Does Shipping Live Rates and Access Points for UPS for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Shipping Live Rates and Access Points for UPS for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shipping Live Rates and Access Points for UPS for WooCommerce compatible with WordPress 7.0?

According to WordPress.org data, Shipping Live Rates and Access Points for UPS for WooCommerce 3.6.3 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Shipping Live Rates and Access Points for UPS for WooCommerce Security & Risk Analysis

wordpress.org/plugins/flexible-shipping-ups

Provide auto-calculated UPS rates and Access Point options. Easy 5-minute setup. Show real prices and nearest pickup points at WooCommerce checkout.

7K active installs v3.6.3 PHP 7.4+ WP 6.4+ Updated Mar 12, 2026

upsups-live-ratesups-ratesups-shippingups-woocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEOct 24, 2024

Plugin page Download

Safety Verdict

Is Shipping Live Rates and Access Points for UPS for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Shipping Live Rates and Access Points for UPS for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 24, 2024Updated 22d ago

Risk Assessment

The flexible-shipping-ups plugin version 3.6.3 exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one AJAX handler and no unprotected entry points. The plugin also demonstrates good practices by overwhelmingly using prepared statements for SQL queries and implementing a reasonable number of nonce and capability checks. However, the presence of several dangerous functions, including `proc_open`, `shell_exec`, and `unserialize`, raises concerns about potential code execution vulnerabilities if these are not handled with extreme care. The low percentage of properly escaped output (26%) is a significant weakness, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered without proper sanitization.

The vulnerability history shows two past medium-severity CVEs, both related to Missing Authorization and Cross-Site Request Forgery (CSRF). While there are no currently unpatched vulnerabilities, the pattern of past issues suggests that authorization checks and input validation, particularly concerning user-supplied data, have been areas of weakness. The taint analysis shows no high or critical severity flows, which is a positive indicator, but this should be considered in conjunction with the other code signals. The bundling of Guzzle, while not inherently problematic, could introduce risks if the library itself is outdated and vulnerable.

In conclusion, while the plugin has a controlled attack surface and uses prepared statements effectively, the identified dangerous functions, a low rate of proper output escaping, and a history of authorization and CSRF issues warrant caution. The primary risks lie in potential code execution and XSS vulnerabilities due to improper output handling. It is crucial to ensure that all instances of dangerous functions are secured and that output escaping is thoroughly audited and improved.

Key Concerns

Low rate of properly escaped output
Presence of dangerous functions (proc_open, shell_exec, unserialize)
Past medium severity CVEs related to authorization and CSRF
Bundled library (Guzzle) - potential for outdatedness

Vulnerabilities

Shipping Live Rates and Access Points for UPS for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-9109medium · 4.3Missing Authorization

UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset

Oct 24, 2024 Patched in 3.0.0 (5d)

CVE-2024-31944medium · 4.3Cross-Site Request Forgery (CSRF)

WooCommerce UPS Shipping – Live Rates and Access Points <= 2.2.4 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 2.2.5 (6d)

Code Analysis

Analyzed Mar 16, 2026

Shipping Live Rates and Access Points for UPS for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

252

87 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104

shell_exec$branches = shell_exec('git branch -v --no-abbrev');vendor_prefixed\monolog\monolog\src\Monolog\Processor\GitProcessor.php:60

shell_exec$result = explode(' ', trim((string) shell_exec('hg id -nb')));vendor_prefixed\monolog\monolog\src\Monolog\Processor\MercurialProcessor.php:59

unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15

unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

Bundled Libraries

Guzzle

SQL Query Safety

89% prepared19 total queries

Output Escaping

26% escaped339 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Shipping Live Rates and Access Points for UPS for WooCommerce Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42

WordPress Hooks 101

actionbefore_woocommerce_initflexible-shipping-ups.php:67

actionadmin_initsrc\Plugin\ActivationDate.php:25

actionflexible_shipping_ups_settings_sidebarsrc\Plugin\AdvertMetabox\ProPluginMetaBox.php:27

actionadmin_enqueue_scriptssrc\Plugin\Assets.php:38

actionadmin_noticessrc\Plugin\OldProVersionMessage.php:22

actionwoocommerce_order_status_changedsrc\Plugin\OrderCounter.php:25

actioninitsrc\Plugin\Plugin.php:179

actionadmin_initsrc\Plugin\Plugin.php:202

actioninitsrc\Plugin\Plugin.php:210

actioninitsrc\Plugin\Plugin.php:232

actionadmin_initsrc\Plugin\Plugin.php:238

actioninitsrc\Plugin\Plugin.php:316

filterwoocommerce_shipping_methodssrc\Plugin\Plugin.php:363

actionwoocommerce_initsrc\Plugin\Plugin.php:364

actionwoocommerce_initsrc\Plugin\Plugin.php:365

actionwoocommerce_initsrc\Plugin\Plugin.php:366

filterplugin_row_metasrc\Plugin\PluginLinks.php:16

actionadmin_noticessrc\Plugin\RateNotice.php:24

actionwpdesk_notice_dismissed_noticesrc\Plugin\RateNotice.php:25

actionwoocommerce_blocks_checkout_block_registrationvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\Registrator.php:25

actionwoocommerce_blocks_cart_block_registrationvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\Registrator.php:28

actionwoocommerce_blocks_loadedvendor_prefixed\octolize\octolize-checkout-block-integration\src\Blocks\StoreEndpoint.php:24

actionwoocommerce_blocks_checkout_block_registrationvendor_prefixed\octolize\octolize-pickup-point-checkout-blocks\src\Blocks\PickupPoint\MapPickupPoint\MapRegistrator.php:12

filterwoocommerce_shipping_method_add_ratevendor_prefixed\octolize\octolize-pickup-point-checkout-blocks\src\Blocks\PickupPoint\MapPickupPoint\ShippingRateMetaData.php:10

actionwoocommerce_blocks_checkout_block_registrationvendor_prefixed\octolize\octolize-pickup-point-checkout-blocks\src\Blocks\PickupPoint\Registrator.php:32

actionwoocommerce_store_api_checkout_update_order_from_requestvendor_prefixed\octolize\octolize-pickup-point-checkout-blocks\src\Blocks\PickupPoint\StoreEndpoint.php:21

actionwoocommerce_blocks_loadedvendor_prefixed\octolize\octolize-pickup-point-checkout-blocks\src\Blocks\PickupPoint\StoreEndpoint.php:22

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-docs-chat\src\Chat\Assets.php:20

actionadmin_footervendor_prefixed\octolize\wp-octolize-docs-chat\src\Chat\ChatContainer.php:18

actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41

actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55

filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82

actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83

actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70

actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71

filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31

filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38

actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37

filteroctolize/shipping-extensions/header-promovendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:15

filteroctolize/shipping-extensions/should-add-badgevendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:16

actionoctolize/shipping-extensions/view-trackingvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:17

actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40

actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29

actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29

actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12

actionflexible_shipping_ups_token_createdvendor_prefixed\octolize\wp-ups-oauth\src\OAuth\ActionScheduler\RefreshTokenActionScheduler.php:26

actionflexible_shipping_ups_token_refreshedvendor_prefixed\octolize\wp-ups-oauth\src\OAuth\ActionScheduler\RefreshTokenActionScheduler.php:27

actionwoocommerce_update_optionvendor_prefixed\octolize\wp-ups-oauth\src\OAuth\ClientCredentialsTokenActions.php:18

actionadmin_noticesvendor_prefixed\octolize\wp-ups-oauth\src\OAuth\CreateTokenAction.php:38

actionadmin_noticesvendor_prefixed\octolize\wp-ups-oauth\src\OAuth\Notices.php:31

