Does Biteship Shipping have any unpatched vulnerabilities?

No. All known vulnerabilities in Biteship Shipping have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Biteship Shipping compatible with WordPress 6.7.5?

According to WordPress.org data, Biteship Shipping 1.2.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Biteship Shipping compatible with PHP 7.2+?

Biteship Shipping requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Biteship Shipping updated?

Biteship Shipping was last updated on Oct 6, 2025. Frequent updates are generally a positive security signal.

What is Biteship Shipping's security score?

Biteship Shipping has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Biteship Shipping Security & Risk Analysis

wordpress.org/plugins/biteship-shipping

Plugin pengiriman WooCommerce dengan berbagai ekspedisi untuk pengiriman Reguler, Instan, dan Kargo.

400 active installs v1.2.1 PHP 7.2+ WP 5.0+ Updated Oct 6, 2025

biteshipe-commerceshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Biteship Shipping Safe to Use in 2026?

Generally Safe

Score 100/100

Biteship Shipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "biteship-shipping" plugin v1.2.1 exhibits a concerning security posture primarily due to a large number of unprotected entry points. While the code demonstrates good practices in avoiding dangerous functions, executing SQL queries with prepared statements, and generally performing output escaping, the lack of authentication checks on a significant portion of its AJAX handlers and REST API routes represents a substantial risk. This means that potentially sensitive operations or data retrieval could be triggered by unauthenticated users, opening the door to various exploits.

The static analysis reveals a total of 9 entry points, with a striking 8 of them lacking necessary authorization. Specifically, 6 AJAX handlers and 2 REST API routes do not have permission callbacks. This is the most critical finding and significantly elevates the plugin's risk profile. Fortunately, the vulnerability history is clean, with no recorded CVEs, suggesting that either the plugin has been well-maintained in the past, or the vulnerabilities present in the current version have not yet been discovered or publicly disclosed.

In conclusion, while the plugin avoids common pitfalls like raw SQL queries and excessive unescaped output, the numerous unprotected entry points are a major weakness. The absence of any known vulnerabilities is a positive sign, but it should not overshadow the immediate security implications of the exposed AJAX and REST API endpoints. Future versions should prioritize implementing robust authentication and authorization checks for all entry points.

Key Concerns

8 unprotected entry points (AJAX/REST API)
6 unprotected AJAX handlers
2 unprotected REST API routes
Low output escaping rate (87%)

Vulnerabilities

None known

Biteship Shipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Biteship Shipping Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped47 total outputs

Attack Surface

8 unprotected

Biteship Shipping Attack Surface

Entry Points9

Unprotected8

AJAX Handlers 6

authwp_ajax_get_adm_lvl_1public\class-biteship-public.php:46

authwp_ajax_get_adm_lvl_2public\class-biteship-public.php:47

authwp_ajax_get_adm_lvl_3public\class-biteship-public.php:48

noprivwp_ajax_get_adm_lvl_1public\class-biteship-public.php:50

noprivwp_ajax_get_adm_lvl_2public\class-biteship-public.php:51

noprivwp_ajax_get_adm_lvl_3public\class-biteship-public.php:52

REST API Routes 3

POST/wp-json/wc-biteship/v1/wc-orders/(?P<id>\d+)/tracking-statusadmin\class-biteship-admin-rest-controller.php:17

POST/wp-json/wc-biteship/v1/wc-orders/(?P<id>\d+)/shipmentadmin\class-biteship-admin-rest-controller.php:23

GET/wp-json/wc-biteship/v1/gmaps.jsincludes\class-biteship-rest-controller.php:7

WordPress Hooks 39

actionrest_api_initadmin\class-biteship-admin.php:27

actionadmin_enqueue_scriptsadmin\class-biteship-admin.php:29

filterwoocommerce_get_settings_generaladmin\class-biteship-admin.php:31

actionwoocommerce_settings_general_options_afteradmin\class-biteship-admin.php:33

actionwoocommerce_admin_order_data_after_order_detailsadmin\class-biteship-admin.php:35

filterbulk_actions-edit-shop_orderadmin\class-biteship-admin.php:37

filterbulk_actions-woocommerce_page_wc-ordersadmin\class-biteship-admin.php:38

actionhandle_bulk_actions-edit-shop_orderadmin\class-biteship-admin.php:39

actionhandle_bulk_actions-woocommerce_page_wc-ordersadmin\class-biteship-admin.php:40

