Does BBA Mastro Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BBA Mastro Plugin compatible with WordPress 6.6.5?

According to WordPress.org data, BBA Mastro Plugin 2.4.13.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is BBA Mastro Plugin updated?

BBA Mastro Plugin was last updated on Dec 13, 2024. Frequent updates are generally a positive security signal.

What is BBA Mastro Plugin's security score?

BBA Mastro Plugin has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BBA Mastro Plugin Security & Risk Analysis

wordpress.org/plugins/bba-mastro

BBA Mastro Multi Carrier Shipping and Logistics Technology able to seamlessly integrate into your Woo cart.

10 active installs v2.4.13.2 PHP + WP 4.4+ Updated Dec 13, 2024

e-commerceecommercesalessellstore

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BBA Mastro Plugin Safe to Use in 2026?

Generally Safe

Score 92/100

BBA Mastro Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "bba-mastro" plugin v2.4.13.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and reports no known historical vulnerabilities. The absence of taint analysis findings and dangerous functions suggests a generally careful approach to coding in these critical areas. However, significant concerns arise from the static analysis. The plugin has two AJAX entry points, and critically, neither has an authentication or capability check, creating a substantial and unprotected attack surface. Furthermore, over half of its output operations are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs. The presence of an external HTTP request, while not inherently risky, is an area that warrants scrutiny, especially given the other identified weaknesses.

Key Concerns

AJAX handlers without auth checks
High percentage of unescaped output
External HTTP request

Vulnerabilities

None known

BBA Mastro Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BBA Mastro Plugin Release Timeline

v2.4.13.2Current

v2.4.13.1

v2.4.12.9

v2.4.12.8

v2.4.12.7

v2.4.12.6

v2.4.12.5

v2.4.12.4

v2.4.12.3

v2.4.12

v2.4.11

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

Code Analysis

Analyzed Mar 17, 2026

BBA Mastro Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

53% escaped30 total outputs

Attack Surface

2 unprotected

BBA Mastro Plugin Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_update_cartbbamastro.php:139

noprivwp_ajax_update_cartbbamastro.php:140

WordPress Hooks 28

actionwp_loadedbbamastro.php:44

actionplugins_loadedbbamastro.php:45

filterwoocommerce_shipping_methodsbbamastro.php:107

actionwoocommerce_webhook_payloadbbamastro.php:108

filterwoocommerce_rest_prepare_product_objectbbamastro.php:109

filterwoocommerce_default_address_fieldsbbamastro.php:110

filterwoocommerce_package_ratesbbamastro.php:111

actionwoocommerce_new_orderbbamastro.php:116

actionwoocommerce_thankyoubbamastro.php:117

actionwoocommerce_cart_totals_before_shippingbbamastro.php:120

actionwoocommerce_review_order_before_shippingbbamastro.php:121

filterwoocommerce_price_trim_zerosbbamastro.php:125

actionwoocommerce_cart_totals_before_shippingbbamastro.php:133

actionwoocommerce_cart_totals_before_shippingbbamastro.php:134

actionwoocommerce_review_order_before_shippingbbamastro.php:136

actionwoocommerce_review_order_before_shippingbbamastro.php:137

actioninitbbamastro.php:143

actionwoocommerce_admin_order_data_after_billing_addressincludes\bba-api\class-bbam-admin-custom-order-fields-meta-box.php:4

actionadmin_initincludes\bba-api\class-bbam-admin-custom-order-fields-shop-order.php:9

filtermanage_edit-shop_order_columnsincludes\bba-api\class-bbam-admin-custom-order-fields-shop-order.php:10

actionmanage_shop_order_posts_custom_columnincludes\bba-api\class-bbam-admin-custom-order-fields-shop-order.php:11

actionadmin_menuincludes\bba-api\class-bbam-excluded-categories.php:16

actionadmin_post_update_excluded_categoriesincludes\bba-api\class-bbam-excluded-categories.php:17

actionrest_api_initincludes\bba-api\class-bbam-excluded-categories.php:18

filterplugin_row_metaincludes\bba-api\class-bbam-install.php:10

actionadmin_menuincludes\bba-api\class-bbam-tracking-id-and-consignment-id-fields.php:21

actionwoocommerce_email_after_order_tableincludes\bba-api\class-bbam-tracking-id-and-consignment-id-fields.php:23

actionwp_insert_postincludes\bba-api\class-bbam-tracking-id-and-consignment-id-fields.php:24

Maintenance & Trust

BBA Mastro Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedDec 13, 2024

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings5

Active installs10

Alternatives

BBA Mastro Plugin Alternatives

TriPay Payment Gateway

tripay-payment-gateway

100

TriPay Payment adalah payment gateway indonesia yang menyediakan beragam metode pembayaran seperti virtual account, convenience store, e-wallet, dll

1K 1 CVE

Ovic Pinmap

ovic-pinmap

Need support? [Contact Us](https://kutethemes.com/contact-us/ "Contact Us")

200 No CVEs

ShipperHQ: Shipping & Checkout Experience Solution

woo-shipperhq

100

Control the shipping rates and options you show in your WooCommerce cart. Live rates from 30+ carriers, LTL Freight and custom rates.

200 No CVEs

OPay Payment for WooCommerce

woo-opay-payment

歐付寶金流外掛套件，提供合作特店以及個人會員使用開放原始碼商店系統時，無須自行處理複雜的檢核，直接透過安裝設定外掛套件，便可以較快速的方式介接的金流系統。

30 No CVEs

Ninja Shop – The Quickest Way to Start Selling

ninja-shop

Ninja Shop is an easy to use eCommerce plugin, the quickest way to start selling your products with WordPress.

20 No CVEs

Developer Profile

BBA Mastro Plugin Developer Profile

developerbbamastro

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BBA Mastro Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bba-mastro/admin/js/shipping-rules.js/wp-content/plugins/bba-mastro/public/js/bba-cart.js/wp-content/plugins/bba-mastro/public/css/bba-cart.css

Script Paths

/wp-content/plugins/bba-mastro/admin/js/shipping-rules.js/wp-content/plugins/bba-mastro/public/js/bba-cart.js

Version Parameters

bbamastro-apibbamastro-cart

HTML / DOM Fingerprints

CSS Classes

subtotal-note

Data Attributes

id="bba-residential"id="bba-tailgate"id="bba-checkout-residential"id="bba-checkout-tailgate"

JS Globals

window.bbamastro

Shortcode Output

<tr><th>Goods Check</th><td><tr><td colspan="2" class="subtotal-note"><div>

FAQ