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hopewiser Address Lookup Search Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[hpwa-addrlookup] includes\shortcode-addresslookup.php:253

[hpwa-autocomplete] includes\shortcode-autocomplete.php:263

[hpwa-intl-addrlookup] includes\shortcode-intl-addresslookup.php:248

WordPress Hooks 23

actionwp_enqueue_scriptshopewiser-address-lookup-search.php:77

actionadmin_enqueue_scriptshopewiser-address-lookup-search.php:78

actioninithopewiser-address-lookup-search.php:90

actionwp_footerincludes\contact-form-7\contact-form-7.php:84

actionwp_footerincludes\contact-form-7\contact-form-7.php:96

actionwpcf7_enqueue_scriptsincludes\contact-form-7\contact-form-7.php:105

actionwp_footerincludes\gravity-forms\gravity-forms.php:51

actionwp_footerincludes\gravity-forms\gravity-forms.php:57

filtergform_field_inputincludes\gravity-forms\gravity-forms.php:61

actionadmin_initincludes\hpw-admin-settings.php:25

actionadmin_menuincludes\hpw-admin-settings.php:32

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:61

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:69

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:93

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:101

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:115

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:123

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:137

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:145

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:161

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:169

actionhpwaaddrlookup_settings_tabincludes\hpw-admin-settings.php:185

actionhpwaaddrlookup_settings_contentincludes\hpw-admin-settings.php:193

Maintenance & Trust

Hopewiser Address Lookup Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 30, 2025

PHP min version7.0

Downloads277

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Hopewiser Address Lookup Search Alternatives

ELEX WooCommerce Address Validation & Google Address Autocomplete Plugin

address-validation-address-auto-complete

100

Simple and easy to use address validation & google address autocomplete plugin. Uses EasyPost, UPS, USPS, AddressFinder & Google APIs.

700 No CVEs

Hopewiser Address Lookup

hopewiser-address-lookup

This plugin integrates Hopewiser services including Address Lookup and AutoComplete in WordPress and WooCommerce.

20 No CVEs

Address Validation and Autocomplete for WooCommerce | Addressfinder

addressfinder-woo

100

Prevent failed deliveries and streamline checkout with verified address autocomplete for Australian and New Zealand WooCommerce stores.

900 No CVEs

Checkout Address AutoFill For WooCommerce

checkout-address-autofill-for-woocommerce

Checkout Address AutoFill For WooCommerce is a WooCommerce add-on which allows your user to autofill both Billing and Shipping address fields in the c …

400 No CVEs

AddySolution's address Autocomplete for WooCommerce

addy-autocomplete-woocommerce

100

AddySolutions's NZ Address Autocomplete will validate and suggest addresses as a user types to make online checkouts fast, easy and accurate.

300 No CVEs

Developer Profile

Hopewiser Address Lookup Search Developer Profile

Koonming Leung

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hopewiser Address Lookup Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hopewiser-address-lookup-search/includes/css/bootstrap.min.css/wp-content/plugins/hopewiser-address-lookup-search/includes/css/hpw-autoc-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup-search/includes/css/hpw-intl-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup-search/includes/css/hpw-jsclient2.min.css/wp-content/plugins/hopewiser-address-lookup-search/includes/css/jquery-ui.min.css/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/bootstrap.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/hpw-autoc-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/hpw-intl-jsclient2.min.js+2 more

Script Paths

/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/bootstrap.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/hpw-autoc-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/hpw-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/hpw-intl-jsclient2.min.js/wp-content/plugins/hopewiser-address-lookup-search/includes/js2/authcode.min.js

HTML / DOM Fingerprints

FAQ