WP-Safety

Plugin BlueX for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bluex-for-woocommerce

Once the plugin is installed, you need to go to the integration section in the woocommerce settings and add the data delivered by blue express. Also,

2K active installs v3.1.6 PHP 7.0+ WP 4.5+ Updated Feb 16, 2026
blue-expressblue-express-rateslive-ratesshipping-rateswoocommerce-shipping
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 4, 2026
Plugin page Download
Safety Verdict

Is Plugin BlueX for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Plugin BlueX for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 4, 2026Updated 1mo ago
Risk Assessment

The "bluex-for-woocommerce" v3.1.6 plugin exhibits a mixed security posture. While it demonstrates good practices in some areas, such as a low number of dangerous functions and a reasonable percentage of properly escaped outputs, significant concerns remain. The presence of two unprotected REST API routes is a primary risk, potentially allowing unauthorized access to sensitive functionalities. The vulnerability history is a major red flag, with a known medium-severity CVE that is currently unpatched, indicating a lack of timely security maintenance.

The static analysis reveals a moderate attack surface of 26 entry points, with a small but concerning number of these (2) lacking proper authentication checks. Although no critical or high-severity taint flows were identified in the static analysis, the absence of taint analysis data for the plugin's flows is itself a weakness, as it means a significant part of the security landscape wasn't deeply scrutinized.

In conclusion, while the plugin avoids common pitfalls like many dangerous functions, the unpatched CVE and unprotected REST API routes pose significant risks. The vulnerability history suggests a pattern of delayed remediation, which is a concern for ongoing security. Users should exercise caution and strongly consider the implications of these identified weaknesses.

Key Concerns

  • Unpatched CVE
  • REST API routes without permission callbacks
Vulnerabilities
1

Plugin BlueX for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68022medium · 5.3Missing Authorization

Plugin BlueX for WooCommerce <= 3.1.4 - Missing Authorization

Feb 4, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Plugin BlueX for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
9 prepared
Unescaped Output
28
143 escaped
Nonce Checks
15
Capability Checks
12
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

45% prepared20 total queries

Output Escaping

84% escaped171 total outputs
Attack Surface
2 unprotected

Plugin BlueX for WooCommerce Attack Surface

Entry Points26
Unprotected2

AJAX Handlers 16

authwp_ajax_woocommerce_correios_add_tracking_codeincludes\admin\class-wc-correios-admin-orders.php:26
authwp_ajax_woocommerce_correios_remove_tracking_codeincludes\admin\class-wc-correios-admin-orders.php:27
authwp_ajax_bluex_create_granular_zonesincludes\class-bluex-granular-zones-config.php:31
authwp_ajax_bluex_dismiss_zone_noticeincludes\class-bluex-quick-checker.php:32
authwp_ajax_bluex_validate_zonesincludes\class-bluex-zones-validator.php:47
authwp_ajax_clear_shipping_cacheincludes\class-wc-correios-pudos-map.php:75
noprivwp_ajax_clear_shipping_cacheincludes\class-wc-correios-pudos-map.php:76
authwp_ajax_test_correios_integrationincludes\integrations\class-wc-correios-integration.php:70
authwp_ajax_correios_autofill_addresses_empty_databaseincludes\integrations\class-wc-correios-integration.php:81
authwp_ajax_validate_integration_is_activeincludes\integrations\class-wc-correios-integration.php:84
noprivwp_ajax_validate_integration_is_activeincludes\integrations\class-wc-correios-integration.php:85
authwp_ajax_update_integration_credentialsincludes\integrations\class-wc-correios-integration.php:87
noprivwp_ajax_update_integration_credentialsincludes\integrations\class-wc-correios-integration.php:88
authwp_ajax_save_integration_settingsincludes\integrations\class-wc-correios-integration.php:90
authwp_ajax_get_integration_settingsincludes\integrations\class-wc-correios-integration.php:92
authwp_ajax_save_developer_settingsincludes\integrations\class-wc-correios-integration.php:94

