Does BLAZING Shipment Tracking have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BLAZING Shipment Tracking compatible with WordPress 6.3.8?

According to WordPress.org data, BLAZING Shipment Tracking 2.1.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is BLAZING Shipment Tracking updated?

BLAZING Shipment Tracking was last updated on Sep 24, 2023. Frequent updates are generally a positive security signal.

What is BLAZING Shipment Tracking's security score?

BLAZING Shipment Tracking has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BLAZING Shipment Tracking Security & Risk Analysis

wordpress.org/plugins/blazing-woocommerce-shipment-tracking

This plugin adds courier and tracking number to the woocommerce order, and a dedicated email to send shipment tracking info to the customer.

300 active installs v2.1.0 PHP + WP 2.9+ Updated Sep 24, 2023

fedexshippingtrackingupsusps

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BLAZING Shipment Tracking Safe to Use in 2026?

Generally Safe

Score 85/100

BLAZING Shipment Tracking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "blazing-woocommerce-shipment-tracking" plugin version 2.1.0 demonstrates a generally good security posture with several strengths. The static analysis reveals no identified dangerous functions, all SQL queries are properly prepared, and there are no recorded vulnerabilities in its history. The plugin also implements nonce and capability checks, and its limited attack surface is further mitigated by the absence of unprotected entry points.

However, a significant concern arises from the output escaping. With 15 total outputs, only 40% are properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities. While taint analysis didn't reveal any immediate unsanitized paths, this high percentage of unescaped output represents a tangible risk that attackers could exploit, especially in conjunction with the single AJAX handler. The lack of a vulnerability history is positive, but it doesn't negate the risks identified in the current code analysis, particularly regarding output sanitization.

In conclusion, while the plugin benefits from secure database practices and a controlled attack surface, the substantial number of unescaped outputs presents a notable weakness. Addressing the output escaping would significantly improve its security and mitigate the risk of XSS attacks.

Key Concerns

High percentage of unescaped output (40%)

Vulnerabilities

None known

BLAZING Shipment Tracking Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BLAZING Shipment Tracking Release Timeline

v2.1.0Current

v1.2.0

v1.1.0

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

BLAZING Shipment Tracking Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

Output Escaping

40% escaped15 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<bst-tracking> (bst-tracking.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BLAZING Shipment Tracking Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_bs_ship_track_emailbst-tracking.php:104

WordPress Hooks 15

actionwoocommerce_tracking_number_notificationapi\class-bst-order-tracking-email.php:49

filtercomments_clausesapi\class-bst-tracking-api-orders.php:265

filterbst_api_endpointsapi\class-bst-tracking-api-resource.php:34

actionin_admin_footerbst-tracking.php:85

actionadd_meta_boxesbst-tracking.php:87

actionwoocommerce_process_shop_order_metabst-tracking.php:88

actionplugins_loadedbst-tracking.php:89

actionwoocommerce_view_orderbst-tracking.php:102

actionwoocommerce_email_before_order_tablebst-tracking.php:103

filterwoocommerce_email_classesbst-tracking.php:107

filterquery_varsclass-bst-tracking-api.php:34

actioninitclass-bst-tracking-api.php:37

actionparse_requestclass-bst-tracking-api.php:40

actionadmin_menuclass-bst-tracking-settings.php:38

actionadmin_initclass-bst-tracking-settings.php:39

Maintenance & Trust

BLAZING Shipment Tracking Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 24, 2023

PHP min version

Downloads7K

Community Trust

Rating92/100

Number of ratings11

Active installs300

Alternatives

BLAZING Shipment Tracking Alternatives

Descartes ShipRush Integration

descartes-shiprush-integration

100

Export orders to My.ShipRush.com and update tracking details.

20 No CVEs

Tracking for Fedex USPS

tracking-for-fedex-usps

Once activated, this plugin generated a shortcode [tracking-fedex-usps] that you can insert into any post or page. The shortcode will be displayed as …

20 No CVEs

TrackingMore Order Tracking for WooCommerce (Free plan available)

trackingmore-woocommerce-tracking

All in one eCommerce order tracking, tracking page, customer notification and EDD. Support USPS, FedEx, UPS, DHL and 1100 carriers.

800 No CVEs

ReachShip WooCommerce Multi-Carrier & Conditional Shipping

elex-reachship-multi-carrier-conditional-shipping

Multi-carrier WooCommerce shipping plugin to get rates, print labels, pickups & track DHL, FedEx, UPS, USPS, Australia Post via ReachShip API.

300 1 CVE

Live Rates for ShipStation

live-rates-for-shipstation

100

Pulls live shipping rates from your favorite carriers connected to 3rd party provider ShipStation.

200 No CVEs

Developer Profile

BLAZING Shipment Tracking Developer Profile

Massoud Shakeri

3 plugins · 3K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BLAZING Shipment Tracking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/css/admin.css/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/css/bst-tracking-frontend.css/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-frontend.js/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-script.js/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/plugin/chosen/chosen.min.css/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/plugin/chosen/chosen.jquery.min.js

Script Paths

/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-frontend.js/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-script.js/wp-content/plugins/blazing-woocommerce-shipment-tracking/assets/plugin/chosen/chosen.jquery.min.js

Version Parameters

blazing-woocommerce-shipment-tracking/assets/css/admin.css?ver=blazing-woocommerce-shipment-tracking/assets/css/bst-tracking-frontend.css?ver=blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-frontend.js?ver=blazing-woocommerce-shipment-tracking/assets/js/bst-tracking-script.js?ver=blazing-woocommerce-shipment-tracking/assets/plugin/chosen/chosen.min.css?ver=blazing-woocommerce-shipment-tracking/assets/plugin/chosen/chosen.jquery.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

bst-tracking-section

HTML Comments

<!-- BLAZING Shipment Tracking Plugin<!-- BS_Shipment_Tracking class<!-- Constructor<!-- Required functions+4 more

Data Attributes

data-tracking-order-email-noncedata-tracking-order-id

JS Globals

bst_tracking_ajax_object

REST Endpoints

/wp-json/bst-ship-track/v1

Shortcode Output

[bs_tracking_details]

FAQ