WP-Safety

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/map-location-picker-at-checkout-for-woocommerce

Allow customers to select delivery/pickup spots on Google Maps at Checkout. Create shipping workflows for smooth order handling and better pricing.

1K active installs v1.10.10 PHP 7.4+ WP 5.7+ Updated Feb 26, 2026
checkout-mapgeolocationgoogle-maplocation-pickerwoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEJan 31, 2024
Plugin page Download
Safety Verdict

Is Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 31, 2024Updated 2mo ago
Risk Assessment

The plugin "map-location-picker-at-checkout-for-woocommerce" v1.10.10 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by exclusively using prepared statements for SQL queries and having a very high percentage of properly escaped output. Furthermore, there are no known currently unpatched vulnerabilities, and the last reported vulnerability was in early 2024. The taint analysis also shows no critical or high severity flows with unsanitized paths, indicating a generally robust approach to handling user input in critical areas.

However, a significant concern arises from the attack surface. The plugin exposes 7 entry points, with a worrying 6 of them lacking any form of authentication or authorization checks. This means that a large portion of the plugin's functionality could potentially be triggered by unauthenticated users, creating a substantial risk of abuse or unintended behavior. While the plugin has a history of vulnerabilities, including a medium severity one, and the absence of currently unpatched CVEs is positive, the pattern of past vulnerabilities and the large number of unprotected entry points suggest a potential for undiscovered security flaws.

In conclusion, while the plugin has strengths in its data handling and SQL practices, the substantial number of unprotected AJAX handlers presents a significant security weakness that could be exploited. The vulnerability history, though currently clear, coupled with this large attack surface, warrants careful monitoring and potential remediation efforts to ensure all entry points are adequately secured.

Key Concerns

  • Large attack surface without auth checks
  • Missing nonce checks on AJAX handlers
  • Bundled outdated library (Freemius v1.0)
  • Medium severity vulnerability history
Vulnerabilities
1 published

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-24719medium · 4.3Missing Authorization

Location Picker at Checkout for WooCommerce <= 1.8.9 - Missing Authorization via checkout_map_rules_order_ajax_handler

Jan 31, 2024 Patched in 1.9.0 (6d)
Version History

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Release Timeline

v1.10.10Current
v1.10.9
v1.10.8
v1.10.7
v1.10.6
v1.10.5
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.9.1
v1.9.0
v1.8.91 CVE
CVE-2024-24719
v1.8.81 CVE
CVE-2024-24719
v1.8.71 CVE
CVE-2024-24719
v1.8.61 CVE
CVE-2024-24719
v1.8.51 CVE
CVE-2024-24719
v1.8.41 CVE
CVE-2024-24719
v1.8.31 CVE
CVE-2024-24719
Code Analysis
Analyzed Mar 16, 2026

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
229 escaped
Nonce Checks
2
Capability Checks
3
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

98% escaped233 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
dismiss_notice (includes\Notices\Notice.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_lpac_dismiss_noticeincludes\Bootstrap\Main.php:236
authwp_ajax_lpac_map_visibility_rules_orderincludes\Bootstrap\Main.php:248
noprivwp_ajax_lpac_checkout_map_visibilityincludes\Bootstrap\Main.php:445
authwp_ajax_lpac_checkout_map_visibilityincludes\Bootstrap\Main.php:446
authwp_ajax_lpac_save_selected_store_locationincludes\Bootstrap\Main.php:457
noprivwp_ajax_lpac_save_selected_store_locationincludes\Bootstrap\Main.php:458

