WP-Safety

PiWeb Delivery & Pickup Date Time for WooCommerce Security & Risk Analysis

wordpress.org/plugins/pi-woocommerce-order-date-time-and-type

WooCommerce delivery date | delivery time | pickup date | pickup time | pickup location

500 active installs v3.0.49.94 PHP 7.2+ WP 4.8+ Updated Mar 11, 2026
delivery-datedelivery-timelocal-pickupwoocommerce-delivery-datewoocommerce-pickup-date
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 31, 2023
Plugin page Download
Safety Verdict

Is PiWeb Delivery & Pickup Date Time for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

PiWeb Delivery & Pickup Date Time for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 31, 2023Updated 23d ago
Risk Assessment

The plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and maintaining a high percentage of properly escaped output. The absence of file operations and dangerous functions is also a positive sign. However, a significant concern arises from the attack surface, with all four identified AJAX handlers lacking authentication checks. While there are no critical or high-severity vulnerabilities in the taint analysis, three flows with unsanitized paths indicate potential, albeit unexploited, risks that could lead to issues if user input is not handled with extreme care. The plugin has a history of one known medium-severity Cross-Site Scripting (XSS) vulnerability, which, though patched, suggests a past susceptibility to input validation weaknesses. The lack of capability checks on AJAX handlers further compounds the risk, allowing any authenticated user to potentially trigger these functions. Overall, the plugin's strengths in output escaping and SQL handling are overshadowed by the significant exposure of its AJAX endpoints, making it vulnerable to unauthorized actions or information disclosure if not secured by external measures. The past XSS vulnerability also warrants continued vigilance regarding input sanitization.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without capability checks
  • Flows with unsanitized paths
  • History of medium severity CVE (XSS)
Vulnerabilities
1

PiWeb Delivery & Pickup Date Time for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-28991medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 31, 2023 Patched in 3.0.20 (298d)
Code Analysis
Analyzed Mar 16, 2026

PiWeb Delivery & Pickup Date Time for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
490 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

97% escaped507 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

12 flows3 with unsanitized paths
filterFields (admin\class-adv-order-filter.php:16)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