REST API Routes 10

POST/wp-json/wc-bluex/v1/test-integrationincludes\api\class-wc-correios-api.php:52
GET/wp-json/wc-bluex/v1/validate-integrationincludes\api\class-wc-correios-api.php:59
POST/wp-json/wc-bluex/v1/update-credentialsincludes\api\class-wc-correios-api.php:66
POST/wp-json/wc-bluex/v1/save-settingsincludes\api\class-wc-correios-api.php:73
GET/wp-json/wc-bluex/v1/get-settingsincludes\api\class-wc-correios-api.php:80
POST/wp-json/wc-bluex/v1/save-dev-settingsincludes\api\class-wc-correios-api.php:87
POST/wp-json/wc-bluex/v1/empty-autofill-dbincludes\api\class-wc-correios-api.php:94
GET/wp-json/wc-bluex/v1/get-logsincludes\api\class-wc-correios-api.php:101
DELETE/wp-json/wc-bluex/v1/delete-logsincludes\api\class-wc-correios-api.php:130
GET/wp-json/bluex/v1/zones-statusincludes\class-bluex-quick-checker.php:464
WordPress Hooks 59
actionadd_meta_boxesincludes\admin\class-wc-correios-admin-orders.php:24
filterwoocommerce_resend_order_emails_availableincludes\admin\class-wc-correios-admin-orders.php:25
actionmanage_shop_order_posts_custom_columnincludes\admin\class-wc-correios-admin-orders.php:30
actionadmin_enqueue_scriptsincludes\admin\class-wc-correios-admin-orders.php:31
actioninitincludes\class-bluex-granular-zones-config.php:36
actionadmin_noticesincludes\class-bluex-quick-checker.php:31
actionrest_api_initincludes\class-bluex-quick-checker.php:33
filterwoocommerce_location_typesincludes\class-wc-bluex-city-zone-matcher.php:21
filterwoocommerce_check_zone_locationsincludes\class-wc-bluex-city-zone-matcher.php:24
filterwoocommerce_location_typesincludes\class-wc-bluex-shipping-zone-automation.php:82
actioninitincludes\class-wc-correios-autofill-addresses.php:42
actionwp_enqueue_scriptsincludes\class-wc-correios-autofill-addresses.php:52
filterwoocommerce_store_api_shipping_rate_dataincludes\class-wc-correios-blocks-integration.php:36
actionwp_enqueue_scriptsincludes\class-wc-correios-blocks-integration.php:39
actionwoocommerce_after_shipping_rateincludes\class-wc-correios-cart.php:22
actioninitincludes\class-wc-correios-custom-order-status.php:24
filterwc_order_statusesincludes\class-wc-correios-custom-order-status.php:25
actionload-edit.phpincludes\class-wc-correios-custom-order-status.php:26
actionadmin_enqueue_scriptsincludes\class-wc-correios-custom-order-status.php:27
filterwoocommerce_order_shipping_methodincludes\class-wc-correios-orders.php:19
filterwoocommerce_order_item_display_meta_keyincludes\class-wc-correios-orders.php:20
actioninitincludes\class-wc-correios-pudos-map.php:33
actionwp_enqueue_scriptsincludes\class-wc-correios-pudos-map.php:57
actionwoocommerce_review_order_after_order_totalincludes\class-wc-correios-pudos-map.php:63
actionwp_footerincludes\class-wc-correios-pudos-map.php:66
actionwoocommerce_checkout_after_order_reviewincludes\class-wc-correios-pudos-map.php:69
actionwoocommerce_checkout_update_order_metaincludes\class-wc-correios-pudos-map.php:72
actionwoocommerce_checkout_processincludes\class-wc-correios-pudos-map.php:79
actionwoocommerce_checkout_update_order_reviewincludes\class-wc-correios-pudos-map.php:82
filterwoocommerce_api_order_responseincludes\class-wc-correios-rest-api.php:21
filterwoocommerce_api_create_orderincludes\class-wc-correios-rest-api.php:22
filterwoocommerce_api_edit_orderincludes\class-wc-correios-rest-api.php:23
actionrest_api_initincludes\class-wc-correios-rest-api.php:24
actionwoocommerce_order_details_after_order_tableincludes\class-wc-correios-tracking-history.php:28
actioninitincludes\class-wc-correios-webhook.php:71
actionwoocommerce_order_status_changedincludes\class-wc-correios-webhook.php:92
actioninitincludes\class-wc-correios.php:24
actionrest_api_initincludes\class-wc-correios.php:39
filterwoocommerce_integrationsincludes\class-wc-correios.php:61
filterwoocommerce_shipping_methodsincludes\class-wc-correios.php:62
filterwoocommerce_email_classesincludes\class-wc-correios.php:63
actionadmin_noticesincludes\class-wc-correios.php:65
actioninitincludes\districts\class-wc-districts.php:26
filterwoocommerce_default_address_fieldsincludes\districts\class-wc-districts.php:54
filterwoocommerce_statesincludes\districts\class-wc-districts.php:62
filterwoocommerce_billing_fieldsincludes\districts\class-wc-districts.php:70
filterwoocommerce_shipping_fieldsincludes\districts\class-wc-districts.php:71
filterwoocommerce_form_field_cityincludes\districts\class-wc-districts.php:72
actionwp_enqueue_scriptsincludes\districts\class-wc-districts.php:74
filterwoocommerce_correios_enable_tracking_historyincludes\integrations\class-wc-correios-integration.php:73
filterwoocommerce_correios_enable_tracking_debugincludes\integrations\class-wc-correios-integration.php:74
filterwoocommerce_correios_enable_autofill_addressesincludes\integrations\class-wc-correios-integration.php:77
filterwoocommerce_correios_enable_autofill_addresses_debugincludes\integrations\class-wc-correios-integration.php:78
filterwoocommerce_correios_autofill_addresses_validity_timeincludes\integrations\class-wc-correios-integration.php:79
filterwoocommerce_correios_autofill_addresses_force_autofillincludes\integrations\class-wc-correios-integration.php:80
actionbluex_clean_logsincludes\logger\wc-logs-cron.php:11
actionbluex_clean_logsincludes\logger\wc-logs-deactive-cron.php:11
actionbefore_woocommerce_initwoocommerce-bluex.php:31
actionplugins_loadedwoocommerce-bluex.php:39

