MyD Delivery Security & Risk Analysis
wordpress.org/plugins/myd-deliveryMyD Delivery is the easiest way to turn your WordPress site into a complete online delivery system with no marketplace fees, no complexity.
Is MyD Delivery Safe to Use in 2026?
Mostly Safe
Score 78/100MyD Delivery is generally safe to use. 1 past CVE were resolved.
The "myd-delivery" plugin v1.5 exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling and output escaping, significant concerns arise from its unprotected entry points. The presence of 8 unprotected entry points (6 AJAX handlers and 2 REST API routes) creates a substantial attack surface for unauthorized actions. The code analysis also shows a limited number of capability and nonce checks, which are crucial for securing sensitive operations. The vulnerability history, specifically a medium severity CVE related to Authorization Bypass Through User-Controlled Key, is a major red flag. The fact that this vulnerability remains unpatched and its recency (assuming 2025-12-31 is a placeholder for a future date and not a typo) indicates a recurring or unresolved security issue within the plugin's development or maintenance process. This pattern suggests a potential for future vulnerabilities if these authorization and access control weaknesses are not addressed comprehensively. Overall, while the plugin has some good coding practices, the significant number of unprotected entry points and the existence of an unpatched authorization bypass vulnerability present a notable risk.
Key Concerns
- Unprotected AJAX handlers
- Unprotected REST API routes
- Unpatched CVE (medium severity)
- Limited nonce checks
- Limited capability checks
MyD Delivery Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
MyD Delivery <= 1.3.7 - Unauthenticated Insecure Direct Object Reference
MyD Delivery Release Timeline
MyD Delivery Code Analysis
Output Escaping
MyD Delivery Attack Surface
AJAX Handlers 14
REST API Routes 2
Shortcodes 3
WordPress Hooks 20
Maintenance & Trust
MyD Delivery Maintenance & Trust
Maintenance Signals
Community Trust
MyD Delivery Alternatives
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin
orderable
Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.
WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System
wp-cafe
Restaurant menu plugin for online food ordering, delivery, pickup, table reservation & booking - QR ordering, visual table layouts & multi-location.
Food Menu – Restaurant Menu & Online Ordering for WooCommerce
tlp-food-menu
A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.
Restaurant Menu and Food Ordering
mp-restaurant-menu
Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.
Food Store – Online Food Delivery & Pickup
food-store
Food Store is complete online food ordering platform with all your favourite WooCommerce functionalities.
MyD Delivery Developer Profile
5 plugins · 9K total installs
How We Detect MyD Delivery
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/myd-delivery/assets/js/order-list-ajax.js/wp-content/plugins/myd-delivery/assets/js/orders-panel.js/wp-content/plugins/myd-delivery/assets/css/order-panel-frontend.css/wp-content/plugins/myd-delivery/assets/js/order-list-ajax.js/wp-content/plugins/myd-delivery/assets/js/orders-panel.jsmyd-delivery/assets/js/order-list-ajax.js?ver=myd-delivery/assets/js/orders-panel.js?ver=myd-delivery/assets/css/order-panel-frontend.css?ver=HTML / DOM Fingerprints
fdm-not-loggeddata-mydelivery-order-statusmyddelivery_ajax_objectmyd_order_listmyd_order_details/wp-json/mydelivery/v1/get-all-orders/wp-json/mydelivery/v1/create-order/wp-json/mydelivery/v1/get-product-price/wp-json/mydelivery/v1/update-order[mydelivery-orders]