WP-Safety

Shipping Live Rates for FedEx for WooCommerce Security & Risk Analysis

wordpress.org/plugins/flexible-shipping-fedex

Offer FedEx shipping for WooCommerce with real-time rates via FedEx API. Show live rates at checkout based on weight and addresses.

2K active installs v4.2.1 PHP 7.4+ WP 6.4+ Updated Feb 24, 2026
fedexfedex-live-ratesfedex-ratesfedex-shippingfedex-woocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shipping Live Rates for FedEx for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Shipping Live Rates for FedEx for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "flexible-shipping-fedex" v4.2.1 plugin exhibits a generally strong security posture with a very limited attack surface and no recorded vulnerabilities. The static analysis reveals good practices like the presence of nonce and capability checks for its single AJAX handler, and the absence of critical or high-severity taint flows. This indicates a developer who is mindful of basic WordPress security principles.

However, several code signals raise moderate concerns. The significant number of file operations (25) and the presence of dangerous functions like `unserialize`, `proc_open`, and `shell_exec` are potential areas of risk if not handled with extreme care. Furthermore, only 27% of output is properly escaped, and zero SQL queries use prepared statements, which could lead to Cross-Site Scripting (XSS) or SQL injection vulnerabilities respectively, especially if combined with user-controlled input that is not adequately sanitized. The bundled Guzzle library also presents a potential risk if it is outdated.

Despite the lack of historical vulnerabilities, the presence of these risky code patterns means the plugin is not without potential threats. The absence of past issues could be due to good luck, limited exposure, or simply that these code signals haven't yet been exploited. The developer should prioritize addressing the unescaped output and the use of prepared statements to solidify the plugin's security.

Key Concerns

  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Presence of dangerous functions (unserialize, proc_open, shell_exec)
  • Bundled library (Guzzle) - potential for outdated version
Vulnerabilities
None known

Shipping Live Rates for FedEx for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Shipping Live Rates for FedEx for WooCommerce Code Analysis

Dangerous Functions
7
Raw SQL Queries
2
0 prepared
Unescaped Output
218
80 escaped
Nonce Checks
13
Capability Checks
7
File Operations
25
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserializereturn get_class(unserialize($job));vendor_prefixed\illuminate\support\Testing\Fakes\BusFake.php:284
unserializereturn get_class(unserialize($job));vendor_prefixed\illuminate\support\Testing\Fakes\QueueFake.php:124
proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
shell_exec$branches = shell_exec('git branch -v --no-abbrev');vendor_prefixed\monolog\monolog\src\Monolog\Processor\GitProcessor.php:60
shell_exec$result = explode(' ', trim((string) shell_exec('hg id -nb')));vendor_prefixed\monolog\monolog\src\Monolog\Processor\MercurialProcessor.php:59
unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

27% escaped298 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Shipping Live Rates for FedEx for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 72
filterflexible-shipping/integration/allowed-shipping-methods-global-settingssrc\Plugin\Plugin.php:114
actioninitsrc\Plugin\Plugin.php:134
actioninitsrc\Plugin\Plugin.php:142
actioninitsrc\Plugin\Plugin.php:200
filterwoocommerce_shipping_methodssrc\Plugin\Plugin.php:287
filterplugin_row_metasrc\Plugin\PluginLinks.php:16
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54
actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41
actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55
filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82
actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83
actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70
actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71
filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31
filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38
actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37
filteroctolize/shipping-extensions/header-promovendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:15
filteroctolize/shipping-extensions/should-add-badgevendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:16
actionoctolize/shipping-extensions/view-trackingvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:17
actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40
actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29
actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29
actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
filterwoocommerce_shipping_zone_shipping_methodsvendor_prefixed\wpdesk\wp-fedex-shipping-method\src\WooCommerceShipping\ShippingZoneMethods.php:15
actionadmin_noticesvendor_prefixed\wpdesk\wp-fedex-shipping-method\src\WooCommerceShipping\SoapApiDeprecationNotice.php:19
filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-fedex-tracker\src\WooCommerceShipping\Fedex\Tracker.php:25
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44
actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23
filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26
filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61
actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89
actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90
actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56
filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57
actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58
filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70
filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71
filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72
actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44
actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\PopupPetition\PopupPetitionDisplayer.php:34
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83
actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39
filteradmin_footer_textvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:62
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75
actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Shipping Live Rates for FedEx for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads183K

Community Trust

Rating86/100
Number of ratings24
Active installs2K
Alternatives

Shipping Live Rates for FedEx for WooCommerce Alternatives

Automated FedEx live/manual rates with shipping labels – HPOS supported

Automated FedEx live/manual rates with shipping labels – HPOS supported

a2z-fedex-shipping

A
100

Integrate the FedEx for Domestic and international Shipping. Shipping rates, label, tracking.

200 No CVEs
BLAZING Shipment Tracking

BLAZING Shipment Tracking

blazing-woocommerce-shipment-tracking

A
85

This plugin adds courier and tracking number to the woocommerce order, and a dedicated email to send shipment tracking info to the customer.

300 No CVEs
ReachShip WooCommerce Multi-Carrier & Conditional Shipping

ReachShip WooCommerce Multi-Carrier & Conditional Shipping

elex-reachship-multi-carrier-conditional-shipping

A
98

Multi-carrier WooCommerce shipping plugin to get rates, print labels, pickups & track DHL, FedEx, UPS, USPS, Australia Post via ReachShip API.

300 1 CVE
Live Rates for ShipStation

Live Rates for ShipStation

live-rates-for-shipstation

A
100

Pulls live shipping rates from your favorite carriers connected to 3rd party provider ShipStation.

200 No CVEs
ELEX ShipEngine UPS & FedEx Shipping Method

ELEX ShipEngine UPS & FedEx Shipping Method

elex-shipengine-shipping-method

A
100

WooCommerce UPS & FedEx Shipping Method Plugin uses ShipEngine API to Display Live Shipping Rates from UPS & FedEx based on Shipping Address & …

70 No CVEs
Developer Profile

Shipping Live Rates for FedEx for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Live Rates for FedEx for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js
Script Paths
/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/wpdesk/wp-plugin-flow-common/src/plugin-init-php52-free.php/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/guzzlehttp/guzzle/src/functions_include.php/wp-content/plugins/flexible-shipping-fedex/vendor_prefixed/illuminate/collections/helpers.php
Version Parameters
octolize-onboarding-2

HTML / DOM Fingerprints

CSS Classes
octolize-onboarding-popup
HTML Comments
<!-- BEGIN: html-onboarding-container.php -->
Data Attributes
data-octolize-onboarding-open-autodata-octolize-onboarding-logo-imgdata-octolize-onboarding-pagedata-octolize-onboarding-ajax-urldata-octolize-onboarding-ajax-noncedata-octolize-onboarding-ajax-action-event+5 more
JS Globals
window.OctolizeOnboardingSettings
FAQ

Frequently Asked Questions about Shipping Live Rates for FedEx for WooCommerce