Does eShipper Commerce have any unpatched vulnerabilities?

No. All known vulnerabilities in eShipper Commerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is eShipper Commerce compatible with WordPress 6.8.5?

According to WordPress.org data, eShipper Commerce 2.16.12 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is eShipper Commerce compatible with PHP 7.1+?

eShipper Commerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is eShipper Commerce updated?

eShipper Commerce was last updated on Apr 14, 2025. Frequent updates are generally a positive security signal.

What is eShipper Commerce's security score?

eShipper Commerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

eShipper Commerce Security & Risk Analysis

wordpress.org/plugins/eshipper-commerce

Integrate your eCommerce platforms, automate shipping, and save on all carriers with eShipper.

100 active installs v2.16.12 PHP 7.1+ WP 3.1+ Updated Apr 14, 2025

checkoute-commerceshippingshipping-labelsshipping-rates-calculator

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is eShipper Commerce Safe to Use in 2026?

Generally Safe

Score 100/100

eShipper Commerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The eshipper-commerce plugin v2.16.12 exhibits a concerning security posture primarily due to a large, unprotected attack surface. All 13 identified entry points, including AJAX handlers and REST API routes, lack proper authentication and permission checks. This means any user, even unauthenticated ones, could potentially interact with these functions, leading to unauthorized actions or data exposure. The lack of nonce checks on AJAX handlers further exacerbates this risk, as it opens the door to Cross-Site Request Forgery (CSRF) attacks. While the static analysis did not reveal dangerous functions or critical taint flows, the high percentage of improperly escaped output (62%) suggests a significant risk of Cross-Site Scripting (XSS) vulnerabilities across various outputs. The plugin's history of zero known vulnerabilities might suggest good development practices in the past or a lack of targeted analysis, but it does not negate the current, evident code-level risks. The substantial number of SQL queries that do not utilize prepared statements (76%) also poses a serious risk of SQL injection vulnerabilities. The plugin's strength lies in its absence of bundled libraries and file operations, which avoids common attack vectors associated with those areas. However, the critical weaknesses in authentication, authorization, and output escaping, coupled with the SQL injection risks, present a substantial security risk that requires immediate attention.

Key Concerns

All AJAX handlers lack authentication checks
REST API route lacks permission callback
No nonce checks on AJAX handlers
Significant portion of SQL queries not prepared
Over half of outputs are not properly escaped
Large attack surface without authorization

Vulnerabilities

None known

eShipper Commerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

eShipper Commerce Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

24% prepared51 total queries

Output Escaping

38% escaped126 total outputs

Attack Surface

13 unprotected

eShipper Commerce Attack Surface

Entry Points13

Unprotected13

AJAX Handlers 12

authwp_ajax_keycloak_authenticationwoocommerce-eshipper.php:130

authwp_ajax_save_shipping_addresswoocommerce-eshipper.php:131

authwp_ajax_update_shipping_marginwoocommerce-eshipper.php:132

authwp_ajax_save_checkout_settingswoocommerce-eshipper.php:133

authwp_ajax_update_carrier_serviceswoocommerce-eshipper.php:134

authwp_ajax_reset_carrier_serviceswoocommerce-eshipper.php:135

authwp_ajax_fix_eshipper_pluginwoocommerce-eshipper.php:136

authwp_ajax_plugin_health_db_updatewoocommerce-eshipper.php:137

authwp_ajax_es_select_productswoocommerce-eshipper.php:138

authwp_ajax_es_select_country_stateswoocommerce-eshipper.php:139

authwp_ajax_get_rates_for_shipping_calculatorwoocommerce-eshipper.php:140

authwp_ajax_deactivation_feedbackwoocommerce-eshipper.php:1037

REST API Routes 1

DELETE/wp-json/wl/v3uninstall-eshipper-pluginwoocommerce-eshipper.php:772

WordPress Hooks 20

actionwoocommerce_shipping_initframework\EshipperPlugin.php:22

actionwoocommerce_before_shipping_calculatorframework\EshipperPlugin.php:25

filterwoocommerce_cart_shipping_method_full_labelframework\EshipperPlugin.php:28

actioninitframework\EshipperPlugin.php:31

actionplugins_loadedframework\EshipperPlugin.php:36

actionupgrader_process_completeframework\EshipperPlugin.php:39

actionadmin_noticesframework\EshipperPlugin.php:40

actionadmin_noticesframework\EshipperPlugin.php:41

actionadmin_initframework\EshipperPlugin.php:43

filterwoocommerce_shipping_methodsframework\EshipperPlugin.php:56

filterwoocommerce_shipping_calculator_enable_postcodeframework\EshipperPlugin.php:88

