WP-Safety

City Express Shipment Security & Risk Analysis

wordpress.org/plugins/city-express-shipment

WooCommerce integration with City Express Pickup Point and Home Delivery shipping services.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Apr 14, 2026
courierdeliverypickup-pointsshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is City Express Shipment Safe to Use in 2026?

Generally Safe

Score 100/100

City Express Shipment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'city-express-shipment' v1.0.0 plugin exhibits a generally good security posture, with several positive indicators. The code analysis reveals a strong reliance on prepared statements for SQL queries, near-perfect output escaping, and a substantial number of nonce and capability checks, suggesting developers have implemented common security best practices. The absence of any known vulnerabilities in its history further reinforces this positive impression.

However, a notable concern arises from the presence of one unprotected AJAX handler. This single entry point, if exposed, could potentially be leveraged by unauthenticated attackers to perform unintended actions. While the taint analysis shows no critical or high-severity issues and there are no dangerous functions identified, this unprotected AJAX handler represents a tangible risk that requires immediate attention. The plugin's attack surface is relatively small, but the presence of any unauthenticated entry point inherently increases the risk profile.

In conclusion, the plugin demonstrates commendable development practices, particularly in data handling and output sanitization. The lack of historical vulnerabilities is a significant strength. Nevertheless, the unprotected AJAX handler is a critical weakness that overshadows the otherwise positive findings. Addressing this specific vulnerability is paramount to improving the overall security of the plugin.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

City Express Shipment Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

City Express Shipment Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

City Express Shipment Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
231 escaped
Nonce Checks
14
Capability Checks
5
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

99% escaped234 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
city_express_main_settings_page (city-express-shipment.php:500)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

City Express Shipment Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_city_express_set_pickupcity-express-shipment.php:250
noprivwp_ajax_city_express_set_pickupcity-express-shipment.php:251
authwp_ajax_city_express_fetch_layoutscity-express-shipment.php:643
authwp_ajax_city_express_save_selectedcity-express-shipment.php:1194
noprivwp_ajax_city_express_save_selectedcity-express-shipment.php:1195
WordPress Hooks 25
actionwp_enqueue_scriptscity-express-shipment.php:172
actionadmin_enqueue_scriptscity-express-shipment.php:212
actionadmin_enqueue_scriptscity-express-shipment.php:245
actionwoocommerce_before_calculate_totalscity-express-shipment.php:292
actionwoocommerce_checkout_create_ordercity-express-shipment.php:326
actionwoocommerce_after_checkout_validationcity-express-shipment.php:366
actionadmin_menucity-express-shipment.php:468
filterwoocommerce_shipping_methodscity-express-shipment.php:886
actionwoocommerce_checkout_update_order_metacity-express-shipment.php:887
actionwoocommerce_cart_shipping_method_full_labelcity-express-shipment.php:890
actionwoocommerce_admin_order_data_after_shipping_addresscity-express-shipment.php:894
actionwoocommerce_shipping_initcity-express-shipment.php:1186
actionwoocommerce_admin_order_data_after_order_detailscity-express-shipment.php:1219
actionadmin_post_create_city_express_shipmentcity-express-shipment.php:1287
actionadmin_post_update_cityexpress_shipmentcity-express-shipment.php:1444
actionadmin_post_print_cityexpress_labelcity-express-shipment.php:1584
filterwoocommerce_admin_order_actionscity-express-shipment.php:1655
filterbulk_actions-woocommerce_page_wc-orderscity-express-shipment.php:1684
filterhandle_bulk_actions-woocommerce_page_wc-orderscity-express-shipment.php:1690
actionadmin_noticescity-express-shipment.php:1773
actionadmin_post_download_bulk_labelscity-express-shipment.php:1802
actionadmin_noticescity-express-shipment.php:1858
filterwoocommerce_shipping_methodscity-express-shipment.php:1937
actionwoocommerce_cart_shipping_method_full_labelcity-express-shipment.php:1939
actionwoocommerce_shipping_initcity-express-shipment.php:2155
Maintenance & Trust

City Express Shipment Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 14, 2026
PHP min version7.4
Downloads43

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

City Express Shipment Alternatives

Express One Shipment

Express One Shipment

express-one-shipment

A
100

WooCommerce integration with Express One Pickup Point and Home Delivery shipping services.

0 No CVEs
Overseas Express Shipment

Overseas Express Shipment

overseas-express-shipment

A
100

WooCommerce integration with Overseas Express Pickup Point and Home Delivery shipping services.

0 No CVEs
Local Delivery Drivers for WooCommerce

Local Delivery Drivers for WooCommerce

local-delivery-drivers-for-woocommerce

A
99

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K 1 CVE
Woot

Woot

woot-ro

A
100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs
Uber Direct Integration

Uber Direct Integration

uber-direct-delivery-integration

A
100

Offer instant or scheduled delivery from your WooCommerce store with real-time quotes and Uber Direct integration

60 No CVEs
Developer Profile

City Express Shipment Developer Profile

nesywoocom

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect City Express Shipment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/city-express-shipment/assets/vendor/leaflet/leaflet.css/wp-content/plugins/city-express-shipment/assets/vendor/leaflet/leaflet-control-geocoder.css/wp-content/plugins/city-express-shipment/assets/vendor/leaflet/leaflet.js/wp-content/plugins/city-express-shipment/assets/vendor/leaflet/leaflet-control-geocoder.js/wp-content/plugins/city-express-shipment/assets/js/checkout-map.js/wp-content/plugins/city-express-shipment/assets/images/marker-icon-blue.png/wp-content/plugins/city-express-shipment/assets/images/marker-icon-red.png/wp-content/plugins/city-express-shipment/assets/images/marker-shadow.png+1 more
Version Parameters
city-express-shipment/assets/vendor/leaflet/leaflet.css?ver=city-express-shipment/assets/vendor/leaflet/leaflet-control-geocoder.css?ver=city-express-shipment/assets/vendor/leaflet/leaflet.js?ver=city-express-shipment/assets/vendor/leaflet/leaflet-control-geocoder.js?ver=city-express-shipment/assets/js/checkout-map.js?ver=city-express-shipment/assets/js/admin-main-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-action-button-download_label
JS Globals
cityExpressPickupcityExpressAdmin
FAQ

Frequently Asked Questions about City Express Shipment