Does Automated FedEx live/manual rates with shipping labels – HPOS supported have any unpatched vulnerabilities?

Yes — Automated FedEx live/manual rates with shipping labels – HPOS supported currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Automated FedEx live/manual rates with shipping labels – HPOS supported Security & Risk Analysis

wordpress.org/plugins/a2z-fedex-shipping

Integrate the FedEx for Domestic and international Shipping. Shipping rates, label, tracking.

200 active installs v5.1.9 PHP 5.6+ WP 4.6.1+ Updated Apr 16, 2026

automatefedexfedex-shippingshippingwoocommerce-fedex

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 17, 2026

Plugin page Download

Safety Verdict

Is Automated FedEx live/manual rates with shipping labels – HPOS supported Safe to Use in 2026?

Mostly Safe

Score 78/100

Automated FedEx live/manual rates with shipping labels – HPOS supported is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Mar 17, 2026Updated 1mo ago

Risk Assessment

The "a2z-fedex-shipping" v5.1.8 plugin presents a concerning security posture primarily due to significant vulnerabilities in its attack surface and data handling. While the plugin shows some positive signs like a lack of known CVEs and a moderate use of prepared statements, these are overshadowed by critical security flaws identified in static analysis. The presence of an unprotected REST API endpoint is a major concern, as it represents a direct entry point for attackers. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for severe security issues if these paths are exposed to user-controlled input. The complete absence of nonce and capability checks for any entry points amplifies these risks, leaving the plugin highly susceptible to unauthorized actions and privilege escalation.

Key Concerns

Unprotected REST API route
Unsanitized taint flows (high severity)
No nonce checks
No capability checks
Low output escaping percentage

Vulnerabilities

1 published

Automated FedEx live/manual rates with shipping labels – HPOS supported Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-25456medium · 5.3Missing Authorization

Automated FedEx live/manual rates with shipping labels – HPOS supported <= 5.1.8 - Missing Authorization

Mar 17, 2026Unpatched

Version History

Automated FedEx live/manual rates with shipping labels – HPOS supported Release Timeline

v5.1.9Current1 CVE

v5.1.81 CVE

v5.1.71 CVE

v5.1.61 CVE

v5.1.51 CVE

v5.1.41 CVE

v5.1.31 CVE

v5.1.21 CVE

v5.1.11 CVE

v5.1.01 CVE

v5.0.101 CVE

v5.0.91 CVE

v5.0.81 CVE

v5.0.71 CVE

v5.0.61 CVE

v5.0.51 CVE

v5.0.41 CVE

v5.0.31 CVE

v5.0.21 CVE

v5.0.11 CVE

Code Analysis

Analyzed Mar 16, 2026

Automated FedEx live/manual rates with shipping labels – HPOS supported Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

107

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

52% escaped225 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

hitshippo_fedex_order_status_update (a2zfedex_basic.php:1298)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Automated FedEx live/manual rates with shipping labels – HPOS supported Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/shipi/v1/connect/fedex/a2zfedex_basic.php:241

WordPress Hooks 23

actionbefore_woocommerce_inita2zfedex_basic.php:28

actionrest_api_inita2zfedex_basic.php:98

actionplugin_loadeda2zfedex_basic.php:99

actionwoocommerce_shipping_inita2zfedex_basic.php:107

actioninita2zfedex_basic.php:108

filterwoocommerce_shipping_methodsa2zfedex_basic.php:109

actionadd_meta_boxesa2zfedex_basic.php:111

actionwoocommerce_process_shop_order_metaa2zfedex_basic.php:113

actionwoocommerce_process_shop_order_metaa2zfedex_basic.php:114

actionsave_posta2zfedex_basic.php:116

actionsave_posta2zfedex_basic.php:117

actionadmin_menua2zfedex_basic.php:119

filterwoocommerce_product_data_tabsa2zfedex_basic.php:120

actionwoocommerce_process_product_metaa2zfedex_basic.php:121

filterwoocommerce_product_data_panelsa2zfedex_basic.php:122

actionwoocommerce_order_status_processinga2zfedex_basic.php:123

actionwoocommerce_product_options_shippinga2zfedex_basic.php:130

actionwoocommerce_process_product_metaa2zfedex_basic.php:131

actionedit_user_profilea2zfedex_basic.php:134

actionedit_user_profile_updatea2zfedex_basic.php:135

actionwoocommerce_view_ordera2zfedex_basic.php:138

actionadmin_inita2zfedex_basic.php:139

filterwoocommerce_shipping_methodscontrollors\hitshippo_fedex_init.php:1446

Maintenance & Trust

Automated FedEx live/manual rates with shipping labels – HPOS supported Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 16, 2026

PHP min version5.6

Downloads63K

Community Trust

Rating98/100

Number of ratings12

Active installs200

Alternatives

Automated FedEx live/manual rates with shipping labels – HPOS supported Alternatives

Shipping Live Rates for FedEx for WooCommerce

flexible-shipping-fedex

100

Offer FedEx shipping for WooCommerce with real-time rates via FedEx API. Show live rates at checkout based on weight and addresses.

2K No CVEs

Webshipper – Automated Shipping

webshipper-automated-shipping

100

Automated shipping for WooCommerce.

400 No CVEs

BLAZING Shipment Tracking

blazing-woocommerce-shipment-tracking

This plugin adds courier and tracking number to the woocommerce order, and a dedicated email to send shipment tracking info to the customer.

300 No CVEs

bpost-shipping-platform

100

Bpost for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

300 No CVEs

BuckyDrop – Branded Dropshipping for WooCommerce

buckydrop-dropshipping-for-woocommerce

100

Find dropshipping products from Alibaba/1688/Taobao/Weidian/Yupoo/Poizon, import them to your WooCommerce store, and automate your order processes.

300 No CVEs

Developer Profile

Automated FedEx live/manual rates with shipping labels – HPOS supported Developer Profile

Aarsiv Groups

11 plugins · 640 total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Automated FedEx live/manual rates with shipping labels – HPOS supported

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/a2z-fedex-shipping/assets/css/a2z-fedex-shipping.css/wp-content/plugins/a2z-fedex-shipping/assets/js/a2z-fedex-shipping.js/wp-content/plugins/a2z-fedex-shipping/assets/js/admin.js/wp-content/plugins/a2z-fedex-shipping/assets/js/frontend.js/wp-content/plugins/a2z-fedex-shipping/assets/css/admin.css

Script Paths

/wp-content/plugins/a2z-fedex-shipping/assets/js/a2z-fedex-shipping.js/wp-content/plugins/a2z-fedex-shipping/assets/js/admin.js/wp-content/plugins/a2z-fedex-shipping/assets/js/frontend.js

Version Parameters

a2z-fedex-shipping/assets/css/a2z-fedex-shipping.css?ver=a2z-fedex-shipping/assets/js/a2z-fedex-shipping.js?ver=a2z-fedex-shipping/assets/js/admin.js?ver=a2z-fedex-shipping/assets/js/frontend.js?ver=a2z-fedex-shipping/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

a2z_fedex_shipping_optionsa2z_fedex_shipping_rate_optionsa2z_fedex_shipping_label_optionsa2z_fedex_shipping_settingsa2z_fedex_shipping_admin_settings

HTML Comments

+2 more

Data Attributes

data-fedex-rate-optionsdata-fedex-label-optionsdata-fedex-settingsdata-fedex-admin-settings

JS Globals

a2z_fedex_shipping_paramsa2z_fedex_admin_paramsa2z_fedex_frontend_params

REST Endpoints

/wp-json/a2z-fedex-shipping/v1/rates/wp-json/a2z-fedex-shipping/v1/labels

Shortcode Output

[a2z_fedex_shipping_calculator][a2z_fedex_shipping_rates][a2z_fedex_shipping_labels]

FAQ

Automated FedEx live/manual rates with shipping labels – HPOS supported Security & Risk Analysis

Is Automated FedEx live/manual rates with shipping labels – HPOS supported Safe to Use in 2026?

Mostly Safe

Key Concerns

Automated FedEx live/manual rates with shipping labels – HPOS supported Security Vulnerabilities

CVEs by Year

Severity Breakdown

Automated FedEx live/manual rates with shipping labels – HPOS supported Release Timeline

Automated FedEx live/manual rates with shipping labels – HPOS supported Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Automated FedEx live/manual rates with shipping labels – HPOS supported Attack Surface

REST API Routes 1

Automated FedEx live/manual rates with shipping labels – HPOS supported Maintenance & Trust

Maintenance Signals

Community Trust

Automated FedEx live/manual rates with shipping labels – HPOS supported Alternatives

Shipping Live Rates for FedEx for WooCommerce

Webshipper – Automated Shipping

BLAZING Shipment Tracking

bpost-shipping-platform

BuckyDrop – Branded Dropshipping for WooCommerce

Automated FedEx live/manual rates with shipping labels – HPOS supported Developer Profile

How We Detect Automated FedEx live/manual rates with shipping labels – HPOS supported

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Automated FedEx live/manual rates with shipping labels – HPOS supported