WP-Safety

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Security & Risk Analysis

wordpress.org/plugins/fish-and-ships

All-in-one Table Rate Shipping: set flexible rules, offer conditional free shipping, define rates by weight, size, volume, volumetric calculations...

2K active installs v2.1.7 PHP 7.0+ WP 4.7+ Updated Feb 9, 2026
flexible-shippingshipping-ratesshipping-rulestable-rate
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 3, 2024
Plugin page Download
Safety Verdict

Is Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Safe to Use in 2026?

Generally Safe

Score 99/100

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 3, 2024Updated 1mo ago
Risk Assessment

The "fish-and-ships" plugin v2.1.7 presents a mixed security posture. While it demonstrates good practices in its SQL query handling, properly escaping a high percentage of outputs, and having no external HTTP requests, significant concerns arise from its attack surface. A total of 9 AJAX handlers are exposed, and alarmingly, all of them lack authentication checks. This creates a wide entry point for potential attackers. Furthermore, the presence of the `unserialize` function, even if not immediately appearing in taint flows as critical or high, is a known risk factor that requires careful handling of serialized data. The plugin's vulnerability history shows one medium severity CVE related to Cross-Site Scripting, which was recently discovered. While currently unpatched, the absence of critical or high severity vulnerabilities in its history might indicate a generally improving security awareness, but the single XSS vulnerability highlights a persistent type of risk that needs vigilance.

Key Concerns

  • All AJAX handlers lack authentication checks
  • Presence of dangerous function: unserialize
  • Medium severity CVE (XSS) in history
  • Flows with unsanitized paths
Vulnerabilities
1

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-9237medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting

Oct 3, 2024 Patched in 1.6 (1d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
5 prepared
Unescaped Output
23
277 escaped
Nonce Checks
1
Capability Checks
10
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized = unserialize( $data, ['allowed_classes' => false] ); // safe3rd-party\fns-wapf-new.php:1315

SQL Query Safety

100% prepared5 total queries

Output Escaping

92% escaped300 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
wc_fns_help (fish-and-ships.php:3094)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_wc_fns_helpfish-and-ships.php:99
authwp_ajax_wc_fns_logsfish-and-ships.php:100
authwp_ajax_wc_fns_logs_panefish-and-ships.php:101
authwp_ajax_wc_fns_fieldsfish-and-ships.php:102
authwp_ajax_wc_fns_messagesfish-and-ships.php:103
authwp_ajax_wc_fns_freemiumfish-and-ships.php:104
authwp_ajax_wc_fns_request_newsfish-and-ships.php:107
authwp_ajax_wc_fns_wizardincludes\wizard.php:26
authwp_ajax_wc_fns_samplesincludes\wizard.php:28
WordPress Hooks 67
filterwc_fns_get_selection_methods3rd-party\fns-measurement-pc.php:24
filterwc_fns_wizard_messages3rd-party\fns-pr_pau.php:25
filterwc_fns_get_selection_methods3rd-party\fns-pr_pau.php:27
filterwc_fns_get_html_details_method3rd-party\fns-pr_pau.php:29
filterwc-fns-groupable-selection-methods3rd-party\fns-pr_pau.php:31
filterwc_fns_sanitize_selection_fields3rd-party\fns-pr_pau.php:33
filterwc_fns_check_matching_selection_method3rd-party\fns-pr_pau.php:35
filterwc_fns_group_external_calculate3rd-party\fns-pr_pau.php:37
filterwc_fns_get_messages_method3rd-party\fns-pr_pau.php:39
filterwc_fns_get_selection_methods3rd-party\fns-wapf-legacy.php:26
filterwc_fns_get_html_details_method3rd-party\fns-wapf-legacy.php:28
filterwc-fns-groupable-selection-methods3rd-party\fns-wapf-legacy.php:30
filterwc_fns_sanitize_selection_fields3rd-party\fns-wapf-legacy.php:32
filterwc_fns_check_matching_selection_method3rd-party\fns-wapf-legacy.php:34
filterwc_fns_group_external_calculate3rd-party\fns-wapf-legacy.php:36
filterwc_fns_wizard_messages3rd-party\fns-wapf-new.php:27
filterwc_fns_get_selection_methods3rd-party\fns-wapf-new.php:29
filterwc_fns_get_html_details_method3rd-party\fns-wapf-new.php:31
filterwc-fns-groupable-selection-methods3rd-party\fns-wapf-new.php:33
filterwc_fns_sanitize_selection_fields3rd-party\fns-wapf-new.php:35
filterwc_fns_check_matching_selection_method3rd-party\fns-wapf-new.php:37
filterwc_fns_group_external_calculate3rd-party\fns-wapf-new.php:39
filterwc_fns_get_messages_method3rd-party\fns-wapf-new.php:41
filterwc_fns_get_product_price3rd-party\fns-woo-discount-rules.php:25
filterwoocommerce_shipping_methodsfish-and-ships.php:90
actionadmin_enqueue_scriptsfish-and-ships.php:93
filterwc_fns_shipping_rules_table_row_htmlfish-and-ships.php:96
filterplugin_row_metafish-and-ships.php:113
actioncurrent_screenfish-and-ships.php:116
filterwoocommerce_shipping_method_add_ratefish-and-ships.php:119
filterwpw_currency_switcher_adjust_package_ratefish-and-ships.php:120
actionbefore_woocommerce_initfish-and-ships.php:3408
actioninitfish-and-ships.php:3414
actionwoocommerce_shipping_initfish-and-ships.php:3450
filterwc_fns_get_selection_methodsincludes\address-settings-form-fns.php:23
filterwc_fns_get_actionsincludes\boxes-settings-form-fns.php:30
filterwc_fns_get_selection_methodsincludes\date-settings-form-fns.php:22
actionadmin_noticesincludes\double-installation.php:19
filterwc_fns_get_selection_methodsincludes\settings-form-fns.php:23
filterwc_fns_get_html_details_methodincludes\settings-form-fns.php:94
filterwc_fns_sanitize_selection_fieldsincludes\settings-form-fns.php:175
filterwc_fns_sanitize_selection_operatorsincludes\settings-form-fns.php:353
filterwc_fns_check_matching_selection_methodincludes\settings-form-fns.php:399
filterwc_fns_get_cost_methodsincludes\settings-form-fns.php:563
filterwc_fns_get_html_price_fieldsincludes\settings-form-fns.php:595
filterwc_fns_sanitize_costincludes\settings-form-fns.php:737
filterwc_fns_calculate_cost_ruleincludes\settings-form-fns.php:878
filterwc_fns_get_actionsincludes\settings-form-fns.php:1115
filterwc_fns_get_html_details_actionincludes\settings-form-fns.php:1181
filterwc_fns_sanitize_actionincludes\settings-form-fns.php:1201
filterwc_fns_get_translatable_actionincludes\settings-form-fns.php:1267
filterwc_fns_apply_actionincludes\settings-form-fns.php:1294
filterwoocommerce_get_sections_shippingincludes\shipping-boxes.php:25
filterwoocommerce_get_settings_shippingincludes\shipping-boxes.php:28
actionwoocommerce_admin_field_fns-shipping-boxes-fieldsincludes\shipping-boxes.php:31
actionwoocommerce_settings_save_shippingincludes\shipping-boxes.php:34
actionadmin_initincludes\wizard.php:24
actionadmin_enqueue_scriptsincludes\wizard.php:32
actionadmin_noticesincludes\wizard.php:76
actionadmin_noticesincludes\wizard.php:81
actionadmin_noticesincludes\wizard.php:86
actionadmin_noticesincludes\wizard.php:91
actionadmin_noticesincludes\wizard.php:97
actionadmin_noticesincludes\wizard.php:103
actionadmin_noticesincludes\wizard.php:108
actionadmin_print_footer_scriptsincludes\wizard.php:206
actionadmin_noticesincludes\woocommerce-required.php:28
Maintenance & Trust

