WP-Safety

AtoShip for WooCommerce Security & Risk Analysis

wordpress.org/plugins/atoship-for-woocommerce

Connect your WooCommerce store to AtoShip for discounted shipping labels, real-time rates, and tracking.

0 active installs v1.3.0 PHP 7.4+ WP 5.8+ Updated Mar 13, 2026
labelsshippingtrackinguspswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AtoShip for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

AtoShip for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago
Risk Assessment

The "atoship-for-woocommerce" plugin v1.3.0 demonstrates a generally strong security posture, with good adherence to secure coding practices. The extensive use of proper output escaping (97%) and a reasonable rate of prepared statements for SQL queries (44%) are positive indicators. The absence of known CVEs, dangerous functions, file operations, and critical taint flows further strengthens this assessment. However, there are specific areas that present potential risks.

The plugin exposes 13 entry points, with 2 of these being unprotected. Specifically, 2 out of 4 REST API routes lack permission callbacks. This means that unauthorized users could potentially interact with these API endpoints, which could lead to information disclosure or unintended actions if these endpoints are not inherently designed to be public-facing and safe. While no critical taint flows were identified, the presence of unprotected entry points represents a direct attack surface.

Overall, the plugin benefits from a clean vulnerability history, suggesting a commitment to security by its developers. The main concern lies in the unprotected REST API routes. Addressing these would significantly enhance the plugin's security. The plugin's strengths lie in its robust output escaping and lack of critical code vulnerabilities, but the unprotected API endpoints are a notable weakness.

Key Concerns

  • Unprotected REST API routes
Vulnerabilities
None known

AtoShip for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

AtoShip for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
4 prepared
Unescaped Output
5
168 escaped
Nonce Checks
10
Capability Checks
10
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

44% prepared9 total queries

Output Escaping

97% escaped173 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-atoship-label-metabox> (includes\class-atoship-label-metabox.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

AtoShip for WooCommerce Attack Surface

Entry Points13
Unprotected2

AJAX Handlers 9

authwp_ajax_atoship_get_ratesincludes\class-atoship-label-metabox.php:26
authwp_ajax_atoship_void_labelincludes\class-atoship-label-metabox.php:27
authwp_ajax_atoship_get_addressesincludes\class-atoship-label-metabox.php:28
authwp_ajax_atoship_create_labelincludes\class-atoship-label-metabox.php:29
authwp_ajax_atoship_purchase_labelincludes\class-atoship-label-metabox.php:30
authwp_ajax_atoship_disconnect_oauthincludes\class-atoship-oauth.php:45
authwp_ajax_atoship_sync_orderincludes\class-atoship-order-sync.php:24
authwp_ajax_atoship_sync_orders_batchincludes\class-atoship-order-sync.php:25
authwp_ajax_atoship_test_connectionincludes\class-atoship-settings.php:24