PiWeb Delivery & Pickup Date Time for WooCommerce Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_pi_set_delivery_typepublic\class-display-field.php:14
noprivwp_ajax_pi_set_delivery_typepublic\class-display-field.php:15
authwp_ajax_pisol_dtt_get_timepublic\class-time.php:9
noprivwp_ajax_pisol_dtt_get_timepublic\class-time.php:10
WordPress Hooks 90
actionrestrict_manage_postsadmin\class-adv-order-filter.php:9
actionwoocommerce_order_list_table_restrict_manage_ordersadmin\class-adv-order-filter.php:10
actionpre_get_postsadmin\class-adv-order-filter.php:12
filterwoocommerce_shop_order_list_table_prepare_items_query_argsadmin\class-adv-order-filter.php:13
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
actioninitadmin\class-order-tip-promotion.php:83
actionpisol_dtt_tab_contentadmin\class-pi-dtt-labels.php:85
actionpisol_dtt_tabadmin\class-pi-dtt-labels.php:88
actioninitadmin\class-pi-dtt-labels.php:142
filtermanage_edit-shop_order_columnsadmin\class-pi-dtt-order-table.php:7
filtermanage_woocommerce_page_wc-orders_columnsadmin\class-pi-dtt-order-table.php:8
actionmanage_shop_order_posts_custom_columnadmin\class-pi-dtt-order-table.php:10
actionmanage_woocommerce_page_wc-orders_custom_columnadmin\class-pi-dtt-order-table.php:11
filtermanage_edit-shop_order_sortable_columnsadmin\class-pi-dtt-order-table.php:13
filterwoocommerce_shop_order_list_table_sortable_columnsadmin\class-pi-dtt-order-table.php:14
filtermanage_woocommerce_page_wc-orders_sortable_columnsadmin\class-pi-dtt-order-table.php:15
actionpre_get_postsadmin\class-pi-dtt-order-table.php:17
filterwoocommerce_shop_order_list_table_prepare_items_query_argsadmin\class-pi-dtt-order-table.php:18
actionadmin_enqueue_scriptsadmin\conflict-fixer.php:6
actionadmin_footeradmin\conflict-fixer.php:7
actionwp_enqueue_scriptsadmin\conflict-fixer.php:8
actionadmin_menuadmin\menu.php:13
actionpisol_dtt_promotionadmin\menu.php:14
actionadmin_enqueue_scriptsadmin\menu.php:15
actionpisol_dtt_tab_contentadmin\options-accesscontrol.php:37
actionpisol_dtt_tabadmin\options-accesscontrol.php:40
actionwp_loadedadmin\options-accesscontrol.php:90
actionpisol_dtt_tab_contentadmin\options-addons.php:25
actionpisol_dtt_tabadmin\options-addons.php:28
actionpisol_dtt_tab_contentadmin\options-date.php:43
actionpisol_dtt_tabadmin\options-date.php:46
actionpickup_disabled_dateadmin\options-date.php:48
actiondelivery_disabled_dateadmin\options-date.php:49
actioninitadmin\options-date.php:154
actionpisol_dtt_tab_contentadmin\options-limit.php:34
actionpisol_dtt_tabadmin\options-limit.php:37
actionpisol_dtt_tab_contentadmin\options-pickup.php:38
actionpisol_dtt_tabadmin\options-pickup.php:41
actioninitadmin\options-pickup.php:117
actionpisol_dtt_tab_contentadmin\options-time-slot.php:37
actionpisol_dtt_tabadmin\options-time-slot.php:40
actionpisol_dtt_tab_contentadmin\options-time.php:44
actionpisol_dtt_tabadmin\options-time.php:47
actionadmin_noticesadmin\options-time.php:49
actioninitadmin\options-time.php:227
actionpisol_dtt_tab_contentadmin\options.php:215
actionpisol_dtt_tabadmin\options.php:218
actionwp_loadedadmin\options.php:293
actioninitblock\class-date-time-location-block.php:24
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:26
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:28
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:30
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:31
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:32
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:33
actionwoocommerce_blocks_loadedblock\class-date-time-location-block.php:35
filterpisol_dtt_settings_filterblock\class-date-time-location-block.php:37
actionwoocommerce_blocks_checkout_block_registrationblock\class-date-time-location-block.php:45
actionwoocommerce_store_api_checkout_update_order_from_requestblock\class-date-time-location-storage.php:18
actionadmin_footerinclude\pisol.class.form.php:443
actionafter_plugin_row_pi-woocommerce-order-date-time-and-type-pro/pi-woocommerce-order-date-time-and-type-pro.phpinclude\Pro_Warning.php:17
actionadmin_noticesinclude\review.php:107
actionadmin_noticespi-woocommerce-order-date-time-and-type.php:27
actionbefore_woocommerce_initpi-woocommerce-order-date-time-and-type.php:41
actionadmin_initpi-woocommerce-order-date-time-and-type.php:76
actionplugins_loadedpi-woocommerce-order-date-time-and-type.php:91
actionwp_enqueue_scriptspublic\class-css.php:12
actionwoocommerce_thankyoupublic\class-css.php:14
actionwp_headpublic\class-css.php:16
actionwp_loadedpublic\class-css.php:112
actionwp_enqueue_scriptspublic\class-js.php:11
actionwp_loadedpublic\class-main.php:6
actionwoocommerce_account_orders_columnspublic\class-myaccount.php:18
actionwoocommerce_my_account_my_orders_column_pi_dttpublic\class-myaccount.php:19
filterwoocommerce_checkout_posted_datapublic\class-order.php:14
actionwoocommerce_checkout_update_order_metapublic\class-order.php:16
actionwoocommerce_order_details_after_order_table_itemspublic\class-order.php:19
actionwoocommerce_admin_order_data_after_shipping_addresspublic\class-order.php:22
filterwoocommerce_email_order_meta_fieldspublic\class-order.php:25
actionwp_loadedpublic\class-order.php:332
filterwoocommerce_product_needs_shippingpublic\class-shipping-method.php:7
filterwoocommerce_cart_needs_shipping_addresspublic\class-shipping-method.php:8
filterwoocommerce_customer_taxable_addresspublic\class-shipping-method.php:9
filteroption_woocommerce_pickup_location_settingspublic\class-shipping-method.php:14
actionwoocommerce_after_checkout_validationpublic\class-validate.php:15
actionwp_loadedpublic\class-validate.php:113
actionwoocommerce_checkout_update_order_metapublic\class-woo-app.php:13
actionsave_postpublic\class-woo-app.php:15
Maintenance & Trust