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 9, 2026
PHP min version7.0
Downloads75K

Community Trust

Rating98/100
Number of ratings48
Active installs2K
Alternatives

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Alternatives

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

Codiepress Advanced Rule Based Shipping for WooCommerce, Table Rate Shipping Methods, Weight Based Shipping

advanced-rule-based-shipping

A
100

Transform your WooCommerce store with Advanced Rule Based Shipping methods! Enjoy flexible options like table rates, weight-based, and flat rates!

100 No CVEs
Calcurates for WooCommerce

Calcurates for WooCommerce

calcurates-for-woocommerce

A
100

An ultimate multi-carrier shipping plugin for e-commerce that helps manage and display the right shipping methods and rates at checkout

40 No CVEs
PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met &hellip;

2K 1 CVE
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Weight Based Shipping for WooCommerce

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

A
100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE
Developer Profile

Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules Developer Profile

wp-centrics

5 plugins · 3K total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fish-and-ships/assets/css/admin.css/wp-content/plugins/fish-and-ships/assets/css/frontend.css/wp-content/plugins/fish-and-ships/assets/js/admin.js/wp-content/plugins/fish-and-ships/assets/js/frontend.js
Script Paths
/wp-content/plugins/fish-and-ships/assets/js/admin.js/wp-content/plugins/fish-and-ships/assets/js/frontend.js
Version Parameters
fish-and-ships/assets/css/admin.css?ver=fish-and-ships/assets/css/frontend.css?ver=fish-and-ships/assets/js/admin.js?ver=fish-and-ships/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc_fns_help_tooltip
HTML Comments
<!-- This is a comment from Fish and Ships -->
Data Attributes
data-fns-help
JS Globals
wc_fns_ajax_object
REST Endpoints
/wp-json/wc_fns/v1/help/wp-json/wc_fns/v1/logs/wp-json/wc_fns/v1/fields/wp-json/wc_fns/v1/messages/wp-json/wc_fns/v1/freemium
FAQ

Frequently Asked Questions about Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules