Does Envíopack (Argentina) have any unpatched vulnerabilities?

No. All known vulnerabilities in Envíopack (Argentina) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Envíopack (Argentina) compatible with WordPress 6.6.5?

According to WordPress.org data, Envíopack (Argentina) 1.0.18 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Envíopack (Argentina) compatible with PHP 7.0+?

Envíopack (Argentina) requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Envíopack (Argentina) updated?

Envíopack (Argentina) was last updated on Oct 14, 2025. Frequent updates are generally a positive security signal.

What is Envíopack (Argentina)'s security score?

Envíopack (Argentina) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Envíopack (Argentina) Security & Risk Analysis

wordpress.org/plugins/enviopack-argentina

Logística de alto desempeño para empresas que no pueden fallar.

90 active installs v1.0.18 PHP 7.0+ WP 5.4+ Updated Oct 14, 2025

downloadableecommercelogisticsstorewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Envíopack (Argentina) Safe to Use in 2026?

Generally Safe

Score 100/100

Envíopack (Argentina) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The 'enviopack-argentina' plugin v1.0.18 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its outputs. The absence of known CVEs and a clean vulnerability history further suggest a relatively stable code base. However, significant concerns arise from its attack surface. The plugin exposes four AJAX handlers without any authentication checks, creating a substantial risk of unauthorized actions. Additionally, the presence of the `unserialize` function is a known vulnerability vector if not handled with extreme care, and the taint analysis revealed one flow with an unsanitized path, though classified as not critical.

The lack of nonce checks on the unprotected AJAX endpoints is a critical oversight. While the plugin doesn't appear to have a history of publicly disclosed vulnerabilities, the current state of its exposed entry points presents a readily exploitable scenario for attackers. The taint analysis, even without critical findings, indicates potential weaknesses in how data is handled. Overall, the plugin has strengths in data handling for SQL and output, but its unprotected AJAX endpoints and use of `unserialize` represent serious, actionable security risks.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
Taint flow with unsanitized paths
No nonce checks on AJAX handlers

Vulnerabilities

None known

Envíopack (Argentina) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Envíopack (Argentina) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$shipment = unserialize($order->get_meta('enviopack_shipment', true));enviopack.php:174

unserialize$shipment_info = unserialize($order->get_meta('enviopack_shipping_info', true));enviopack.php:176

unserialize$shipment_info = unserialize($order->get_meta('enviopack_confirmed_shipment', true));enviopack.php:646

unserialize$shipping_method = unserialize($order->get_meta('enviopack_shipping_info', true));utils.php:230

unserialize$shipping_method = unserialize($order->get_meta('enviopack_shipping_info', true));utils.php:331

unserializeif (!empty($order->get_meta('enviopack_confirmed_shipment', true)) && unserialize($order->get_meta('utils.php:362

Output Escaping

92% escaped75 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

enviopack_notices (utils.php:637)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Envíopack (Argentina) Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_get_officeshooks.php:21

noprivwp_ajax_get_officeshooks.php:22

authwp_ajax_set_officehooks.php:23

noprivwp_ajax_set_officehooks.php:24

Shortcodes 1

[enviopack_tracking] hooks.php:49

WordPress Hooks 26

actionwoocommerce_update_options_shipping_enviopackenviopack-method.php:32

actionadmin_inithooks.php:8

actionadmin_menuhooks.php:9

actionadmin_enqueue_scriptshooks.php:10

actionwoocommerce_shipping_inithooks.php:13

filterwoocommerce_shipping_methodshooks.php:14

actionwoocommerce_review_order_before_submithooks.php:17

actionwoocommerce_after_checkout_billing_formhooks.php:18

actionwoocommerce_checkout_processhooks.php:19

actionwoocommerce_checkout_update_order_metahooks.php:20

filterwoocommerce_cart_shipping_method_full_labelhooks.php:25

filterwoocommerce_checkout_update_order_reviewhooks.php:26

actionwoocommerce_order_status_changedhooks.php:30

actionadd_meta_boxeshooks.php:32

actionwoocommerce_process_shop_order_metahooks.php:33

filterwoocommerce_admin_order_actionshooks.php:34

actionadmin_enqueue_scriptshooks.php:35

filterwoocommerce_order_actionshooks.php:36

filterwoocommerce_order_action_ep_process_orderhooks.php:37

actionsave_posthooks.php:42

filterbulk_actions-edit-producthooks.php:43

filterhandle_bulk_actions-edit-producthooks.php:44

actionwoocommerce_show_admin_noticehooks.php:45

actionwoocommerce_api_ecom-enviopackhooks.php:52

filtergettextwoocommerce-enviopack.php:36

filterngettextwoocommerce-enviopack.php:37

Maintenance & Trust

Envíopack (Argentina) Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 14, 2025

PHP min version7.0

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Envíopack (Argentina) Alternatives

EnvíoPack (Chile)

enviopack

100

Logística de alto desempeño para empresas que no pueden fallar.

0 No CVEs

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

A store editor plugin for editing all WooCommerce store and product pages, cart, checkout and user account pages, all within the WordPress Customizer

20K 1 unpatched

Storefront Product Sharing

storefront-product-sharing

Add attractive social sharing icons for Facebook, Twitter, Pinterest and Email to your product pages.

5K No CVEs

Storefront Footer Bar

storefront-footer-bar

Add a full width widgetised region above the default Storefront footer widget area.

3K No CVEs

Storefront Hamburger Menu

storefront-hamburger-menu

Storefront Hamburger Menu turns the default handheld navigation into an off-screen sidebar menu with a "hamburger" toggle.

2K No CVEs

Developer Profile

Envíopack (Argentina) Developer Profile

Enviopack

2 plugins · 90 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Envíopack (Argentina)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/enviopack-argentina/css/admin.css

HTML / DOM Fingerprints

CSS Classes

info-text

Data Attributes

name="api_key"name="api_secret"name="branch_office"name="packaging_mode"name="shipping_mode"name="default_shipping_status"+2 more

REST Endpoints

/wc-api/ecom-enviopack

FAQ