DHL eCommerce (Benelux) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/dhlpwc

DHL eCommerce (Benelux) presents: The official DHL eCommerce for WooCommerce plugin to automate your e-commerce shipping process.

2K active installs v2.2.3 PHP 5.6+ WP 4.7+ Updated Dec 8, 2025
dhldhl-ecommerceshippingshipping-rateswoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 8, 2026
Safety Verdict

Is DHL eCommerce (Benelux) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

DHL eCommerce (Benelux) for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 8, 2026Updated 7mo ago
Risk Assessment

The "dhlpwc" v2.2.3 plugin exhibits a significant security concern due to its extensive attack surface of 27 AJAX handlers, all of which lack authentication checks. This means any user, regardless of their logged-in status or permissions, can potentially trigger these handlers. While the plugin shows good practices in using prepared statements for SQL queries and a high percentage of properly escaped output, the absence of authorization on such a large number of entry points is a critical oversight. The taint analysis, while not revealing critical or high severity unsanitized paths, still found 5 flows with unsanitized paths, indicating a potential for issues if inputs are not handled carefully in these unprotected AJAX endpoints. The plugin's history of zero vulnerabilities is a positive sign, suggesting that perhaps these entry points have not been exploited in the past or have been overlooked. However, this lack of past vulnerabilities should not breed complacency, especially given the current static analysis findings. The overall security posture is weakened by the unprotected AJAX handlers, which overshadows otherwise good coding practices. A balanced conclusion is that while the plugin has some strong security foundations, the lack of authentication on its numerous AJAX endpoints presents a substantial and immediate risk that requires urgent attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
1 published

DHL eCommerce (Benelux) for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9235medium · 4.3Missing Authorization

DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

Jul 8, 2026 Patched in 2.2.4 (1d)
Version History

DHL eCommerce (Benelux) for WooCommerce Release Timeline

v2.2.3Current1 CVE
v2.2.11 CVE
v2.2.01 CVE
v2.1.161 CVE
v2.1.141 CVE
v2.1.121 CVE
v2.1.111 CVE
v2.1.101 CVE
v2.1.81 CVE
v2.1.71 CVE
v2.1.61 CVE
v2.1.51 CVE
v2.1.41 CVE
v2.1.31 CVE
v2.1.21 CVE
v2.1.11 CVE
v2.0.201 CVE
v2.0.191 CVE
v2.0.181 CVE
v2.0.171 CVE
Code Analysis
Analyzed Mar 16, 2026

DHL eCommerce (Benelux) for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
30
407 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
4
Bundled Libraries
0

Output Escaping

93% escaped437 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
download_label (includes\controller\admin\class-dhlpwc-controller-admin-order.php:419)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
27 unprotected