Scheduled Events 2

bluex_clean_logs
bluex_clean_logs
Maintenance & Trust

Plugin BlueX for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 16, 2026
PHP min version7.0
Downloads18K

Community Trust

Rating40/100
Number of ratings2
Active installs2K
Alternatives

Plugin BlueX for WooCommerce Alternatives

PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met &hellip;

2K 1 CVE
Table rate shipping for WooCommerce

Table rate shipping for WooCommerce

advanced-table-rate-shipping-for-woocommerce

A
100

Table rate shipping a addon plugin for WooCommerce shipping.

200 No CVEs
Shipi – DHL Express Integration for Woocommerce

Shipi – DHL Express Integration for Woocommerce

a2z-dhl-express-shipping

A
100

Seamless DHL Express WooCommerce integration - live rates, automated/manual labels, return labels, pickups, invoices, and tracking.

100 No CVEs
Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

advanced-rule-based-shipping

A
100

Transform your WooCommerce store with Advanced Rule Based Shipping methods! Enjoy flexible options like table rates, weight-based, and flat rates!

100 No CVEs
PrangoShip [Quantity Based] for WooCommerce

PrangoShip [Quantity Based] for WooCommerce

woo-quantity-based-shipping-rate

A
85

Lets you assign shipping rates based on the quantity of items in the cart for your WooCommerce Store.

100 No CVEs
Developer Profile

Plugin BlueX for WooCommerce Developer Profile

soporteblue

1 plugin · 2K total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plugin BlueX for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bluex-for-woocommerce/assets/css/admin/orders.css/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/open-tracking-code.js/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/orders.js/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/shipping-methods.js
Script Paths
/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/open-tracking-code.min.js/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/orders.min.js/wp-content/plugins/bluex-for-woocommerce/assets/js/admin/shipping-methods.min.js/wp-content/plugins/bluex-for-woocommerce/assets/css/admin/orders.min.css/wp-content/plugins/bluex-for-woocommerce/assets/css/admin/orders.css
Version Parameters
bluex-for-woocommerce/assets/css/admin/orders.css?ver=bluex-for-woocommerce/assets/js/admin/open-tracking-code.js?ver=bluex-for-woocommerce/assets/js/admin/orders.js?ver=bluex-for-woocommerce/assets/js/admin/shipping-methods.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce-correios-open-tracking-codewoocommerce-correios-orders-adminbluex-for-woocommerce
HTML Comments
<!-- WPCS: XSS ok. -->
Data Attributes
aria-label="Tracking code"data-security="woocommerce-correios-add-tracking-code"data-security="woocommerce-correios-remove-tracking-code"
JS Globals
WCCorreiosAdminOrdersParams
FAQ

Frequently Asked Questions about Plugin BlueX for WooCommerce