Cargo Shipping Location for WooCommerce Security & Risk Analysis

wordpress.org/plugins/cargo-shipping-location-for-woocommerce

The new plugin for Cargo express & pickups delivery orders from WooCommerce.

200 active installs v5.7 PHP 7.4+ WP 6.2+ Updated Apr 15, 2026
cargodeliveryshipmentwoo-commercewoocommerce
97
A · Safe
CVEs total1
Unpatched0
Last CVEJun 17, 2026
Safety Verdict

Is Cargo Shipping Location for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Cargo Shipping Location for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 17, 2026Updated 2mo ago
Risk Assessment

The 'cargo-shipping-location-for-woocommerce' plugin version 5.6 exhibits a mixed security posture. While the absence of known CVEs and a generally good approach to SQL prepared statements and output escaping are positive indicators, several areas raise concerns. The presence of 11 unprotected AJAX handlers significantly broadens the attack surface, creating potential entry points for malicious actors. The taint analysis, though showing no critical or high-severity unsanitized flows, did reveal 6 flows with unsanitized paths, which warrants attention as it indicates potential for data manipulation or unexpected behavior if not handled carefully.

Despite the lack of recorded historical vulnerabilities, the identified unprotected AJAX handlers are a tangible risk. The plugin's reliance on bundled libraries, specifically TCPDF, also introduces a potential indirect risk if this library has known unpatched vulnerabilities outside of the plugin's direct CVE history. Overall, the plugin demonstrates some good security practices, but the significant number of unprotected AJAX entry points and the unsanitized taint flows are weaknesses that could be exploited. A proactive approach to securing these entry points is recommended to improve its security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Bundled library (TCPDF)
Vulnerabilities
1 published

Cargo Shipping Location for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-54815high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cargo Shipping Location for WooCommerce <= 5.6 - Unauthenticated SQL Injection

Jun 17, 2026 Patched in 5.7 (7d)
Version History

Cargo Shipping Location for WooCommerce Release Timeline

v5.7Current
v5.61 CVE
v5.5.21 CVE
v5.5.11 CVE
v5.5.01 CVE
v5.4.01 CVE
v5.3.31 CVE
v5.3.21 CVE
v5.3.11 CVE
v5.31 CVE
v5.2.11 CVE
v5.21 CVE
v5.1.11 CVE
v5.1.01 CVE
v5.0.61 CVE
v5.0.51 CVE
v5.0.41 CVE
v5.0.31 CVE
v5.0.21 CVE
v5.0.11 CVE
Code Analysis
Analyzed Mar 16, 2026

Cargo Shipping Location for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
51
384 escaped
Nonce Checks
10
Capability Checks
0
File Operations
14
External Requests
5
Bundled Libraries
1

Bundled Libraries

TCPDF

SQL Query Safety

80% prepared5 total queries

Output Escaping

88% escaped435 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

13 flows6 with unsanitized paths
cancelShipment (cargo-shipping-location.php:339)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Cargo Shipping Location for WooCommerce Attack Surface

Entry Points23
Unprotected11

AJAX Handlers 22

authwp_ajax_getOrderStatuscargo-shipping-location.php:87
noprivwp_ajax_getOrderStatuscargo-shipping-location.php:88
authwp_ajax_cancelShipmentcargo-shipping-location.php:90
noprivwp_ajax_cancelShipmentcargo-shipping-location.php:91
authwp_ajax_get_delivery_locationcargo-shipping-location.php:93
noprivwp_ajax_get_delivery_locationcargo-shipping-location.php:94
authwp_ajax_sendOrderCARGOcargo-shipping-location.php:96
authwp_ajax_get_shipment_labelcargo-shipping-location.php:97
authwp_ajax_cslfw_save_cargo_apiincludes\CargoApi\Webhook.php:28
authwp_ajax_cslfw_add_webhooksincludes\CargoApi\Webhook.php:29
authwp_ajax_cslfw_delete_webhooksincludes\CargoApi\Webhook.php:30
authwp_ajax_cslfw_change_carrier_idincludes\cslfw-admin.php:52
authwp_ajax_cslfw_get_points_by_cityincludes\cslfw-admin.php:61
noprivwp_ajax_cslfw_get_points_by_cityincludes\cslfw-admin.php:62
authwp_ajax_cslfw_get_bulk_action_progressincludes\cslfw-admin.php:64
authwp_ajax_cslfw_send_emailincludes\cslfw-contact.php:30
authwp_ajax_get_order_tracking_detailsincludes\cslfw-front.php:40
authwp_ajax_cslfw_cargo_geocodingincludes\cslfw-front.php:46
noprivwp_ajax_cslfw_cargo_geocodingincludes\cslfw-front.php:47
authwp_ajax_cslfw_find_closest_pointsincludes\cslfw-front.php:49
noprivwp_ajax_cslfw_find_closest_pointsincludes\cslfw-front.php:50
authwp_ajax_get_multiple_shipment_labelsincludes\CSLFW_ShipmentsPage.php:23

