WP-Safety

Epeken All Kurir for Woocommerce Security & Risk Analysis

wordpress.org/plugins/epeken-all-kurir

Epeken All Kurir is a wordpress plugin for woocommerce to enable shipping method featuring many shipping companies for Indonesia e-commerce.

500 active installs v2.0.6 PHP + WP 4.0+ Updated Jan 5, 2026
epekenjneongkirongkos-kirimshipping
55
C · Use Caution
CVEs total3
Unpatched2
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Epeken All Kurir for Woocommerce Safe to Use in 2026?

Use With Caution

Score 55/100

Epeken All Kurir for Woocommerce has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

3 known CVEs 2 unpatched Last CVE: Sep 22, 2025Updated 2mo ago
Risk Assessment

The "epeken-all-kurir" v2.0.6 plugin exhibits a mixed security posture. While it demonstrates some good practices like a significant portion of SQL queries using prepared statements and a considerable number of output escapes, there are notable areas of concern. The static analysis reveals a substantial attack surface, with 11 total entry points, and importantly, one of these (a REST API route) lacks proper permission callbacks, presenting an immediate risk of unauthorized access or manipulation. Taint analysis indicates a significant number of flows with unsanitized paths (7 out of 9), although thankfully no critical or high-severity issues were identified in this analysis. The plugin's vulnerability history is a significant red flag. With three known CVEs, two of which remain unpatched, and a pattern of Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities, it suggests a recurring weakness in input validation and access control. The most recent vulnerability being in the future also points to potential issues with versioning or reporting accuracy. The presence of unpatched vulnerabilities, coupled with an unprotected entry point and numerous unsanitized taint flows, elevates the risk associated with this plugin.

Key Concerns

  • REST API route without permission callbacks
  • Total known CVEs: 3
  • Currently unpatched CVEs: 2
  • Flows with unsanitized paths: 7
  • Output escaping: 65% properly escaped
Vulnerabilities
3

Epeken All Kurir for Woocommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-57906medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Epeken All Kurir <= 2.0.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2025-58212medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Epeken All Kurir <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 2.0.2 (8d)
CVE-2025-32673medium · 6.1Cross-Site Request Forgery (CSRF)

Epeken All Kurir <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Epeken All Kurir for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
3 prepared
Unescaped Output
250
469 escaped
Nonce Checks
5
Capability Checks
1
File Operations
9
External Requests
23
Bundled Libraries
0

SQL Query Safety

60% prepared5 total queries

Output Escaping

65% escaped719 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths
epeken_get_awb_tracking (includes\epeken_courier_ajax_backend.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Epeken All Kurir for Woocommerce Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 8

authwp_ajax_get_list_kecamatanincludes\epeken_courier_ajax_backend.php:53
noprivwp_ajax_get_list_kecamatanincludes\epeken_courier_ajax_backend.php:54
authwp_ajax_get_track_awbincludes\epeken_courier_ajax_backend.php:55
noprivwp_ajax_get_track_awbincludes\epeken_courier_ajax_backend.php:56
noprivwp_ajax_get_list_kotaincludes\epeken_courier_ajax_backend.php:57
authwp_ajax_get_list_kotaincludes\epeken_courier_ajax_backend.php:58
authwp_ajax_submit_konfirmasi_pembayaranincludes\epeken_konfirmasi_pembayaran.php:257
noprivwp_ajax_submit_konfirmasi_pembayaranincludes\epeken_konfirmasi_pembayaran.php:258

