WP-Safety

Shipping Live Rates for DHL Express for WooCommerce Security & Risk Analysis

wordpress.org/plugins/flexible-shipping-dhl-express

Display real-time DHL Express shipping live rates in your WooCommerce store. Connect with DHL Express API for accurate shipping costs.

600 active installs v4.1.5 PHP 7.4+ WP 6.4+ Updated Feb 24, 2026
dhl-expressdhl-express-live-ratesdhl-express-ratesdhl-express-shippingdhl-express-woocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shipping Live Rates for DHL Express for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Shipping Live Rates for DHL Express for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin "flexible-shipping-dhl-express" v4.1.5 presents a mixed security posture. On the positive side, the attack surface is very small and appears to be well-protected with zero unprotected entry points. Furthermore, there are no recorded vulnerabilities (CVEs) in its history, suggesting a generally robust development and patching process for past issues. The taint analysis also shows no critical or high-severity flows with unsanitized paths, which is a strong indicator of secure data handling for the analyzed paths.

However, significant concerns arise from the static code analysis. The plugin utilizes a high number of dangerous functions, including `unserialize`, `shell_exec`, and `passthru`, which are often vectors for severe vulnerabilities if not handled with extreme care. The complete lack of prepared statements for SQL queries is a critical weakness, opening the door to SQL injection vulnerabilities. Additionally, a very low percentage (25%) of output is properly escaped, which indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The bundled Guzzle library, while common, could also pose a risk if it's an outdated version, though this is not specified. The limited number of capability checks (7) compared to the number of dangerous functions also suggests potential privilege escalation issues if the dangerous functions are called in contexts without proper authorization.

In conclusion, while the plugin has a small attack surface and a clean vulnerability history, the static analysis reveals fundamental security flaws in its coding practices. The prevalent use of dangerous functions, unescaped output, and raw SQL queries pose substantial risks that outweigh the benefits of its protected entry points and clean CVE record. Remediation of these coding issues should be a high priority.

Key Concerns

  • Raw SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Use of dangerous functions
  • Bundled library (Guzzle)
Vulnerabilities
None known

Shipping Live Rates for DHL Express for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Shipping Live Rates for DHL Express for WooCommerce Code Analysis

Dangerous Functions
26
Raw SQL Queries
2
0 prepared
Unescaped Output
237
81 escaped
Nonce Checks
12
Capability Checks
7
File Operations
25
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

assertassert($bin !== \false);vendor_prefixed\brick\math\src\BigInteger.php:916
assertassert($denominator !== null);vendor_prefixed\brick\math\src\BigNumber.php:65
assertassert($q !== null);vendor_prefixed\brick\math\src\Internal\Calculator\BcMathCalculator.php:71
assertassert($r !== null);vendor_prefixed\brick\math\src\Internal\Calculator\BcMathCalculator.php:72
assertassert(is_int($q));vendor_prefixed\brick\math\src\Internal\Calculator\NativeCalculator.php:155
assertassert($carry === 0);vendor_prefixed\brick\math\src\Internal\Calculator\NativeCalculator.php:341
assertassert(\true, 'Could not pack n-1 items into box, even though n were previously in it');vendor_prefixed\dvdoug\boxpacker\src\WeightRedistributor.php:118
proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
unserialize$data = unserialize($serialized, ['allowed_classes' => \false]);vendor_prefixed\ramsey\collection\src\AbstractArray.php:153
unserialize$data = unserialize($serialized, ['allowed_classes' => [$this->getType()]]);vendor_prefixed\ramsey\collection\src\AbstractCollection.php:223
unserialize$data = unserialize($serialized, ['allowed_classes' => [BrickMathCalculator::class, GenericNumberConvendor_prefixed\ramsey\uuid\src\Builder\BuilderCollection.php:56
assertassert($instance instanceof UuidV6);vendor_prefixed\ramsey\uuid\src\Lazy\LazyUuidFromString.php:417
assertassert($instance instanceof UuidV6);vendor_prefixed\ramsey\uuid\src\Lazy\LazyUuidFromString.php:423
shell_execreturn trim((string) shell_exec('id -u'));vendor_prefixed\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:88
shell_execreturn trim((string) shell_exec('id -g'));vendor_prefixed\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:106
shell_exec$response = shell_exec('whoami /user /fo csv /nh');vendor_prefixed\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:142
shell_exec$response = shell_exec('net user %username% | findstr /b /i "Local Group Memberships"');vendor_prefixed\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:165
shell_exec$response = shell_exec('wmic group get name,sid | findstr /b /i ' . escapeshellarg($firstGroup));vendor_prefixed\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:175
unserialize$data = unserialize($serialized, ['allowed_classes' => [Hexadecimal::class, RandomNodeProvider::clasvendor_prefixed\ramsey\uuid\src\Provider\Node\NodeProviderCollection.php:41
passthrupassthru('ipconfig /all 2>&1');vendor_prefixed\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:90
passthrupassthru('ifconfig 2>&1');vendor_prefixed\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:93
passthrupassthru('netstat -i -f link 2>&1');vendor_prefixed\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:96
passthrupassthru('netstat -ie 2>&1');vendor_prefixed\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:100
assertassert($uuid !== '');vendor_prefixed\ramsey\uuid\src\Uuid.php:403
unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

