Does Aramex eCommCore have any unpatched vulnerabilities?

No. All known vulnerabilities in Aramex eCommCore have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Aramex eCommCore compatible with WordPress 6.9.4?

According to WordPress.org data, Aramex eCommCore 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Aramex eCommCore compatible with PHP 7.4+?

Aramex eCommCore requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Aramex eCommCore updated?

Aramex eCommCore was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is Aramex eCommCore's security score?

Aramex eCommCore has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Aramex eCommCore Security & Risk Analysis

wordpress.org/plugins/aramex-ecommcore

Seamlessly connect WooCommerce with Aramex Unified Portal for automated orders, shipment creation, tracking, and inventory sync.

10 active installs v1.0.4 PHP 7.4+ WP 5.8+ Updated Mar 6, 2026

aramexinventoryshippingtrackingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Aramex eCommCore Safe to Use in 2026?

Generally Safe

Score 100/100

Aramex eCommCore has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 28d ago

Risk Assessment

The "aramex-ecommcore" v1.0.4 plugin exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and complete output escaping are strong indicators of secure coding practices. The plugin also avoids bundled libraries and has no recorded vulnerability history, suggesting a well-maintained and secure codebase.

However, there are notable areas of concern related to its attack surface. The presence of 3 unprotected entry points (2 AJAX handlers and 1 REST API route without permission callbacks) presents a potential risk. While the taint analysis shows no identified flows, the lack of authentication and permission checks on these entry points could allow unauthenticated or unauthorized users to interact with sensitive functionality, potentially leading to unexpected behavior or information disclosure depending on the actions performed by these handlers and routes.

In conclusion, while the plugin is technically well-built in terms of preventing common vulnerabilities like SQL injection and XSS, the exposed AJAX handlers and REST API routes without proper authorization are significant weaknesses. Addressing these unprotected entry points should be the immediate priority to strengthen the plugin's overall security.

Key Concerns

Unprotected AJAX handlers (2)
Unprotected REST API route (1)
Low number of capability checks (0)

Vulnerabilities

None known

Aramex eCommCore Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Aramex eCommCore Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped47 total outputs

Attack Surface

3 unprotected

Aramex eCommCore Attack Surface

Entry Points10

Unprotected3

AJAX Handlers 4

noprivwp_ajax_aramex_background_syncaramex-ecommcore.php:126

authwp_ajax_aramex_background_syncaramex-ecommcore.php:127

authwp_ajax_aramex_rate_calcaramex-ecommcore.php:364

noprivwp_ajax_aramex_rate_calcaramex-ecommcore.php:365

REST API Routes 6

POST/wp-json/aramex/order-sync-dataincludes\plugin-unified-api.php:399

POST/wp-json/aramex/unified/update-shipmentincludes\plugin-unified-api.php:499

POST/wp-json/aramex/unified/stock-manual-syncincludes\plugin-unified-api.php:582

POST/wp-json/aramex/unified/stock-webhook-syncincludes\plugin-unified-api.php:778

POST/wp-json/aramex/unified/auth-jwt-tokenincludes\plugin-unified-api.php:915

POST/wp-json/aramex/unified/get-rate-calculator-configincludes\plugin-unified-api.php:955

WordPress Hooks 23

actionwoocommerce_order_status_processingaramex-ecommcore.php:50

actionwoocommerce_order_status_on-holdaramex-ecommcore.php:51

actionshutdownaramex-ecommcore.php:61

actionwoocommerce_order_status_changedaramex-ecommcore.php:82

actionwoocommerce_update_orderaramex-ecommcore.php:93

actionshutdownaramex-ecommcore.php:94

actionadmin_enqueue_scriptsaramex-ecommcore.php:183

actionwp_enqueue_scriptsaramex-ecommcore.php:186

filteradmin_body_classaramex-ecommcore.php:214

filterwoocommerce_package_ratesaramex-ecommcore.php:228

actionwoocommerce_after_add_to_cart_buttonaramex-ecommcore.php:274

actionwp_footeraramex-ecommcore.php:298

actionwp_footeraramex-ecommcore.php:318

actionadmin_initaramex-ecommcore.php:438

actionwoocommerce_product_options_inventory_product_dataaramex-ecommcore.php:466

actionwoocommerce_admin_process_product_objectaramex-ecommcore.php:484

actionrest_api_initincludes\plugin-unified-api.php:398

actionrest_api_initincludes\plugin-unified-api.php:498

actionrest_api_initincludes\plugin-unified-api.php:581

actionrest_api_initincludes\plugin-unified-api.php:777

actionrest_api_initincludes\plugin-unified-api.php:914

actionrest_api_initincludes\plugin-unified-api.php:954

actionadmin_menuincludes\plugin-unified-login.php:8

Maintenance & Trust

Aramex eCommCore Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads384

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Aramex eCommCore Alternatives

Aramex Logistics

aramex-logistics

100

Seamlessly integrate Aramex Logistics with your WooCommerce store for efficient order management, inventory tracking, and shipping operations.

50 No CVEs

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE

YITH WooCommerce Order & Shipment Tracking

yith-woocommerce-order-tracking

Add an easy tool to manage order shipping information of your shop and to notified your customers about the shipping.

7K 1 CVE

Developer Profile

Aramex eCommCore Developer Profile

aramex

3 plugins · 90 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Aramex eCommCore

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/aramex-ecommcore/assets/css/style.css/wp-content/plugins/aramex-ecommcore/assets/css/aramex-rate.css/wp-content/plugins/aramex-ecommcore/assets/js/rates-calculator.js

Script Paths

/wp-content/plugins/aramex-ecommcore/assets/js/rates-calculator.js

Version Parameters

aramex-stylearamex-rate-stylearamex-rate-calc

HTML / DOM Fingerprints

CSS Classes

ecommcore-login-page

Data Attributes

data-aramex-login-form

JS Globals

aramexUParamexRateCalc

REST Endpoints

/wp-json/aramex-ecommcore/v1/rates

FAQ