REST API Routes 1

POST/wp-json/epeken/v1/completeorderincludes\epeken_courier_end_points.php:5

Shortcodes 2

[epeken_cekresi] epeken_courier.php:1263
[epeken_konfirmasi_pembayaran] includes\epeken_konfirmasi_pembayaran.php:256
WordPress Hooks 193
actionwoocommerce_thankyou_bank_bcaclass\bca_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bca_payment_method.php:23
actionwoocommerce_thankyou_bank_biiclass\bii_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bii_payment_method.php:23
actionwoocommerce_thankyou_bank_bniclass\bni_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bni_payment_method.php:23
actionwoocommerce_thankyou_bank_bni_syariahclass\bni_syariah_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bni_syariah_payment_method.php:23
actionwoocommerce_thankyou_bank_briclass\bri_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bri_payment_method.php:23
actionwoocommerce_thankyou_bank_bri_syariahclass\bri_syariah_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bri_syariah_payment_method.php:23
actionwoocommerce_thankyou_bank_syariah_mandiriclass\bsm_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\bsm_payment_method.php:23
actionwoocommerce_thankyou_btpnclass\btpn_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\btpn_payment_method.php:23
actionepeken_custom_tariffclass\companies\atlas.php:3
actionepeken_custom_tariffclass\companies\custom.php:3
actionepeken_custom_tariffclass\companies\dakota.php:3
actionepeken_custom_tariffclass\companies\jmx.php:4
actionepeken_custom_tariffclass\companies\jnt.php:3
actionwoocommerce_cart_calculate_feesclass\companies\jnt.php:43
actionepeken_custom_tariffclass\companies\jtr.php:3
actionepeken_custom_tariffclass\companies\lion.php:3
actionwoocommerce_cart_calculate_feesclass\companies\lion.php:53
actionepeken_custom_tariffclass\companies\ninja.php:4
actionwoocommerce_cart_calculate_feesclass\companies\ninja.php:52
actionepeken_custom_tariffclass\companies\nss.php:3
actionepeken_custom_tariffclass\companies\pos.php:3
actionwoocommerce_cart_calculate_feesclass\companies\pos.php:147
actionepeken_custom_tariffclass\companies\rpx.php:3
actionepeken_custom_tariffclass\companies\sap.php:3
actionepeken_custom_tariffclass\companies\sicepat.php:3
actionwoocommerce_cart_calculate_feesclass\companies\sicepat.php:87
actionepeken_custom_tariffclass\companies\wahana.php:3
actionwoocommerce_cart_calculate_feesclass\companies\wahana.php:37
actionwoocommerce_cart_calculate_feesclass\companies\wahana.php:39
actionwoocommerce_thankyou_danamonclass\danamon_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\danamon_payment_method.php:23
actionwoocommerce_thankyou_bank_mandiriclass\mandiri_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\mandiri_payment_method.php:23
actionwoocommerce_thankyou_maybankclass\maybank_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\maybank_payment_method.php:23
actionwoocommerce_thankyou_bank_muamalatclass\muamalat_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\muamalat_payment_method.php:23
actionwoocommerce_thankyou_bank_niagaclass\niaga_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\niaga_payment_method.php:23
actionwoocommerce_thankyou_bank_permataclass\permata_payment_method.php:22
actionwoocommerce_email_before_order_tableclass\permata_payment_method.php:23
filterwoocommerce_cart_ready_to_calc_shippingclass\shipping.php:277
actionwoocommerce_update_options_shipping_methodsclass\shipping.php:278
actionwoocommerce_before_checkout_billing_formclass\shipping.php:280
actionwoocommerce_checkout_processclass\shipping.php:281
actionwoocommerce_checkout_processclass\shipping.php:282
actionadmin_enqueue_scriptsclass\shipping.php:284
filterwoocommerce_shipping_package_nameclass\shipping.php:286
actionwoocommerce_review_order_before_cart_contentsclass\shipping.php:1876
actionwoocommerce_review_order_before_cart_contentsclass\shipping.php:1878
actionwoocommerce_cart_calculate_feesclass\shipping.php:1883
actionwoocommerce_cart_calculate_feesclass\shipping.php:1884
