WP-Safety

Vietnam Checkout for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-vietnam-checkout

Vietnam Checkout for WooCommerce - Thêm Tỉnh/Thành phố, Phường/Xã vào form checkout của Woo và tối giản form checkout cho phù hợp với Việt Nam

10K active installs v2.1.6 PHP + WP 4.3+ Updated Sep 8, 2025
quan-huyenvietnam-checkoutvietnam-checkout-for-woocommercewoo-vietwoocommerce
98
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 5, 2024
Plugin page Download
Safety Verdict

Is Vietnam Checkout for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Vietnam Checkout for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 5, 2024Updated 6mo ago
Risk Assessment

The "woo-vietnam-checkout" plugin v2.1.6 presents a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and a lack of critical or high severity taint flows, there are notable areas of concern. The presence of two AJAX handlers without authentication checks creates a significant attack surface, making these endpoints potentially vulnerable to unauthorized access or manipulation. The use of the `unserialize` function, even if not currently part of a known vulnerable flow, is a dangerous function that can lead to remote code execution if improperly handled with untrusted data.

The vulnerability history reveals a pattern of past security issues, with four known CVEs, predominantly medium severity Cross-Site Scripting vulnerabilities. While there are currently no unpatched vulnerabilities, this history suggests a recurring tendency for the plugin to have security flaws that require patching. The recent vulnerability discovered in February 2024 also indicates ongoing security challenges. The plugin's strengths lie in its robust SQL handling and generally good output escaping (74%), but the unprotected AJAX endpoints and the presence of `unserialize` are significant weaknesses that require attention.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function (unserialize)
  • Past medium severity vulnerabilities (3)
  • Recent vulnerability history
Vulnerabilities
4

Vietnam Checkout for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2024-24885medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woocommerce Vietnam Checkout <= 2.0.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Feb 5, 2024 Patched in 2.0.8 (4d)
WF-5344499d-c183-4164-a52c-0dca7873f63d-woo-vietnam-checkoutmedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woocommerce Vietnam Checkout <= 2.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 10, 2024 Patched in 2.0.8 (13d)
CVE-2023-5325high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woocommerce Vietnam Checkout <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting

Nov 6, 2023 Patched in 2.0.6 (78d)
CVE-2022-46843medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woocommerce Vietnam Checkout <= 2.0.4 - Reflected Cross-Site Scripting

Dec 9, 2022 Patched in 2.0.5 (410d)
Code Analysis
Analyzed Mar 16, 2026

Vietnam Checkout for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
20
58 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize( $original );get-address.php:67

Output Escaping

74% escaped78 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
form_html (includes\admin-order-functions.php:43)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Vietnam Checkout for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_load_diagioihanhchinhdevvn-woo-address-selectbox.php:101
noprivwp_ajax_load_diagioihanhchinhdevvn-woo-address-selectbox.php:102
WordPress Hooks 40
actionplugins_loadeddevvn-woo-address-selectbox.php:93
filterwoocommerce_checkout_fieldsdevvn-woo-address-selectbox.php:95
filterwoocommerce_statesdevvn-woo-address-selectbox.php:96
actionwp_enqueue_scriptsdevvn-woo-address-selectbox.php:98
actionadmin_enqueue_scriptsdevvn-woo-address-selectbox.php:99
filterwoocommerce_localisation_address_formatsdevvn-woo-address-selectbox.php:104
filterwoocommerce_order_formatted_billing_addressdevvn-woo-address-selectbox.php:105
actionwoocommerce_admin_order_data_after_shipping_addressdevvn-woo-address-selectbox.php:107
actionwoocommerce_after_order_object_savedevvn-woo-address-selectbox.php:108
filterwoocommerce_order_formatted_shipping_addressdevvn-woo-address-selectbox.php:109
filterwoocommerce_order_details_after_customer_detailsdevvn-woo-address-selectbox.php:111
filterwoocommerce_my_account_my_address_formatted_addressdevvn-woo-address-selectbox.php:114
filterwoocommerce_default_address_fieldsdevvn-woo-address-selectbox.php:115
filterwoocommerce_get_country_localedevvn-woo-address-selectbox.php:116
filterdefault_checkout_billing_countrydevvn-woo-address-selectbox.php:119
filterwoocommerce_customer_get_shipping_countrydevvn-woo-address-selectbox.php:120
actionadmin_menudevvn-woo-address-selectbox.php:124
actionadmin_initdevvn-woo-address-selectbox.php:125
filterwoocommerce_package_ratesdevvn-woo-address-selectbox.php:128
filterwoocommerce_admin_billing_fieldsdevvn-woo-address-selectbox.php:135
filterwoocommerce_admin_shipping_fieldsdevvn-woo-address-selectbox.php:136
filterwoocommerce_form_field_selectdevvn-woo-address-selectbox.php:138
filterwoocommerce_shipping_calculator_enable_postcodedevvn-woo-address-selectbox.php:140
filterwoocommerce_get_order_addressdevvn-woo-address-selectbox.php:142
filterwoocommerce_rest_prepare_shop_order_objectdevvn-woo-address-selectbox.php:143
filterwoocommerce_api_order_responsedevvn-woo-address-selectbox.php:144
filterwoocommerce_formatted_address_replacementsdevvn-woo-address-selectbox.php:147
actionbefore_woocommerce_initdevvn-woo-address-selectbox.php:149
actionwoocommerce_order_list_table_restrict_manage_ordersincludes\admin-order-functions.php:15
filterwoocommerce_shop_order_list_table_prepare_items_query_argsincludes\admin-order-functions.php:16
filtermonths_dropdown_resultsincludes\admin-order-functions.php:19
actionadmin_enqueue_scriptsincludes\admin-order-functions.php:22
actionrestrict_manage_postsincludes\admin-order-functions.php:25
actionpre_get_postsincludes\admin-order-functions.php:28
filterwoocommerce_currency_symbolincludes\apps.php:7
filterwoocommerce_cart_shipping_method_full_labelincludes\apps.php:19
filterwoocommerce_package_ratesincludes\apps.php:36
filterwoocommerce_paypal_supported_currenciesincludes\class-vncheckout-vnd-paypal-standard.php:26
filterwoocommerce_paypal_argsincludes\class-vncheckout-vnd-paypal-standard.php:29
filteroption_woocommerce_paypal_settingsincludes\class-vncheckout-vnd-paypal-standard.php:32
Maintenance & Trust

Vietnam Checkout for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 8, 2025
PHP min version
Downloads102K

Community Trust

Rating94/100
Number of ratings14
Active installs10K
Alternatives

Vietnam Checkout for WooCommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Developer Profile

Vietnam Checkout for WooCommerce Developer Profile

Le Van Toan

8 plugins · 44K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
85 days
View full developer profile
Detection Fingerprints

How We Detect Vietnam Checkout for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-vietnam-checkout/assets/js/devvn-checkout.js/wp-content/plugins/woo-vietnam-checkout/assets/css/devvn-checkout.css/wp-content/plugins/woo-vietnam-checkout/assets/js/devvn-address.js
Script Paths
/wp-content/plugins/woo-vietnam-checkout/assets/js/devvn-checkout.js/wp-content/plugins/woo-vietnam-checkout/assets/js/devvn-address.js
Version Parameters
woo-vietnam-checkout/assets/js/devvn-checkout.js?ver=woo-vietnam-checkout/assets/css/devvn-checkout.css?ver=woo-vietnam-checkout/assets/js/devvn-address.js?ver=

HTML / DOM Fingerprints

CSS Classes
devvn-checkout-wrapperdevvn-select-provincedevvn-select-districtdevvn-select-ward
HTML Comments
<!-- devvn_checkout_field --><!-- devvn_checkout_shipping_field -->
Data Attributes
data-provincedata-districtdata-ward
JS Globals
devvn_checkout_ajax_object
REST Endpoints
/wp-json/devvn-checkout/v1/locations
FAQ

Frequently Asked Questions about Vietnam Checkout for WooCommerce