WP-Safety

Modal COD Form for woocommerce Security & Risk Analysis

wordpress.org/plugins/modal-cod-form

Transform the "Add to cart" button into a simplified modal form for Cash on Delivery (COD) payments.

100 active installs v1.0.5.3 PHP 7.4+ WP 5.0+ Updated Feb 4, 2026
checkoutcodformmodalwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Modal COD Form for woocommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Modal COD Form for woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The modal-cod-form plugin v1.0.5.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, performing a high percentage of output escaping, and having no recorded vulnerabilities or known CVEs. This history suggests a generally well-maintained codebase.

However, significant concerns arise from the substantial attack surface exposed without proper authorization checks. With 15 total entry points, 10 of which are unprotected AJAX handlers, there's a high potential for unauthenticated users to trigger plugin functionalities. While no dangerous functions, file operations, or external HTTP requests were detected, and taint analysis showed no issues, the lack of authentication on a majority of AJAX endpoints is a critical oversight. The presence of nonce checks and capability checks is positive but insufficient given the number of unprotected entry points.

In conclusion, while the plugin benefits from secure database interactions and good output sanitization, the exposed AJAX handlers without authentication represent the most significant risk. This oversight could allow for unintended actions or information disclosure if an attacker can trick an authenticated user into interacting with these endpoints or if the endpoints themselves are exploitable directly. The lack of historical vulnerabilities is encouraging but does not mitigate the immediate risks presented by the current code analysis.

Key Concerns

  • Unprotected AJAX handlers
  • Limited capability checks on entry points
  • High percentage of entry points are unprotected
Vulnerabilities
None known

Modal COD Form for woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Modal COD Form for woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
35
263 escaped
Nonce Checks
7
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

88% escaped298 total outputs
Attack Surface
10 unprotected

Modal COD Form for woocommerce Attack Surface

Entry Points15
Unprotected10

AJAX Handlers 13

authwp_ajax_modalcodf_dismiss_review_noticeincludes\admin\class-modalcodf-review-notice.php:21
authwp_ajax_modalcodf_form_add_to_cartincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:43
noprivwp_ajax_modalcodf_form_add_to_cartincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:44
authwp_ajax_modalcodf_remove_product_from_cartincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:46
noprivwp_ajax_modalcodf_remove_product_from_cartincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:47
authwp_ajax_modalcodf_load_modal_contentincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:50
noprivwp_ajax_modalcodf_load_modal_contentincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:51
authwp_ajax_modalcodf_form_open_modalincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:53
noprivwp_ajax_modalcodf_form_open_modalincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:54
authwp_ajax_modalcodf_create_orderincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:57
noprivwp_ajax_modalcodf_create_orderincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:58
authwp_ajax_modalcodf_get_shipping_methodsincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:61
noprivwp_ajax_modalcodf_get_shipping_methodsincludes\modalcodf-shop-extensions\ajax\class-modalcodf-ajax-handler.php:62