actionwoocommerce_cart_calculate_feesclass\shipping.php:1885
actionwoocommerce_checkout_update_order_metaclass\shipping.php:1981
actionwoocommerce_cart_calculate_feesclass\shipping.php:2018
actionwoocommerce_cart_calculate_feesclass\shipping.php:2019
filterwoocommerce_available_payment_gatewaysclass\shipping.php:2021
actionwoocommerce_cart_calculate_feesclass\shipping.php:2589
filterwoocommerce_available_payment_gatewaysclass\shipping.php:2725
actionwoocommerce_cart_calculate_feesclass\shipping.php:2727
actionwidgets_initclass\widget_cekresi.php:69
actionwoocommerce_shipping_initepeken_courier.php:115
filterwoocommerce_shipping_methodsepeken_courier.php:120
actionplugins_loadedepeken_courier.php:121
filterwoocommerce_payment_gatewaysepeken_courier.php:131
actionplugins_loadedepeken_courier.php:132
filterwoocommerce_payment_gatewaysepeken_courier.php:142
actionplugins_loadedepeken_courier.php:143
filterwoocommerce_payment_gatewaysepeken_courier.php:153
actionplugins_loadedepeken_courier.php:154
filterwoocommerce_payment_gatewaysepeken_courier.php:164
actionplugins_loadedepeken_courier.php:165
filterwoocommerce_payment_gatewaysepeken_courier.php:175
actionplugins_loadedepeken_courier.php:176
filterwoocommerce_payment_gatewaysepeken_courier.php:186
actionplugins_loadedepeken_courier.php:187
filterwoocommerce_payment_gatewaysepeken_courier.php:197
actionplugins_loadedepeken_courier.php:198
filterwoocommerce_payment_gatewaysepeken_courier.php:208
actionplugins_loadedepeken_courier.php:209
filterwoocommerce_payment_gatewaysepeken_courier.php:219
actionplugins_loadedepeken_courier.php:220
filterwoocommerce_payment_gatewaysepeken_courier.php:230
actionplugins_loadedepeken_courier.php:231
filterwoocommerce_payment_gatewaysepeken_courier.php:241
actionplugins_loadedepeken_courier.php:242
filterwoocommerce_payment_gatewaysepeken_courier.php:252
actionplugins_loadedepeken_courier.php:254
filterwoocommerce_payment_gatewaysepeken_courier.php:264
actionplugins_loadedepeken_courier.php:266
filterwoocommerce_payment_gatewaysepeken_courier.php:276
filterwoocommerce_billing_fieldsepeken_courier.php:380
filterwoocommerce_shipping_fieldsepeken_courier.php:381
filterwoocommerce_default_address_fieldsepeken_courier.php:398
actionwoocommerce_before_order_notesepeken_courier.php:465
actionwp_footerepeken_courier.php:499
actionwp_headepeken_courier.php:739
actionwoocommerce_after_checkout_billing_formepeken_courier.php:740
actionwoocommerce_after_edit_address_form_billingepeken_courier.php:741
actionwoocommerce_after_checkout_shipping_formepeken_courier.php:742
actionwoocommerce_after_edit_address_form_shippingepeken_courier.php:743
actionwoocommerce_after_checkout_billing_formepeken_courier.php:744
actionwoocommerce_after_edit_address_form_billingepeken_courier.php:745
actionwoocommerce_after_checkout_shipping_formepeken_courier.php:746
actionwoocommerce_after_edit_address_form_shippingepeken_courier.php:747
actionwoocommerce_after_edit_address_form_billingepeken_courier.php:749
actionwoocommerce_after_edit_address_form_shippingepeken_courier.php:750
actionwoocommerce_after_checkout_shipping_formepeken_courier.php:751
actionwoocommerce_after_checkout_billing_formepeken_courier.php:752
actionwoocommerce_after_edit_address_form_billingepeken_courier.php:753
actionwoocommerce_after_edit_address_form_shippingepeken_courier.php:754
actionwoocommerce_after_checkout_billing_formepeken_courier.php:755
actionwoocommerce_after_checkout_shipping_formepeken_courier.php:756
actionwoocommerce_after_edit_address_form_shippingepeken_courier.php:757
actionwoocommerce_after_edit_address_form_billingepeken_courier.php:758
actionwoocommerce_customer_save_addressepeken_courier.php:760
actionwoocommerce_checkout_update_order_metaepeken_courier.php:775
filterdefault_checkout_billing_cityepeken_courier.php:803
filterdefault_checkout_shipping_cityepeken_courier.php:804
actionwoocommerce_admin_order_data_after_billing_addressepeken_courier.php:812
actionwoocommerce_admin_order_data_after_shipping_addressepeken_courier.php:827
actiontemplate_redirectepeken_courier.php:843
actionadmin_menuepeken_courier.php:864
actionwoocommerce_product_write_panel_tabsepeken_courier.php:995
actionwoocommerce_product_write_panelsepeken_courier.php:996
actionend_wcfm_products_manageepeken_courier.php:997
actionwoocommerce_process_product_metaepeken_courier.php:1171
filterwoocommerce_add_to_cart_validationepeken_courier.php:1216
actionshow_user_profileepeken_courier.php:1218
actionedit_user_profileepeken_courier.php:1219
actionpersonal_options_updateepeken_courier.php:1237
actionedit_user_profile_updateepeken_courier.php:1238
actionwoocommerce_after_cart_totalsepeken_courier.php:1248
actionwoocommerce_single_product_summaryepeken_courier.php:1264
actionwp_default_scriptsepeken_courier.php:1331
actionwp_enqueue_scriptsepeken_courier.php:1336
actionadmin_noticesepeken_courier.php:1425
actionplugins_loadedepeken_courier.php:1430
actionwoocommerce_view_orderepeken_courier.php:1489
actionwp_footerepeken_courier.php:1527
filterwoocommerce_no_shipping_available_htmlepeken_courier.php:1559
filterwoocommerce_shipping_may_be_available_htmlepeken_courier.php:1564
actionadmin_enqueue_scriptsepeken_courier.php:1569
actionadmin_noticesepeken_courier.php:1575
actionwp_headepeken_courier.php:1595
actionepeken_custom_tariffepeken_courier.php:1613
actionepeken_custom_international_tariffepeken_courier.php:1614
actionwoocommerce_review_order_before_shippingepeken_courier.php:1620
actionepeken_custom_tariffepeken_courier.php:1624
actionwoocommerce_cart_calculate_feesepeken_courier.php:1643
actionepeken_derive_gojek_tarifepeken_courier.php:1647
filtergettextepeken_courier.php:1682
filterwoocommerce_cart_item_nameepeken_courier.php:1687
actionepeken_custom_international_tariffepeken_courier.php:1715
filterwoocommerce_available_payment_gatewaysepeken_courier.php:1719
actionwoocommerce_after_checkout_validationepeken_courier.php:1722
actionadmin_enqueue_scriptsepeken_courier.php:1738
actionrest_api_initincludes\epeken_courier_end_points.php:3
filterwoocommerce_my_account_my_orders_actionsincludes\epeken_konfirmasi_pembayaran.php:3
filterwoocommerce_my_account_my_orders_actionsincludes\epeken_konfirmasi_pembayaran.php:41
actionwoocommerce_account_contentincludes\epeken_konfirmasi_pembayaran.php:64
filterupload_dirincludes\epeken_konfirmasi_pembayaran.php:295
actionshow_user_profileincludes\epeken_multi_vendors.php:6
actionedit_user_profileincludes\epeken_multi_vendors.php:7
actionwcvendors_settings_after_shop_nameincludes\epeken_multi_vendors.php:8
actionpersonal_options_updateincludes\epeken_multi_vendors.php:9
actionedit_user_profile_updateincludes\epeken_multi_vendors.php:10
actionwcvendors_settings_before_paypalincludes\epeken_multi_vendors.php:11
actiondokan_settings_form_bottomincludes\epeken_multi_vendors.php:12
actiondokan_store_profile_savedincludes\epeken_multi_vendors.php:13
filterwcfm_is_allow_epekenincludes\epeken_multi_vendors.php:14
actionwcfm_marketplace_shippingincludes\epeken_multi_vendors.php:15
actionwcfm_vendor_shipping_settings_updateincludes\epeken_multi_vendors.php:16
actionwcfm_vendor_settings_updateincludes\epeken_multi_vendors.php:17
actionbefore_wcfmmp_sold_by_label_product_pageincludes\epeken_multi_vendors.php:18
actionepeken_hook_calculate_shippingincludes\epeken_multi_vendors.php:732
filterwoocommerce_cart_shipping_packagesincludes\epeken_multi_vendors.php:880
actionwoocommerce_checkout_create_order_shipping_itemincludes\epeken_multi_vendors.php:943
actionwoocommerce_checkout_create_order_shipping_itemincludes\epeken_multi_vendors.php:950
actionwoocommerce_checkout_create_order_shipping_itemincludes\epeken_multi_vendors.php:957
actionbegin_wcfm_dokan_settings_formincludes\epeken_multi_vendors.php:1093
filterwcfm_order_details_shipping_line_itemincludes\epeken_multi_vendors.php:1114
filterwcfm_order_details_shipping_totalincludes\epeken_multi_vendors.php:1119
filterdokan_checkout_update_order_metaincludes\epeken_multi_vendors.php:1125
actioninitincludes\epeken_wcpv.php:7
Maintenance & Trust