actionbefore_woocommerce_initwoocommerce-eshipper.php:51

actionadmin_enqueue_scriptswoocommerce-eshipper.php:62

actionadmin_noticeswoocommerce-eshipper.php:123

actionrest_api_initwoocommerce-eshipper.php:771

actioninitwoocommerce-eshipper.php:1045

filterinitwoocommerce-eshipper.php:1102

filterwc_order_statuseswoocommerce-eshipper.php:1115

filterwc_order_statuseswoocommerce-eshipper.php:1123

actionadmin_noticeswoocommerce-eshipper.php:1147

Maintenance & Trust

eShipper Commerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 14, 2025

PHP min version7.1

Downloads7K

Community Trust

Rating46/100

Number of ratings3

Active installs100

Alternatives

eShipper Commerce Alternatives

Amazon Pay for WooCommerce

woocommerce-gateway-amazon-payments-advanced

100

Install the Amazon Pay plugin for your WooCommerce store and take advantage of a seamless checkout experience

20K 1 CVE

Kustom Checkout for WooCommerce

klarna-checkout-for-woocommerce

The leading checkout in the Nordics, built for higher conversion and returning shoppers. Easy to integrate, supports Klarna and all popular payment me …

10K 2 CVEs

Bulgarisation for WooCommerce

bulgarisation-for-woocommerce

Всичко необходимо за вашият онлайн магазин за България. Включва облекчен режим за Наредба - H-18 и методи за доставка с Еконт, CVC и Спиди.

5K 2 CVEs

The Courier Guy Shipping for WooCommerce

the-courier-guy

100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs

Comunas de Chile para WooCommerce

comunas-de-chile-para-woocommerce

100

Agrega las Comunas de Chile a WooCommerce para mejorar la experiencia de envío.

2K No CVEs

Developer Profile

eShipper Commerce Developer Profile

eshipper

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect eShipper Commerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eshipper-commerce/framework/lib/admin.css/wp-content/plugins/eshipper-commerce/framework/lib/plugin_health.css/wp-content/plugins/eshipper-commerce/assets/eShipper.js/wp-content/plugins/eshipper-commerce/framework/lib/admin-settings.js

Script Paths

https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.jshttps://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

Version Parameters

eshipper-commerce/framework/lib/admin.css?ver=eshipper-commerce/framework/lib/plugin_health.css?ver=eshipper-commerce/assets/eShipper.js?ver=eshipper-commerce/framework/lib/admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

eshipper-settings-pageeshipper-tabeShipper-containereShipper-roweShipper-coleShipper-labeleShipper-inputeShipper-button+1 more

HTML Comments

<!-- Dev Note - When release a new version update, please add/change the list of new features/updates in EshipperPlugin.php::newFeatureUpdates() method

<!-- This let's the user see an admin notice after update showing what has been updated.<!-- Following conditions are to check if the user is on the eShipper settings page

<!-- And then load scripts which should only be loading on eShipper settings page and not on any other admin page in Wordpress

+3 more

Data Attributes

data-eshipper-iddata-eshipper-type

JS Globals

eshipper_admin_settings

REST Endpoints

/wp-json/eshipper/v1/keycloak_authentication/wp-json/eshipper/v1/save_shipping_address/wp-json/eshipper/v1/update_shipping_margin/wp-json/eshipper/v1/save_checkout_settings/wp-json/eshipper/v1/update_carrier_services/wp-json/eshipper/v1/reset_carrier_services/wp-json/eshipper/v1/fix_eshipper_plugin/wp-json/eshipper/v1/plugin_health_db_update/wp-json/eshipper/v1/es_select_products/wp-json/eshipper/v1/es_select_country_states/wp-json/eshipper/v1/get_rates_for_shipping_calculator

FAQ