Does FOXPOST – Packeta Group have any unpatched vulnerabilities?

No. All known vulnerabilities in FOXPOST – Packeta Group have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FOXPOST – Packeta Group compatible with WordPress 6.9.4?

According to WordPress.org data, FOXPOST – Packeta Group 1.0.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is FOXPOST – Packeta Group compatible with PHP 7.4+?

FOXPOST – Packeta Group requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FOXPOST – Packeta Group updated?

FOXPOST – Packeta Group was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is FOXPOST – Packeta Group's security score?

FOXPOST – Packeta Group has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FOXPOST – Packeta Group Security & Risk Analysis

wordpress.org/plugins/foxpost-packeta-group

This plugin provides Foxpost shipping functions and order export to FoxPost for WooCommerce.

200 active installs v1.0.20 PHP 7.4+ WP 5.9+ Updated Mar 3, 2026

deliveryfoxpostpacketashippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FOXPOST – Packeta Group Safe to Use in 2026?

Generally Safe

Score 100/100

FOXPOST – Packeta Group has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "foxpost-packeta-group" v1.0.20 plugin exhibits significant security concerns primarily due to a large attack surface with unprotected entry points. While the plugin demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively, and performing a high percentage of output escaping, these strengths are overshadowed by the lack of authentication checks on several critical components. Specifically, all six AJAX handlers and one REST API route lack proper permission callbacks. This means any unauthenticated user could potentially interact with these endpoints, leading to unauthorized actions or information disclosure if vulnerabilities exist within these functions.

The static analysis shows no dangerous functions being used, no unsanitized paths in taint analysis, and no known historical vulnerabilities. This suggests the core logic might be relatively clean and the developers have not introduced critical flaws in the past. However, the absence of vulnerabilities in its history could also indicate a lack of extensive security auditing or a limited historical usage that has not attracted attacker attention. The presence of file operations and external HTTP requests, while not inherently insecure, are areas that require careful scrutiny when coupled with unprotected entry points.

In conclusion, the plugin has strengths in its secure database interactions and output handling. However, the critical weakness lies in the unprotected AJAX and REST API endpoints, creating a substantial attack surface. The lack of known vulnerabilities is a positive sign but does not mitigate the immediate risk posed by the exposed functionality. A thorough security review of the code within these unprotected endpoints is highly recommended.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
File operations present
External HTTP requests present

Vulnerabilities

None known

FOXPOST – Packeta Group Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

FOXPOST – Packeta Group Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

157 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped171 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-foxpost-wc-shipping-admin> (admin\class-foxpost-wc-shipping-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

FOXPOST – Packeta Group Attack Surface

Entry Points7

Unprotected7

AJAX Handlers 6

authwp_ajax_foxpost_wc_shipping_get_parcel_labelincludes\class-foxpost-wc-shipping.php:201

authwp_ajax_foxpost_wc_shipping_get_parcel_statusincludes\class-foxpost-wc-shipping.php:202

authwp_ajax_foxpost_wc_shipping_get_parcel_addressesincludes\class-foxpost-wc-shipping.php:204

authwp_ajax_foxpost_wc_shipping_sync_parcel_statusincludes\class-foxpost-wc-shipping.php:207

authwp_ajax_foxpost_wc_shipping_selectincludes\class-foxpost-wc-shipping.php:278

noprivwp_ajax_foxpost_wc_shipping_selectincludes\class-foxpost-wc-shipping.php:279

REST API Routes 1

GET/wp-json/foxpost-wc-shipping/v1/selected-aptpublic\class-foxpost-wc-shipping-public.php:465

WordPress Hooks 49

actionadmin_noticesadmin\class-foxpost-wc-shipping-admin-notice.php:66

actioninitadmin\class-foxpost-wc-shipping-admin.php:69

actionbefore_woocommerce_initfoxpost-packeta-group.php:53

actionwoocommerce_loadedfoxpost-packeta-group.php:154

actionadmin_initincludes\class-foxpost-wc-shipping-dependencies.php:31

actionadmin_noticesincludes\class-foxpost-wc-shipping-dependencies.php:32

filterwoocommerce_logger_days_to_retain_logsincludes\class-foxpost-wc-shipping-logger.php:16

actionfoxpost_wc_shipping_parcel_updateincludes\class-foxpost-wc-shipping-scheduler.php:66

actionplugins_loadedincludes\class-foxpost-wc-shipping.php:161

actionadmin_enqueue_scriptsincludes\class-foxpost-wc-shipping.php:175

actionadmin_enqueue_scriptsincludes\class-foxpost-wc-shipping.php:176

filterwoocommerce_settings_tabs_arrayincludes\class-foxpost-wc-shipping.php:180

actionwoocommerce_settings_foxpost_wc_shippingincludes\class-foxpost-wc-shipping.php:181

actionwoocommerce_settings_save_foxpost_wc_shippingincludes\class-foxpost-wc-shipping.php:182