DHL eCommerce (Benelux) for WooCommerce Attack Surface

Entry Points27
Unprotected27

AJAX Handlers 27

authwp_ajax_dhlpwc_dismiss_migrate_noticeincludes\controller\admin\class-dhlpwc-controller-admin-migrate.php:31
authwp_ajax_dhlpwc_dismiss_migrate_notice_foreverincludes\controller\admin\class-dhlpwc-controller-admin-migrate.php:32
authwp_ajax_dhlpwc_label_createincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:25
authwp_ajax_dhlpwc_label_deleteincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:26
authwp_ajax_dhlpwc_load_optionsincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:28
authwp_ajax_dhlpwc_load_sizesincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:29
authwp_ajax_dhlpwc_metabox_terminal_searchincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:31
authwp_ajax_dhlpwc_metabox_parcelshop_searchincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:32
authwp_ajax_dhlpwc_label_printincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:36
authwp_ajax_dhlpwc_print_label_requestincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:41
authwp_ajax_dhlpwc_dismiss_admin_noticeincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:42
authwp_ajax_dhlpwc_dismiss_admin_notice_foreverincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:43
authwp_ajax_dhlpwc_test_connectionincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:44
authwp_ajax_dhlpwc_search_printersincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:45
authwp_ajax_dhlpwc_dynamic_option_settingsincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:46
authwp_ajax_dhlpwc_load_parcelshop_selectionincludes\controller\class-dhlpwc-controller-cart.php:27
noprivwp_ajax_dhlpwc_load_parcelshop_selectionincludes\controller\class-dhlpwc-controller-cart.php:28
authwp_ajax_dhlpwc_parcelshop_selection_syncincludes\controller\class-dhlpwc-controller-cart.php:30
noprivwp_ajax_dhlpwc_parcelshop_selection_syncincludes\controller\class-dhlpwc-controller-cart.php:31
authwp_ajax_dhlpwc_delivery_time_selection_syncincludes\controller\class-dhlpwc-controller-cart.php:33
noprivwp_ajax_dhlpwc_delivery_time_selection_syncincludes\controller\class-dhlpwc-controller-cart.php:34
authwp_ajax_dhlpwc_get_initial_parcelshopincludes\controller\class-dhlpwc-controller-cart.php:36
noprivwp_ajax_dhlpwc_get_initial_parcelshopincludes\controller\class-dhlpwc-controller-cart.php:37
authwp_ajax_dhlpwc_get_delivery_timesincludes\controller\class-dhlpwc-controller-cart.php:39
noprivwp_ajax_dhlpwc_get_delivery_timesincludes\controller\class-dhlpwc-controller-cart.php:40
authwp_ajax_dhlpwc_load_switcherincludes\controller\isolated\class-dhlpwc-controller-isolated-load-switcher.php:23
authwp_ajax_dhlpwc_inject_switcherincludes\controller\isolated\class-dhlpwc-controller-isolated-load-switcher.php:24
WordPress Hooks 69
actionplugins_loadeddhlpwoocommerce.php:37
actionbefore_woocommerce_initdhlpwoocommerce.php:133
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-migrate.php:28
actionadmin_noticesincludes\controller\admin\class-dhlpwc-controller-admin-migrate.php:30
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:20
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:21
actionadd_meta_boxesincludes\controller\admin\class-dhlpwc-controller-admin-order-metabox.php:23
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:16
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:17
actionwoocommerce_admin_order_data_after_shipping_addressincludes\controller\admin\class-dhlpwc-controller-admin-order.php:19
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\controller\admin\class-dhlpwc-controller-admin-order.php:24
filterwoocommerce_shop_order_list_table_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:29
actionwoocommerce_shop_order_list_table_custom_columnincludes\controller\admin\class-dhlpwc-controller-admin-order.php:30
filtermanage_edit-shop_order_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:32
actionmanage_shop_order_posts_custom_columnincludes\controller\admin\class-dhlpwc-controller-admin-order.php:33
filterbulk_actions-woocommerce_page_wc-ordersincludes\controller\admin\class-dhlpwc-controller-admin-order.php:40
filterbulk_actions-edit-shop_orderincludes\controller\admin\class-dhlpwc-controller-admin-order.php:42
actionadmin_noticesincludes\controller\admin\class-dhlpwc-controller-admin-order.php:69
actionadmin_action_dhlpwc_download_labelincludes\controller\admin\class-dhlpwc-controller-admin-order.php:72
filterbulk_actions-woocommerce_page_wc-ordersincludes\controller\admin\class-dhlpwc-controller-admin-order.php:76
filterbulk_actions-edit-shop_orderincludes\controller\admin\class-dhlpwc-controller-admin-order.php:78
