Does DTDC Econnect Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DTDC Econnect Plugin compatible with WordPress 6.6.5?

According to WordPress.org data, DTDC Econnect Plugin 1.0.17.7 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is DTDC Econnect Plugin compatible with PHP 7.4+?

DTDC Econnect Plugin requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DTDC Econnect Plugin updated?

DTDC Econnect Plugin was last updated on Feb 18, 2025. Frequent updates are generally a positive security signal.

What is DTDC Econnect Plugin's security score?

DTDC Econnect Plugin has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DTDC Econnect Plugin Security & Risk Analysis

wordpress.org/plugins/dtdc-econnect

\"Bigger, Better, & Brighter Range of DTDC Express and E-commerce Based Business for your wider range of shipment.

300 active installs v1.0.17.7 PHP 7.4+ WP 4.7+ Updated Feb 18, 2025

dtdcecommerceshipsy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DTDC Econnect Plugin Safe to Use in 2026?

Generally Safe

Score 92/100

DTDC Econnect Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The dtdc-econnect plugin v1.0.17.7 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL query sanitization and output escaping, with all queries using prepared statements and all outputs being properly escaped. This indicates a good understanding of preventing common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS) within its core data handling.

However, a significant concern arises from the substantial attack surface composed entirely of unprotected AJAX handlers. With 8 AJAX handlers and 0 capability checks, any unauthenticated user can potentially interact with these endpoints, creating a high risk of unauthorized actions or information disclosure. The absence of nonce checks further exacerbates this issue, making these endpoints susceptible to Cross-Site Request Forgery (CSRF) attacks. While the taint analysis did not reveal any unsanitized flows, the lack of authorization on such a large number of entry points is a critical oversight.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting that the developers may have a history of producing relatively secure code or that the plugin hasn't been a prominent target for exploitation. Nevertheless, the current static analysis findings, particularly the unprotected AJAX handlers, represent a substantial risk that needs immediate attention, regardless of past vulnerability records.

Key Concerns

8 AJAX handlers without authentication
0 Nonce checks on AJAX handlers
0 Capability checks on AJAX handlers

Vulnerabilities

None known

DTDC Econnect Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DTDC Econnect Plugin Release Timeline

v1.0.17.7Current

v1.0.17.6

v1.0.17.5

v1.0.17.4

v1.0.17.3

v1.0.17.2

v1.0.17.1

v1.0.17

v1.0.16

v1.0.15

v1.0.14

v1.0.13

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

Code Analysis

Analyzed Mar 16, 2026

DTDC Econnect Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

493 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

100% prepared44 total queries

Output Escaping

100% escaped493 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

notice_messages (admin\class-shipsy-econnect-admin.php:875)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

DTDC Econnect Plugin Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_shipsy_get_endpoint_urlincludes\class-shipsy-econnect.php:163

authwp_ajax_shipsy_get_all_addressesincludes\class-shipsy-econnect.php:164

authwp_ajax_shipsy_get_shipping_addressincludes\class-shipsy-econnect.php:165

authwp_ajax_on_sync_submitincludes\class-shipsy-econnect.php:166

authwp_ajax_sync_resultincludes\class-shipsy-econnect.php:167

authwp_ajax_pending_consignments_syncincludes\class-shipsy-econnect.php:168

authwp_ajax_auto_sync_status_updateincludes\class-shipsy-econnect.php:169

authwp_ajax_shipsy_download_labelincludes\class-shipsy-econnect.php:170

WordPress Hooks 27

actionshipsy_auto_sync_consignments_cron_hookadmin\crons\shipsy-cron-handler.php:46

actionshipsy_auto_update_consignment_status_cron_hookadmin\crons\shipsy-cron-handler.php:65

actionplugins_loadedincludes\class-shipsy-econnect.php:142

actionadmin_enqueue_scriptsincludes\class-shipsy-econnect.php:157

actionadmin_enqueue_scriptsincludes\class-shipsy-econnect.php:158

actionadmin_menuincludes\class-shipsy-econnect.php:160

actionadmin_post_on_config_submitincludes\class-shipsy-econnect.php:172

actionadmin_post_on_setting_submitincludes\class-shipsy-econnect.php:173

actionadmin_post_on_setup_submitincludes\class-shipsy-econnect.php:174

actionadmin_headincludes\class-shipsy-econnect.php:176

filterwoocommerce_admin_order_actionsincludes\class-shipsy-econnect.php:177

filterbulk_actions-edit-shop_orderincludes\class-shipsy-econnect.php:180

filterhandle_bulk_actions-edit-shop_orderincludes\class-shipsy-econnect.php:181

filtermanage_edit-shop_order_columnsincludes\class-shipsy-econnect.php:182

actionmanage_shop_order_posts_custom_columnincludes\class-shipsy-econnect.php:183

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-shipsy-econnect.php:186

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-shipsy-econnect.php:187

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-shipsy-econnect.php:188

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-shipsy-econnect.php:189

actionadmin_noticesincludes\class-shipsy-econnect.php:192

actionadmin_headincludes\class-shipsy-econnect.php:193

actionadd_meta_boxesincludes\class-shipsy-econnect.php:194

filtercron_schedulesincludes\class-shipsy-econnect.php:197

actioninitincludes\class-shipsy-econnect.php:198

actionwp_enqueue_scriptsincludes\class-shipsy-econnect.php:212

actionwp_enqueue_scriptsincludes\class-shipsy-econnect.php:213

actionwoocommerce_view_orderincludes\class-shipsy-econnect.php:214

Scheduled Events 2

shipsy_auto_sync_consignments_cron_hook

shipsy_auto_update_consignment_status_cron_hook

Maintenance & Trust

DTDC Econnect Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedFeb 18, 2025

PHP min version7.4

Downloads7K

Community Trust

Rating20/100

Number of ratings1

Active installs300

Alternatives

DTDC Econnect Plugin Alternatives

Jeebly Shipment Delivery

jeebly-shipping

About Jeebly

20 No CVEs

Zajel Shipment Delivery

zajel-shipment-delivery

Zajel connects your store to help you with, syncing orders to Zajel application, print AWB labels and track your packages.

10 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

DTDC Econnect Plugin Developer Profile

Shipsyplugins

1 plugin · 300 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DTDC Econnect Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dtdc-econnect/assets/css/bootstrap.min.css/wp-content/plugins/dtdc-econnect/assets/css/jquery.dataTables.min.css/wp-content/plugins/dtdc-econnect/assets/css/sweetalert.css/wp-content/plugins/dtdc-econnect/admin/css/ec-ui-style.css/wp-content/plugins/dtdc-econnect/admin/css/ec-overlay-style.css/wp-content/plugins/dtdc-econnect/admin/css/ec-config-style.css/wp-content/plugins/dtdc-econnect/assets/js/bootstrap.min.js/wp-content/plugins/dtdc-econnect/assets/js/jquery.dataTables.min.js+4 more

Script Paths

assets/css/bootstrap.min.cssassets/css/jquery.dataTables.min.cssassets/css/sweetalert.cssadmin/css/ec-ui-style.cssadmin/css/ec-overlay-style.cssadmin/css/ec-config-style.css+6 more

Version Parameters

assets/css/bootstrap.min.css?ver=assets/css/jquery.dataTables.min.css?ver=assets/css/sweetalert.css?ver=admin/css/ec-ui-style.css?ver=admin/css/ec-overlay-style.css?ver=admin/css/ec-config-style.css?ver=assets/js/bootstrap.min.js?ver=assets/js/jquery.dataTables.min.js?ver=assets/js/jquery.validate.min.js?ver=assets/js/sweetalert.js?ver=assets/js/libphonenumber-js.max.js?ver=admin/js/shipsy-econnect-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ec-ui-styleec-overlay-styleec-config-style

HTML Comments

TODO: Handle nonce verification.

Data Attributes

data-bs-toggledata-bs-targetaria-controlsaria-labelledby

JS Globals

localized_data

FAQ