WP-Safety

Distance Based Shipping Calculator Security & Risk Analysis

wordpress.org/plugins/distance-based-shipping-calculator

This plugin retrieves the distance between your shipping origins and your customer and applies a rate per unit of distance (mile or kilometer) to calc …

100 active installs v2.1.0 PHP + WP 6.4+ Updated Aug 26, 2025
distancedistance-based-shippingdistance-calculatorshipping-calculatorshipping-rates
97
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 14, 2025
Plugin page Download
Safety Verdict

Is Distance Based Shipping Calculator Safe to Use in 2026?

Generally Safe

Score 97/100

Distance Based Shipping Calculator has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 14, 2025Updated 7mo ago
Risk Assessment

The "distance-based-shipping-calculator" plugin v2.1.0 exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and a significant number of capability checks, there are notable areas of concern. The presence of unprotected AJAX handlers and REST API routes represents a significant attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals flows with unsanitized paths, including two high-severity issues, which indicates potential vulnerabilities in how user input is handled and processed, possibly leading to cross-site scripting or other injection attacks. The plugin's history of four medium-severity CVEs, with the most recent being in February 2025, suggests a recurring pattern of vulnerabilities, particularly related to missing authorization, cross-site scripting, and SQL injection. Although there are currently no unpatched CVEs, this history warrants vigilance. Overall, the plugin has strengths in its core data handling but requires immediate attention to its input validation and access control mechanisms to mitigate identified risks.

Key Concerns

  • Unprotected AJAX handlers
  • REST API route without permission callback
  • High severity taint flows
  • Flows with unsanitized paths
  • Medium severity CVE history (4 total)
  • Significant percentage of unescaped outputs
Vulnerabilities
4

Distance Based Shipping Calculator Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-26764medium · 5.3Missing Authorization

Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization to Unauthenticated Settings Update

Feb 14, 2025 Patched in 2.0.23 (11d)
CVE-2025-26765medium · 4.3Missing Authorization

Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization

Feb 14, 2025 Patched in 2.0.23 (5d)
CVE-2024-56301medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Distance Based Shipping Calculator <= 2.0.21 - Reflected Cross-Site Scripting

Jan 3, 2025 Patched in 2.0.22 (18d)
CVE-2024-52495medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Distance Based Shipping Calculator <= 2.0.23 - Authenticated (Subscriber+) SQL Injection

Nov 20, 2024 Patched in 2.0.24 (114d)
Code Analysis
Analyzed Mar 16, 2026

Distance Based Shipping Calculator Code Analysis

Dangerous Functions
0
Raw SQL Queries
24
87 prepared
Unescaped Output
101
113 escaped
Nonce Checks
15
Capability Checks
30
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

78% prepared111 total queries

Output Escaping

53% escaped214 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
suspend_automatic_detection_dbsc (admin\popup\en-distance-base-shipping-popup-ajax.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Distance Based Shipping Calculator Attack Surface

Entry Points20
Unprotected3

AJAX Handlers 19

noprivwp_ajax_en_transportation_insight_admin_order_quotesadmin\order\en-order-rates.php:21
authwp_ajax_en_transportation_insight_admin_order_quotesadmin\order\en-order-rates.php:22
authwp_ajax_en_update_shipping_profileadmin\popup\en-distance-base-shipping-popup-ajax.php:18
authwp_ajax_en_add_shipping_classadmin\popup\en-distance-base-shipping-popup-ajax.php:19
authwp_ajax_en_add_shipping_zoneadmin\popup\en-distance-base-shipping-popup-ajax.php:20
authwp_ajax_en_get_shipping_zoneadmin\popup\en-distance-base-shipping-popup-ajax.php:21
authwp_ajax_en_edit_shipping_profileadmin\popup\en-distance-base-shipping-popup-ajax.php:22
authwp_ajax_get_available_classesadmin\popup\en-distance-base-shipping-popup-ajax.php:23
authwp_ajax_en_dbsc_delete_record_actionadmin\popup\en-distance-base-shipping-popup-ajax.php:24
authwp_ajax_en_add_shipping_originadmin\popup\en-distance-base-shipping-popup-ajax.php:25
authwp_ajax_en_edit_dbsc_shipping_originadmin\popup\en-distance-base-shipping-popup-ajax.php:26
authwp_ajax_en_add_zone_rateadmin\popup\en-distance-base-shipping-popup-ajax.php:27
authwp_ajax_en_get_zone_rateadmin\popup\en-distance-base-shipping-popup-ajax.php:28
authwp_ajax_en_woo_addons_upgrade_plan_submit_dbscadmin\popup\en-distance-base-shipping-popup-ajax.php:30
authwp_ajax_suspend_automatic_detection_dbscadmin\popup\en-distance-base-shipping-popup-ajax.php:32
noprivwp_ajax_en_distance_base_shipping_test_connectionadmin\tab\connection-settings\en-connection-ajax.php:23
authwp_ajax_en_distance_base_shipping_test_connectionadmin\tab\connection-settings\en-connection-ajax.php:24
noprivwp_ajax_distancebase_fden-install.php:361
authwp_ajax_distancebase_fden-install.php:362

