WP-Safety

Easyship WooCommerce Shipping Rates Security & Risk Analysis

wordpress.org/plugins/easyship-woocommerce-shipping-rates

Easyship for WooCommerce saves you time and money with live courier rates, seamless checkout, automated taxes & duties, and shipping label creation.

2K active installs v0.9.13 PHP 7.1+ WP 4.7+ Updated Mar 6, 2026
shippingshipping-calculatorshipping-labelsshipping-rateswoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEJul 17, 2023
Plugin page Download
Safety Verdict

Is Easyship WooCommerce Shipping Rates Safe to Use in 2026?

Generally Safe

Score 100/100

Easyship WooCommerce Shipping Rates has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 17, 2023Updated 2mo ago
Risk Assessment

The "easyship-woocommerce-shipping-rates" plugin v0.9.13 exhibits a mixed security posture. On the positive side, all SQL queries are prepared, output is consistently escaped, and there are no file operations or bundled libraries to consider for outdated versions. The plugin also demonstrates an awareness of WordPress security by including nonce checks and capability checks on most entry points.

However, a significant concern arises from the presence of one unprotected AJAX handler, which represents a direct attack vector. While taint analysis shows no current unsanitized flows, the existence of the dangerous `unserialize` function without explicit context on its usage raises a potential flag. The plugin's vulnerability history indicates a past medium severity vulnerability related to Missing Authorization, and while currently patched, it suggests a recurring area of weakness that warrants attention.

In conclusion, while the plugin has made strides in implementing good security practices like prepared statements and output escaping, the unprotected AJAX endpoint is a critical vulnerability that needs immediate remediation. The potential risks associated with `unserialize` and the past authorization issues, although not currently active, suggest that ongoing vigilance and thorough security reviews are essential for this plugin.

Key Concerns

  • Unprotected AJAX handler
  • Presence of dangerous unserialize function
  • Past medium severity vulnerability (Missing Auth)
Vulnerabilities
1 published

Easyship WooCommerce Shipping Rates Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-37989medium · 5.4Missing Authorization

Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions

Jul 17, 2023 Patched in 0.9.1 (190d)
Version History

Easyship WooCommerce Shipping Rates Release Timeline

v0.9.13Current
v0.9.12
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.2
v0.9.1
v0.8.91 CVE
CVE-2023-37989
v0.8.81 CVE
CVE-2023-37989
v0.8.71 CVE
CVE-2023-37989
v0.8.61 CVE
CVE-2023-37989
v0.8.51 CVE
CVE-2023-37989
v0.8.41 CVE
CVE-2023-37989
v0.8.31 CVE
CVE-2023-37989
v0.8.21 CVE
CVE-2023-37989
Code Analysis
Analyzed Mar 16, 2026

Easyship WooCommerce Shipping Rates Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
8 prepared
Unescaped Output
0
23 escaped
Nonce Checks
1
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$val = @unserialize( $raw, array( 'allowed_classes' => false ) );includes\class-easyship-utils.php:83

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped23 total outputs
Attack Surface
1 unprotected

Easyship WooCommerce Shipping Rates Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_easyship_connectincludes\woocommerce\class-easyship-woocommerce-integration.php:102
WordPress Hooks 12
filterpre_update_option_active_pluginsincludes\class-easyship-legacy-guard.php:96
filterpre_update_site_option_active_sitewide_pluginsincludes\class-easyship-legacy-guard.php:98
actionadmin_noticesincludes\class-easyship-legacy-guard.php:164
actionnetwork_admin_noticesincludes\class-easyship-legacy-guard.php:166
actionplugins_loadedincludes\class-easyship-plugin.php:95
actioninitincludes\class-easyship-plugin.php:100
actionadmin_noticesincludes\class-easyship-plugin.php:119
actionrest_api_initincludes\woocommerce\class-easyship-wc-endpoints.php:26
actionbefore_woocommerce_initincludes\woocommerce\class-easyship-woocommerce-integration.php:51
actionwoocommerce_shipping_initincludes\woocommerce\class-easyship-woocommerce-integration.php:95
filterwoocommerce_shipping_methodsincludes\woocommerce\class-easyship-woocommerce-integration.php:96
actionadmin_enqueue_scriptsincludes\woocommerce\class-easyship-woocommerce-integration.php:100
Maintenance & Trust

Easyship WooCommerce Shipping Rates Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version7.1
Downloads78K

Community Trust

Rating84/100
Number of ratings53
Active installs2K
Alternatives

Easyship WooCommerce Shipping Rates Alternatives

Printful Integration for WooCommerce

Printful Integration for WooCommerce

printful-shipping-for-woocommerce

A
98

Grow your store with the top print-on-demand dropshipping plugin

50K 2 CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku &hellip;

20K No CVEs
Gelato Integration for WooCommerce

Gelato Integration for WooCommerce

gelato-integration-for-woocommerce

A
92

Sell globally, print locally with 100+ production hubs in 32 countries

5K No CVEs
Sendcloud Shipping

Sendcloud Shipping

sendcloud-connected-shipping

A
100

SendCloud helps to grow your online store by optimizing the shipping process. Shipping packages has never been that easy!

4K No CVEs
PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met &hellip;

2K 1 CVE
Developer Profile

Easyship WooCommerce Shipping Rates Developer Profile

Easyship

1 plugin · 2K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
190 days
View full developer profile
Detection Fingerprints

How We Detect Easyship WooCommerce Shipping Rates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/css/easyship-admin-shipping-styles.css/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/js/easyship-admin-shipping-page.js/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/css/easyship-settings-page.css/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/js/easyship-settings-page.js
Script Paths
/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/js/easyship-admin-shipping-page.js/wp-content/plugins/easyship-woocommerce-shipping-rates/assets/js/easyship-settings-page.js
Version Parameters
easyship-woocommerce-shipping-rates/assets/css/easyship-admin-shipping-styles.css?ver=easyship-woocommerce-shipping-rates/assets/js/easyship-admin-shipping-page.js?ver=easyship-woocommerce-shipping-rates/assets/css/easyship-settings-page.css?ver=easyship-woocommerce-shipping-rates/assets/js/easyship-settings-page.js?ver=

HTML / DOM Fingerprints

CSS Classes
easyship-connect-buttoneasyship-settings-page
HTML Comments
<!-- Easyship Settings --><!-- Connect to Easyship --><!-- Easyship Connect Button -->
Data Attributes
data-easyship-settings-noncedata-easyship-connect-noncedata-easyship-ajax-url
JS Globals
easyship_settingseasyship_connect_paramseasyship_admin_shipping_page_params
REST Endpoints
/wp-json/easyship/v1/connect/wp-json/easyship/v1/settings
FAQ

Frequently Asked Questions about Easyship WooCommerce Shipping Rates