filterwoocommerce_order_actionsadmin\class-biteship-admin.php:42

actionwoocommerce_order_action_create_shipmentadmin\class-biteship-admin.php:43

actionwoocommerce_order_action_cancel_shipmentadmin\class-biteship-admin.php:44

actionwoocommerce_order_action_refresh_shipmentadmin\class-biteship-admin.php:45

filtermanage_edit-shop_order_columnsadmin\class-biteship-admin.php:47

filtermanage_woocommerce_page_wc-orders_columnsadmin\class-biteship-admin.php:48

actionmanage_woocommerce_page_wc-orders_custom_columnadmin\class-biteship-admin.php:50

actionmanage_shop_order_posts_custom_columnadmin\class-biteship-admin.php:51

actionwoocommerce_admin_order_data_after_shipping_addressadmin\class-biteship-admin.php:53

actionplugins_loadedadmin\class-biteship-admin.php:55

filterwoocommerce_integrationsadmin\class-biteship-admin.php:56

filterplugin_action_links_biteship-shipping/biteship-shipping.phpadmin\class-biteship-admin.php:57

actionadmin_noticesadmin\class-biteship-admin.php:58

filterwoocommerce_order_item_get_formatted_meta_dataadmin\class-biteship-admin.php:59

actionbefore_woocommerce_initbiteship-shipping.php:37

actionwoocommerce_shipping_initpublic\class-biteship-public.php:21

filterwoocommerce_shipping_methodspublic\class-biteship-public.php:23

filterwoocommerce_cart_shipping_packagespublic\class-biteship-public.php:25

actionwoocommerce_checkout_create_order_shipping_itempublic\class-biteship-public.php:27

actionwoocommerce_checkout_fieldspublic\class-biteship-public.php:29

filterwoocommerce_default_address_fieldspublic\class-biteship-public.php:30

actionwp_enqueue_scriptspublic\class-biteship-public.php:32

actionwoocommerce_order_details_after_order_tablepublic\class-biteship-public.php:34

actionwoocommerce_cart_calculate_feespublic\class-biteship-public.php:36

filterwoocommerce_available_payment_gatewayspublic\class-biteship-public.php:38

filterwoocommerce_account_orders_columnspublic\class-biteship-public.php:40

actionwoocommerce_my_account_my_orders_column_tracking-statuspublic\class-biteship-public.php:41

actionwoocommerce_my_account_my_orders_column_tracking-numberpublic\class-biteship-public.php:42

actionwoocommerce_checkout_update_order_reviewpublic\class-biteship-public.php:44

filterwoocommerce_process_checkout_field_billing_citypublic\class-biteship-public.php:55

Maintenance & Trust

Biteship Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedOct 6, 2025

PHP min version7.2

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

Biteship Shipping Alternatives

Bulgarisation for WooCommerce

bulgarisation-for-woocommerce

Всичко необходимо за вашият онлайн магазин за България. Включва облекчен режим за Наредба - H-18 и методи за доставка с Еконт, CVC и Спиди.

5K 2 CVEs

The Courier Guy Shipping for WooCommerce

the-courier-guy

100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs

Spocket ‑ US & EU Dropshipping

spocket

Find fast shipping products from reliable suppliers, import them to your WooCommerce store and manage your orders automatically: all for free.

1K No CVEs

FlagShip WooCommerce Shipping

flagship-woocommerce-shipping

100

FlagShip WooCommerce Shipping is an e-shipping courier solution that helps you shipping anything from Canada. Beautifully.

400 No CVEs

Shipping by City for Woocommerce

shipping-by-city-for-woocommerce

Shipping by city WooCommerce Add-on plug-in.

400 No CVEs

Developer Profile

Biteship Shipping Developer Profile

Biteship Information

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Biteship Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/biteship-shipping/admin/css/biteship-admin.css/wp-content/plugins/biteship-shipping/assets/css/frontend.css/wp-content/plugins/biteship-shipping/assets/js/frontend.js

Script Paths

/wp-content/plugins/biteship-shipping/assets/js/frontend.js

Version Parameters

biteship-shipping/admin/css/biteship-admin.css?ver=biteship-shipping/assets/css/frontend.css?ver=biteship-shipping/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

biteship-admin-fieldbiteship-shipping-sectionbiteship-admin-map-container

HTML Comments

Data Attributes

data-biteship-api-urldata-biteship-api-keydata-biteship-shipping-address-fielddata-biteship-map-latitudedata-biteship-map-longitude

JS Globals

biteship_admin_params

REST Endpoints

/wp-json/biteship/v1/shipments/wp-json/biteship/v1/rates/wp-json/biteship/v1/locations

FAQ