25% escaped318 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Shipping Live Rates for DHL Express for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 66
actionadmin_footersrc\Plugin\Beacon.php:59
actioninitsrc\Plugin\Plugin.php:116
filterflexible-shipping/integration/allowed-shipping-methods-global-settingssrc\Plugin\Plugin.php:212
filterwoocommerce_shipping_methodssrc\Plugin\Plugin.php:223
actionflexible_shipping_dhl_express_settings_sidebarsrc\Plugin\SettingsSidebar.php:21
actioninitsrc\Plugin\UpgradeOnboarding.php:40
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54
actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41
actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55
filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82
actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83
actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70
actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71
filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31
filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38
actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37
actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40
actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29
actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29
actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-dhl-express-shipping-method\src\WooCommerceShipping\DhlExpress\Assets.php:45
filterwoocommerce_shipping_zone_shipping_methodsvendor_prefixed\wpdesk\wp-dhl-express-shipping-method\src\WooCommerceShipping\DhlExpress\ShippingZoneMethods.php:16
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44
actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23
filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26
filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61
actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89
actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90
actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56
filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57
actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58
filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70
filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71
filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72
actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44
actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83
actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75
actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Shipping Live Rates for DHL Express for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads64K

Community Trust

Rating84/100
Number of ratings5
Active installs600
Alternatives

Shipping Live Rates for DHL Express for WooCommerce Alternatives

ReachShip WooCommerce Multi-Carrier & Conditional Shipping

ReachShip WooCommerce Multi-Carrier & Conditional Shipping

elex-reachship-multi-carrier-conditional-shipping

A
98

Multi-carrier WooCommerce shipping plugin to get rates, print labels, pickups & track DHL, FedEx, UPS, USPS, Australia Post via ReachShip API.

300 1 CVE
ELEX WooCommerce DHL Express Shipping Method

ELEX WooCommerce DHL Express Shipping Method

elex-woo-dhl-express-shipping

A
100

Display DHL Express Live Shipping Rates on Cart & Checkout Page based on the Shipping Destination and Cart Content using DHL APIs.

200 No CVEs
Shipi – DHL Express Integration for Woocommerce

Shipi – DHL Express Integration for Woocommerce

a2z-dhl-express-shipping

A
100

Seamless DHL Express WooCommerce integration - live rates, automated/manual labels, return labels, pickups, invoices, and tracking.

100 No CVEs
Developer Profile

Shipping Live Rates for DHL Express for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Live Rates for DHL Express for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css/wp-content/plugins/flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js
Version Parameters
flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css?ver=flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css?ver=flexible-shipping-dhl-express/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js?ver=

HTML / DOM Fingerprints

CSS Classes
octolize-onboarding-app
HTML Comments
<!-- begin html-onboarding-container.php --><!-- end html-onboarding-container.php -->
Data Attributes
data-octolize-onboarding-app
JS Globals
window.OctolizeOnboardingApp
FAQ

Frequently Asked Questions about Shipping Live Rates for DHL Express for WooCommerce