Does Smart COD for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart COD for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Smart COD for WooCommerce 1.8.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Smart COD for WooCommerce updated?

Smart COD for WooCommerce was last updated on Oct 3, 2025. Frequent updates are generally a positive security signal.

What is Smart COD for WooCommerce's security score?

Smart COD for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart COD for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-smart-cod

All the COD restrictions and extra fees you'll ever need, in a single plugin.

30K active installs v1.8.4 PHP + WP 3.0.1+ Updated Oct 3, 2025

cash-on-deliverycodcod-extra-feesmart-codwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smart COD for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Smart COD for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The 'wc-smart-cod' plugin v1.8.4 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and avoids dangerous functions and file operations. Its vulnerability history is clean, with no recorded CVEs, suggesting a generally stable and secure development past.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a substantial attack surface. While taint analysis showed no issues, the absence of nonces and capability checks on these entry points presents a clear risk for unauthorized actions or data manipulation. The proper output escaping rate is good, but not perfect, leaving a small potential for cross-site scripting vulnerabilities if the unescaped outputs involve user-supplied data.

In conclusion, while the plugin benefits from a clean vulnerability history and sound SQL practices, the two unprotected AJAX endpoints are a critical weakness. This lack of authorization on entry points significantly elevates the risk profile, demanding immediate attention and mitigation.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without nonce checks
No capability checks on entry points
Minor unescaped output percentage

Vulnerabilities

None known

Smart COD for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Smart COD for WooCommerce Release Timeline

v1.8.4Current

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.2

v1.6.1

Code Analysis

Analyzed Mar 16, 2026

Smart COD for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

57 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

74% escaped77 total outputs

Attack Surface

2 unprotected

Smart COD for WooCommerce Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wcsmartcod_json_search_categoriesincludes\class-wc-smart-cod.php:336

authwp_ajax_dismiss_wsc_noticeincludes\class-wc-smart-cod.php:337

WordPress Hooks 18

actionadmin_enqueue_scriptsadmin\class-wc-smart-cod-admin.php:71

actionwoocommerce_settings_api_form_fields_codadmin\class-wc-smart-cod-admin.php:72

actionwoocommerce_settings_api_sanitized_fields_codadmin\class-wc-smart-cod-admin.php:73

actionwoocommerce_delete_shipping_zoneadmin\class-wc-smart-cod-admin.php:74

actionplugins_loadedincludes\class-wc-smart-cod.php:94

filterwoocommerce_payment_gatewaysincludes\class-wc-smart-cod.php:95

actionadmin_noticesincludes\class-wc-smart-cod.php:96

actionafter_plugin_row_wc-smart-cod/wc-smart-cod.phpincludes\class-wc-smart-cod.php:97

actionadmin_enqueue_scriptsincludes\class-wc-smart-cod.php:98

actionadmin_noticesincludes\class-wc-smart-cod.php:99

filterplugin_action_links_wc-smart-cod/wc-smart-cod.phpincludes\class-wc-smart-cod.php:100

filterexperimental_woocommerce_admin_payment_reactify_render_sectionsincludes\class-wc-smart-cod.php:101

actionplugins_loadedincludes\class-wc-smart-cod.php:369

actionwp_enqueue_scriptsincludes\class-wc-smart-cod.php:384

filterwoocommerce_available_payment_gatewayspublic\class-wc-smart-cod-public.php:75

actionwoocommerce_cart_calculate_feespublic\class-wc-smart-cod-public.php:76

actionwoocommerce_update_order_review_fragmentspublic\class-wc-smart-cod-public.php:77

actionbefore_woocommerce_initwc-smart-cod.php:81

Maintenance & Trust

Smart COD for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 3, 2025

PHP min version

Downloads331K

Community Trust

Rating92/100

Number of ratings52

Active installs30K

Alternatives

Smart COD for WooCommerce Alternatives

PCOD – Partial COD, Payment Gateway Restrictions & Fees | for WooCommerce

partial-cod-payment-gateway-restrictions-fees

100

Advanced Partial COD, Payment Method Restrictions, Cart Fees & Cart Discounts for WooCommerce

200 No CVEs

PiWeb Disable payment method / Partial payment for WooCommerce

disable-payment-method-for-woocommerce

100

Disable payment method for WooCommerce, Charge WooCommerce Payment processing FEES, Take Partial payment for Order, Advance COD or Partial payment for …

4K No CVEs

Risk Free Cash On Delivery (COD) – WooCommerce

risk-free-cash-on-delivery-cod-woocommerce

This plugin secures your Cash on delivery orders with an advance Payment option, with an additional feature of Extra fees and Restrictions.

500 1 unpatched

Check Pincode For WooCommerce

check-pincode-for-woocommerce

Let WooCommerce shoppers check delivery availability, estimated delivery date, and Cash on Delivery status by entering their pincode / zip code / post …

400 1 CVE

WooBooster Partial COD for WooCommerce

wb-partial-cod-for-woocommerce

100

Best Wordpress plugin to Allows you to take partial payment via Cash on Delivery (COD) in WooCommerce.

400 No CVEs

Developer Profile

Smart COD for WooCommerce Developer Profile

FullStack-ing

1 plugin · 30K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Smart COD for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-smart-cod/assets/css/wc-smart-cod-admin.css/wp-content/plugins/wc-smart-cod/assets/js/wc-smart-cod-admin.js

Script Paths

/wp-content/plugins/wc-smart-cod/assets/js/wc-smart-cod-admin.js

Version Parameters

wc-smart-cod/assets/css/wc-smart-cod-admin.css?ver=wc-smart-cod/assets/js/wc-smart-cod-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

smart-cod-promo-wrap

Data Attributes

data-pro-url

JS Globals

smartCodAdmin

FAQ