Does Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Security & Risk Analysis

wordpress.org/plugins/theforge-smart-cod-control-fraud-blocker-for-woocommerce

Stop fake COD orders before they ship. Smart rules, OTP phone verification, and fraud analytics — all in one plugin.

0 active installs v1.4.0 PHP 7.4+ WP 5.8+ Updated Mar 26, 2026

cash-on-deliverycodfraudotp-verificationwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The security posture of theforge-smart-cod-control-fraud-blocker-for-woocommerce v1.1.3 appears to be a mixed bag, with some strong security practices in place but significant areas of concern. The plugin excels in output escaping and nonce usage, with 99% of outputs properly escaped and a good number of nonce checks, indicating developer awareness of common web vulnerabilities. The absence of known CVEs and a clean vulnerability history is a positive sign, suggesting the plugin has historically been maintained with security in mind.

However, the most significant risk lies in the substantial attack surface presented by the 8 AJAX handlers, all of which lack authentication checks. This means any authenticated user, regardless of their role or permissions, could potentially trigger these handlers, opening the door for various exploits depending on the functionality they expose. While taint analysis showed no critical or high severity flows, the lack of authorization on a significant portion of the entry points creates a large potential for privilege escalation or unauthorized actions if the AJAX handlers perform sensitive operations.

In conclusion, while the plugin demonstrates good practices in output handling and has a clean vulnerability history, the unprotected AJAX handlers represent a critical security weakness that requires immediate attention. The plugin's strengths in other areas are overshadowed by this single, high-risk vulnerability. Addressing the authentication for all AJAX endpoints is paramount to securing this plugin.

Key Concerns

8 unprotected AJAX handlers

Vulnerabilities

None known

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Release Timeline

v1.4.0Current

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.1

v1.1.0

Code Analysis

Analyzed Mar 17, 2026

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

269 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared19 total queries

Output Escaping

99% escaped273 total outputs

Attack Surface

8 unprotected

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_wcsf_add_blacklist_itemincludes\class-wcsf-admin-settings.php:50

authwp_ajax_wcsf_remove_blacklist_itemincludes\class-wcsf-admin-settings.php:51

authwp_ajax_wcsf_delete_logincludes\class-wcsf-admin-settings.php:52

authwp_ajax_wcsf_clear_logsincludes\class-wcsf-admin-settings.php:53

authwp_ajax_wcsf_search_productsincludes\class-wcsf-admin-settings.php:54

authwp_ajax_wcsf_check_cod_availabilityincludes\class-wcsf-cod-controller.php:79

noprivwp_ajax_wcsf_check_cod_availabilityincludes\class-wcsf-cod-controller.php:80

authwp_ajax_wcsf_simulate_codincludes\class-wcsf-test-simulator.php:53

WordPress Hooks 31

actionwoocommerce_process_shop_order_metaincludes\class-wcsf-admin-approval.php:53

actionadd_meta_boxesincludes\class-wcsf-admin-approval.php:54

actionadmin_post_wcsf_approve_cod_orderincludes\class-wcsf-admin-approval.php:55

actionadmin_post_wcsf_reject_cod_orderincludes\class-wcsf-admin-approval.php:56

actionadmin_noticesincludes\class-wcsf-admin-approval.php:57

actionwoocommerce_checkout_order_processedincludes\class-wcsf-admin-approval.php:58

actionadmin_menuincludes\class-wcsf-admin-settings.php:41

actionadmin_enqueue_scriptsincludes\class-wcsf-admin-settings.php:44

actionadmin_initincludes\class-wcsf-admin-settings.php:47

actionwoocommerce_order_status_failedincludes\class-wcsf-auto-blacklist.php:53

actionwoocommerce_order_status_cancelledincludes\class-wcsf-auto-blacklist.php:54

filtermanage_shop_order_posts_columnsincludes\class-wcsf-auto-blacklist.php:55

actionmanage_shop_order_posts_custom_columnincludes\class-wcsf-auto-blacklist.php:56