REST API Routes 1

POST/wp-json/cargo-shipping-location-for-woocommerce/v1/update-status/includes\CargoApi\Webhook.php:46
WordPress Hooks 47
actionbefore_woocommerce_initcargo-shipping-location.php:82
actionwoocommerce_checkout_update_order_metacargo-shipping-location.php:84
actionwoocommerce_checkout_order_processedcargo-shipping-location.php:85
actionadmin_menucargo-shipping-location.php:98
filterwoocommerce_order_get_formatted_shipping_addresscargo-shipping-location.php:100
actionwoocommerce_order_status_processingcargo-shipping-location.php:102
actionwoocommerce_order_status_completedcargo-shipping-location.php:103
actionCSLFW_Cargo_Process_Shipment_Createcargo-shipping-location.php:105
actionCSLFW_Cargo_Process_Shipment_Labelcargo-shipping-location.php:106
actionadmin_menucargo-shipping-location.php:512
actionrest_api_initincludes\CargoApi\Webhook.php:25
actionadmin_menuincludes\CargoApi\Webhook.php:27
actionadmin_enqueue_scriptsincludes\CargoApi\Webhook.php:31
actionrest_api_initincludes\CargoApi\Webhook.php:32
actionadmin_enqueue_scriptsincludes\cslfw-admin.php:35
actioninitincludes\cslfw-admin.php:37
filterwc_order_statusesincludes\cslfw-admin.php:38
actionadd_meta_boxesincludes\cslfw-admin.php:39
actionwoocommerce_admin_order_data_after_billing_addressincludes\cslfw-admin.php:41
actionadmin_noticesincludes\cslfw-admin.php:42
actionwoocommerce_shipping_initincludes\cslfw-admin.php:43
filterhandle_bulk_actions-edit-shop_orderincludes\cslfw-admin.php:45
filterbulk_actions-edit-shop_orderincludes\cslfw-admin.php:46
filterwoocommerce_shipping_methodsincludes\cslfw-admin.php:47
actionmanage_shop_order_posts_custom_columnincludes\cslfw-admin.php:49
filtermanage_edit-shop_order_columnsincludes\cslfw-admin.php:50
actionwoocommerce_shop_order_list_table_custom_columnincludes\cslfw-admin.php:55
filterwoocommerce_shop_order_list_table_columnsincludes\cslfw-admin.php:56
filterbulk_actions-woocommerce_page_wc-ordersincludes\cslfw-admin.php:58
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\cslfw-admin.php:59
actioninitincludes\cslfw-cargo.php:45
actionwoocommerce_new_orderincludes\cslfw-cargo.php:47
actionadmin_menuincludes\cslfw-contact.php:29
actionadmin_enqueue_scriptsincludes\cslfw-contact.php:31
actionwp_enqueue_scriptsincludes\cslfw-front.php:32
filterwoocommerce_account_orders_columnsincludes\cslfw-front.php:34
filterwoocommerce_locate_templateincludes\cslfw-front.php:35
actionwp_headincludes\cslfw-front.php:37
actionwp_footerincludes\cslfw-front.php:38
actionwoocommerce_order_details_after_order_tableincludes\cslfw-front.php:39
actionwoocommerce_after_shipping_rateincludes\cslfw-front.php:41
actionwoocommerce_my_account_my_orders_column_order-trackincludes\cslfw-front.php:42
actionwoocommerce_checkout_processincludes\cslfw-front.php:43
actionwoocommerce_after_checkout_validationincludes\cslfw-front.php:44
actionadmin_initincludes\cslfw-settings.php:24
actionadmin_menuincludes\CSLFW_ShipmentsPage.php:21
actionadmin_enqueue_scriptsincludes\CSLFW_ShipmentsPage.php:22
Maintenance & Trust

Cargo Shipping Location for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Developer Profile

Cargo Shipping Location for WooCommerce Developer Profile

Cargo RD

1 plugin · 200 total installs

98
trust score
Avg Security Score
97/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Cargo Shipping Location for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/css/cargo-shipping-location.css/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location-admin.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/shipments.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/shipping_options.js
Script Paths
/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location-admin.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/shipments.js/wp-content/plugins/cargo-shipping-location-for-woocommerce/assets/js/shipping_options.js
Version Parameters
cargo-shipping-location-for-woocommerce/assets/css/cargo-shipping-location.css?ver=cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location.js?ver=cargo-shipping-location-for-woocommerce/assets/js/cargo-shipping-location-admin.js?ver=cargo-shipping-location-for-woocommerce/assets/js/shipments.js?ver=cargo-shipping-location-for-woocommerce/assets/js/shipping_options.js?ver=

HTML / DOM Fingerprints

CSS Classes
cslfw-pickup-locations
HTML Comments
<!-- cargo-shipping-location-for-woocommerce --><!-- START CSLFW -->
Data Attributes
data-cslfw-cargo-api-keydata-cslfw-cargo-point-finder-url
JS Globals
cslfw_paramsCargoShippingLocation
Shortcode Output
[cslfw_delivery_locations]
FAQ

Frequently Asked Questions about Cargo Shipping Location for WooCommerce