WP-Safety

Product Delivery Date for WooCommerce – Lite Security & Risk Analysis

wordpress.org/plugins/product-delivery-date-for-woocommerce-lite

Choose delivery/pickup dates & times on product page. Simplify delivery management by setting minimum delivery time, max deliveries per day & more.

1K active installs v3.3.0 PHP 7.3+ WP 3.0+ Updated Jan 28, 2026
delivery-calendarproduct-deliveryproduct-delivery-datewoocommerce-order-delivery
95
A · Safe
CVEs total5
Unpatched0
Last CVEDec 29, 2025
Download
Safety Verdict

Is Product Delivery Date for WooCommerce – Lite Safe to Use in 2026?

Generally Safe

Score 95/100

Product Delivery Date for WooCommerce – Lite has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 29, 2025Updated 2mo ago
Risk Assessment

The 'product-delivery-date-for-woocommerce-lite' plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a reasonable number of nonce and capability checks, several areas raise concerns. The presence of two AJAX handlers without authentication checks creates a significant attack surface for unauthorized actions.

The static analysis reveals a concerning use of the `unserialize` function, which can be a vector for remote code execution if not handled with extreme caution and validation of the serialized data. While no critical or high severity taint flows were found, the two flows with unsanitized paths are indicative of potential injection vulnerabilities. The plugin's vulnerability history shows a concerning pattern of five medium-severity CVEs, primarily related to Cross-site Scripting and Missing Authorization, suggesting a recurring weakness in input validation and access control.

Overall, the plugin has strengths in its database interaction and some security controls. However, the unprotected AJAX endpoints and the use of `unserialize` are critical weaknesses that demand immediate attention. The historical prevalence of medium-severity vulnerabilities related to input handling and authorization further amplifies the risk. While there are no currently unpatched vulnerabilities, the identified structural weaknesses and past issues suggest a need for more robust security development practices.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of unserialize function
  • Flows with unsanitized paths
  • Past medium severity CVEs (5 total)
  • 58% of outputs properly escaped
Vulnerabilities
5

Product Delivery Date for WooCommerce – Lite Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-69027medium · 4.3Missing Authorization

Product Delivery Date for WooCommerce – Lite <= 3.2.0 - Missing Authorization

Dec 29, 2025 Patched in 3.3.0 (16d)
CVE-2024-10882medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Delivery Date for WooCommerce - Lite <= 2.8.0 - Reflected Cross-Site Scripting

Nov 12, 2024 Patched in 2.8.1 (1d)
CVE-2024-9345medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting

Oct 3, 2024 Patched in 2.7.4 (1d)
CVE-2024-38702medium · 5.3Missing Authorization

Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization

Jul 11, 2024 Patched in 2.7.3 (7d)
CVE-2023-52210medium · 5.3Missing Authorization

Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization

Jan 3, 2024 Patched in 2.7.1 (20d)
Code Analysis
Analyzed Mar 16, 2026

Product Delivery Date for WooCommerce – Lite Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
44 prepared
Unescaped Output
124
172 escaped
Nonce Checks
11
Capability Checks
4
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$product_variation_array = unserialize( $product_variation_array_string[0] );includes\admin\class-prdd-lite-calendar-view.php:248

SQL Query Safety

100% prepared44 total queries

Output Escaping

58% escaped296 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
search_box (includes\admin\class-prdd-lite-view-deliveries-table.php:223)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Product Delivery Date for WooCommerce – Lite Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 5

