WP-Safety

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wcone

Short Description: All-in-one WooCommerce plugin to manage, customize, and boost sales without multiple plugins.

10 active installs v1.0.4 PHP 7.4+ WP 6.5+ Updated Jan 14, 2026
delivery-date-time-slotsquick-checkoutwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "wcone" v1.0.4 plugin presents a significant security concern due to its large, unprotected attack surface. All 20 identified AJAX entry points lack authentication checks, meaning any user, even unauthenticated ones, can potentially trigger these functions. While the plugin demonstrates good practices in SQL query handling and a high percentage of properly escaped output, this single flaw in authentication overshadows these strengths. The taint analysis revealing two high-severity flows with unsanitized paths is particularly worrying, as it indicates potential for malicious data to be processed without proper validation, likely exacerbated by the lack of authentication on the affected AJAX handlers. The absence of any recorded vulnerability history, while seemingly positive, might also be misleading if the plugin hasn't been extensively analyzed or targeted. The plugin's overall security posture is therefore weak, with a high risk of unauthorized access and potential for exploitation through the unprotected AJAX endpoints.

Key Concerns

  • 20 AJAX handlers without auth checks
  • 2 High severity taint flows with unsanitized paths
Vulnerabilities
None known

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
118
526 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
5
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

100% prepared2 total queries

Output Escaping

82% escaped644 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
holy_day_check (inc\class-components-ajax.php:101)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
20 unprotected

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Attack Surface

Entry Points20
Unprotected20

AJAX Handlers 20

authwp_ajax_invitation_mail_actioninc\class-components-ajax.php:17
noprivwp_ajax_invitation_mail_actioninc\class-components-ajax.php:18
authwp_ajax_update_order_review_actioninc\class-components-ajax.php:20
noprivwp_ajax_update_order_review_actioninc\class-components-ajax.php:21
authwp_ajax_order_time_lists_actioninc\class-components-ajax.php:23
noprivwp_ajax_order_time_lists_actioninc\class-components-ajax.php:24
authwp_ajax_holy_day_check_actioninc\class-components-ajax.php:26
noprivwp_ajax_holy_day_check_actioninc\class-components-ajax.php:27
authwp_ajax_woo_update_fixed_cart_subtotalinc\class-components-ajax.php:29
noprivwp_ajax_woo_update_fixed_cart_subtotalinc\class-components-ajax.php:30
authwp_ajax_woo_get_checkout_datainc\class-products.php:18
noprivwp_ajax_woo_get_checkout_datainc\class-products.php:19
authwp_ajax_woo_order_placeinc\class-products.php:21
noprivwp_ajax_woo_order_placeinc\class-products.php:22
authwp_ajax_woo_add_discountinc\class-products.php:24
noprivwp_ajax_woo_add_discountinc\class-products.php:25
authwp_ajax_woo_get_cart_countinc\class-products.php:27
noprivwp_ajax_woo_get_cart_countinc\class-products.php:28
authwp_ajax_woo_mini_cart_qty_updateinc\class-products.php:30
noprivwp_ajax_woo_mini_cart_qty_updateinc\class-products.php:31
WordPress Hooks 54
actionadmin_enqueue_scriptsadmin\admin.php:21
actionadmin_menuadmin\inc\class-admin-menu.php:21
actionadmin_initadmin\inc\class-admin-menu.php:22
actionswitch_themeappsero\src\Insights.php:140
actionswitch_themeappsero\src\Insights.php:141
actionadmin_footerappsero\src\Insights.php:158
actionadmin_noticesappsero\src\Insights.php:175
actionadmin_initappsero\src\Insights.php:178
filtercron_schedulesappsero\src\Insights.php:184
actionadmin_menuappsero\src\License.php:219
actionafter_switch_themeappsero\src\License.php:781
actionswitch_themeappsero\src\License.php:782
actionwp_footerinc\class-hooks.php:20
actionwp_footerinc\class-hooks.php:22
filterwoocommerce_checkout_redirect_empty_cartinc\class-hooks.php:23
filterwoocommerce_checkout_update_order_review_expiredinc\class-hooks.php:24
filterbody_classinc\class-hooks.php:25
actionwoocommerce_checkout_create_order_line_iteminc\class-woo-hooks.php:20
actionwoocommerce_admin_order_data_after_shipping_addressinc\class-woo-hooks.php:23
actionwoocommerce_checkout_update_order_metainc\class-woo-hooks.php:26
filterwoocommerce_locate_templateinc\class-woo-hooks.php:29
filterwoocommerce_order_data_store_cpt_get_orders_queryinc\class-woo-hooks.php:32
filterwoocommerce_product_data_store_cpt_get_products_queryinc\class-woo-hooks.php:35
actionwoocommerce_before_calculate_totalsinc\class-woo-hooks.php:38
actionwoocommerce_order_status_processinginc\class-woo-hooks.php:41
actionwoocommerce_order_status_completedinc\class-woo-hooks.php:42
actionwoocommerce_order_status_on-holdinc\class-woo-hooks.php:43
actionwoocommerce_cancelled_orderinc\class-woo-hooks.php:46
actionwoocommerce_order_status_failedinc\class-woo-hooks.php:49
actionwoocommerce_checkout_update_order_reviewinc\class-woo-hooks.php:52
filterwc_order_statusesinc\class-woo-hooks.php:55
actioninitinc\class-woo-hooks.php:58
filterwoocommerce_add_to_cart_validationinc\class-woo-hooks.php:61
filtermanage_edit-product_columnsinc\class-woo-hooks.php:64
actionmanage_product_posts_custom_columninc\class-woo-hooks.php:67
filterwoocommerce_package_ratesinc\class-woo-hooks.php:70
actionwoocommerce_after_checkout_validationinc\class-woo-hooks.php:73
actionwoocommerce_checkout_processinc\class-woo-hooks.php:76
actionwoocommerce_before_cartinc\class-woo-hooks.php:79
filterwoocommerce_cancel_unpaid_orderinc\class-woo-hooks.php:82
filterwoocommerce_add_to_cart_fragmentsinc\class-woo-hooks.php:84
actionwoocommerce_widget_shopping_cart_totalinc\class-woo-hooks.php:87
actionwoocommerce_before_add_to_cart_buttoninc\class-woo-hooks.php:92
actionwoocommerce_single_product_summaryinc\class-woo-hooks.php:93
actionwoocommerce_checkout_before_order_review_headinginc\class-woo-hooks.php:94
filterwoocommerce_add_cart_item_datainc\class-woo-hooks.php:96
actionwcone_delivery_typesinc\custom-hooks.php:17
actionwcone_delivery_schedule_timeinc\custom-hooks.php:18
actionwp_enqueue_scriptsinc\enqueue.php:8
filterwoocommerce_is_checkoutinc\enqueue.php:31
actioninitwcone.php:68
actioninitwcone.php:70
actionplugins_loadedwcone.php:73
actionadmin_noticeswcone.php:105
Maintenance & Trust

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Alternatives

WhatsOrder – Instant Checkout for WooCommerce

WhatsOrder – Instant Checkout for WooCommerce

whatsorder-instant-checkout-for-woocommerce

A
100

Enable instant WooCommerce checkout via WhatsApp with auto-generated invoices for seamless order processing.

400 No CVEs
One Page Quick Checkout for WooCommerce

One Page Quick Checkout for WooCommerce

one-page-quick-checkout-for-woocommerce

A
100

One Page Checkout for WooCommerce with popup, direct, and single-page checkout options for faster checkout, more sales, and reduced cart abandonment.

200 No CVEs
CartLink Generator for WooCommerce

CartLink Generator for WooCommerce

cartlink-generator

A
100

Generate and share dynamic WooCommerce cart and checkout page links with pre-filled products, quantities, and custom prices.

60 No CVEs
Checkout Add-on for Woo OnePage – Lite

Checkout Add-on for Woo OnePage – Lite

checkout-add-on-woo-onepage

A
85

Checkout Add-on for Woo OnePage - Lite is a Instant/Quick/OnPage/Floating Checkout Add-on for Woo OnePage Checkout Shop.

10 No CVEs
IWD Quick Order

IWD Quick Order

iwd-quick-order

A
100

Boost your sales by allowing customers to order products directly via WhatsApp. Supports One-Click Order, Popup Forms.

0 No CVEs
Developer Profile

wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce Developer Profile

themelooks

11 plugins · 3K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
20 days
View full developer profile
Detection Fingerprints

How We Detect wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wcone/admin/assets/datatables.css/wp-content/plugins/wcone/admin/assets/font-awesome.min.css/wp-content/plugins/wcone/admin/assets/mdtimepicker.css/wp-content/plugins/wcone/admin/assets/admin.css/wp-content/plugins/wcone/admin/assets/jQuery.print.js/wp-content/plugins/wcone/admin/assets/mdtimepicker.min.js/wp-content/plugins/wcone/admin/assets/datatables.js/wp-content/plugins/wcone/admin/assets/admin.js+1 more
Script Paths
//maps.googleapis.com/maps/api/js?key=&callback=initMap&libraries=places&v=weekly
Version Parameters
wcone-admin/assets/admin.css?ver=wcone-admin/assets/admin.js?ver=wcone/style.css?ver=wcone-admin/assets/datatables.css?ver=wcone-admin/assets/font-awesome.min.css?ver=wcone-admin/assets/mdtimepicker.css?ver=wcone-admin/assets/jQuery.print.js?ver=wcone-admin/assets/mdtimepicker.min.js?ver=wcone-admin/assets/datatables.js?ver=

HTML / DOM Fingerprints

JS Globals
adminWconeobj
FAQ

Frequently Asked Questions about wcOne | Delivery & Pickup Scheduler, Quick Checkout & Order Management System for WooCommerce