WP-Safety

WebCourier Plugin Security & Risk Analysis

wordpress.org/plugins/webcourier

Plugin feito para envio de pesquisas de satisfação.

10 active installs v2.3 PHP + WP 3.0.1+ Updated Oct 24, 2016
add-usersmailin-listuser-managementwebcourier
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WebCourier Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

WebCourier Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The webcourier plugin v2.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and avoiding external HTTP requests, which significantly reduces common attack vectors. The absence of any recorded vulnerabilities in its history is also a strong indicator of developer diligence and a relatively secure codebase over time. However, the static analysis reveals several concerning areas. A significant portion of output (76%) is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also lacks any nonce checks or capability checks, which are crucial for securing entry points, especially given the presence of 6 shortcodes. Furthermore, the taint analysis indicates that all analyzed flows involve unsanitized paths, although they are not currently flagged as critical or high severity. This suggests a potential for insecure file operations or path manipulation, even if no immediate high-impact vulnerabilities are apparent in this version.

Key Concerns

  • Significant amount of unescaped output
  • No nonce checks implemented
  • No capability checks implemented
  • Taint analysis shows unsanitized paths
  • File operations present without sanitization checks
Vulnerabilities
None known

WebCourier Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WebCourier Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
35
11 escaped
Nonce Checks
0
Capability Checks
0
File Operations
6
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

24% escaped46 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
<geral_webcourier> (views\geral_webcourier.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WebCourier Plugin Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[form_webcourier_settings_shortcode] src\webcourier\Loader.php:47
[form_webcourier_newsletter_shortcode] src\webcourier\Loader.php:53
[webcourier_page_config] src\webcourier\Loader.php:59
[webcourier_page_pesquisa] src\webcourier\Loader.php:65
[webcourier_page_configuracoes] src\webcourier\Loader.php:71
[send_pesquisa] webcourier.php:140
WordPress Hooks 12
actionwoocommerce_order_status_completedsrc\EventHandler.php:22
actionwoocommerce_order_status_failedsrc\EventHandler.php:30
actioncomment_postsrc\EventHandler.php:38
actionuser_registersrc\EventHandler.php:46
actionadmin_menusrc\webcourier\Loader.php:7
actionadmin_headsrc\webcourier\Loader.php:92
actioninitwebcourier.php:21
actionwp_logoutwebcourier.php:22
actionwp_loginwebcourier.php:23
filteradmin_footer_textwebcourier.php:112
filterupdate_footerwebcourier.php:118
actionadmin_enqueue_scriptswebcourier.php:138
Maintenance & Trust

WebCourier Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedOct 24, 2016
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WebCourier Plugin Alternatives

Campaign Monitor Dual Registration

Campaign Monitor Dual Registration

campaign-monitor-dual-registration

A
85

Automatically add new Wordpress users to your mailing list on Campaign Monitor.

10 No CVEs
New User Approve

New User Approve

new-user-approve

A
86

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 9 CVEs
User Access Manager

User Access Manager

user-access-manager

A
98

With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.

10K 4 CVEs
Delete Me

Delete Me

delete-me

A
92

Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used.

8K 1 CVE
WP Approve User

WP Approve User

wp-approve-user

A
85

Adds action links to user table to approve or unapprove user registrations.

3K No CVEs
Developer Profile

WebCourier Plugin Developer Profile

dgledson

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WebCourier Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/webcourier/css/styles.css/wp-content/plugins/webcourier/js/pesquisa-add.js/wp-content/plugins/webcourier/js/angular.min.js/wp-content/plugins/webcourier/js/ControllerPesquisaAdd.js/wp-content/plugins/webcourier/js/ControllerPesquisaList.js/wp-content/plugins/webcourier/js/jquery.smartWizard.js/wp-content/plugins/webcourier/js/pesquisaAddWizard.js/wp-content/plugins/webcourier/js/sweetalert.min.js+1 more

HTML / DOM Fingerprints

JS Globals
edit_search
Shortcode Output
[webcourier_page_config][webcourier_page_pesquisa][webcourier_page_configuracoes][webcourier_send_pesquisa]
FAQ

Frequently Asked Questions about WebCourier Plugin