Does Postcodes4U Address Finder have any unpatched vulnerabilities?

No. All known vulnerabilities in Postcodes4U Address Finder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Postcodes4U Address Finder compatible with WordPress 6.9.4?

According to WordPress.org data, Postcodes4U Address Finder 1.5.39 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Postcodes4U Address Finder compatible with PHP 5.6.4+?

Postcodes4U Address Finder requires PHP 5.6.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Postcodes4U Address Finder updated?

Postcodes4U Address Finder was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Postcodes4U Address Finder's security score?

Postcodes4U Address Finder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Postcodes4U Address Finder Security & Risk Analysis

wordpress.org/plugins/postcodes4u-address-finder

Requires WooCommerce at least: 2.2.3 Tested WooCommerce up to: 10.5.1 Tested ContactForm7 4.9.2 - 6.1.5 Tested Gravity Forms 2.4.15 - 2.9.

400 active installs v1.5.39 PHP 5.6.4+ WP 3.0+ Updated Feb 20, 2026

addresscontactform7gravityformspostcodewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Postcodes4U Address Finder Safe to Use in 2026?

Generally Safe

Score 100/100

Postcodes4U Address Finder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'postcodes4u-address-finder' v1.5.39 plugin exhibits a mixed security posture. On the positive side, there are no known critical or high vulnerabilities in its history, and the static analysis indicates good practices in areas like SQL query preparation. The absence of external HTTP requests and dangerous functions also contributes to a generally stable foundation. However, several significant concerns emerge from the code analysis. The presence of 2 taint flows with unsanitized paths, even if not classified as critical or high severity, represents a potential entry point for malicious data manipulation. Furthermore, a notable lack of nonces and capability checks across all identified entry points (which include 1 shortcode) is a serious oversight. This means that functionality exposed by the shortcode could potentially be triggered by any user, regardless of their permissions, increasing the risk of unauthorized actions or information disclosure. The moderate rate of proper output escaping (62%) also suggests that there might be instances where user-supplied data is not sufficiently sanitized before being displayed, leading to potential cross-site scripting (XSS) vulnerabilities.

Key Concerns

Taint flows with unsanitized paths found
No nonce checks on entry points
No capability checks on entry points
Output escaping only 62% proper

Vulnerabilities

None known

Postcodes4U Address Finder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Postcodes4U Address Finder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

64 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

62% escaped103 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

pc4u_contactform_html (includes\display-functions.php:212)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Postcodes4U Address Finder Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pc4u_contact_form] postcodes4U.php:43

WordPress Hooks 24

actionadmin_menuincludes\admin-page.php:416

actionadmin_initincludes\admin-page.php:425

actionplugins_loadedincludes\cf7_integration.php:37

actionwpcf7_initincludes\cf7_integration.php:51

filterwpcf7_validate_pc4upostcodeincludes\cf7_integration.php:77

filterwpcf7_validate_pc4upostcode*includes\cf7_integration.php:78

filterthe_contentincludes\display-functions.php:156

actionplugins_loadedincludes\gf_integration.php:53

filtergform_address_typesincludes\gf_integration.php:2085

actiongform_field_appearance_settingsincludes\gf_integration.php:2106

actiongform_editor_jsincludes\gf_integration.php:2159

filtergform_tooltipsincludes\gf_integration.php:2181

filtergform_tooltipsincludes\gf_integration.php:2189

filtergform_tooltipsincludes\gf_integration.php:2198

filtergform_tooltipsincludes\gf_integration.php:2207

filtergform_tooltipsincludes\gf_integration.php:2214

actionwp_loadedincludes\scripts.php:17

actionwp_enqueue_scriptsincludes\scripts.php:25

actionadmin_enqueue_scriptsincludes\scripts.php:33

filtergform_noconflict_scriptsincludes\scripts.php:46

filterwoocommerce_locate_templateincludes\woo_integration.php:18

filterdefault_checkout_billing_countryincludes\woo_integration.php:22

filterdefault_checkout_shipping_countryincludes\woo_integration.php:23

filterwoocommerce_default_address_fieldsincludes\woo_integration.php:27

Maintenance & Trust

Postcodes4U Address Finder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version5.6.4

Downloads19K

Community Trust

Rating100/100

Number of ratings3

Active installs400

Alternatives

Postcodes4U Address Finder Alternatives

Address Autocomplete Anything

address-autocomplete-anything

100

Easily integrate Google Address Autocomplete to anything on your WordPress website!

900 No CVEs

Postcode Checkout – Postcode Validation

postcode-checkout-postcode-validation

100

📦 Validate Customer Addresses in WooCommerce

10 No CVEs

Portugal States (Distritos) for WooCommerce

portugal-states-distritos-for-woocommerce

100

This plugin adds the Portuguese “States”, known as “Distritos”, to WooCommerce and sets the correct address format for Portugal.

5K No CVEs

Address Book for WooCommerce

woo-address-book

Gives your customers the option to store multiple billing and shipping addresses and retrieve them on checkout.

4K 1 CVE

Autocomplete Address and Location Picker for WooCommerce

autocomplete-address-and-location-picker-for-woocommerce

100

Improve your WooCommerce checkout flow with Google Places address autocomplete, geocoding, and location picker tools. Supports Classic Checkout and Ch …

2K No CVEs

Developer Profile

Postcodes4U Address Finder Developer Profile

3XSoftware

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Postcodes4U Address Finder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/postcodes4u-address-finder/js/pc4u_wp_v1_5_19.js/wp-content/plugins/postcodes4u-address-finder/css/pc4u_styles_v1-1.css

Script Paths

/wp-content/plugins/postcodes4u-address-finder/js/pc4u_wp_v1_5_19.js

Version Parameters

pc4u-scriptpc4u-style

HTML / DOM Fingerprints

Data Attributes

pc4u_settings

JS Globals

pc4u_plugin_name

Shortcode Output

[pc4u_contact_form]

FAQ