WP-Safety

FlagShip WooCommerce Extension Security & Risk Analysis

wordpress.org/plugins/flagship-shipping-extension-for-woocommerce

FlagShip WooCommerce Extension obtains FlagShip shipping rates for orders and exports order to FlagShip to dispatch shipment.

10 active installs v1.0.23 PHP 7.1+ WP 4.6+ Updated Jan 27, 2023
couriere-commerceecommerceshippingwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FlagShip WooCommerce Extension Safe to Use in 2026?

Generally Safe

Score 85/100

FlagShip WooCommerce Extension has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "flagship-shipping-extension-for-woocommerce" plugin v1.0.23 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs, unpatched vulnerabilities, and dangerous functions is a significant strength. The code appears to follow secure practices by utilizing prepared statements for all SQL queries and implementing at least one capability check, indicating an awareness of WordPress security principles. However, several areas raise concerns. The 0 total entry points reported is unusual and might indicate an incomplete analysis or that the plugin truly has no user-facing interactive elements. More critically, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity, represent potential avenues for unexpected behavior or even vulnerabilities if data manipulation occurs. The 31% of output functions that are not properly escaped is another significant weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities, especially if any of the unsanitized paths could lead to output. The presence of file operations without further context also warrants caution. The vulnerability history being entirely empty suggests a clean slate, but this should not lead to complacency. The combination of unsanitized paths and unescaped output is the most prominent risk in this analysis.

Key Concerns

  • Unsanitized paths in taint analysis
  • High percentage of unescaped output
  • Presence of file operations without context
Vulnerabilities
None known

FlagShip WooCommerce Extension Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

FlagShip WooCommerce Extension Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
40
90 escaped
Nonce Checks
0
Capability Checks
1
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

69% escaped130 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
flagship_warning_in_notice (includes\Helpers\Notification_Helper.php:6)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

FlagShip WooCommerce Extension Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
filterwoocommerce_shipping_methodsincludes\FlagshipWoocommerceBedrockShipping.php:88
actionadd_meta_boxesincludes\FlagshipWoocommerceBedrockShipping.php:90
actionwoocommerce_process_shop_order_metaincludes\FlagshipWoocommerceBedrockShipping.php:91
actionadmin_noticesincludes\FlagshipWoocommerceBedrockShipping.php:92
actionadmin_menuincludes\FlagshipWoocommerceBedrockShipping.php:93
filterwoocommerce_general_settingsincludes\FlagshipWoocommerceBedrockShipping.php:94
actionwoocommerce_email_order_detailsincludes\FlagshipWoocommerceBedrockShipping.php:95
filterwoocommerce_product_data_tabsincludes\FlagshipWoocommerceBedrockShipping.php:98
actionwoocommerce_product_data_panelsincludes\FlagshipWoocommerceBedrockShipping.php:99
actionwoocommerce_process_product_metaincludes\FlagshipWoocommerceBedrockShipping.php:100
actionwoocommerce_product_options_dimensionsincludes\FlagshipWoocommerceBedrockShipping.php:101
actionwoocommerce_process_product_metaincludes\FlagshipWoocommerceBedrockShipping.php:102
actionrest_api_initincludes\FlagshipWoocommerceBedrockShipping.php:103
actionadmin_enqueue_scriptsincludes\FlagshipWoocommerceBedrockShipping.php:104
actionwoocommerce_thankyou_order_received_textincludes\FlagshipWoocommerceBedrockShipping.php:105
actionadmin_noticesincludes\FlagshipWoocommerceBedrockShipping.php:110
filterredirect_post_locationincludes\Order_Action_Processor.php:197
filterredirect_post_locationincludes\Order_Action_Processor.php:214
filterredirect_post_locationincludes\Order_Action_Processor.php:339
filterredirect_post_locationincludes\Order_Action_Processor.php:375
filterredirect_post_locationincludes\Order_Action_Processor.php:389
filterredirect_post_locationincludes\Order_Action_Processor.php:437
filterredirect_post_locationincludes\Order_Action_Processor.php:536
actionadmin_noticesincludes\WC_Flagship_Shipping_Method.php:109
actionadmin_noticesincludes\WC_Flagship_Shipping_Method.php:117
Maintenance & Trust

FlagShip WooCommerce Extension Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJan 27, 2023
PHP min version7.1
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

FlagShip WooCommerce Extension Alternatives

The Courier Guy Shipping for WooCommerce

The Courier Guy Shipping for WooCommerce

the-courier-guy

A
100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs
FlagShip WooCommerce Shipping

FlagShip WooCommerce Shipping

flagship-woocommerce-shipping

A
100

FlagShip WooCommerce Shipping is an e-shipping courier solution that helps you shipping anything from Canada. Beautifully.

400 No CVEs
WCFM and WC Marketplace – The Courier Guy Shipping for WooCommerce

WCFM and WC Marketplace – The Courier Guy Shipping for WooCommerce

wp-multi-vendor-marketplace-the-courier-guy-shipping-for-woocommerce

A
85

This is the official WCFM and WC Marketplace extension to ship products using The Courier Guy.

10 No CVEs
Spocket ‑ US & EU Dropshipping

Spocket ‑ US & EU Dropshipping

spocket

A
85

Find fast shipping products from reliable suppliers, import them to your WooCommerce store and manage your orders automatically: all for free.

1K No CVEs
Inkedjoy-POD Dropshipping

Inkedjoy-POD Dropshipping

eprolo-pod-dropshipping

A
100

Impressive Products & Price - Print On Demand Dropshipping.

200 No CVEs
Developer Profile

FlagShip WooCommerce Extension Developer Profile

flagshipit

2 plugins · 410 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FlagShip WooCommerce Extension

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flagship-shipping-extension-for-woocommerce/assets/css/style.css/wp-content/plugins/flagship-shipping-extension-for-woocommerce/assets/js/app.js
Script Paths
/wp-content/plugins/flagship-shipping-extension-for-woocommerce/assets/js/app.js
Version Parameters
flagship-shipping-extension-for-woocommerce/assets/css/style.css?ver=flagship-shipping-extension-for-woocommerce/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
flagship_package_boxespacking_boxes_tableflagship_boxes
Data Attributes
ref="getBoxesUrl"ref="saveBoxesUrl"ref="box_list"
JS Globals
window.flagship_boxes
FAQ

Frequently Asked Questions about FlagShip WooCommerce Extension