WP-Safety

PiWeb Flat rate / Conditional shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/advanced-free-flat-shipping-woocommerce

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met …

2K active installs v1.6.6.1 PHP + WP 3.0.1+ Updated Mar 11, 2026
flat-rate-shippingshipping-ratestable-ratewoocommerce-shippingwoocommerce-shipping-plugin
100
A · Safe
CVEs total1
Unpatched0
Last CVEJun 2, 2023
Plugin page Download
Safety Verdict

Is PiWeb Flat rate / Conditional shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

PiWeb Flat rate / Conditional shipping for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 2, 2023Updated 23d ago
Risk Assessment

The "advanced-free-flat-shipping-woocommerce" plugin, version 1.6.6.1, exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, there are notable areas of concern. The presence of 3 AJAX handlers without authentication checks represents a significant attack surface that could be exploited by unauthenticated users, potentially leading to unintended actions or data exposure. The taint analysis revealed one flow with an unsanitized path, which, although not rated as critical or high severity, still warrants attention as it could indicate a potential for certain types of input to be processed in an unsafe manner. The vulnerability history shows one previously identified medium severity CVE, a Cross-Site Request Forgery (CSRF), which has since been patched. The fact that there are no currently unpatched vulnerabilities is a positive sign. Overall, while the plugin has strengths in data handling and output escaping, the unprotected AJAX endpoints and the identified unsanitized path are key weaknesses that require remediation to improve its security.

Key Concerns

  • Unprotected AJAX handlers found
  • Flow with unsanitized path identified
  • Past medium severity CVE (CSRF)
Vulnerabilities
1

PiWeb Flat rate / Conditional shipping for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-34015medium · 4.3Cross-Site Request Forgery (CSRF)

Advanced Flat rate shipping Woocommerce <= 1.6.4.4 - Cross-Site Request Forgery via enableDisable and deletePost

Jun 2, 2023 Patched in 1.6.4.6 (235d)
Code Analysis
Analyzed Mar 16, 2026

PiWeb Flat rate / Conditional shipping for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
142
576 escaped
Nonce Checks
12
Capability Checks
36
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

80% escaped718 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths
handle_tracker_action (admin\class-analytics.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

PiWeb Flat rate / Conditional shipping for WooCommerce Attack Surface

Entry Points9
Unprotected3

AJAX Handlers 9

authwp_ajax_pi_extra_charge_dynamic_value_productadmin\additional-charges\additional-charges.php:12
authwp_ajax_pi_extra_charge_dynamic_value_categoryadmin\additional-charges\additional-charges.php:14
authwp_ajax_pisol_affsw_change_statusadmin\class-extended-flat-rate-shipping-woocommerce-add-shipping-method.php:36
authwp_ajax_pisol_efrs_save_methodadmin\class-extended-flat-rate-shipping-woocommerce-add-shipping-method.php:37
authwp_ajax_pisol_efrs_save_custom_groupadmin\custom-group\class-add-custom-group.php:36
authwp_ajax_pi_efrs_custom_group_categoryadmin\custom-group\class-add-custom-group.php:37
authwp_ajax_pi_efrs_custom_group_productadmin\custom-group\class-add-custom-group.php:38
authwp_ajax_pisol_efrs_save_packageadmin\package-manager\class-add-package.php:37
authwp_ajax_pisol_affsw_package_manager_change_statusadmin\package-manager\class-add-package.php:38
WordPress Hooks 57
actionpi_efrs_extra_form_fieldsadmin\additional-charges\additional-charges.php:8
filterpi_efrs_shipping_method_form_dataadmin\additional-charges\additional-charges.php:9
actionpisol_efrs_save_shipping_methodadmin\additional-charges\additional-charges.php:10
actionpi_efrs_additional_charges_tabadmin\additional-charges\cart-quantity-charges.php:10
actionpi_efrs_additional_charges_tab_contentadmin\additional-charges\cart-quantity-charges.php:11
filterpi_efrs_shipping_method_form_dataadmin\additional-charges\cart-quantity-charges.php:13
filterpi_efrs_shipping_method_clone_form_dataadmin\additional-charges\cart-quantity-charges.php:14
actionpisol_efrs_save_shipping_methodadmin\additional-charges\cart-quantity-charges.php:16
filterpi_efrs_add_additional_chargesadmin\additional-charges\cart-quantity-charges.php:18
actionpi_efrs_additional_charges_tabadmin\additional-charges\cart-subtotal-charges.php:11
actionpi_efrs_additional_charges_tab_contentadmin\additional-charges\cart-subtotal-charges.php:12
filterpi_efrs_shipping_method_form_dataadmin\additional-charges\cart-subtotal-charges.php:14
filterpi_efrs_shipping_method_clone_form_dataadmin\additional-charges\cart-subtotal-charges.php:16
actionpisol_efrs_save_shipping_methodadmin\additional-charges\cart-subtotal-charges.php:18
filterpi_efrs_add_additional_chargesadmin\additional-charges\cart-subtotal-charges.php:20
actionpi_efrs_additional_charges_tabadmin\additional-charges\pro-charges.php:9
actionpi_efrs_additional_charges_tab_contentadmin\additional-charges\pro-charges.php:11
actionpi_efrs_additional_charges_tabadmin\additional-charges\weight-based-charges.php:11
actionpi_efrs_additional_charges_tab_contentadmin\additional-charges\weight-based-charges.php:12
filterpi_efrs_shipping_method_form_dataadmin\additional-charges\weight-based-charges.php:14
filterpi_efrs_shipping_method_clone_form_dataadmin\additional-charges\weight-based-charges.php:15
actionpisol_efrs_save_shipping_methodadmin\additional-charges\weight-based-charges.php:16
filterpi_efrs_add_additional_chargesadmin\additional-charges\weight-based-charges.php:18
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
actioninitadmin\class-extended-flat-rate-shipping-woocommerce-list-shipping-method.php:39
actionadmin_menuadmin\class-extended-flat-rate-shipping-woocommerce-menu.php:14
actionadmin_enqueue_scriptsadmin\custom-group\class-add-custom-group.php:34
actioninitadmin\custom-group\class-custom-groups-list.php:41
actioninitadmin\option.php:26
actionwoocommerce_after_shipping_rateadmin\option.php:37
actionadmin_enqueue_scriptsadmin\package-manager\class-add-package.php:35
actioninitadmin\package-manager\class-custom-package-list.php:41
actionadmin_enqueue_scriptsadmin\selection_rules\pisol_selection_rule_main.php:275
filterterms_clausesadmin\selection_rules\rules\category_product.php:129
actionadmin_noticesextended-flat-rate-shipping-woocommerce.php:44
actionadmin_noticesextended-flat-rate-shipping-woocommerce.php:56
actionbefore_woocommerce_initextended-flat-rate-shipping-woocommerce.php:74
actionadmin_initextended-flat-rate-shipping-woocommerce.php:131
actionplugins_loadedincludes\class-extended-flat-rate-shipping-woocommerce.php:146
actionadmin_enqueue_scriptsincludes\class-extended-flat-rate-shipping-woocommerce.php:161
actionadmin_enqueue_scriptsincludes\class-extended-flat-rate-shipping-woocommerce.php:162
actionwp_enqueue_scriptsincludes\class-extended-flat-rate-shipping-woocommerce.php:177
actionwp_enqueue_scriptsincludes\class-extended-flat-rate-shipping-woocommerce.php:178
actionadmin_footerincludes\pisol.class.form.php:444
filterallowed_redirect_hostsincludes\review.php:109
actionadmin_noticesincludes\review.php:114
actionwp_loadedpublic\class-disable-shipping-method-cache.php:17
filteroption_woocommerce_shipping_cost_requires_addresspublic\class-disable-shipping-method-cache.php:18
actionwoocommerce_shipping_initpublic\class-extended-flat-rate-shipping-woocommerce-public.php:18
actionwoocommerce_shipping_methodspublic\class-extended-flat-rate-shipping-woocommerce-public.php:20
filterwoocommerce_get_sections_shippingpublic\class-extended-flat-rate-shipping-woocommerce-public.php:59
filterwoocommerce_package_ratespublic\class-other-method-handling.php:7
filterwoocommerce_cart_shipping_method_full_labelpublic\class-other-method-handling.php:11
filterwoocommerce_cart_shipping_packagespublic\class-package-manager.php:20
filterwoocommerce_shipping_package_namepublic\class-package-manager.php:22
Maintenance & Trust

PiWeb Flat rate / Conditional shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version
Downloads166K

Community Trust

Rating98/100
Number of ratings57
Active installs2K
Alternatives

PiWeb Flat rate / Conditional shipping for WooCommerce Alternatives

Flat Rate Shipping Method for WooCommerce

Flat Rate Shipping Method for WooCommerce

woo-extra-flat-rate

A
100

Create flexible flat rate shipping methods with custom rules i.e. for specific products or countries where the products will be shipped to.

6K No CVEs
Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

advanced-rule-based-shipping

A
100

Transform your WooCommerce store with Advanced Rule Based Shipping methods! Enjoy flexible options like table rates, weight-based, and flat rates!

100 No CVEs
PrangoShip [Quantity Based] for WooCommerce

PrangoShip [Quantity Based] for WooCommerce

woo-quantity-based-shipping-rate

A
85

Lets you assign shipping rates based on the quantity of items in the cart for your WooCommerce Store.

100 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Weight Based Shipping for WooCommerce

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

A
100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE
Developer Profile

PiWeb Flat rate / Conditional shipping for WooCommerce Developer Profile

PI Web Solution

30 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect PiWeb Flat rate / Conditional shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-free-flat-shipping-woocommerce/admin/css/jquery-confirm.min.css/wp-content/plugins/advanced-free-flat-shipping-woocommerce/admin/js/jquery-confirm.min.js/wp-content/plugins/advanced-free-flat-shipping-woocommerce/admin/js/extended-flat-rate-shipping-woocommerce-admin.js/wp-content/plugins/advanced-free-flat-shipping-woocommerce/admin/js/extended-flat-rate-shipping-additional-charges.js
Script Paths
admin/js/jquery-confirm.min.jsadmin/js/extended-flat-rate-shipping-woocommerce-admin.jsadmin/js/extended-flat-rate-shipping-additional-charges.js
Version Parameters
advanced-free-flat-shipping-woocommerce/admin/css/jquery-confirm.min.css?ver=advanced-free-flat-shipping-woocommerce/admin/js/jquery-confirm.min.js?ver=advanced-free-flat-shipping-woocommerce/admin/js/extended-flat-rate-shipping-woocommerce-admin.js?ver=advanced-free-flat-shipping-woocommerce/admin/js/extended-flat-rate-shipping-additional-charges.js?ver=

HTML / DOM Fingerprints

CSS Classes
pi-efrs-admin-page
HTML Comments
<!-- Pi Websolution Shipping Add On Starts --><!-- Pi Websolution Shipping Add On Ends -->
Data Attributes
data-plugin-namedata-version
JS Globals
pi_efrs_setting_datapi_efrs_pro_data
FAQ

Frequently Asked Questions about PiWeb Flat rate / Conditional shipping for WooCommerce