Epeken All Kurir for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version
Downloads72K

Community Trust

Rating94/100
Number of ratings23
Active installs500
Alternatives

Epeken All Kurir for Woocommerce Alternatives

Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce

Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce

ongkoskirim-id

C
63

OngkosKirim.id merupakan plugin ongkos kirim woocommerce dengan fitur terkomplit dan ekspedisi terlengkap, meliputi JNE, TIKI, POS, J&T, Sicepat, &hellip;

2K 1 unpatched
Shipping Discount for WooCommerce: Easy Make a Coupon for Shipping

Shipping Discount for WooCommerce: Easy Make a Coupon for Shipping

shipping-discount

A
92

Want to make a strikeout price for shipping? It's easy to use the shipping discount plugin, all you have to do is set the shipping discount you w &hellip;

300 No CVEs
AgenWebsite Shipping – Plugin Ongkos Kirim & Generate Resi Otomatis Semua Kurir Indonesia

AgenWebsite Shipping – Plugin Ongkos Kirim & Generate Resi Otomatis Semua Kurir Indonesia

woocommerce-jne

A
100

Otomatisasi pengiriman WooCommerce dengan kurir terpercaya Indonesia. Tarif real-time, pelacakan instan, cetak resi otomatis - tanpa hitung manual!

300 No CVEs
JNE Shipping

JNE Shipping

jne-shipping

A
100

Plugin JNE Shipping Indonesia yang khusus untuk diintegrasikan dengan plugin WP-Ecommerce.

10 No CVEs
JNE Shipping – Plugin Ongkos Kirim Resmi Untuk WooCommerce

JNE Shipping – Plugin Ongkos Kirim Resmi Untuk WooCommerce

jne-shipping-official

A
100

Plugin pengiriman JNE resmi untuk WooCommerce di Indonesia. Menyediakan tarif real-time, pembuatan AWB, dan pelacakan pengiriman.

10 No CVEs
Developer Profile

Epeken All Kurir for Woocommerce Developer Profile

epeken

2 plugins · 550 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Epeken All Kurir for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/epeken-all-kurir/class/widget_cekresi.php/wp-content/plugins/epeken-all-kurir/includes/epeken_courier_ajax_backend.php/wp-content/plugins/epeken-all-kurir/includes/epeken_courier_end_points.php/wp-content/plugins/epeken-all-kurir/includes/epeken_konfirmasi_pembayaran.php/wp-content/plugins/epeken-all-kurir/class/shipping.php/wp-content/plugins/epeken-all-kurir/class/companies/lion.php/wp-content/plugins/epeken-all-kurir/class/companies/jmx.php/wp-content/plugins/epeken-all-kurir/class/companies/jnt.php+14 more
Version Parameters
/wp-content/plugins/epeken-all-kurir/style.css?ver=2.0.6

HTML / DOM Fingerprints

CSS Classes
epeken-kurirform-group epeken-form-groupepeken-kurir-header
HTML Comments
<!-- EPEKEN ALL KURIR FOR WOOCOMMERCE --><!-- EPEKEN ALL KURIR FOR WOOCOMMERCE -->
Data Attributes
data-jnedata-jne-truckingdata-posdata-wahanadata-sicepatdata-jnt+8 more
JS Globals
epeken_jvarsepeken_js_vars
REST Endpoints
/wp-json/epeken/v1/jne_get_ongkir/wp-json/epeken/v1/jtr_get_ongkir/wp-json/epeken/v1/pos_get_ongkir/wp-json/epeken/v1/wahana_get_ongkir/wp-json/epeken/v1/sicepat_get_ongkir/wp-json/epeken/v1/jnt_get_ongkir/wp-json/epeken/v1/rpx_get_ongkir/wp-json/epeken/v1/jet_get_ongkir/wp-json/epeken/v1/dakota_get_ongkir/wp-json/epeken/v1/atlas_get_ongkir/wp-json/epeken/v1/custom_get_ongkir/wp-json/epeken/v1/nss_get_ongkir/wp-json/epeken/v1/jmx_get_ongkir/wp-json/epeken/v1/lion_get_ongkir/wp-json/epeken/v1/jne_trucking_get_ongkir/wp-json/epeken/v1/jne_get_tracking/wp-json/epeken/v1/jtr_get_tracking/wp-json/epeken/v1/pos_get_tracking/wp-json/epeken/v1/wahana_get_tracking/wp-json/epeken/v1/sicepat_get_tracking/wp-json/epeken/v1/jnt_get_tracking/wp-json/epeken/v1/rpx_get_tracking/wp-json/epeken/v1/jet_get_tracking/wp-json/epeken/v1/dakota_get_tracking/wp-json/epeken/v1/atlas_get_tracking/wp-json/epeken/v1/custom_get_tracking/wp-json/epeken/v1/nss_get_tracking/wp-json/epeken/v1/jmx_get_tracking/wp-json/epeken/v1/lion_get_tracking/wp-json/epeken/v1/jne_trucking_get_tracking
FAQ

Frequently Asked Questions about Epeken All Kurir for Woocommerce