Does WC Pickup Store have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Pickup Store have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Pickup Store compatible with WordPress 6.8.5?

According to WordPress.org data, WC Pickup Store 1.8.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WC Pickup Store updated?

WC Pickup Store was last updated on Jul 12, 2025. Frequent updates are generally a positive security signal.

What is WC Pickup Store's security score?

WC Pickup Store has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Pickup Store Security & Risk Analysis

wordpress.org/plugins/wc-pickup-store

WC Pickup Store is a custom shipping method that lets you to set up one or multiple stores to local pickup in the Checkout page in WooCommerce

2K active installs v1.8.10 PHP + WP 4.7+ Updated Jul 12, 2025

e-commerceecommercelocal-pickupstorestore-pickup

A · Safe

CVEs total1

Unpatched0

Last CVEJul 3, 2025

Plugin page Download

Safety Verdict

Is WC Pickup Store Safe to Use in 2026?

Generally Safe

Score 99/100

WC Pickup Store has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 3, 2025Updated 8mo ago

Risk Assessment

The "wc-pickup-store" plugin v1.8.10 presents a mixed security posture. On the positive side, the static analysis shows a very small attack surface, with no unprotected entry points and all SQL queries using prepared statements. The absence of dangerous functions, file operations, and external HTTP requests is also a strong indicator of good security practices. However, a significant concern is the low percentage of properly escaped output (23%). This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data might not be adequately sanitized before being displayed. The plugin also has a history of known vulnerabilities, with one medium severity CVE recorded. While currently unpatched vulnerabilities are zero, the past "Missing Authorization" issues warrant attention and indicate a potential recurring pattern that could be exploited if not addressed proactively.

Despite the lack of critical taint flows and a seemingly secure entry point count, the poor output escaping and past authorization issues are notable weaknesses. The plugin benefits from a limited attack surface and good practices around SQL, but the potential for XSS due to insufficient output sanitization and the historical authorization vulnerabilities create a moderate risk profile. Users should be cautious and ensure all output is properly handled.

Key Concerns

Insufficient output escaping (23% properly escaped)
Past medium severity CVE (Missing Authorization)

Vulnerabilities

WC Pickup Store Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-47634medium · 5.3Missing Authorization

WC Pickup Store <= 1.8.9 - Missing Authorization to Unauthenticated Settings Update

Jul 3, 2025 Patched in 1.8.10 (14d)

Code Analysis

Analyzed Mar 16, 2026

WC Pickup Store Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

112

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

23% escaped146 total outputs

Attack Surface

WC Pickup Store Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[vc_wps_store] includes\integrations\class-vc_stores.php:12

WordPress Hooks 33

actioncustomize_registerincludes\admin\wps-admin.php:43

actionwoocommerce_checkout_create_orderincludes\admin\wps-admin.php:128

actionadmin_menuincludes\admin\wps-admin.php:154

actionwoocommerce_after_checkout_validationincludes\admin\wps-admin.php:176

actionplugins_loadedincludes\admin\wps-admin.php:184

filterwoocommerce_admin_shipping_fieldsincludes\admin\wps-admin.php:233

actionwoocommerce_process_shop_order_metaincludes\admin\wps-admin.php:258

filterwoocommerce_shipping_methodsincludes\class-wps-init.php:10

filterwoocommerce_get_order_item_totalsincludes\class-wps-init.php:89

filterwps_store_select_first_optionincludes\class-wps-init.php:91

actioninitincludes\class-wps-init.php:314

filtermanage_edit-store_columnsincludes\cpt-store.php:19

filtermanage_store_posts_custom_columnincludes\cpt-store.php:44

actionadd_meta_boxesincludes\cpt-store.php:53

actionsave_postincludes\cpt-store.php:269

filtersingle_templateincludes\cpt-store.php:281

filterarchive_templateincludes\cpt-store.php:293

actionadmin_noticesincludes\cpt-store.php:407

actioninitincludes\cpt-store.php:444

filteruse_block_editor_for_post_typeincludes\cpt-store.php:498

actioninitincludes\cpt-store.php:546

actioninitincludes\integrations\class-vc_stores.php:9

actionwidgets_initincludes\integrations\class-widget-stores.php:8

actionwoocommerce_review_order_after_shippingincludes\wps-functions.php:108

actionwp_headincludes\wps-functions.php:144

filterwoocommerce_cart_shipping_method_full_labelincludes\wps-functions.php:159

actionwp_enqueue_scriptsincludes\wps-functions.php:235

actionwoocommerce_cart_calculate_feesincludes\wps-functions.php:282

filterwoocommerce_email_headersincludes\wps-functions.php:299

actionwoocommerce_cart_totals_before_order_totalincludes\wps-functions.php:441

filterwoocommerce_order_get_formatted_shipping_addressincludes\wps-functions.php:565

actionadmin_noticeswc-pickup-store.php:42

actionbefore_woocommerce_initwc-pickup-store.php:73

Maintenance & Trust

WC Pickup Store Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 12, 2025

PHP min version

Downloads63K

Community Trust

Rating94/100

Number of ratings25

Active installs2K

Alternatives

WC Pickup Store Alternatives

Local Pickup Pro for WooCommerce

woo-local-pickup-pro

Local Pickup Pro for WooCommerce plugin is shipping method for WooCommerce allows your customers to come to you to pick up their purchased products at …

80 No CVEs

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

Shopping Cart & eCommerce Store

wp-easycart

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs

Zorem Local Pickup

advanced-local-pickup-for-woocommerce

Zorem Local Pickup plugin enhances WooCommerce by streamlining in-store pickups, offering a dedicated workflow for local pickup fulfillment.

3K 5 CVEs

Payment Integration Wompi

payment-integration-wompi

Integration of Wompi for Woocommerce

1K No CVEs

Developer Profile

WC Pickup Store Developer Profile

Keylor Mendoza

2 plugins · 3K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

14 days

View full developer profile

Detection Fingerprints

How We Detect WC Pickup Store

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-pickup-store/assets/css/wps-frontend.css/wp-content/plugins/wc-pickup-store/assets/js/wps-frontend.js/wp-content/plugins/wc-pickup-store/assets/css/wps-admin.css

Script Paths

/wp-content/plugins/wc-pickup-store/assets/js/wps-frontend.js

Version Parameters

wc-pickup-store/assets/css/wps-frontend.css?ver=wc-pickup-store/assets/js/wps-frontend.js?ver=wc-pickup-store/assets/css/wps-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

shipping-pickup-storewps-costs-per-storewps-no-costsno-store-defaultno-store-availablestore-templatestore-message

Data Attributes

data-storedata-costdata-iddata-country

JS Globals

WPS

FAQ