Preenchimento Automatico CEP Brasil Security & Risk Analysis
wordpress.org/plugins/preenchimento-automatico-cep-brasilPreenchimento automático dos campos de endereço a partir de um CEP
Is Preenchimento Automatico CEP Brasil Safe to Use in 2026?
Generally Safe
Score 85/100Preenchimento Automatico CEP Brasil has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "preenchimento-automatico-cep-brasil" v1.5 plugin exhibits a concerning security posture primarily due to its unprotected entry points. The static analysis reveals two AJAX handlers, both of which lack authentication checks. This creates a significant attack surface, allowing any unauthenticated user to potentially trigger these handlers. While the plugin performs well in other areas, such as using prepared statements for SQL queries and a high percentage of properly escaped output, the absence of authorization on its AJAX endpoints is a critical weakness.
The taint analysis shows two flows with unsanitized paths. Although these are not classified as critical or high severity, the presence of unsanitized paths in conjunction with unprotected AJAX handlers suggests a potential for cross-site scripting (XSS) or other injection vulnerabilities if user input is directly processed without proper sanitization. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, this can sometimes be a result of limited security scrutiny rather than inherent robustness.
In conclusion, while "preenchimento-automatico-cep-brasil" v1.5 demonstrates good practices in areas like SQL and output handling, the unprotected AJAX endpoints and the identified unsanitized taint flows present a notable risk. The lack of authorization on these entry points is a fundamental security oversight that needs immediate attention to mitigate potential exploitation.
Key Concerns
- Unprotected AJAX handlers (2)
- Taint flows with unsanitized paths (2)
- No nonce checks on AJAX handlers
- No capability checks on AJAX handlers
- Less than 100% output escaping
Preenchimento Automatico CEP Brasil Security Vulnerabilities
Preenchimento Automatico CEP Brasil Code Analysis
Output Escaping
Data Flow Analysis
Preenchimento Automatico CEP Brasil Attack Surface
AJAX Handlers 2
WordPress Hooks 5
Maintenance & Trust
Preenchimento Automatico CEP Brasil Maintenance & Trust
Maintenance Signals
Community Trust
Preenchimento Automatico CEP Brasil Alternatives
Select Estados e Cidades Brasil
select-estados-e-cidades-brasil
O Plugin Select Estados Cidades Brasil preenche automaticamente com estados e cidades Brasileiros.
Geolocation IP Detection
geoip-detect
Provides geographic information detected by an IP adress.
If-So Geolocation
if-so-geolocation
All-in-one geolocation. Personalized content, geolocation Dynamic Keyword Insertion shortcodes, Rediects, and more. No coding required!
WP Cloudflare GeoIP Redirect
wp-cloudflare-geoip-redirect
Easily setup redirect for visitors/users from selected countries to specific URL utilizing Cloudflare IP Geolocation.
DM Visitor Location Notification
dm-visitor-location-notification
DM VLN allows you to display notifications when new visitors access the page with location details and stats with top 10 countries for that page.
Preenchimento Automatico CEP Brasil Developer Profile
3 plugins · 200 total installs
How We Detect Preenchimento Automatico CEP Brasil
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/preenchimento-automatico-cep-brasil/includes/mwp-pacwp-scripts.php/wp-content/plugins/preenchimento-automatico-cep-brasil/admin/mwp-pacwp-admin.php/wp-content/plugins/preenchimento-automatico-cep-brasil/includes/mwp-pacwp-hooks.phpHTML / DOM Fingerprints
pacepbr_class_ceppacepbr_class_logradouropacepbr_class_numeropacepbr_class_complementopacepbr_class_bairropacepbr_class_cidade+1 morepacepbr_ajaxpacepbr_limpa_formulário_cep/wp-json/pacepbr/v1/ajax