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148

actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41

actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144

actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145

filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45

filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81

actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88

actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102

filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123

actionwoocommerce_after_order_itemmetavendor_prefixed\wpdesk\wp-ups-shipping-method\src\WooCommerceShipping\Ups\Advertisement\UpsLabels.php:12

actionadmin_noticesvendor_prefixed\wpdesk\wp-ups-shipping-method\src\WooCommerceShipping\Ups\AuthCodeNotice.php:18

filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-ups-shipping-method\src\WooCommerceShipping\Ups\Tracker.php:48

actionadmin_noticesvendor_prefixed\wpdesk\wp-ups-shipping-method\src\WooCommerceShipping\Ups\XmlApiNotice.php:17

actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39

actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44

actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23

filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26

filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60

actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61

actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89

actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90

actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56

filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57

actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58

filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70

filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71

filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72

actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44

actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45

actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\PopupPetition\PopupPetitionDisplayer.php:34

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83

actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39

filteradmin_footer_textvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:62

actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75

actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28

actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35

actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28

filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36

Maintenance & Trust

Shipping Live Rates and Access Points for UPS for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 12, 2026

PHP min version7.4

Downloads681K

Community Trust

Rating94/100

Number of ratings73

Active installs7K

Alternatives

Shipping Live Rates and Access Points for UPS for WooCommerce Alternatives

Automated UPS Shipping for WooCommerce – HPOS supported

a2z-ups-shipping

100

UPS plugin: Real-time rates, label printing, auto tracking emails, previews on product pages, and more. Seamless integration.

100 No CVEs

OPSI Israel Domestic Shipments

woo-ups-pickup

UPS Israel PickUP Access Points (Stores and Lockers) for WooCommerce. Displays Live Shipping Rates based on the Shipping Address and Cart Content.

300 1 unpatched

Shipping Label PDF Generator With UPS For Woocommerce

shipping-label-generator-with-ups

Shipping Label PDF Generator With UPS For Woocommerce is a PDF generator from UPS API.

0 No CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs

Developer Profile

Shipping Live Rates and Access Points for UPS for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

91 days

View full developer profile

Detection Fingerprints

How We Detect Shipping Live Rates and Access Points for UPS for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flexible-shipping-ups/src/Plugin/AdvertMetabox/view/html-pro-features.php

Script Paths

/wp-content/plugins/flexible-shipping-ups/vendor_prefixed/octolize/octolize-checkout-block-integration/build/index.js

/wp-content/plugins/flexible-shipping-ups/vendor_prefixed/octolize/octolize-checkout-block-integration/build/style-index.css

Version Parameters

flexible-shipping-ups/src/Plugin/AdvertMetabox/view/html-pro-features.php?ver=flexible-shipping-ups/vendor_prefixed/octolize/octolize-checkout-block-integration/build/index.js?ver=flexible-shipping-ups/vendor_prefixed/octolize/octolize-checkout-block-integration/build/style-index.css?ver=

HTML / DOM Fingerprints

CSS Classes

ups-upgrade-box

HTML Comments

Data Attributes

data-ups-upgrade-box-element

JS Globals

UpsShippingServicewp

FAQ

Shipping Live Rates and Access Points for UPS for WooCommerce Security & Risk Analysis

Is Shipping Live Rates and Access Points for UPS for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Shipping Live Rates and Access Points for UPS for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Shipping Live Rates and Access Points for UPS for WooCommerce Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Shipping Live Rates and Access Points for UPS for WooCommerce Attack Surface

AJAX Handlers 1

Shipping Live Rates and Access Points for UPS for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Shipping Live Rates and Access Points for UPS for WooCommerce Alternatives

Automated UPS Shipping for WooCommerce – HPOS supported

OPSI Israel Domestic Shipments

Shipping Label PDF Generator With UPS For Woocommerce

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

Shipping Live Rates and Access Points for UPS for WooCommerce Developer Profile

How We Detect Shipping Live Rates and Access Points for UPS for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Shipping Live Rates and Access Points for UPS for WooCommerce