WP-Safety

Ubigeo de Perú para Woocommerce y WordPress Security & Risk Analysis

wordpress.org/plugins/ubigeo-peru

This plugin adds the Ubigeo Peru to the Woocommerce checkout - _departamento - _provincia - _distrito

4K active installs v4.7 PHP 8.0+ WP 5.6+ Updated Dec 12, 2025
departamentodistritoperuprovinciaubigeo
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 18, 2022
Plugin page Download
Safety Verdict

Is Ubigeo de Perú para Woocommerce y WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Ubigeo de Perú para Woocommerce y WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 18, 2022Updated 3mo ago
Risk Assessment

The ubigeo-peru plugin v4.7 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids file operations and external HTTP requests, significant concerns arise from its attack surface and lack of authorization checks. All 8 identified AJAX handlers are exposed without any form of authentication, creating a wide entry point for potential attackers. This, coupled with the presence of 5 taint flows with unsanitized paths, albeit without critical or high severity ratings, suggests a susceptibility to certain types of vulnerabilities if not carefully managed. The plugin's vulnerability history indicates a past medium-severity SQL injection vulnerability, which, while currently patched, highlights a potential area of weakness that attackers might try to exploit again.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 5 taint flows with unsanitized paths
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
  • 65% output properly escaped (35% unescaped)
  • 1 medium severity CVE in history
Vulnerabilities
1

Ubigeo de Perú para Woocommerce y WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-0814medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection

Apr 18, 2022 Patched in 3.6.4 (645d)
Code Analysis
Analyzed Mar 16, 2026

Ubigeo de Perú para Woocommerce y WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
39 prepared
Unescaped Output
51
93 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared39 total queries

Output Escaping

65% escaped144 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
rt_ubigeo_load_provincias_front (rt_ubigeo_lib.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Ubigeo de Perú para Woocommerce y WordPress Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_rt_ubigeo_load_provincias_frontrt_ubigeo_lib.php:54
noprivwp_ajax_rt_ubigeo_load_provincias_frontrt_ubigeo_lib.php:55
authwp_ajax_rt_ubigeo_load_distritos_frontrt_ubigeo_lib.php:114
noprivwp_ajax_rt_ubigeo_load_distritos_frontrt_ubigeo_lib.php:115
authwp_ajax_rt_ubigeo_load_provincias_addressrt_ubigeo_lib.php:292
noprivwp_ajax_rt_ubigeo_load_provincias_addressrt_ubigeo_lib.php:293
authwp_ajax_rt_ubigeo_load_distritos_addressrt_ubigeo_lib.php:303
noprivwp_ajax_rt_ubigeo_load_distritos_addressrt_ubigeo_lib.php:304
WordPress Hooks 31
actionadmin_menurt_ubigeo_admin.php:7
actionadmin_initrt_ubigeo_admin.php:12
actionadmin_noticesrt_ubigeo_admin.php:163
actionadmin_noticesrt_ubigeo_admin.php:170
actionadmin_noticesrt_ubigeo_admin.php:177
filterwoocommerce_statesrt_ubigeo_checkout.php:5
filterwoocommerce_country_locale_field_selectorsrt_ubigeo_checkout.php:13
filterwoocommerce_default_address_fieldsrt_ubigeo_checkout.php:28
filterwoocommerce_get_country_localert_ubigeo_checkout.php:54
filterwoocommerce_checkout_fieldsrt_ubigeo_checkout.php:91
filterwoocommerce_checkout_fieldsrt_ubigeo_checkout.php:256
filterdefault_checkout_billing_departamentort_ubigeo_checkout.php:265
filterdefault_checkout_shipping_departamentort_ubigeo_checkout.php:272
filterwoocommerce_default_address_fieldsrt_ubigeo_checkout.php:288
actionwp_enqueue_scriptsrt_ubigeo_checkout.php:332
actionwoocommerce_after_checkout_formrt_ubigeo_checkout.php:377
actionwoocommerce_checkout_update_order_reviewrt_ubigeo_checkout.php:407
actionwoocommerce_after_checkout_validationrt_ubigeo_checkout.php:429
actionwoocommerce_checkout_processrt_ubigeo_checkout.php:535
actionwoocommerce_admin_order_data_after_billing_addressrt_ubigeo_checkout.php:670
actionwoocommerce_admin_order_data_after_shipping_addressrt_ubigeo_checkout.php:686
actionwoocommerce_view_orderrt_ubigeo_checkout.php:722
actionwoocommerce_email_after_order_tablert_ubigeo_checkout.php:835
actionwoocommerce_thankyourt_ubigeo_checkout.php:839
filterwoocommerce_checkout_get_valuert_ubigeo_checkout.php:871
actionyith_ywpi_invoice_template_customer_datart_ubigeo_lib.php:401
filterwoocommerce_rest_prepare_shop_order_objectrt_ubigeo_lib.php:466
actionbefore_woocommerce_initubigeo-peru.php:33
actioninitubigeo-peru.php:44
filterplugin_row_metaubigeo-peru.php:50
actionplugins_loadedubigeo-peru.php:53
Maintenance & Trust

Ubigeo de Perú para Woocommerce y WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 12, 2025
PHP min version8.0
Downloads50K

Community Trust

Rating86/100
Number of ratings24
Active installs4K
Alternatives

Ubigeo de Perú para Woocommerce y WordPress Alternatives

WC Provincia Canton Distrito

WC Provincia Canton Distrito

wc-provincia-canton-distrito

A
92

This plugin allows you to populate your custom states, cities, and postcodes for WooCommerce.

1K No CVEs
Provinces and Districts of Panama for WooCommerce

Provinces and Districts of Panama for WooCommerce

provinces-and-districts-of-panama-for-woocommerce

A
85

Provinces, Districts and Corregimientos of Panama for WooCommerce.

100 No CVEs
Departamentos y Ciudades de Colombia para Woocommerce

Departamentos y Ciudades de Colombia para Woocommerce

departamentos-y-ciudades-de-colombia-para-woocommerce

A
92

WordPress plugin that shows dropdowns for State and City Select for WooCommerce

7K No CVEs
Libro de Reclamaciones y Quejas

Libro de Reclamaciones y Quejas

libro-de-reclamaciones-y-quejas

B
77

Libro de reclamaciones válido para Perú con los campos obligatorios exigidos por Indecopi.

4K 1 unpatched
Culqi

Culqi

culqi-checkout

A
91

Conéctate a nuestra pasarela de pago CulqiOnline de forma segura y estable en tu tienda virtual.

1K 1 CVE
Developer Profile

Ubigeo de Perú para Woocommerce y WordPress Developer Profile

Renzo Tejada

11 plugins · 9K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect Ubigeo de Perú para Woocommerce y WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ubigeo-peru/assets/css/style.css/wp-content/plugins/ubigeo-peru/assets/js/script.js/wp-content/plugins/ubigeo-peru/assets/js/admin-script.js
Version Parameters
ubigeo-peru/assets/css/style.css?ver=ubigeo-peru/assets/js/script.js?ver=ubigeo-peru/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ubigeo-peru-settings-container
HTML Comments
<!-- Ubigeo Perú Settings Page --><!-- End Ubigeo Perú Settings Page -->
Data Attributes
data-ubigeo-peru-nonce
JS Globals
ubigeo_peru_ajax_objectwindow.ubigeoPeruAjax
REST Endpoints
/wp-json/ubigeo-peru/v1/districts/wp-json/ubigeo-peru/v1/provinces
Shortcode Output
[ubigeo_peru_form][ubigeo_peru_address_fields]
FAQ

Frequently Asked Questions about Ubigeo de Perú para Woocommerce y WordPress