WP-Safety

Local Delivery Drivers for WooCommerce Security & Risk Analysis

wordpress.org/plugins/local-delivery-drivers-for-woocommerce

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K active installs v2.0.0 PHP 5.6+ WP 4.5+ Updated Apr 6, 2026
courierdeliverydriversshippingwoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 27, 2023
Plugin page Download
Safety Verdict

Is Local Delivery Drivers for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Local Delivery Drivers for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 27, 2023Updated 1mo ago
Risk Assessment

The "local-delivery-drivers-for-woocommerce" plugin exhibits a mixed security posture. While it generally demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks, presenting a direct pathway for unauthorized actions. Furthermore, the taint analysis revealed one high-severity flow with unsanitized paths, indicating a potential for exploitable vulnerabilities if data from these unauthenticated AJAX endpoints is involved.

The vulnerability history shows one past high-severity CVE, specifically related to missing authorization. This, combined with the current unauthenticated AJAX endpoints, suggests a recurring pattern of authorization bypass issues. The presence of a bundled Freemius library also warrants attention, as outdated bundled libraries can introduce their own security risks.

In conclusion, despite good general coding practices in many areas, the plugin's unprotected AJAX endpoints and the history of authorization vulnerabilities create a notable risk. While there are no currently unpatched CVEs, the potential for immediate exploitation due to the exposed AJAX handlers and the past high-severity vulnerability related to authorization are significant weaknesses that require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flow (unsanitized paths)
  • Past high severity CVE (missing authorization)
  • Bundled library (Freemius v1.0)
Vulnerabilities
1 published

Local Delivery Drivers for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2023-51481high · 7.3Missing Authorization

Local Delivery Drivers for WooCommerce <= 1.9.0 - Missing Authorization to Driver Account Takeover

Dec 27, 2023 Patched in 1.9.1 (27d)
Version History

Local Delivery Drivers for WooCommerce Release Timeline

v2.0.0Current
v1.9.9
v1.9.7
v1.9.6
v1.9.5
v1.9.3
v1.9.1
v1.9.01 CVE
CVE-2023-51481
v1.8.91 CVE
CVE-2023-51481
v1.8.81 CVE
CVE-2023-51481
v1.8.71 CVE
CVE-2023-51481
v1.8.61 CVE
CVE-2023-51481
v1.8.51 CVE
CVE-2023-51481
v1.8.41 CVE
CVE-2023-51481
v1.8.11 CVE
CVE-2023-51481
v1.7.91 CVE
CVE-2023-51481
v1.7.81 CVE
CVE-2023-51481
v1.7.71 CVE
CVE-2023-51481
v1.7.61 CVE
CVE-2023-51481
v1.7.41 CVE
CVE-2023-51481
Code Analysis
Analyzed Mar 16, 2026

Local Delivery Drivers for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
50 prepared
Unescaped Output
92
667 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

