Postcode Checkout address validation for contactform 7 Security & Risk Analysis
wordpress.org/plugins/postcode-checkout-address-validation-for-contact-form-7Validate Addresses in Contact Form 7
Is Postcode Checkout address validation for contactform 7 Safe to Use in 2026?
Generally Safe
Score 100/100Postcode Checkout address validation for contactform 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "postcode-checkout-address-validation-for-contact-form-7" v2.1.2 exhibits a significant security concern due to a large attack surface with no authentication or capability checks on its AJAX handlers. All 8 identified AJAX entry points are unprotected, meaning any user, regardless of their role or logged-in status, could potentially interact with these functions. While the plugin demonstrates good practices in SQL query preparation and output escaping, the lack of authorization on its primary interaction points is a critical oversight. The absence of known vulnerabilities and taint analysis findings in this version is a positive sign, suggesting that the code itself might be free of obvious exploits or dangerous functions. However, the unprotected AJAX handlers present a substantial risk of unauthorized actions or information disclosure that could be exploited by attackers. The overall security posture is thus weakened by this critical design flaw, despite otherwise good coding habits. The lack of any recorded vulnerability history could indicate either robust security or simply a lack of exploitation attempts or discovery, making the unprotected AJAX handlers the primary concern.
Key Concerns
- 8 unprotected AJAX handlers
- No nonce checks
- No capability checks
Postcode Checkout address validation for contactform 7 Security Vulnerabilities
Postcode Checkout address validation for contactform 7 Release Timeline
Postcode Checkout address validation for contactform 7 Code Analysis
Output Escaping
Postcode Checkout address validation for contactform 7 Attack Surface
AJAX Handlers 8
WordPress Hooks 6
Maintenance & Trust
Postcode Checkout address validation for contactform 7 Maintenance & Trust
Maintenance Signals
Community Trust
Postcode Checkout address validation for contactform 7 Alternatives
Spikkl Address Lookup
spikkl-address-lookup
Spikkl Address Lookup validates the Dutch postcode and street number combination during checkout and fills additional address values automatically.
Postcode Checkout – Postcode Validation
postcode-checkout-postcode-validation
📦 Validate Customer Addresses in WooCommerce
Autocomplete Google Address
autocomplete-google-address
The #1 Google Address Autocomplete for WordPress. Visual point-and-click setup -- no coding needed. Works with WooCommerce, CF7, WPForms, Gravity Form …
Autocomplete Location Field for Contact Form 7
autocomplete-location-field-contact-form-7
Add Google Places Autocomplete address field to Contact Form 7. Enable automatic address suggestions using Google Maps API for faster and more accurat …
UK Address Postcode Validation
uk-address-postcode-validation
Ideal Postcodes UK address search and validation extension for WooCommerce
Postcode Checkout address validation for contactform 7 Developer Profile
4 plugins · 620 total installs
How We Detect Postcode Checkout address validation for contactform 7
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/css/postcode-checkout-contactform-7.css/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/js/international/postcode-checkout-contactform-7.js/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/js/vendor/AutocompleteAddress.js/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/js/national/postcode-checkout-contactform-7.js/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/css/autocomplete-address.css/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/js/international_pro6pp/postcode-checkout-contactform-7.js/wp-content/plugins/postcode-checkout-address-validation-for-contact-form-7/public/js/vendor/pro6pp.jspublic/js/international/postcode-checkout-contactform-7.jspublic/js/vendor/AutocompleteAddress.jspublic/js/national/postcode-checkout-contactform-7.jspublic/js/international_pro6pp/postcode-checkout-contactform-7.jspublic/js/vendor/pro6pp.jspostcode-checkout-address-validation-for-contact-form-7/public/css/postcode-checkout-contactform-7.css?ver=postcode-checkout-address-validation-for-contact-form-7/public/js/international/postcode-checkout-contactform-7.js?ver=postcode-checkout-address-validation-for-contact-form-7/public/js/vendor/AutocompleteAddress.js?ver=postcode-checkout-address-validation-for-contact-form-7/public/js/national/postcode-checkout-contactform-7.js?ver=postcode-checkout-address-validation-for-contact-form-7/public/css/autocomplete-address.css?ver=postcode-checkout-address-validation-for-contact-form-7/public/js/international_pro6pp/postcode-checkout-contactform-7.js?ver=postcode-checkout-address-validation-for-contact-form-7/public/js/vendor/pro6pp.js?ver=HTML / DOM Fingerprints
pccf7-autocomplete-wrapper<!-- Postcode Checkout Address Validation for Contact Form 7 -->data-pccf7-providerdata-pccf7-validation-urldata-pccf7-autocomplete-urldata-pccf7-details-urldata-pccf7-enable-validationdata-pccf7-debugmode+9 morepccf7_configAutocompleteAddress/wp-json/pccf7/v1/autocomplete/wp-json/pccf7/v1/details/wp-json/pcav/v1/autocomplete