WP-Safety

bpost-shipping-platform Security & Risk Analysis

wordpress.org/plugins/bpost-shipping-platform

Bpost for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

300 active installs v3.2.0 PHP 5.6+ WP 4.9+ Updated Oct 28, 2025
automatemulti-carriersaveshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is bpost-shipping-platform Safe to Use in 2026?

Generally Safe

Score 100/100

bpost-shipping-platform has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The bpost-shipping-platform plugin v3.2.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas. The vast majority of SQL queries utilize prepared statements, and output escaping is robust, with almost all outputs being properly escaped. The absence of dangerous functions and a clean vulnerability history with no recorded CVEs suggest a generally well-maintained codebase. However, significant security concerns arise from its attack surface. A substantial number of AJAX handlers (12 out of 17) and all REST API routes lack proper authentication or permission checks. This creates a considerable attack vector where unauthenticated users could potentially interact with sensitive functionalities. Furthermore, two taint analysis flows were found with unsanitized paths, indicating a potential for path traversal vulnerabilities, even though they are not currently classified as critical or high severity. The lack of capability checks and the limited number of nonce checks on entry points exacerbate these risks. While the plugin has no known CVEs, the uncovered vulnerabilities in its attack surface could be exploited by attackers, especially given the high number of unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Taint flows with unsanitized paths
  • Missing capability checks
  • Limited nonce checks
Vulnerabilities
None known

bpost-shipping-platform Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

bpost-shipping-platform Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
29 prepared
Unescaped Output
8
398 escaped
Nonce Checks
4
Capability Checks
0
File Operations
9
External Requests
2
Bundled Libraries
0

SQL Query Safety

91% prepared32 total queries

Output Escaping

98% escaped406 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
admin_init (includes\admin\class-Bpost-order-ui.php:193)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

bpost-shipping-platform Attack Surface

Entry Points19
Unprotected14

AJAX Handlers 17

authwp_ajax_Bpost_print_labelincludes\admin\class-Bpost-order-ui.php:60
authwp_ajax_Bpost_label_statusincludes\admin\class-Bpost-order-ui.php:61
authwp_ajax_Bpost_print_labelincludes\admin\class-Bpost-order-ui.php:67
authwp_ajax_Bpost_label_statusincludes\admin\class-Bpost-order-ui.php:68
noprivwp_ajax_Bpost_pickup_locationsincludes\admin\class-Bpost-shipping.php:49
authwp_ajax_Bpost_pickup_locationsincludes\admin\class-Bpost-shipping.php:50
noprivwp_ajax_Bpost_selected_carrierincludes\admin\class-Bpost-shipping.php:51
authwp_ajax_Bpost_selected_carrierincludes\admin\class-Bpost-shipping.php:52
noprivwp_ajax_Bpost_selected_carrier_reactincludes\admin\class-Bpost-shipping.php:54
authwp_ajax_Bpost_selected_carrier_reactincludes\admin\class-Bpost-shipping.php:55
noprivwp_ajax_Bpost_set_pickup_pointincludes\admin\class-Bpost-shipping.php:57
authwp_ajax_Bpost_set_pickup_pointincludes\admin\class-Bpost-shipping.php:58
noprivwp_ajax_Bpost_clear_pickup_session_dataincludes\admin\class-Bpost-shipping.php:60
authwp_ajax_Bpost_clear_pickup_session_dataincludes\admin\class-Bpost-shipping.php:61
noprivwp_ajax_Bpost_get_checkout_addressincludes\admin\class-Bpost-shipping.php:64
authwp_ajax_Bpost_get_checkout_addressincludes\admin\class-Bpost-shipping.php:65
authwp_ajax_Bpost_wbs_settingsincludes\admin\class-Bpost-shipping.php:68