REST API Routes 4

POST/wp-json/atoship/v1/webhookincludes\class-atoship-webhook.php:41
POST/wp-json/atoship/v1/activateincludes\class-atoship-webhook.php:48
POST/wp-json/atoship/v1/disconnectincludes\class-atoship-webhook.php:55
GET/wp-json/atoship/v1/statusincludes\class-atoship-webhook.php:62
WordPress Hooks 37
actionadmin_noticesatoship-for-woocommerce.php:49
actionplugins_loadedatoship-for-woocommerce.php:92
filterbulk_actions-edit-shop_orderatoship-for-woocommerce.php:102
filterbulk_actions-woocommerce_page_wc-ordersatoship-for-woocommerce.php:103
filterhandle_bulk_actions-edit-shop_orderatoship-for-woocommerce.php:123
filterhandle_bulk_actions-woocommerce_page_wc-ordersatoship-for-woocommerce.php:124
filterallowed_redirect_hostsatoship-for-woocommerce.php:136
actionadmin_action_atoship_delete_pluginatoship-for-woocommerce.php:186
actionbefore_woocommerce_initatoship-for-woocommerce.php:241
actionadd_meta_boxesincludes\class-atoship-label-metabox.php:22
actionadmin_enqueue_scriptsincludes\class-atoship-label-metabox.php:23
actionadmin_initincludes\class-atoship-oauth.php:44
filterbulk_actions-woocommerce_page_wc-ordersincludes\class-atoship-order-actions.php:21
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-atoship-order-actions.php:22
filterbulk_actions-edit-shop_orderincludes\class-atoship-order-actions.php:25
filterhandle_bulk_actions-edit-shop_orderincludes\class-atoship-order-actions.php:26
actionadmin_noticesincludes\class-atoship-order-actions.php:29
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-atoship-order-actions.php:35
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-atoship-order-actions.php:36
filtermanage_edit-shop_order_columnsincludes\class-atoship-order-actions.php:39
actionmanage_shop_order_posts_custom_columnincludes\class-atoship-order-actions.php:40
filterwoocommerce_order_actionsincludes\class-atoship-order-actions.php:43
actionwoocommerce_order_action_atoship_syncincludes\class-atoship-order-actions.php:44
actionadmin_enqueue_scriptsincludes\class-atoship-order-actions.php:47
actionwoocommerce_order_status_changedincludes\class-atoship-order-sync.php:21
filterwoocommerce_settings_tabs_arrayincludes\class-atoship-settings.php:20
actionwoocommerce_settings_tabs_atoshipincludes\class-atoship-settings.php:21
actionwoocommerce_update_options_atoshipincludes\class-atoship-settings.php:22
actionadmin_enqueue_scriptsincludes\class-atoship-settings.php:23
actionadmin_noticesincludes\class-atoship-settings.php:25
actionwoocommerce_shipping_initincludes\class-atoship-shipping-method.php:562
filterwoocommerce_shipping_methodsincludes\class-atoship-shipping-method.php:574
actionwoocommerce_checkout_create_orderincludes\class-atoship-shipping-method.php:602
actionadmin_noticesincludes\class-atoship-shipping-method.php:700
actionwoocommerce_update_productincludes\class-atoship-shipping-method.php:708
actionwoocommerce_new_productincludes\class-atoship-shipping-method.php:709
actionrest_api_initincludes\class-atoship-webhook.php:34
Maintenance & Trust

AtoShip for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads117

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

AtoShip for WooCommerce Alternatives

WooCommerce Shipping

WooCommerce Shipping

woocommerce-shipping

A
100

A free shipping plugin for US merchants to print discounted shipping labels and compare live label rates directly from your WooCommerce dashboard.

60K No CVEs
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
Shiprocket

Shiprocket

shiprocket

B
78

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched
AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

A
99

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE
USPS Simple Shipping for Woocommerce

USPS Simple Shipping for Woocommerce

woo-usps-simple-shipping

A
100

USPS Simple provides real-time USPS domestic rates.

8K No CVEs
Developer Profile

AtoShip for WooCommerce Developer Profile

satoshipay

2 plugins · 10 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AtoShip for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/atoship-for-woocommerce/assets/css/admin.css/wp-content/plugins/atoship-for-woocommerce/assets/js/admin.js/wp-content/plugins/atoship-for-woocommerce/assets/css/frontend.css/wp-content/plugins/atoship-for-woocommerce/assets/js/frontend.js
Script Paths
/wp-content/plugins/atoship-for-woocommerce/assets/js/admin.js/wp-content/plugins/atoship-for-woocommerce/assets/js/frontend.js
Version Parameters
atoship-for-woocommerce/assets/css/admin.css?ver=atoship-for-woocommerce/assets/js/admin.js?ver=atoship-for-woocommerce/assets/css/frontend.css?ver=atoship-for-woocommerce/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
atoship-settings-pageatoship-oauth-connect-buttonatoship-order-sync-statusatoship-shipping-method-title
HTML Comments
<!-- Atoship Settings Page--><!-- ATOship OAuth Connect Button --><!-- ATOship Order Sync Status --><!-- ATOship Shipping Method -->
Data Attributes
data-atoship-order-iddata-atoship-shipment-statusdata-atoship-oauth-client-id
JS Globals
atoship_api_keyatoship_ajax_urlatoship_nonce
FAQ

Frequently Asked Questions about AtoShip for WooCommerce