Does Shipping Live Rates for USPS for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Shipping Live Rates for USPS for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Shipping Live Rates for USPS for WooCommerce 3.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Shipping Live Rates for USPS for WooCommerce compatible with PHP 7.4+?

Shipping Live Rates for USPS for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shipping Live Rates for USPS for WooCommerce updated?

Shipping Live Rates for USPS for WooCommerce was last updated on Mar 31, 2026. Frequent updates are generally a positive security signal.

What is Shipping Live Rates for USPS for WooCommerce's security score?

Shipping Live Rates for USPS for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shipping Live Rates for USPS for WooCommerce Security & Risk Analysis

wordpress.org/plugins/flexible-shipping-usps

Offer USPS shipping methods with real-time rates. Show dynamic prices at WooCommerce cart and checkout based on weight and destination.

2K active installs v3.3.1 PHP 7.4+ WP 6.4+ Updated Mar 31, 2026

uspsusps-live-ratesusps-ratesusps-shippingusps-woocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEApr 22, 2024

Plugin page Download

Safety Verdict

Is Shipping Live Rates for USPS for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Shipping Live Rates for USPS for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Apr 22, 2024Updated 1mo ago

Risk Assessment

The flexible-shipping-usps plugin v3.2.6 presents a mixed security posture. While the attack surface appears minimal with only one AJAX handler and no REST API routes, shortcodes, or cron events, the presence of dangerous functions like `assert`, `proc_open`, and `unserialize` is a significant concern, indicating potential for serious vulnerabilities if not handled with extreme care.

The code analysis reveals that 100% of its SQL queries are not using prepared statements, a critical flaw that opens the door to SQL injection attacks. Furthermore, a concerningly low 23% of output escaping suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. Although taint analysis did not reveal any immediate critical or high severity flows, the other identified code weaknesses could easily be exploited.

The plugin's vulnerability history, with two previously disclosed medium-severity CVEs (Insertion of Sensitive Information into Log File and CSRF), and a recent one in April 2024, indicates a pattern of past security oversights. The fact that these are currently unpatched is a red flag, even if they are not classified as critical or high. While the lack of unpatched critical vulnerabilities and the relatively small attack surface are positive points, the prevalence of insecure coding practices, particularly raw SQL queries and insufficient output escaping, coupled with a history of vulnerabilities, points to a moderate to high overall risk.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
Presence of dangerous functions
History of medium severity CVEs

Vulnerabilities

2 published

Shipping Live Rates for USPS for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-32811medium · 5.3Insertion of Sensitive Information into Log File

USPS Shipping for WooCommerce – Live Rates <= 1.9.4 - Sensitive Information Exposure

Apr 22, 2024 Patched in 1.10.0 (9d)

CVE-2024-31943medium · 5.4Cross-Site Request Forgery (CSRF)

USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery

Apr 10, 2024 Patched in 1.9.3 (7d)

Version History

Shipping Live Rates for USPS for WooCommerce Release Timeline

v3.3.1Current

v3.3.0

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.7

v3.0.6

v3.0.4

v3.0.2

v3.0.1

v3.0.0

v2.0.1

v2.0.0

v1.11.0

Code Analysis

Analyzed Mar 16, 2026

Shipping Live Rates for USPS for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

244

73 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert(\true, 'Could not pack n-1 items into box, even though n were previously in it');vendor_prefixed\dvdoug\boxpacker\src\WeightRedistributor.php:118

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104

unserialize$response = $cacheItemVerifier->getVerifiedItemOrNull(unserialize($responseSerialized));vendor_prefixed\wpdesk\wp-cache\src\CacheDispatcher.php:67

unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15

unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

SQL Query Safety

0% prepared3 total queries

Output Escaping

23% escaped317 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Shipping Live Rates for USPS for WooCommerce Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42

WordPress Hooks 68

actionadmin_initsrc\AdvertMetabox\ProPluginMetaBox.php:30

actioninitsrc\Plugin.php:150

actioninitsrc\Plugin.php:152

actioninitsrc\Plugin.php:191

actioninitsrc\Plugin.php:192

filterwoocommerce_shipping_methodssrc\Plugin.php:287

filterplugin_row_metasrc\PluginLinks.php:16

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54

actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41

actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55

filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82

actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83

actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70

actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71

filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31

filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38

actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31

actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37

actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40

actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29

actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29

actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148

actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41

actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144

actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145

filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45

filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81

actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88

actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102

filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123

actionadmin_noticesvendor_prefixed\wpdesk\wp-usps-shipping-method\src\WooCommerceShipping\Usps\ShippingMethodsChecker.php:13

filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-usps-shipping-method\src\WooCommerceShipping\Usps\Tracker.php:28

actionadmin_noticesvendor_prefixed\wpdesk\wp-usps-shipping-method\src\WooCommerceShipping\Usps\WebApiNotice.php:17

actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39

actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44

actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23

filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26

filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60

actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61

actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89

actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90

actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56

filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57

actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58

filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70

filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71

filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72

actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44

actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45

actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83

actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39

actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75

actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28

actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35

actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28

filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36

Maintenance & Trust

Shipping Live Rates for USPS for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 31, 2026

PHP min version7.4

Downloads89K

Community Trust

Rating92/100

Number of ratings26

Active installs2K

Alternatives

Shipping Live Rates for USPS for WooCommerce Alternatives

USPS Shipping for WooCommerce – Live Rates

advanced-usps-shipping-method

100

Advanced USPS Shipping Allows you to display the USPS live rates.

30 No CVEs

USPS Simple Shipping for Woocommerce

woo-usps-simple-shipping

100

USPS Simple provides real-time USPS domestic rates.

8K No CVEs

ELEX WooCommerce USPS Shipping Method

elex-usps-shipping-method

100

The plugin will help you to Automate USPS shipping by displaying LIVE shipping rates on the Cart and Checkout page.

800 No CVEs

WooCommerce Shipping

woocommerce-shipping

100

A free shipping plugin for US merchants to print discounted shipping labels and compare live label rates directly from your WooCommerce dashboard.

60K No CVEs

XPS Ship Integration

xps-ship-integration

100

The XPS Ship Integration, a free integration for WooCommerce merchants, is the only integration that gives you all the necessary functionality for shi …

1K No CVEs

Developer Profile

Shipping Live Rates for USPS for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

91 days

View full developer profile

Detection Fingerprints

How We Detect Shipping Live Rates for USPS for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flexible-shipping-usps/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css/wp-content/plugins/flexible-shipping-usps/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/flexible-shipping-usps/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js

Script Paths

/wp-content/plugins/flexible-shipping-usps/vendor_prefixed/wpdesk/wp-plugin-flow-common/src/plugin-init-php52-free.php

Version Parameters

flexible-shipping-usps/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css?ver=flexible-shipping-usps/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css?ver=flexible-shipping-usps/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js?ver=

HTML / DOM Fingerprints

CSS Classes

octolize-onboarding-container

HTML Comments

Data Attributes

data-autostartdata-logo-imgdata-pagedata-ajax-urldata-ajax-noncedata-ajax-action-event+5 more

JS Globals

OctolizeOnboarding

FAQ