REST API Routes 2

GET/wp-json/Bpost/v1/updateincludes\class-woo-Bpost.php:734
GET/wp-json/Bpost/v1/updateincludes\class-woo-Bpost.php:740
WordPress Hooks 56
actionbefore_woocommerce_initBpost.php:37
actionadmin_menuincludes\admin\class-Bpost-options-ui.php:82
actionadmin_initincludes\admin\class-Bpost-options-ui.php:83
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-Bpost-order-ui.php:34
filterposts_joinincludes\admin\class-Bpost-order-ui.php:35
filterposts_whereincludes\admin\class-Bpost-order-ui.php:36
filterbulk_actions-woocommerce_page_wc-ordersincludes\admin\class-Bpost-order-ui.php:37
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\admin\class-Bpost-order-ui.php:38
filtermanage_edit-shop_order_columnsincludes\admin\class-Bpost-order-ui.php:40
filterposts_joinincludes\admin\class-Bpost-order-ui.php:41
filterposts_whereincludes\admin\class-Bpost-order-ui.php:42
filterbulk_actions-edit-shop_orderincludes\admin\class-Bpost-order-ui.php:43
filterhandle_bulk_actions-edit-shop_orderincludes\admin\class-Bpost-order-ui.php:44
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-Bpost-order-ui.php:56
actionrestrict_manage_postsincludes\admin\class-Bpost-order-ui.php:57
actionadmin_headincludes\admin\class-Bpost-order-ui.php:58
actionadmin_initincludes\admin\class-Bpost-order-ui.php:59
actionmanage_shop_order_posts_custom_columnincludes\admin\class-Bpost-order-ui.php:63
actionrestrict_manage_postsincludes\admin\class-Bpost-order-ui.php:64
actionadmin_headincludes\admin\class-Bpost-order-ui.php:65
actionadmin_initincludes\admin\class-Bpost-order-ui.php:66
actionwoocommerce_before_order_object_saveincludes\admin\class-Bpost-order-ui.php:71
actionwoocommerce_shipping_initincludes\admin\class-Bpost-shipping.php:45
filterwoocommerce_get_sections_shippingincludes\admin\class-Bpost-shipping.php:46
actionwp_footerincludes\admin\class-Bpost-shipping.php:48
actionwoocommerce_checkout_update_order_metaincludes\admin\class-Bpost-shipping.php:69
actionwoocommerce_store_api_checkout_order_processedincludes\admin\class-Bpost-shipping.php:70
actionwoocommerce_checkout_fieldsincludes\admin\class-Bpost-shipping.php:73
actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-Bpost-shipping.php:76
actionwoocommerce_after_checkout_validationincludes\admin\class-Bpost-shipping.php:79
actionwpincludes\admin\class-Bpost-shipping.php:81
filterwoocommerce_shipping_methodsincludes\admin\class-Bpost-shipping.php:750
filterwoocommerce_update_order_review_fragmentsincludes\admin\class-Bpost-shipping.php:751
filterwoocommerce_review_order_before_paymentincludes\admin\class-Bpost-shipping.php:752
actionadmin_noticesincludes\class-woo-Bpost.php:131
actionadmin_noticesincludes\class-woo-Bpost.php:136
actionplugins_loadedincludes\class-woo-Bpost.php:211
actionupgrader_process_completeincludes\class-woo-Bpost.php:213
actionadmin_enqueue_scriptsincludes\class-woo-Bpost.php:215
actionadmin_enqueue_scriptsincludes\class-woo-Bpost.php:216
actionwp_enqueue_scriptsincludes\class-woo-Bpost.php:218
actionadmin_initincludes\class-woo-Bpost.php:219
actionadmin_noticesincludes\class-woo-Bpost.php:220
actionparse_requestincludes\class-woo-Bpost.php:222
filterquery_varsincludes\class-woo-Bpost.php:223
actionrest_api_initincludes\class-woo-Bpost.php:225
actioninitincludes\class-woo-Bpost.php:226
actiontemplate_redirectincludes\class-woo-Bpost.php:227
actioninitincludes\class-woo-Bpost.php:237
actionwoocommerce_product_options_general_product_dataincludes\class-woo-Bpost.php:238
actionwoocommerce_process_product_metaincludes\class-woo-Bpost.php:239
actionwoocommerce_product_options_general_product_dataincludes\class-woo-Bpost.php:242
actionwoocommerce_process_product_metaincludes\class-woo-Bpost.php:243
filterwoocommerce_order_details_after_order_table_itemsincludes\class-woo-Bpost.php:389
filterwoocommerce_statesincludes\class-woo-Bpost.php:394
filterwoocommerce_package_ratesincludes\class-woo-Bpost.php:396
Maintenance & Trust

bpost-shipping-platform Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 28, 2025
PHP min version5.6
Downloads2K

Community Trust

Rating20/100
Number of ratings1
Active installs300
Alternatives

bpost-shipping-platform Alternatives

Shiptimize for WooCommerce

Shiptimize for WooCommerce

shiptimize-for-woocommerce

C
50

Shiptimize for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

200 2 unpatched
Automated FedEx live/manual rates with shipping labels – HPOS supported

Automated FedEx live/manual rates with shipping labels – HPOS supported

a2z-fedex-shipping

A
100

Integrate the FedEx for Domestic and international Shipping. Shipping rates, label, tracking.

200 No CVEs
Shiplemon Shipping for WooComerce

Shiplemon Shipping for WooComerce

shiplemon-shipping

A
85

A platform that connects all courier companies in one system giving the possibility to compare shipping costs, create voucher, tracking numbers etc.

10 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Developer Profile

bpost-shipping-platform Developer Profile

bpost

1 plugin · 300 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect bpost-shipping-platform

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bpost-shipping-platform/assets/css/admin-style.css/wp-content/plugins/bpost-shipping-platform/assets/css/style.css/wp-content/plugins/bpost-shipping-platform/assets/js/admin-script.js/wp-content/plugins/bpost-shipping-platform/assets/js/script.js
Script Paths
/wp-content/plugins/bpost-shipping-platform/assets/js/script.js/wp-content/plugins/bpost-shipping-platform/assets/js/admin-script.js
Version Parameters
bpost-shipping-platform/assets/css/admin-style.css?ver=bpost-shipping-platform/assets/css/style.css?ver=bpost-shipping-platform/assets/js/admin-script.js?ver=bpost-shipping-platform/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bpost-shipping-platform-optionsbpost-shipping-uibpost-admin-sectionbpost-field-groupbpost-carrier-settingsbpost-shipping-method-settingsbpost-checkout-field-mapping
HTML Comments
<!-- bpost shipping platform settings --><!-- End bpost shipping platform settings --><!-- bpost option UI --><!-- End bpost option UI -->+6 more
Data Attributes
data-bpost-api-urldata-bpost-carrier-iddata-bpost-api-keydata-bpost-test-mode
JS Globals
window.bpost_settingswindow.bpost_api_urlwindow.bpost_carrierswindow.bpost_nonce
REST Endpoints
/wp-json/bpost-shipping/v1/settings/wp-json/bpost-shipping/v1/carriers/wp-json/bpost-shipping/v1/locations
Shortcode Output
[bpost_shipping_calculator][bpost_tracking_widget]
FAQ

Frequently Asked Questions about bpost-shipping-platform