WP-Safety

Express One Shipment Security & Risk Analysis

wordpress.org/plugins/express-one-shipment

WooCommerce integration with Express One Pickup Point and Home Delivery shipping services.

0 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Jan 30, 2026
courierdeliverypickup-pointsshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Express One Shipment Safe to Use in 2026?

Generally Safe

Score 100/100

Express One Shipment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The express-one-shipment plugin v1.0.1 exhibits a generally good security posture with significant strengths in its handling of SQL queries, which are all prepared, and a high percentage of properly escaped output. The absence of known vulnerabilities (CVEs) and critical taint flows is also a positive indicator. However, a notable concern is the presence of one AJAX handler that lacks authentication checks. This unprotected entry point, while only one, represents a potential vector for unauthorized actions if it performs sensitive operations. The plugin also makes a moderate number of external HTTP requests, which could be a vector for supply chain attacks if those external resources are compromised, though no direct vulnerabilities are indicated by the provided data.

Overall, the plugin demonstrates good coding practices, particularly in database interactions and output sanitization. The lack of a vulnerability history suggests a history of stable and secure development. The primary area for improvement and attention is addressing the unprotected AJAX handler to ensure all entry points are properly secured. The plugin's strengths outweigh its immediate weaknesses, but the identified unprotected entry point warrants remediation to further strengthen its security profile.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

Express One Shipment Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Express One Shipment Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
97 escaped
Nonce Checks
13
Capability Checks
4
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

84% escaped115 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
express_one_main_settings_page (express-one-shipment.php:500)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Express One Shipment Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_express_one_set_pickupexpress-one-shipment.php:250
noprivwp_ajax_express_one_set_pickupexpress-one-shipment.php:251
authwp_ajax_express_one_fetch_layoutsexpress-one-shipment.php:643
authwp_ajax_express_one_save_selectedexpress-one-shipment.php:1194
noprivwp_ajax_express_one_save_selectedexpress-one-shipment.php:1195
WordPress Hooks 25
actionwp_enqueue_scriptsexpress-one-shipment.php:172
actionadmin_enqueue_scriptsexpress-one-shipment.php:212
actionadmin_enqueue_scriptsexpress-one-shipment.php:245
actionwoocommerce_before_calculate_totalsexpress-one-shipment.php:292
actionwoocommerce_checkout_create_orderexpress-one-shipment.php:326
actionwoocommerce_after_checkout_validationexpress-one-shipment.php:366
actionadmin_menuexpress-one-shipment.php:468
filterwoocommerce_shipping_methodsexpress-one-shipment.php:886
actionwoocommerce_checkout_update_order_metaexpress-one-shipment.php:887
actionwoocommerce_cart_shipping_method_full_labelexpress-one-shipment.php:890
actionwoocommerce_admin_order_data_after_shipping_addressexpress-one-shipment.php:894
actionwoocommerce_shipping_initexpress-one-shipment.php:1186
actionwoocommerce_admin_order_data_after_order_detailsexpress-one-shipment.php:1219
actionadmin_post_create_express_one_shipmentexpress-one-shipment.php:1287
actionadmin_post_update_expressone_shipmentexpress-one-shipment.php:1430
actionadmin_post_print_expressone_labelexpress-one-shipment.php:1552
filterwoocommerce_admin_order_actionsexpress-one-shipment.php:1623
filterbulk_actions-woocommerce_page_wc-ordersexpress-one-shipment.php:1652
filterhandle_bulk_actions-woocommerce_page_wc-ordersexpress-one-shipment.php:1658
actionadmin_noticesexpress-one-shipment.php:1741
actionadmin_post_download_bulk_labelsexpress-one-shipment.php:1770
actionadmin_noticesexpress-one-shipment.php:1826
filterwoocommerce_shipping_methodsexpress-one-shipment.php:1904
actionwoocommerce_cart_shipping_method_full_labelexpress-one-shipment.php:1906
actionwoocommerce_shipping_initexpress-one-shipment.php:2122
Maintenance & Trust

Express One Shipment Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 30, 2026
PHP min version7.4
Downloads101

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Express One Shipment Alternatives

Local Delivery Drivers for WooCommerce

Local Delivery Drivers for WooCommerce

local-delivery-drivers-for-woocommerce

A
99

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K 1 CVE
Woot

Woot

woot-ro

A
100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs
Uber Direct Integration

Uber Direct Integration

uber-direct-delivery-integration

A
100

Offer instant or scheduled delivery from your WooCommerce store with real-time quotes and Uber Direct integration

60 No CVEs
UDW Delivery – Uber Direct for WooCommerce

UDW Delivery – Uber Direct for WooCommerce

udwdelivery

A
92

Delivery service for WooCommerce integrating with Uber Direct API.

40 No CVEs
Gobuddy – The smart delivery solution

Gobuddy – The smart delivery solution

gobuddy-the-smart-delivery-solution

A
100

The official Gobuddy plugin for WooCommerce

10 No CVEs
Developer Profile

Express One Shipment Developer Profile

exosi

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Express One Shipment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet.css/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet-control-geocoder.css/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet.js/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet-control-geocoder.js/wp-content/plugins/express-one-shipment/assets/js/checkout-map.js/wp-content/plugins/express-one-shipment/assets/images/marker-icon-blue.png/wp-content/plugins/express-one-shipment/assets/images/marker-icon-red.png/wp-content/plugins/express-one-shipment/assets/images/marker-shadow.png+1 more
Script Paths
/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet.js/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet-control-geocoder.js/wp-content/plugins/express-one-shipment/assets/js/checkout-map.js/wp-content/plugins/express-one-shipment/assets/js/admin-main-settings.js
Version Parameters
/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet.css?ver=/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet-control-geocoder.css?ver=/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet.js?ver=/wp-content/plugins/express-one-shipment/assets/vendor/leaflet/leaflet-control-geocoder.js?ver=/wp-content/plugins/express-one-shipment/assets/js/checkout-map.js?ver=/wp-content/plugins/express-one-shipment/assets/js/admin-main-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-action-button-download_label
Data Attributes
id="express-one-map"
JS Globals
expressOnePickupexpressOneAdmin
FAQ

Frequently Asked Questions about Express One Shipment