WP-Safety

Envíopack (México) Security & Risk Analysis

wordpress.org/plugins/enviopack-mexico

Logística de alto desempeño para empresas que no pueden fallar.

10 active installs v1.0.15 PHP 7.0+ WP 5.4+ Updated Oct 14, 2025
downloadableecommercelogisticsstorewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Envíopack (México) Safe to Use in 2026?

Generally Safe

Score 100/100

Envíopack (México) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "enviopack-mexico" plugin v1.0.15 presents a mixed security posture. While it demonstrates good practices in SQL query handling and output escaping, significant concerns arise from its attack surface and the lack of proper authorization checks on several entry points. The presence of four AJAX handlers without authentication checks is a primary risk, potentially allowing unauthorized users to trigger plugin functionality. Additionally, the use of the `unserialize` function is a known risk vector, especially if the data being unserialized originates from an untrusted source, as it can lead to remote code execution if not handled with extreme caution.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This is a positive indicator, suggesting that previous versions may not have harbored critical flaws or that the developers have been proactive. However, this lack of history should not lead to complacency, especially given the identified vulnerabilities in the current static analysis. The absence of nonce checks on AJAX handlers further exacerbates the risk posed by the unprotected entry points.

In conclusion, "enviopack-mexico" v1.0.15 has strengths in its SQL handling and output escaping, which are crucial for preventing common web vulnerabilities. However, the substantial attack surface exposed by unprotected AJAX handlers and the potential risk associated with `unserialize` introduce significant security concerns that require immediate attention. The clean vulnerability history is encouraging but does not negate the risks identified in the current code analysis.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 0 nonce checks found
  • Dangerous function: unserialize used
  • 1 unsanitized path in taint analysis
  • Only 2 capability checks found
Vulnerabilities
None known

Envíopack (México) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Envíopack (México) Release Timeline

v1.0.15Current
v1.0.14
v1.0.13
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Envíopack (México) Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
0 prepared
Unescaped Output
6
68 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$shipment = unserialize($order->get_meta('enviopack_shipment', true));enviopack.php:174
unserialize$shipment_info = unserialize($order->get_meta('enviopack_shipping_info', true));enviopack.php:177
unserialize$shipment_info = unserialize($order->get_meta('enviopack_confirmed_shipment', true));enviopack.php:646
unserialize$shipping_method = unserialize($order->get_meta('enviopack_shipping_info', true));utils.php:230
unserialize$shipping_method = unserialize($order->get_meta('enviopack_shipping_info', true));utils.php:331
unserializeif (!empty($order->get_meta('enviopack_confirmed_shipment', true)) && unserialize($order->get_meta('utils.php:362

Output Escaping

92% escaped74 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
enviopack_notices (utils.php:637)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Envíopack (México) Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_get_officeshooks.php:21
noprivwp_ajax_get_officeshooks.php:22
authwp_ajax_set_officehooks.php:23
noprivwp_ajax_set_officehooks.php:24

Shortcodes 1

[enviopack_tracking] hooks.php:49
WordPress Hooks 26
actionwoocommerce_update_options_shipping_enviopackenviopack-method.php:32
actionadmin_inithooks.php:8
actionadmin_menuhooks.php:9
actionadmin_enqueue_scriptshooks.php:10
actionwoocommerce_shipping_inithooks.php:13
filterwoocommerce_shipping_methodshooks.php:14
actionwoocommerce_review_order_before_submithooks.php:17
actionwoocommerce_after_checkout_billing_formhooks.php:18
actionwoocommerce_checkout_processhooks.php:19
actionwoocommerce_checkout_update_order_metahooks.php:20
filterwoocommerce_cart_shipping_method_full_labelhooks.php:25
filterwoocommerce_checkout_update_order_reviewhooks.php:26
actionwoocommerce_order_status_changedhooks.php:30
actionadd_meta_boxeshooks.php:32
actionwoocommerce_process_shop_order_metahooks.php:33
filterwoocommerce_admin_order_actionshooks.php:34
actionadmin_enqueue_scriptshooks.php:35
filterwoocommerce_order_actionshooks.php:36
filterwoocommerce_order_action_ep_process_orderhooks.php:37
actionsave_posthooks.php:42
filterbulk_actions-edit-producthooks.php:43
filterhandle_bulk_actions-edit-producthooks.php:44
actionwoocommerce_show_admin_noticehooks.php:45
actionwoocommerce_api_ecom-enviopackhooks.php:52
filtergettextwoocommerce-enviopack.php:36
filterngettextwoocommerce-enviopack.php:37
Maintenance & Trust

Envíopack (México) Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 14, 2025
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Envíopack (México) Alternatives

Envíopack (Argentina)

Envíopack (Argentina)

enviopack-argentina

A
100

Logística de alto desempeño para empresas que no pueden fallar.

100 No CVEs
EnvíoPack (Chile)

EnvíoPack (Chile)

enviopack

A
100

Logística de alto desempeño para empresas que no pueden fallar.

0 No CVEs
StoreCustomizer – A plugin to Customize all WooCommerce Pages

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

A
99

A store editor plugin for editing all WooCommerce store and product pages, cart, checkout and user account pages, all within the WordPress Customizer

20K 1 CVE
Storefront Product Sharing

Storefront Product Sharing

storefront-product-sharing

A
85

Add attractive social sharing icons for Facebook, Twitter, Pinterest and Email to your product pages.

5K No CVEs
Storefront Footer Bar

Storefront Footer Bar

storefront-footer-bar

A
85

Add a full width widgetised region above the default Storefront footer widget area.

3K No CVEs
Developer Profile

Envíopack (México) Developer Profile

Enviopack

3 plugins · 110 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Envíopack (México)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/enviopack-mexico/css/admin.css
Version Parameters
enviopack-mexico/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
info-text
HTML Comments
Campo desactivado por no estár disponible en México (aún)
Data Attributes
name="api_key"name="api_secret"name="branch_office"name="packaging_mode"name="shipping_mode"name="default_shipping_status"+2 more
REST Endpoints
/wc-api/ecom-enviopack
Shortcode Output
Ingresá tu dirección para conocer los costos de envio (Envío a Domicilio / Retiro por sucursal)
FAQ

Frequently Asked Questions about Envíopack (México)