actionwoocommerce_admin_field_codfeeincludes\class-foxpost-wc-shipping.php:186

actionwoocommerce_admin_field_testbuttonincludes\class-foxpost-wc-shipping.php:187

actionwoocommerce_admin_field_buttonincludes\class-foxpost-wc-shipping.php:188

actionwoocommerce_admin_field_status-selectorincludes\class-foxpost-wc-shipping.php:189

filterwoocommerce_shipping_methodsincludes\class-foxpost-wc-shipping.php:192

actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-foxpost-wc-shipping.php:198

actionwoocommerce_email_after_order_tableincludes\class-foxpost-wc-shipping.php:211

filterbulk_actions-edit-shop_orderincludes\class-foxpost-wc-shipping.php:214

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-foxpost-wc-shipping.php:216

filterhandle_bulk_actions-edit-shop_orderincludes\class-foxpost-wc-shipping.php:218

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-foxpost-wc-shipping.php:220

actionadmin_noticesincludes\class-foxpost-wc-shipping.php:222

filtermanage_edit-shop_order_columnsincludes\class-foxpost-wc-shipping.php:225

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-foxpost-wc-shipping.php:227

actionmanage_shop_order_posts_custom_columnincludes\class-foxpost-wc-shipping.php:228

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-foxpost-wc-shipping.php:230

filterplugin_action_linksincludes\class-foxpost-wc-shipping.php:233

actionwp_enqueue_scriptsincludes\class-foxpost-wc-shipping.php:254

actionwp_enqueue_scriptsincludes\class-foxpost-wc-shipping.php:255

actionwoocommerce_checkout_update_order_reviewincludes\class-foxpost-wc-shipping.php:259

actionwoocommerce_shipping_method_chosenincludes\class-foxpost-wc-shipping.php:260

actionwoocommerce_shipping_initincludes\class-foxpost-wc-shipping.php:261

actionwoocommerce_cart_totals_after_shippingincludes\class-foxpost-wc-shipping.php:265

actionwoocommerce_before_shipping_calculatorincludes\class-foxpost-wc-shipping.php:266

actionwoocommerce_after_shipping_calculatorincludes\class-foxpost-wc-shipping.php:267

actionwoocommerce_review_order_after_shippingincludes\class-foxpost-wc-shipping.php:270

actionwoocommerce_checkout_update_order_metaincludes\class-foxpost-wc-shipping.php:274

actionwoocommerce_store_api_checkout_update_order_metaincludes\class-foxpost-wc-shipping.php:275

actionwoocommerce_cart_calculate_feesincludes\class-foxpost-wc-shipping.php:280

actionwoocommerce_review_order_before_paymentincludes\class-foxpost-wc-shipping.php:283

actionwoocommerce_after_checkout_validationincludes\class-foxpost-wc-shipping.php:285

actionrest_api_initincludes\class-foxpost-wc-shipping.php:286

filterwoocommerce_shipping_packagesincludes\class-foxpost-wc-shipping.php:287

filterwoocommerce_store_api_checkout_update_order_from_requestincludes\class-foxpost-wc-shipping.php:288

actionbefore_woocommerce_initincludes\class-foxpost-wc-shipping.php:294

Maintenance & Trust

FOXPOST – Packeta Group Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads272

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

FOXPOST – Packeta Group Alternatives

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

MyParcel

woocommerce-myparcel

Export your WooCommerce orders to MyParcel (www.myparcel.nl) and print labels directly from the WooCommerce admin

9K 1 CVE

YITH WooCommerce Order & Shipment Tracking

yith-woocommerce-order-tracking

Add an easy tool to manage order shipping information of your shop and to notified your customers about the shipping.

7K 1 CVE

Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio

woo-shipping-gateway

100

Frete inteligente, simples e acessível para negócios que querem crescer

5K No CVEs

Developer Profile

FOXPOST – Packeta Group Developer Profile

foxpost

1 plugin · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FOXPOST – Packeta Group

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/foxpost-packeta-group/admin/css/foxpost-wc-shipping-admin.css/wp-content/plugins/foxpost-packeta-group/admin/js/foxpost-wc-shipping-admin.js/wp-content/plugins/foxpost-packeta-group/public/css/foxpost-wc-shipping-public.css/wp-content/plugins/foxpost-packeta-group/public/js/foxpost-wc-shipping-public.js

Version Parameters

foxpost-wc-shipping-admin-css?ver=foxpost-wc-shipping-admin-js?ver=foxpost-wc-shipping-public-css?ver=foxpost-wc-shipping-public-js?ver=

HTML / DOM Fingerprints

CSS Classes

foxpost-checkout-container

Data Attributes

data-foxpost-shipping-location-iddata-foxpost-shipping-country-codedata-foxpost-shipping-localedata-foxpost-shipping-weightdata-foxpost-shipping-price

JS Globals

foxpost_ajax_object

REST Endpoints

/wp-json/foxpost-wc-shipping/v1/locations

FAQ