noprivwp_ajax_prdd_calender_contentclass-prdd-lite-woocommerce.php:168
authwp_ajax_prdd_calender_contentclass-prdd-lite-woocommerce.php:169
authwp_ajax_prdd_lite_update_databaseclass-prdd-lite-woocommerce.php:196
authwp_ajax_tyche_plugin_deactivation_submit_actionincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:93
authwp_ajax_prdd_lite_dismiss_upgrade_to_proincludes\component\upgrade-to-pro\ts-upgrade-to-pro.php:131
WordPress Hooks 51
actioninitclass-prdd-lite-woocommerce.php:141
actionadmin_initclass-prdd-lite-woocommerce.php:142
actionprdd_lite_init_tracker_completedclass-prdd-lite-woocommerce.php:143
filterplugin_row_metaclass-prdd-lite-woocommerce.php:144
filterplugin_action_linksclass-prdd-lite-woocommerce.php:145
actionadd_meta_boxesclass-prdd-lite-woocommerce.php:158
actionadmin_footerclass-prdd-lite-woocommerce.php:159
actionwoocommerce_process_product_metaclass-prdd-lite-woocommerce.php:161
actionwoocommerce_duplicate_productclass-prdd-lite-woocommerce.php:162
actionadmin_menuclass-prdd-lite-woocommerce.php:165
actionadmin_initclass-prdd-lite-woocommerce.php:166
actionadmin_initclass-prdd-lite-woocommerce.php:171
actionadmin_enqueue_scriptsclass-prdd-lite-woocommerce.php:173
actionadmin_enqueue_scriptsclass-prdd-lite-woocommerce.php:174
actionadmin_footerclass-prdd-lite-woocommerce.php:175
actionwoocommerce_before_single_productclass-prdd-lite-woocommerce.php:177
actionwoocommerce_before_single_productclass-prdd-lite-woocommerce.php:178
actionwoocommerce_before_add_to_cart_buttonclass-prdd-lite-woocommerce.php:180
filterwoocommerce_add_cart_item_dataclass-prdd-lite-woocommerce.php:181
filterwoocommerce_get_cart_item_from_sessionclass-prdd-lite-woocommerce.php:182
filterwoocommerce_get_item_dataclass-prdd-lite-woocommerce.php:183
actionwoocommerce_checkout_update_order_metaclass-prdd-lite-woocommerce.php:184
actionwoocommerce_store_api_checkout_update_order_from_requestclass-prdd-lite-woocommerce.php:185
filterwoocommerce_hidden_order_itemmetaclass-prdd-lite-woocommerce.php:186
filterwoocommerce_add_to_cart_validationclass-prdd-lite-woocommerce.php:187
filterts_deativate_plugin_questionsclass-prdd-lite-woocommerce.php:190
filterts_tracker_dataclass-prdd-lite-woocommerce.php:191
filterts_tracker_opt_out_dataclass-prdd-lite-woocommerce.php:192
actionprdd_lite_add_meta_footerclass-prdd-lite-woocommerce.php:193
actionadmin_noticesclass-prdd-lite-woocommerce.php:309
filterprdd_addon_add_cart_item_dataincludes\admin\class-prdd-lite-delivery-price.php:30
filterprdd_get_cart_item_from_sessionincludes\admin\class-prdd-lite-delivery-price.php:31
filterprdd_get_item_dataincludes\admin\class-prdd-lite-delivery-price.php:32
actionprdd_update_orderincludes\admin\class-prdd-lite-delivery-price.php:33
filterwoocommerce_privacy_export_order_personal_data_propsincludes\class-prdd-privacy-policy-lite.php:30
filterwoocommerce_privacy_export_order_personal_data_propincludes\class-prdd-privacy-policy-lite.php:31
actionadmin_print_scripts-plugins.phpincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:92
filtercron_schedulesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:82
actionadmin_initincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:83
actionadmin_noticesincludes\component\pro-notices-in-lite\ts-pro-notices.php:67
actionadmin_initincludes\component\pro-notices-in-lite\ts-pro-notices.php:68
actionadmin_noticesincludes\component\upgrade-to-pro\ts-upgrade-to-pro.php:125
actionadmin_enqueue_scriptsincludes\component\upgrade-to-pro\ts-upgrade-to-pro.php:128
actionadmin_headincludes\component\upgrade-to-pro\ts-upgrade-to-pro.php:129
actionadmin_initincludes\component\welcome-page\ts-welcome.php:102
actionadmin_menuincludes\component\welcome-page\ts-welcome.php:104
actionadmin_headincludes\component\welcome-page\ts-welcome.php:105
actionadmin_initincludes\component\welcome-page\ts-welcome.php:109
actionadmin_initincludes\component\woocommerce-check\ts-woo-active.php:42
actionadmin_noticesincludes\component\woocommerce-check\ts-woo-active.php:53
actionbefore_woocommerce_initproduct-delivery-date-for-woocommerce-lite.php:20
Maintenance & Trust

Product Delivery Date for WooCommerce – Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version7.3
Downloads65K

Community Trust

Rating82/100
Number of ratings13
Active installs1K
Alternatives

Product Delivery Date for WooCommerce – Lite Alternatives

Schedule Product Delivery Date for WooCommerce

Schedule Product Delivery Date for WooCommerce

schedule-product-delivery-date-for-woocommerce

A
92

Schedule Product Delivery Date plugin allows weekly or monthly deliveries with selected dates and quantities.

20 No CVEs
Delivery Countdown Timer

Delivery Countdown Timer

delivery-countdown-timer

A
85

Show the nextday delivery timer with text based on cut off time.

200 No CVEs
Product Delivery Date

Product Delivery Date

product-delivery-date

A
92

Product Delivery Date is a plugin that allows you to customize the delivery date of a product. With this plugin, you can add a delivery date field to &hellip;

200 No CVEs
Delivery Date for WooCommerce

Delivery Date for WooCommerce

delivery-date-for-woocommerce

A
100

This plugin adds a delivery date field to the checkout page.

100 No CVEs
Delivery Man Management with delivery report for Woocommerce

Delivery Man Management with delivery report for Woocommerce

deliveryman-management

A
100

This plugin manages deliveryman for woocommerce Product orders.

10 No CVEs
Developer Profile

Product Delivery Date for WooCommerce – Lite Developer Profile

tychesoftwares

20 plugins · 160K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
232 days
View full developer profile
Detection Fingerprints

How We Detect Product Delivery Date for WooCommerce – Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-delivery-date-for-woocommerce-lite/assets/css/product-delivery-date.css/wp-content/plugins/product-delivery-date-for-woocommerce-lite/assets/js/product-delivery-date.js
Script Paths
/wp-content/plugins/product-delivery-date-for-woocommerce-lite/assets/js/product-delivery-date.js
Version Parameters
product-delivery-date-for-woocommerce-lite/assets/css/product-delivery-date.css?ver=product-delivery-date-for-woocommerce-lite/assets/js/product-delivery-date.js?ver=

HTML / DOM Fingerprints

CSS Classes
prdd-lite-delivery-date-fieldprdd-lite-delivery-date-field-wrapprdd-lite-delivery-date-label
HTML Comments
<!-- Added by Product Delivery Date for WooCommerce Lite --><!-- Lite Version -->
Data Attributes
data-prdd-lite-product-iddata-prdd-lite-enable-delivery-date
JS Globals
prdd_lite_delivery_settings
FAQ

Frequently Asked Questions about Product Delivery Date for WooCommerce – Lite