Shortcodes 1

[kikote_store_selector] includes\Views\Frontend\Shortcodes.php:37
WordPress Hooks 59
filterlpac-pointers-pointerplus_listadmin-pointers.php:70
actionplugins_loadedincludes\Bootstrap\Main.php:153
actionadmin_menuincludes\Bootstrap\Main.php:205
actionadmin_menuincludes\Bootstrap\Main.php:206
filterscript_loader_tagincludes\Bootstrap\Main.php:215
actionadmin_initincludes\Bootstrap\Main.php:225
actionadmin_initincludes\Bootstrap\Main.php:226
actionadmin_initincludes\Bootstrap\Main.php:227
actionadmin_initincludes\Bootstrap\Main.php:228
actionadmin_initincludes\Bootstrap\Main.php:229
actionadmin_enqueue_scriptsincludes\Bootstrap\Main.php:230
actionadmin_enqueue_scriptsincludes\Bootstrap\Main.php:231
actionadmin_noticesincludes\Bootstrap\Main.php:233
actionadmin_noticesincludes\Bootstrap\Main.php:234
actionwoocommerce_admin_order_data_after_shipping_addressincludes\Bootstrap\Main.php:238
actionadd_meta_boxesincludes\Bootstrap\Main.php:245
actionwoocommerce_get_settings_pagesincludes\Bootstrap\Main.php:246
filterwoocommerce_admin_settings_sanitize_option_lpac_map_starting_coordinatesincludes\Bootstrap\Main.php:250
filterwoocommerce_admin_settings_sanitize_option_lpac_store_locationsincludes\Bootstrap\Main.php:251
filterwoocommerce_admin_settings_sanitize_option_lpac_cost_by_distance_range_rangelistincludes\Bootstrap\Main.php:252
actionwoocommerce_admin_field_buttonincludes\Bootstrap\Main.php:260
actionwoocommerce_admin_field_hrincludes\Bootstrap\Main.php:261
actionwoocommerce_admin_field_divincludes\Bootstrap\Main.php:262
actionwoocommerce_admin_field_repeaterincludes\Bootstrap\Main.php:263
actionwoocommerce_admin_field_info_textincludes\Bootstrap\Main.php:264
actionwoocommerce_admin_field_upsell_bannerincludes\Bootstrap\Main.php:265
actionwoocommerce_admin_field_lpac_imageincludes\Bootstrap\Main.php:266
filterplugin_action_linksincludes\Bootstrap\Main.php:267
filterwoocommerce_shop_order_list_table_columnsincludes\Bootstrap\Main.php:276
actionwoocommerce_shop_order_list_table_custom_columnincludes\Bootstrap\Main.php:277
filtermanage_edit-shop_order_columnsincludes\Bootstrap\Main.php:285
actionmanage_shop_order_posts_custom_columnincludes\Bootstrap\Main.php:286
filterscript_loader_tagincludes\Bootstrap\Main.php:326
actionwp_enqueue_scriptsincludes\Bootstrap\Main.php:333
actionwp_enqueue_scriptsincludes\Bootstrap\Main.php:334
actionwp_headincludes\Bootstrap\Main.php:335
filtersgo_js_async_excludeincludes\Bootstrap\Main.php:339
filtersgo_js_minify_excludeincludes\Bootstrap\Main.php:340
filtersgo_javascript_combine_excluded_inline_contentincludes\Bootstrap\Main.php:341
filtersgo_javascript_combine_excludeincludes\Bootstrap\Main.php:342
actionwp_enqueue_scriptsincludes\Bootstrap\Main.php:359
actionwoocommerce_order_details_after_order_tableincludes\Bootstrap\Main.php:368
actionwoocommerce_order_details_after_order_tableincludes\Bootstrap\Main.php:377
actionwoocommerce_after_checkout_validationincludes\Bootstrap\Main.php:386
actionwoocommerce_after_checkout_validationincludes\Bootstrap\Main.php:396
actionwoocommerce_after_checkout_validationincludes\Bootstrap\Main.php:406
actionwoocommerce_email_customer_detailsincludes\Bootstrap\Main.php:431
actionwoocommerce_before_checkout_formincludes\Bootstrap\Main.php:441
actionwoocommerce_checkout_update_order_metaincludes\Bootstrap\Main.php:450
filterwoocommerce_settings_tabs_arrayincludes\Views\Admin\Admin_Settings.php:68
actionadmin_noticeslpac.php:40
actionadmin_noticeslpac.php:60
actionadmin_noticeslpac.php:93
actionafter_uninstalllpac.php:208
filtershow_deactivation_subscription_cancellationlpac.php:209
filterplugin_iconlpac.php:210
actionbefore_woocommerce_initlpac.php:234
actionbefore_woocommerce_initlpac.php:240
actioninitlpac.php:287
Maintenance & Trust

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads78K

Community Trust

Rating100/100
Number of ratings65
Active installs1K
Alternatives

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Alternatives

Checkout Location Picker for WooCommerce

Checkout Location Picker for WooCommerce

sg-checkout-location-picker

A
100

Sg WooCommerce Checkout Location Picker helps customers to mark their geo location on google map in WooCommerce checkout page.

300 No CVEs
Location Share on Checkout by Prismasell

Location Share on Checkout by Prismasell

location-share-on-checkout-by-prismasell

A
92

WooCommerce Location Share Plugin Demo URL : https://locationshare.prismasell.com/product-category/perfumes/ For Customization Request: https://prisma &hellip;

0 No CVEs
Price Based on Country for WooCommerce

Price Based on Country for WooCommerce

woocommerce-product-price-based-on-countries

A
100

Product Pricing and Currency based on Shopper's Country for WooCommerce with multi-currency support and geolocation to boost international sales.

20K No CVEs
Country Based Restrictions for WooCommerce

Country Based Restrictions for WooCommerce

woo-product-country-base-restrictions

A
100

Restrict WooCommerce products by country — hide or block purchases using geolocation so only customers in allowed countries can buy.

5K No CVEs
Autocomplete Address and Location Picker for WooCommerce

Autocomplete Address and Location Picker for WooCommerce

autocomplete-address-and-location-picker-for-woocommerce

A
100

Improve your WooCommerce checkout flow with Google Places address autocomplete, geocoding, and location picker tools. Supports Classic Checkout and Ch &hellip;

2K No CVEs
Developer Profile

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Developer Profile

Uriahs Victor

5 plugins · 2K total installs

96
trust score
Avg Security Score
94/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/css/lpac-checkout-style.css/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-checkout.js/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-admin-scripts.js/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/css/lpac-admin-style.css
Script Paths
/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-checkout.js/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-admin-scripts.js
Version Parameters
map-location-picker-at-checkout-for-woocommerce/assets/css/lpac-checkout-style.css?ver=map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-checkout.js?ver=map-location-picker-at-checkout-for-woocommerce/assets/js/lpac-admin-scripts.js?ver=map-location-picker-at-checkout-for-woocommerce/assets/css/lpac-admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
lpac-map-containerlpac-maplpac-address-inputlpac-selected-location-previewlpac-map-buttonlpac-admin-map-wrapperlpac-map-settings-sectionlpac-custom-map-style-editor
HTML Comments
<!-- Kikote Location Picker Settings --><!-- Map Container --><!-- Latitude Input --><!-- Longitude Input -->+3 more
Data Attributes
data-lpac-latitudedata-lpac-longitudedata-lpac-zoomdata-lpac-map-styledata-lpac-marker-icondata-lpac-default-address+1 more
JS Globals
LpacCheckoutLpacAdminlpac_checkout_paramslpac_admin_paramsgoogleMapInstancelpacMap
REST Endpoints
/wp-json/lpac/v1/get-locations/wp-json/lpac/v1/save-location/wp-json/lpac/v1/update-settings
Shortcode Output
[lpac_map_display][lpac_location_selector][lpac_map_settings]
FAQ

Frequently Asked Questions about Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce