Does Conditional Shipping for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Conditional Shipping for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Conditional Shipping for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Conditional Shipping for WooCommerce 3.6.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Conditional Shipping for WooCommerce compatible with PHP 7.0+?

Conditional Shipping for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Conditional Shipping for WooCommerce updated?

Conditional Shipping for WooCommerce was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is Conditional Shipping for WooCommerce's security score?

Conditional Shipping for WooCommerce has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Conditional Shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/conditional-shipping-for-woocommerce

Restrict WooCommerce shipping methods based on conditions. Works with your existing shipping methods and zones.

10K active installs v3.6.1 PHP 7.0+ WP 4.6+ Updated Feb 2, 2026

conditional-shippingwoocommerce-shipping

A · Safe

CVEs total2

Unpatched0

Last CVEApr 16, 2025

Download

Safety Verdict

Is Conditional Shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Conditional Shipping for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 16, 2025Updated 2mo ago

Risk Assessment

The 'conditional-shipping-for-woocommerce' plugin version 3.6.1 exhibits a generally positive security posture with several good practices in place. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and a decent percentage of properly escaped output are strong indicators of secure coding. Furthermore, the plugin implements nonce and capability checks, and its static analysis reveals a very small attack surface with no unprotected entry points.

However, a significant concern arises from its vulnerability history. The plugin has a documented history of two known CVEs, with one high and one medium severity vulnerability recorded. The prevalence of Cross-Site Request Forgery (CSRF) as a common vulnerability type, coupled with the fact that the last vulnerability was recorded relatively recently (though dated in the future in the provided data, this suggests a recurring pattern of past issues), points to potential areas where the plugin's security implementations might be incomplete or have been historically bypassed. The taint analysis, while not showing critical or high severity unsanitized paths, did identify one flow with an unsanitized path, which warrants further investigation.

In conclusion, while the current version of the plugin appears to have addressed past vulnerabilities and demonstrates good coding hygiene in static analysis, its historical vulnerability record, particularly for CSRF, suggests a potential for recurring weaknesses. Users should remain vigilant and ensure the plugin is always updated to the latest secure version, as past issues indicate a need for ongoing security scrutiny.

Key Concerns

History of high severity CVEs
History of medium severity CVEs
Flow with unsanitized paths
84% of outputs properly escaped

Vulnerabilities

Conditional Shipping for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-39564medium · 4.3Cross-Site Request Forgery (CSRF)

Conditional Shipping for WooCommerce <= 3.4.0 - Cross-Site Request Forgery

Apr 16, 2025 Patched in 3.4.1 (6d)

CVE-2022-46815high · 8.8Cross-Site Request Forgery (CSRF)

Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery

Dec 12, 2022 Patched in 2.3.2 (407d)

Code Analysis

Analyzed Mar 16, 2026

Conditional Shipping for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

205 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

84% escaped243 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_settings (includes\admin\class-woo-conditional-shipping-admin.php:196)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Conditional Shipping for WooCommerce Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wcs_toggle_rulesetincludes\admin\class-woo-conditional-shipping-admin.php:37

WordPress Hooks 28

filterwoocommerce_get_sections_shippingincludes\admin\class-woo-conditional-shipping-admin.php:15

actionwoocommerce_settings_shippingincludes\admin\class-woo-conditional-shipping-admin.php:17

actionwoocommerce_settings_save_shippingincludes\admin\class-woo-conditional-shipping-admin.php:19

actionwoocommerce_settings_save_shippingincludes\admin\class-woo-conditional-shipping-admin.php:20

actionadmin_enqueue_scriptsincludes\admin\class-woo-conditional-shipping-admin.php:23

actionadmin_footerincludes\admin\class-woo-conditional-shipping-admin.php:26

filterwoocommerce_get_settings_shippingincludes\admin\class-woo-conditional-shipping-admin.php:34

actioninitincludes\class-conditional-shipping-updater.php:338

actionwoocommerce_initincludes\class-woo-conditional-shipping-debug.php:34

actionwoocommerce_load_shipping_methodsincludes\class-woo-conditional-shipping-debug.php:37

actionwp_enqueue_scriptsincludes\class-woo-conditional-shipping-debug.php:40

filterrender_blockincludes\class-woo-conditional-shipping-debug.php:43

actionwoocommerce_before_checkout_formincludes\class-woo-conditional-shipping-debug.php:46

filterwoocommerce_update_order_review_fragmentsincludes\class-woo-conditional-shipping-debug.php:49

actioninitincludes\class-woo-conditional-shipping-post-type.php:16

actionwp_enqueue_scriptsincludes\frontend\class-woo-conditional-shipping-frontend.php:26

filterwoocommerce_package_ratesincludes\frontend\class-woo-conditional-shipping-frontend.php:29

actionwoocommerce_checkout_update_order_reviewincludes\frontend\class-woo-conditional-shipping-frontend.php:32

filterwoocommerce_cart_shipping_packagesincludes\frontend\class-woo-conditional-shipping-frontend.php:35

filterwcs_convert_priceincludes\frontend\class-woo-conditional-shipping-frontend.php:38

filterwcs_convert_price_reverseincludes\frontend\class-woo-conditional-shipping-frontend.php:39

actionwcml_switch_currencyincludes\frontend\class-woo-conditional-shipping-frontend.php:43

actionwoocommerce_blocks_loadedincludes\frontend\class-woo-conditional-shipping-frontend.php:50

actionwoocommerce_blocks_checkout_block_registrationincludes\frontend\class-woo-conditional-shipping-frontend.php:91

actionwoocommerce_blocks_cart_block_registrationincludes\frontend\class-woo-conditional-shipping-frontend.php:98

actionplugins_loadedwoo-conditional-shipping.php:43

actionbefore_woocommerce_initwoo-conditional-shipping.php:51

actionplugins_loadedwoo-conditional-shipping.php:162

Maintenance & Trust

Conditional Shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version7.0

Downloads295K

Community Trust

Rating92/100

Number of ratings22

Active installs10K

Alternatives

Conditional Shipping for WooCommerce Alternatives

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

Flat Rate Shipping Method for WooCommerce

woo-extra-flat-rate

100

Create flexible flat rate shipping methods with custom rules i.e. for specific products or countries where the products will be shipped to.

6K No CVEs

Conditional Shipping for WooCommerce: Restrict Shipping Options by Anything

wpfactory-conditional-shipping-for-woocommerce

100

Set conditions for WooCommerce shipping methods to show up.

400 No CVEs

Shipped – Table Rate Shipping Method | for WooCommerce

table-rate-shipping-rates

100

Shipped - Table Rate Shipping Method a powerful, flexible and easy-to-use shipping plugin for WooCommerce.

300 No CVEs

Easy Table Rate Shipping for WooCommmerce

easy-table-rate-shipping-for-woocommerce

Table rate shipping extends WooCommerce’s default shipping options letting you calculate shipping costs based on total price, item count, weight, etc

200 No CVEs

Developer Profile

Conditional Shipping for WooCommerce Developer Profile

WP Trio

3 plugins · 21K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

236 days

View full developer profile

Detection Fingerprints

How We Detect Conditional Shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/conditional-shipping-for-woocommerce/admin/css/woo-conditional-shipping.css/wp-content/plugins/conditional-shipping-for-woocommerce/admin/js/woo-conditional-shipping.js/wp-content/plugins/conditional-shipping-for-woocommerce/includes/frontend/class-woo-conditional-shipping-frontend.php/wp-content/plugins/conditional-shipping-for-woocommerce/includes/woo-conditional-shipping-utils.php/wp-content/plugins/conditional-shipping-for-woocommerce/includes/class-woo-conditional-shipping-ruleset.php/wp-content/plugins/conditional-shipping-for-woocommerce/includes/class-woo-conditional-shipping-post-type.php/wp-content/plugins/conditional-shipping-for-woocommerce/includes/class-conditional-shipping-filters.php/wp-content/plugins/conditional-shipping-for-woocommerce/includes/class-woo-conditional-shipping-debug.php+1 more

Script Paths

/wp-content/plugins/conditional-shipping-for-woocommerce/admin/js/woo-conditional-shipping.js

Version Parameters

conditional-shipping-for-woocommerce/admin/css/woo-conditional-shipping.css?ver=conditional-shipping-for-woocommerce/admin/js/woo-conditional-shipping.js?ver=

HTML / DOM Fingerprints

CSS Classes

woo-conditional-shipping-ruleset-wrap

HTML Comments

+16 more

Data Attributes

data-ruleset-id

JS Globals

woo_conditional_shipping

FAQ