PiWeb Delivery & Pickup Date Time for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.2
Downloads208K

Community Trust

Rating96/100
Number of ratings90
Active installs500
Alternatives

PiWeb Delivery & Pickup Date Time for WooCommerce Alternatives

Delivery & Pickup Date Time for WooCommerce

Delivery & Pickup Date Time for WooCommerce

woo-delivery

A
100

Gives the facility of selecting delivery/pickup/both date/time/both at order checkout page.

5K No CVEs
WooODT Lite – Delivery & pickup date time location for WooCommerce

WooODT Lite – Delivery & pickup date time location for WooCommerce

byconsole-woo-order-delivery-time

C
61

WooODT Lite is a WooCommerce Delivery & Pickup Date Time extension that gives the facility of selecting delivery/pickup date and time/time slot o &hellip;

500 1 unpatched
Pickup | Delivery | Dine-in date time

Pickup | Delivery | Dine-in date time

restaurant-pickup-delivery-dine-in

C
64

WooCommerce based restaurant ordering system for dine in, pickup and delivery. Let you customers book a table online or place an order for delivery or &hellip;

20 1 unpatched
AICOSO Pickup and Delivery Date Time for WooCommerce

AICOSO Pickup and Delivery Date Time for WooCommerce

aicoso-pickup-and-delivery-for-woocommerce

A
100

A comprehensive WooCommerce extension that enables customers to choose between home delivery and pickup options with flexible scheduling capabilities.

0 No CVEs
Order Delivery Date And Time

Order Delivery Date And Time

order-delivery-date-and-time

A
100

Order Delivery Date And Time plugin lets customers select delivery/pickup dates and times at checkout page.

1K No CVEs
Developer Profile

PiWeb Delivery & Pickup Date Time for WooCommerce Developer Profile

PI Web Solution

30 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect PiWeb Delivery & Pickup Date Time for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/css/admin.css/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/css/pisol-select2.css/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/admin.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-timepicker.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-select2.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-datetimepicker.js
Script Paths
/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/admin.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-timepicker.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-select2.js/wp-content/plugins/pi-woocommerce-order-date-time-and-type/admin/js/pisol-datetimepicker.js
Version Parameters
pi-woocommerce-order-date-time-and-type/admin/css/admin.css?ver=pi-woocommerce-order-date-time-and-type/admin/css/pisol-select2.css?ver=pi-woocommerce-order-date-time-and-type/admin/js/admin.js?ver=pi-woocommerce-order-date-time-and-type/admin/js/pisol-timepicker.js?ver=pi-woocommerce-order-date-time-and-type/admin/js/pisol-select2.js?ver=pi-woocommerce-order-date-time-and-type/admin/js/pisol-datetimepicker.js?ver=

HTML / DOM Fingerprints

CSS Classes
pisol-containerpisol-rowpisol-col-12pisol-col-sm-2pisol-col-sm-10pisol-col-md-4pisol-col-lg-3
Data Attributes
pisol-dtt-reset-settings
JS Globals
PISOL_DTT_PLUGIN_VERSIONPISOL_DTT_FREE_RESET_SETTINGPISOL_DTT_URLPISOL_DTT_PATHPISOL_DTT_BASEPISOL_DTT_PRICE+2 more
FAQ

Frequently Asked Questions about PiWeb Delivery & Pickup Date Time for WooCommerce