WP-Safety

Balcão Balcão Security & Risk Analysis

wordpress.org/plugins/balcao-balcao

Plugin de integração da plataforma Balcão Balcão para Wordpress.

0 active installs v1.0.5 PHP 5.6+ WP 5.2.0+ Updated Jan 26, 2021
brasilfretewoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Balcão Balcão Safe to Use in 2026?

Generally Safe

Score 85/100

Balcão Balcão has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "balcao-balcao" plugin v1.0.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and ensures all output is properly escaped, which significantly mitigates common injection and cross-site scripting vulnerabilities. The absence of known vulnerabilities in its history is also a strong indicator of past security diligence.

However, the static analysis reveals significant concerns. The plugin exposes one REST API route without any permission callbacks, creating a direct, unprotected entry point into the application. This lack of authentication or authorization checks on this REST API endpoint is a critical security flaw. Furthermore, the absence of nonce checks on AJAX handlers, though there are no AJAX handlers reported, indicates a potential oversight in how future dynamic content might be handled, and more importantly, the current unprotected REST API route serves as a major concern.

While the plugin has no recorded vulnerability history, this does not guarantee future safety, especially given the identified unprotected REST API endpoint. The overall security is compromised by this single, but severe, unprotected entry point. Developers should prioritize adding proper authentication and authorization checks to all exposed endpoints, especially REST API routes. The strengths in SQL and output handling are commendable, but the critical weakness in exposed API access needs immediate attention.

Key Concerns

  • REST API route without permission callbacks
  • No nonce checks on AJAX handlers (potential future risk)
  • No capability checks on entry points
Vulnerabilities
None known

Balcão Balcão Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Balcão Balcão Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
3
Bundled Libraries
0

Output Escaping

100% escaped4 total outputs
Attack Surface
1 unprotected

Balcão Balcão Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

POST/wp-json/balcaobalcao/v1legacy-callbackbalcaobalcao-shipping.php:497
WordPress Hooks 5
actionwoocommerce_shipping_initbalcaobalcao-shipping.php:15
filterwoocommerce_shipping_methodsbalcaobalcao-shipping.php:421
actionwoocommerce_thankyoubalcaobalcao-shipping.php:428
actionwoocommerce_order_status_changedbalcaobalcao-shipping.php:457
actionrest_api_initbalcaobalcao-shipping.php:496
Maintenance & Trust

Balcão Balcão Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJan 26, 2021
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Balcão Balcão Alternatives

Calculadora de Frete e Campos Checkout para o Brasil

Calculadora de Frete e Campos Checkout para o Brasil

woo-better-shipping-calculator-for-brazil

A
100

Shipping calculator for Brazilian WooCommerce stores with automatic Postal Code address pre-filling and Brazilian Market on WooCommerce.

3K No CVEs
Envio Ecom

Envio Ecom

envioecom-shipping

A
100

Envio Ecom (EnvioEcom): calcula frete em tempo real no checkout com as melhores transportadoras do Brasil. EnvioEcom · envio ecom.

0 No CVEs
Shipping Simulator for WooCommerce

Shipping Simulator for WooCommerce

shipping-simulator-for-woocommerce

A
100

Allows customers to calculate the shipping rates on the product page in your WooCommerce store.

6K No CVEs
Pagar.me para WooCommerce

Pagar.me para WooCommerce

pagarme-payments-for-woocommerce

A
100

Aceite diversos métodos de pagamento de forma simples e segura utilizando o Pagar.me!

5K No CVEs
PagBank / PagSeguro Connect para WooCommerce

PagBank / PagSeguro Connect para WooCommerce

pagbank-connect

A
99

PagBank com PIX, Cartão de Crédito, Boleto, Recorrência + Envio Fácil e com Menos Taxas no PagSeguro. Autenticação 3D: menos chargeback + aprovações.

4K 1 CVE
Developer Profile

Balcão Balcão Developer Profile

balcaobalcao

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Balcão Balcão

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/balcao-balcao/includes/balcaobalcao-shipping.css/wp-content/plugins/balcao-balcao/includes/balcaobalcao-shipping.js
Script Paths
/wp-content/plugins/balcao-balcao/includes/balcaobalcao-shipping.js
Version Parameters
balcao-balcao/includes/balcaobalcao-shipping.css?ver=balcao-balcao/includes/balcaobalcao-shipping.js?ver=

HTML / DOM Fingerprints

CSS Classes
balcaobalcao-shipping-optionsbalcaobalcao-settings-fieldbalcaobalcao-title
HTML Comments
<!-- Balcão Balcão Shipping Method --><!-- Balcão Balcão Settings --><!-- Balcão Balcão JavaScript -->
Data Attributes
data-balcaobalcao-debugdata-balcaobalcao-tokendata-balcaobalcao-endpoint
JS Globals
balcaobalcao_params
REST Endpoints
/wp-json/balcaobalcao/v1/legacy-callback
FAQ

Frequently Asked Questions about Balcão Balcão