REST API Routes 1

POST/wp-json/fdo-company-id/update-statusen-install.php:409
WordPress Hooks 40
actionadmin_print_scriptsadmin\order\en-order-script.php:21
actionwoocommerce_order_actionsadmin\order\en-order-widget.php:42
actionwoocommerce_settings_tabs_arrayadmin\popup\loader\en-loader.php:6
filterwoocommerce_settings_tabs_arrayadmin\tab\en-tab.php:26
actionwoocommerce_settings_tabs_arrayadmin\tab\en-tab.php:30
actionadmin_noticescommon\en-guard.php:39
actionwoocommerce_loadedcommon\en-guard.php:116
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:24
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:25
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:26
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:27
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:28
filteren_register_activation_hookdb\en-distance-base-shipping-db.php:29
actionadmin_initdb\en-distance-base-shipping-db.php:30
actionadmin_enqueue_scriptsen-install.php:6
actionupgrader_process_completeen-install.php:40
actionadmin_enqueue_scriptsen-install.php:93
actionwp_enqueue_scriptsen-install.php:106
filterwoocommerce_get_settings_pagesen-install.php:119
filterplugin_action_linksen-install.php:144
actionadmin_print_scriptsen-install.php:158
filterwoocommerce_shipping_methodsen-install.php:194
filterwoocommerce_cart_no_shipping_available_htmlen-install.php:210
filteren_app_common_plan_statusen-install.php:235
filterwoocommerce_package_ratesen-install.php:266
filteren_shipping_applicationsen-install.php:278
actionwoocommerce_proceed_to_checkouten-install.php:299
filterwoocommerce_cart_no_shipping_available_htmlen-install.php:312
filteren_woo_get_all_countriesen-install.php:326
filteren_woo_get_all_shipping_classesen-install.php:342
actionadmin_noticesen-install.php:359
actionrest_api_initen-install.php:406
filteren_register_activation_hookserver\common\en-create-ltl-class.php:24
actionwoocommerce_thankyouserver\common\en-order-export.php:22
actioninitserver\common\en-order-export.php:23
actionen_async_orders_exporting_processserver\common\en-order-export.php:24
filtercron_schedulesserver\common\en-order-export.php:25
actionwoocommerce_shipping_initserver\en-shipping-rates.php:19
filteren_package_converterserver\en-shipping-rates.php:113
filteren_eniture_shipmentserver\en-shipping-rates.php:150

Scheduled Events 1

en_async_orders_exporting_process
Maintenance & Trust

Distance Based Shipping Calculator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 26, 2025
PHP min version
Downloads9K

Community Trust

Rating60/100
Number of ratings2
Active installs100
Alternatives

Distance Based Shipping Calculator Alternatives

WooReer

WooReer

wcsdm

A
100

WooReer calculates shipping rates based on distance via Google Maps, Mapbox, DistanceMatrix.ai, Geoapify, or HERE.

2K No CVEs
Easyship WooCommerce Shipping Rates

Easyship WooCommerce Shipping Rates

easyship-woocommerce-shipping-rates

A
100

Easyship for WooCommerce saves you time and money with live courier rates, seamless checkout, automated taxes & duties, and shipping label creation.

2K 1 CVE
AB Google Map Travel (AB-MAP)

AB Google Map Travel (AB-MAP)

ab-google-map-travel

C
61

Created By: Aboobacker P Ummer Email : aboobackerp@gmail.com Free version demo: wp.aboobacker.com https://www.youtube.com/watch?v=oNmJB5Ioy5A Have &hellip;

70 1 unpatched
Flat Shipping Rates by Eniture Technology

Flat Shipping Rates by Eniture Technology

flat-shipping-rates-by-eniture-technology

A
100

The Flat Rate Shipping for WooCommerce plugin is a free add-on plugin that requires the installation and

20 No CVEs
Leo Travel Distance Time Manager

Leo Travel Distance Time Manager

leo-travel-distance-time-manager

A
85

Leo Travel Distance Time Manager is small plugin to calculate distance and time between multiple stops and shows complete route on map.

10 No CVEs
Developer Profile

Distance Based Shipping Calculator Developer Profile

enituretechnology

29 plugins · 1K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Distance Based Shipping Calculator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin-frontend.js/wp-content/plugins/distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin.js/wp-content/plugins/distance-based-shipping-calculator/admin/popup/assets/css/en-distance-base-shipping-admin-popup.css/wp-content/plugins/distance-based-shipping-calculator/admin/popup/assets/js/en-distance-base-shipping-admin-popup.js/wp-content/plugins/distance-based-shipping-calculator/admin/popup/assets/js/jquery.validate.min.js/wp-content/plugins/distance-based-shipping-calculator/admin/popup/assets/js/tagging.js/wp-content/plugins/distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin.css
Script Paths
https://code.jquery.com/jquery-1.12.4.jshttps://code.jquery.com/ui/1.12.1/jquery-ui.js//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
Version Parameters
distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin-frontend.js?ver=distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin.js?ver=distance-based-shipping-calculator/admin/popup/assets/css/en-distance-base-shipping-admin-popup.css?ver=distance-based-shipping-calculator/admin/popup/assets/js/en-distance-base-shipping-admin-popup.js?ver=distance-based-shipping-calculator/admin/popup/assets/js/jquery.validate.min.js?ver=distance-based-shipping-calculator/admin/popup/assets/js/tagging.js?ver=distance-based-shipping-calculator/admin/assets/en-distance-base-shipping-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
display_meta
JS Globals
EN_DISTANCE_BASE_SHIPPING_DIR_FILEen_dbs_admin_scriptscripten_dbsc_admin_popup_script
FAQ

Frequently Asked Questions about Distance Based Shipping Calculator