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-wcsf-auto-blacklist.php:57

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-wcsf-auto-blacklist.php:58

filterwoocommerce_available_payment_gatewaysincludes\class-wcsf-cod-controller.php:67

actionwoocommerce_cart_calculate_feesincludes\class-wcsf-cod-controller.php:70

actionwoocommerce_after_checkout_validationincludes\class-wcsf-cod-controller.php:73

actionwp_enqueue_scriptsincludes\class-wcsf-cod-controller.php:76

actionadmin_noticesincludes\class-wcsf-fraud-alerts.php:58

actionwp_dashboard_setupincludes\class-wcsf-fraud-alerts.php:59

actionadmin_initincludes\class-wcsf-fraud-heatmap.php:44

actioninitincludes\class-wcsf-order-status.php:44

filterwc_order_statusesincludes\class-wcsf-order-status.php:45

filterwoocommerce_order_status_pending-cod-approvalincludes\class-wcsf-order-status.php:46

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-wcsf-order-status.php:47

filterbulk_actions-edit-shop_orderincludes\class-wcsf-order-status.php:48

actionplugins_loadedincludes\class-wcsf-plugin.php:150

actionadmin_noticestheforge-smart-cod-control-fraud-blocker-for-woocommerce.php:94

actionbefore_woocommerce_inittheforge-smart-cod-control-fraud-blocker-for-woocommerce.php:124

actionplugins_loadedtheforge-smart-cod-control-fraud-blocker-for-woocommerce.php:141

Maintenance & Trust

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 26, 2026

PHP min version7.4

Downloads658

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Alternatives

CODShield AI – Cash on Delivery (COD) Fraud Shield

codshield-ai

100

Prevent fake COD orders with WhatsApp confirmations, fraud checks, and smart automation to reduce RTO and cancellations.

0 No CVEs

Smart COD for WooCommerce

wc-smart-cod

100

All the COD restrictions and extra fees you'll ever need, in a single plugin.

30K No CVEs

PiWeb Disable payment method / Partial payment for WooCommerce

disable-payment-method-for-woocommerce

100

Disable payment method for WooCommerce, Charge WooCommerce Payment processing FEES, Take Partial payment for Order, Advance COD or Partial payment for …

4K No CVEs

Risk Free Cash On Delivery (COD) – WooCommerce

risk-free-cash-on-delivery-cod-woocommerce

This plugin secures your Cash on delivery orders with an advance Payment option, with an additional feature of Extra fees and Restrictions.

500 1 unpatched

Check Pincode For WooCommerce

check-pincode-for-woocommerce

Let WooCommerce shoppers check delivery availability, estimated delivery date, and Cash on Delivery status by entering their pincode / zip code / post …

400 1 CVE

Developer Profile

Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce Developer Profile

The Plugin Forge

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Smart Cash on Delivery Fraud Blocker & OTP Verification for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theforge-smart-cod-control-fraud-blocker-for-woocommerce/assets/css/wcsf-admin-styles.css/wp-content/plugins/theforge-smart-cod-control-fraud-blocker-for-woocommerce/assets/js/wcsf-admin-scripts.js

Script Paths

/wp-content/plugins/theforge-smart-cod-control-fraud-blocker-for-woocommerce/assets/js/wcsf-admin-scripts.js

Version Parameters

theforge-smart-cod-control-fraud-blocker-for-woocommerce/assets/css/wcsf-admin-styles.css?ver=theforge-smart-cod-control-fraud-blocker-for-woocommerce/assets/js/wcsf-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcsf-settings-pagewcsf-admin-section

HTML Comments

+3 more

Data Attributes

data-tab='general'data-tab='cod_rules'data-tab='advanced_blocking'data-tab='fraud_logs'data-tab='test_simulator'data-tab='fraud_heatmap'

JS Globals

wcsf_admin_params

REST Endpoints

/wp-json/wcsf/v1/add-blacklist/wp-json/wcsf/v1/remove-blacklist/wp-json/wcsf/v1/delete-log/wp-json/wcsf/v1/clear-logs/wp-json/wcsf/v1/search-products

FAQ