actionadmin_action_dhlpwc_download_labelsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:79
filterbulk_actions-woocommerce_page_wc-ordersincludes\controller\admin\class-dhlpwc-controller-admin-order.php:85
filterbulk_actions-edit-shop_orderincludes\controller\admin\class-dhlpwc-controller-admin-order.php:87
actionadmin_action_dhlpwc_print_labelsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:88
actionadmin_noticesincludes\controller\admin\class-dhlpwc-controller-admin-order.php:90
filterwoocommerce_shop_order_list_table_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:94
actionwoocommerce_shop_order_list_table_custom_columnincludes\controller\admin\class-dhlpwc-controller-admin-order.php:95
filtermanage_edit-shop_order_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:97
actionmanage_shop_order_posts_custom_columnincludes\controller\admin\class-dhlpwc-controller-admin-order.php:98
filterviews_woocommerce_page_wc-ordersincludes\controller\admin\class-dhlpwc-controller-admin-order.php:103
filtermanage_woocommerce_page_wc-orders_sortable_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:104
filterwoocommerce_order_list_table_prepare_items_query_argsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:105
filterviews_edit-shop_orderincludes\controller\admin\class-dhlpwc-controller-admin-order.php:108
filtermanage_edit-shop_order_sortable_columnsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:109
actionpre_get_postsincludes\controller\admin\class-dhlpwc-controller-admin-order.php:110
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-product.php:14
actionwoocommerce_product_options_shippingincludes\controller\admin\class-dhlpwc-controller-admin-product.php:16
actionwoocommerce_process_product_metaincludes\controller\admin\class-dhlpwc-controller-admin-product.php:18
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:23
actionadmin_enqueue_scriptsincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:24
filteroption_woocommerce_dhlpwc_settingsincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:30
filterwoocommerce_shipping_dhlpwc_instance_optionincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:31
filterpre_update_option_woocommerce_dhlpwc_settingsincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:32
filterwoocommerce_shipping_dhlpwc_instance_settings_valuesincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:33
actionadmin_menuincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:37
actionadmin_noticesincludes\controller\admin\class-dhlpwc-controller-admin-settings.php:40
actionwoocommerce_order_details_after_order_table_itemsincludes\controller\class-dhlpwc-controller-account.php:14
actionwoocommerce_order_status_changedincludes\controller\class-dhlpwc-controller-autoprint.php:14
actionwp_loadedincludes\controller\class-dhlpwc-controller-cart.php:12
actionwp_loadedincludes\controller\class-dhlpwc-controller-cart.php:13
filterwoocommerce_package_ratesincludes\controller\class-dhlpwc-controller-cart.php:14
actionwp_enqueue_scriptsincludes\controller\class-dhlpwc-controller-cart.php:22
actionwp_enqueue_scriptsincludes\controller\class-dhlpwc-controller-cart.php:23
actionwoocommerce_after_shipping_rateincludes\controller\class-dhlpwc-controller-cart.php:25
filterwoocommerce_cart_shipping_method_full_labelincludes\controller\class-dhlpwc-controller-cart.php:43
filterwoocommerce_cart_shipping_method_full_labelincludes\controller\class-dhlpwc-controller-cart.php:45
actionwp_enqueue_scriptsincludes\controller\class-dhlpwc-controller-cart.php:95
actionwoocommerce_after_shipping_rateincludes\controller\class-dhlpwc-controller-cart.php:99
filterwoocommerce_validate_postcodeincludes\controller\class-dhlpwc-controller-checkout.php:12
actionwoocommerce_checkout_update_order_metaincludes\controller\class-dhlpwc-controller-checkout.php:13
actionwoocommerce_store_api_checkout_order_processedincludes\controller\class-dhlpwc-controller-checkout.php:14
actionwp_loadedincludes\controller\class-dhlpwc-controller-checkout.php:16
actionwoocommerce_after_checkout_validationincludes\controller\class-dhlpwc-controller-checkout.php:29
actionwoocommerce_email_customer_detailsincludes\controller\class-dhlpwc-controller-mail.php:23
filterwoocommerce_shipping_methodsincludes\controller\class-dhlpwc-controller-settings.php:12
filterpr_shipping_dhl_bypass_load_pluginincludes\controller\isolated\class-dhlpwc-controller-isolated-load-switcher.php:14
actionadmin_enqueue_scriptsincludes\controller\isolated\class-dhlpwc-controller-isolated-load-switcher.php:20
actionadmin_noticesincludes\controller\isolated\class-dhlpwc-controller-isolated-load-switcher.php:21
Maintenance & Trust

DHL eCommerce (Benelux) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 8, 2025
PHP min version5.6
Downloads66K

Community Trust

Rating100/100
Number of ratings2
Active installs2K
Developer Profile

DHL eCommerce (Benelux) for WooCommerce Developer Profile

DHL eCommerce

1 plugin · 2K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect DHL eCommerce (Benelux) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dhlpwc/assets/css/backend/migrate.css/wp-content/plugins/dhlpwc/assets/js/backend/migrate.js/wp-content/plugins/dhlpwc/assets/css/frontend/checkout.css/wp-content/plugins/dhlpwc/assets/js/frontend/checkout.js/wp-content/plugins/dhlpwc/assets/css/frontend/cart.css/wp-content/plugins/dhlpwc/assets/js/frontend/cart.js/wp-content/plugins/dhlpwc/assets/css/frontend/account.css/wp-content/plugins/dhlpwc/assets/js/frontend/account.js+13 more
Script Paths
/wp-content/plugins/dhlpwc/assets/js/backend/migrate.js/wp-content/plugins/dhlpwc/assets/js/frontend/checkout.js/wp-content/plugins/dhlpwc/assets/js/frontend/cart.js/wp-content/plugins/dhlpwc/assets/js/frontend/account.js/wp-content/plugins/dhlpwc/assets/js/frontend/mail.js/wp-content/plugins/dhlpwc/assets/js/frontend/print.js+5 more
Version Parameters
dhlpwc/assets/css/backend/migrate.css?ver=dhlpwc/assets/js/backend/migrate.js?ver=dhlpwc/assets/css/frontend/checkout.css?ver=dhlpwc/assets/js/frontend/checkout.js?ver=dhlpwc/assets/css/frontend/cart.css?ver=dhlpwc/assets/js/frontend/cart.js?ver=dhlpwc/assets/css/frontend/account.css?ver=dhlpwc/assets/js/frontend/account.js?ver=dhlpwc/assets/css/frontend/mail.css?ver=dhlpwc/assets/js/frontend/mail.js?ver=dhlpwc/assets/css/frontend/print.css?ver=dhlpwc/assets/js/frontend/print.js?ver=dhlpwc/assets/css/admin/product.css?ver=dhlpwc/assets/js/admin/product.js?ver=dhlpwc/assets/css/admin/order-metabox.css?ver=dhlpwc/assets/js/admin/order-metabox.js?ver=dhlpwc/assets/css/admin/order.css?ver=dhlpwc/assets/js/admin/order.js?ver=dhlpwc/assets/css/admin/settings.css?ver=dhlpwc/assets/js/admin/settings.js?ver=dhlpwc/assets/js/admin/admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
dhlpwc-migrate-noticedhlpwc-migrate-notice__messagedhlpwc-migrate-notice__actionsdhlpwc-migrate-notice__dismissdhlpwc-migrate-notice__dismiss-foreverdhlpwc-checkout-delivery-optionsdhlpwc-checkout-delivery-options-titledhlpwc-checkout-delivery-options-list+60 more
HTML Comments
<!-- DHLPWC Template: admin/migrate.php --><!-- DHLPWC Template: admin/migrate-notice.php --><!-- DHLPWC Template: frontend/checkout/delivery-options.php --><!-- DHLPWC Template: frontend/cart/delivery-options.php -->+12 more
Data Attributes
data-dhlpwc-dismiss-urldata-dhlpwc-dismiss-forever-urldata-dhlpwc-migrate-prioritydata-dhlpwc-checkout-delivery-option-iddata-dhlpwc-cart-delivery-option-iddata-dhlpwc-account-delivery-option-id
JS Globals
DHLPWC_ADMIN_AJAX_URLDHLPWC_CHECKOUT_DATADHLPWC_CART_DATADHLPWC_ACCOUNT_DATADHLPWC_PRINT_DATADHLPWC_PRODUCT_SETTINGS_DATA+4 more
REST Endpoints
/wp-json/dhlpwc/v1/settings/wp-json/dhlpwc/v1/shipments/wp-json/dhlpwc/v1/shipments/(?P<id>[\d]+)/wp-json/dhlpwc/v1/shipments/(?P<id>[\d]+)/cancel/wp-json/dhlpwc/v1/shipments/(?P<id>[\d]+)/print/wp-json/dhlpwc/v1/settings/migrate
FAQ

Frequently Asked Questions about DHL eCommerce (Benelux) for WooCommerce