Shortcodes 2

[modalcodf_custom_add_to_cart_button] includes\modalcodf-shop-extensions\modalcodf-ext-shortcodes.php:120
[modalcodf_menu_cart] includes\modalcodf-shop-extensions\modalcodf-ext-shortcodes.php:121
WordPress Hooks 26
actionadmin_menuincludes\admin\class-modalcodf-admin-loader.php:32
actionwoocommerce_product_options_general_product_dataincludes\admin\class-modalcodf-product-fields.php:16
actionwoocommerce_process_product_metaincludes\admin\class-modalcodf-product-fields.php:17
actionadmin_noticesincludes\admin\class-modalcodf-review-notice.php:20
actionadmin_enqueue_scriptsincludes\admin\class-modalcodf-review-notice.php:22
actionwoocommerce_admin_field_cod_form_statusincludes\admin\settings\class-modalcodf-settings-general.php:27
filterwoocommerce_settings_tabs_arrayincludes\admin\settings\class-modalcodf-settings-manager.php:67
actionwoocommerce_sections_cod_formincludes\admin\settings\class-modalcodf-settings-manager.php:68
actionwoocommerce_settings_cod_formincludes\admin\settings\class-modalcodf-settings-manager.php:69
actionwoocommerce_update_options_cod_formincludes\admin\settings\class-modalcodf-settings-manager.php:70
actionadmin_enqueue_scriptsincludes\admin\settings\class-modalcodf-settings-manager.php:74
actionwoocommerce_admin_field_cod_pro_features_sectionincludes\admin\settings\class-modalcodf-settings-pro-features.php:27
actionwoocommerce_admin_field_cod_pro_upgrade_noticeincludes\admin\settings\class-modalcodf-settings-pro-features.php:28
actioninitincludes\modalcodf-shop-extensions\modalcodf-ext-ajax.php:27
actionadmin_enqueue_scriptsincludes\modalcodf-shop-extensions\modalcodf-ext-postypes.php:51
actionadmin_enqueue_scriptsincludes\modalcodf-shop-extensions\modalcodf-ext-postypes.php:71
filterthe_contentincludes\modalcodf-shop-extensions\modalcodf-ext-shortcodes.php:97
filterthe_excerptincludes\modalcodf-shop-extensions\modalcodf-ext-shortcodes.php:98
actionwp_enqueue_scriptsincludes\modalcodf-shop-extensions.php:173
actionwp_enqueue_scriptsincludes\modalcodf-shop-extensions.php:174
filterwoocommerce_locate_templateincludes\modalcodf-shop-extensions.php:177
actionadmin_noticesmodal-cod-form.php:90
actionplugins_loadedmodal-cod-form.php:93
actioninitmodal-cod-form.php:112
actioninitmodal-cod-form.php:152
actionwptemplates\payment-button.php:13
Maintenance & Trust

Modal COD Form for woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Modal COD Form for woocommerce Alternatives

YITH WooCommerce Ajax Search

YITH WooCommerce Ajax Search

yith-woocommerce-ajax-search

A
95

YITH WooCommerce Ajax Search allows your users to search products in real time.

40K 4 CVEs
Checkout Field Editor for WooCommerce – Checkout Manager

Checkout Field Editor for WooCommerce – Checkout Manager

checkout-field-editor-and-manager-for-woocommerce

A
100

WooCommerce checkout field editor and manager helps to manage checkout fields in WooCommerce

20K No CVEs
Country Code Selector

Country Code Selector

country-code-selector

A
92

Country Code Selector uses a JavaScript base to allow customers checking out in WooCommerce, Shopp eCommerce, Contact form 7, Gravity form plugins sel …

1K No CVEs
Postcodes4U Address Finder

Postcodes4U Address Finder

postcodes4u-address-finder

A
100

Requires WooCommerce at least: 2.2.3 Tested WooCommerce up to: 10.5.1 Tested ContactForm7 4.9.2 - 6.1.5 Tested Gravity Forms 2.4.15 - 2.9.

400 No CVEs
Czech QR Payments for WooCommerce

Czech QR Payments for WooCommerce

czech-qr-code-bank-transfer-payment-for-woocommerce

A
100

Payment method for fast QR code bank transfer payment from Czech banking mobile apps

100 No CVEs
Developer Profile

Modal COD Form for woocommerce Developer Profile

Cristian Leguizamón

2 plugins · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Modal COD Form for woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/modal-cod-form/assets/js/modalcodf-frontend.js/wp-content/plugins/modal-cod-form/assets/css/modalcodf-frontend.css/wp-content/plugins/modal-cod-form/assets/css/modalcodf-admin.css
Script Paths
/wp-content/plugins/modal-cod-form/assets/js/modalcodf-frontend.js
Version Parameters
modal-cod-form/assets/css/modalcodf-frontend.css?ver=modal-cod-form/assets/js/modalcodf-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
modalcodf-review-noticemodalcodf-review-notice-contentmodalcodf-review-notice-iconmodalcodf-review-notice-textmodalcodf-review-notice-buttonsmodalcodf-review-button
Data Attributes
data-dismissible="modalcodf-review-notice"
FAQ

Frequently Asked Questions about Modal COD Form for woocommerce