WP-Safety

Kronos Express Shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bse-kronosexpress-shipping-woocommerce

Kronos Express Shipping for WooCommerce

10 active installs v1.0.15 PHP + WP 4.0+ Updated Unknown
couriercypruseshopshippingshipping-woocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Kronos Express Shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Kronos Express Shipping for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "bse-kronosexpress-shipping-woocommerce" v1.0.15 demonstrates a generally good security posture with a robust implementation of security best practices. All identified entry points, including AJAX handlers and shortcodes, appear to have appropriate authentication and capability checks. The absence of any recorded vulnerabilities in its history, including critical or high severity issues, further reinforces this positive outlook. The code also utilizes prepared statements for all SQL queries, which is a significant strength in preventing SQL injection attacks. Taint analysis shows no unsanitized paths, indicating a low risk of code injection vulnerabilities.

However, the presence of two instances of the dangerous `unserialize` function warrants attention. While there are no direct indicators of exploitation in the current analysis, `unserialize` is inherently risky if the data being deserialized originates from untrusted sources, as it can lead to Remote Code Execution. Additionally, the output escaping is only at 56%, which is considerably low and presents a risk of Cross-Site Scripting (XSS) vulnerabilities. This combination of potential for XSS and the use of `unserialize` introduces specific areas of concern despite the plugin's otherwise strong security foundations.

Key Concerns

  • Low output escaping (56%)
  • Use of dangerous function (unserialize)
Vulnerabilities
None known

Kronos Express Shipping for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Kronos Express Shipping for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
48
62 escaped
Nonce Checks
7
Capability Checks
4
File Operations
2
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$m = unserialize($meta['kronosexpress_shipping_method_plugin'][0]);kronosexpress-shipping-woocommerce.php:256
unserialize$m = unserialize($meta['kronosexpress_shipping_method_plugin'][0]);kronosexpress-shipping-woocommerce.php:714

Output Escaping

56% escaped110 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
kronosexpress_printlabels_submit (kronosexpress-shipping-woocommerce.php:1059)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Kronos Express Shipping for WooCommerce Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_kronosexpress_tracking_action_submitkronosexpress-shipping-woocommerce.php:854
noprivwp_ajax_kronosexpress_tracking_action_submitkronosexpress-shipping-woocommerce.php:855
authwp_ajax_kronosexpress_printlabels_actionkronosexpress-shipping-woocommerce.php:1058
authwp_ajax_kronosexpress_cancellabels_actionkronosexpress-shipping-woocommerce.php:1349
authwp_ajax_kronosexpress_create_sandbox_actionkronosexpress-shipping-woocommerce.php:1514
authwp_ajax_kronosexpress_quotation_action_submitkronosexpress-shipping-woocommerce.php:1536

Shortcodes 1

[kronosexpress_tracking_system] kronosexpress-shipping-woocommerce.php:844
WordPress Hooks 21
actionwoocommerce_order_status_completedkronosexpress-shipping-woocommerce.php:189
actioninitkronosexpress-shipping-woocommerce.php:192
actionwoocommerce_email_before_order_tablekronosexpress-shipping-woocommerce.php:239
actionwoocommerce_shipping_initkronosexpress-shipping-woocommerce.php:659
actionwoocommerce_shipping_initkronosexpress-shipping-woocommerce.php:660
actionwoocommerce_shipping_initkronosexpress-shipping-woocommerce.php:661
actionwoocommerce_shipping_initkronosexpress-shipping-woocommerce.php:662
actionwoocommerce_shipping_initkronosexpress-shipping-woocommerce.php:663
actionwoocommerce_after_checkout_validationkronosexpress-shipping-woocommerce.php:664
actionwp_headkronosexpress-shipping-woocommerce.php:676
filterwoocommerce_shipping_methodskronosexpress-shipping-woocommerce.php:684
actionadd_meta_boxeskronosexpress-shipping-woocommerce.php:686
actionwoocommerce_checkout_update_order_metakronosexpress-shipping-woocommerce.php:755
filterwoocommerce_checkout_update_order_reviewkronosexpress-shipping-woocommerce.php:765
filtermanage_edit-shop_order_columnskronosexpress-shipping-woocommerce.php:779
actionmanage_shop_order_posts_custom_columnkronosexpress-shipping-woocommerce.php:780
filterbulk_actions-edit-shop_orderkronosexpress-shipping-woocommerce.php:814
actionadmin_enqueue_scriptskronosexpress-shipping-woocommerce.php:842
actionwoocommerce_review_order_after_shippingkronosexpress-shipping-woocommerce.php:1054
actionwp_headkronosexpress-shipping-woocommerce.php:1056
actionadmin_menukronosexpress-shipping-woocommerce.php:1577
Maintenance & Trust

Kronos Express Shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

Kronos Express Shipping for WooCommerce Alternatives

The Courier Guy Shipping for WooCommerce

The Courier Guy Shipping for WooCommerce

the-courier-guy

A
100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs
Local Delivery Drivers for WooCommerce

Local Delivery Drivers for WooCommerce

local-delivery-drivers-for-woocommerce

A
99

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K 1 CVE
Shippit for WooCommerce

Shippit for WooCommerce

shippit-simplified-australia-shipping

A
100

Multi-carrier shipping technology.

1K No CVEs
Bob Go smart shipping solution for WooCommerce

Bob Go smart shipping solution for WooCommerce

uafrica-shipping

A
100

Smart shipping and order management solution in South Africa

1K No CVEs
Dropshipping XML for WooCommerce

Dropshipping XML for WooCommerce

dropshipping-xml-for-woocommerce

A
100

Import products from CSV or XML product feeds to WooCommerce. WooCommerce dropshipping plugin to import wholesale products, update and synchronize the …

900 No CVEs
Developer Profile

Kronos Express Shipping for WooCommerce Developer Profile

bseltd

2 plugins · 20 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Kronos Express Shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bse-kronosexpress-shipping-woocommerce/assets/css/admin.css/wp-content/plugins/bse-kronosexpress-shipping-woocommerce/assets/js/admin.js/wp-content/plugins/bse-kronosexpress-shipping-woocommerce/assets/js/front.js/wp-content/plugins/bse-kronosexpress-shipping-woocommerce/assets/css/front.css
Version Parameters
bse-kronosexpress-shipping-woocommerce/assets/css/admin.css?ver=bse-kronosexpress-shipping-woocommerce/assets/js/admin.js?ver=bse-kronosexpress-shipping-woocommerce/assets/js/front.js?ver=bse-kronosexpress-shipping-woocommerce/assets/css/front.css?ver=

HTML / DOM Fingerprints

CSS Classes
kronosexpress_shipping_method
FAQ

Frequently Asked Questions about Kronos Express Shipping for WooCommerce