69% prepared72 total queries

Output Escaping

88% escaped759 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
lddfw_ajax (admin\class-lddfw-admin.php:178)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Local Delivery Drivers for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_lddfw_ajaxincludes\class-lddfw.php:256
noprivwp_ajax_lddfw_ajaxincludes\class-lddfw.php:257
WordPress Hooks 39
actionset_auth_cookieincludes\class-lddfw-driver.php:399
actionset_logged_in_cookieincludes\class-lddfw-driver.php:416
actionadmin_enqueue_scriptsincludes\class-lddfw.php:190
actionadmin_enqueue_scriptsincludes\class-lddfw.php:191
filtermanage_users_columnsincludes\class-lddfw.php:195
filtermanage_users_custom_columnincludes\class-lddfw.php:196
actionwoocommerce_shop_order_list_table_custom_columnincludes\class-lddfw.php:207
filterwoocommerce_shop_order_list_table_columnsincludes\class-lddfw.php:214
actionmanage_shop_order_posts_custom_columnincludes\class-lddfw.php:221
filtermanage_edit-shop_order_columnsincludes\class-lddfw.php:228
filteris_protected_metaincludes\class-lddfw.php:238
filtermanage_woocommerce_page_wc-orders_sortable_columnsincludes\class-lddfw.php:249
filtermanage_edit-shop_order_sortable_columnsincludes\class-lddfw.php:251
actionadmin_menuincludes\class-lddfw.php:261
actionadmin_initincludes\class-lddfw.php:270
actionadd_meta_boxesincludes\class-lddfw.php:272
actionwoocommerce_process_shop_order_metaincludes\class-lddfw.php:273
actioninitincludes\class-lddfw.php:283
filterwc_order_statusesincludes\class-lddfw.php:284
actionwoocommerce_order_status_changedincludes\class-lddfw.php:285
actionwoocommerce_order_refundedincludes\class-lddfw.php:293
actionwoocommerce_before_delete_orderincludes\class-lddfw.php:300
actionwoocommerce_checkout_update_order_metaincludes\class-lddfw.php:302
actiondokan_checkout_update_order_metaincludes\class-lddfw.php:304
actionwoocommerce_process_shop_order_metaincludes\class-lddfw.php:307
actionshow_user_profileincludes\class-lddfw.php:312
actionedit_user_profileincludes\class-lddfw.php:313
actionpersonal_options_updateincludes\class-lddfw.php:314
actionedit_user_profile_updateincludes\class-lddfw.php:315
filterwoocommerce_order_data_store_cpt_query_unsupported_argsincludes\class-lddfw.php:317
actiontemplate_redirectincludes\class-lddfw.php:332
actionwp_enqueue_scriptsincludes\class-lddfw.php:340
actionwp_enqueue_scriptsincludes\class-lddfw.php:341
actionwoocommerce_order_details_before_order_tableincludes\class-lddfw.php:343
actionbefore_woocommerce_initlocal-delivery-drivers-for-woocommerce.php:35
actionadmin_noticeslocal-delivery-drivers-for-woocommerce.php:470
actionplugins_loadedlocal-delivery-drivers-for-woocommerce.php:491
filterquery_varslocal-delivery-drivers-for-woocommerce.php:509
actionplugins_loadedlocal-delivery-drivers-for-woocommerce.php:512
Maintenance & Trust

Local Delivery Drivers for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 6, 2026
PHP min version5.6
Downloads62K

Community Trust

Rating86/100
Number of ratings18
Active installs1K
Alternatives

Local Delivery Drivers for WooCommerce Alternatives

Woot

Woot

woot-ro

A
100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs
Uber Direct Integration

Uber Direct Integration

uber-direct-delivery-integration

A
100

Offer instant or scheduled delivery from your WooCommerce store with real-time quotes and Uber Direct integration

60 No CVEs
NCM API

NCM API

ncm-api

A
100

Connect WooCommerce orders with Nepal Can Move and manage delivery operations directly from WordPress.

40 No CVEs
UDW Delivery – Uber Direct for WooCommerce

UDW Delivery – Uber Direct for WooCommerce

udwdelivery

A
100

Delivery service for WooCommerce integrating with Uber Direct API.

40 No CVEs
Delivery Drivers Manager

Delivery Drivers Manager

delivery-drivers-manager

A
92

Let your staff or third-party logistics companies manage your delivery drivers with a front-hand mobile-friendly dashboard.

30 No CVEs
Developer Profile

Local Delivery Drivers for WooCommerce Developer Profile

powerfulwp

8 plugins · 3K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
17 days
View full developer profile
Detection Fingerprints

How We Detect Local Delivery Drivers for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/local-delivery-drivers-for-woocommerce/assets/css/lddfw-admin.css/wp-content/plugins/local-delivery-drivers-for-woocommerce/assets/css/lddfw-style.css/wp-content/plugins/local-delivery-drivers-for-woocommerce/assets/js/lddfw-admin.js/wp-content/plugins/local-delivery-drivers-for-woocommerce/assets/js/lddfw-script.js
Script Paths
/wp-content/plugins/local-delivery-drivers-for-woocommerce/freemius/start.php
Version Parameters
local-delivery-drivers-for-woocommerce/assets/css/lddfw-admin.css?ver=local-delivery-drivers-for-woocommerce/assets/css/lddfw-style.css?ver=local-delivery-drivers-for-woocommerce/assets/js/lddfw-admin.js?ver=local-delivery-drivers-for-woocommerce/assets/js/lddfw-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
lddfw_premium-featurelddfw_premium-feature-contentlddfw_titlepremium_feature_titlelddfw_content-subtitlelddfw_lightboxlddfw_lightbox_wraplddfw_lightbox_close+2 more
HTML Comments
Currently plugin version.Start at version 1.0.0 and use SemVer - https://semver.orgDefine delivery driver page id.Define plugin folder name.+12 more
Data Attributes
data-icon="star"data-prefix="fas"
JS Globals
lddfw_fs
FAQ

Frequently Asked Questions about Local Delivery Drivers for WooCommerce