Does Glavpunkt have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Glavpunkt compatible with WordPress 5.2.24?

According to WordPress.org data, Glavpunkt 1.1.3 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Glavpunkt compatible with PHP 5.2.4+?

Glavpunkt requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Glavpunkt updated?

Glavpunkt was last updated on May 31, 2019. Frequent updates are generally a positive security signal.

What is Glavpunkt's security score?

Glavpunkt has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Glavpunkt Security & Risk Analysis

wordpress.org/plugins/glavpunkt

A glavpunkt plugin for WooCommerce that allows the store operator to show local pickup locations and allows the customer to choose the place where to …

10 active installs v1.1.3 PHP 5.2.4+ WP 3.0.1+ Updated May 31, 2019

calculatorglavpunktshipping-calculatorshipping-extensionshipping-method

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Glavpunkt Safe to Use in 2026?

Generally Safe

Score 85/100

Glavpunkt has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The plugin 'glavpunkt' v1.1.3 exhibits a mixed security posture. On the positive side, the code does not appear to utilize dangerous functions, all SQL queries are properly prepared, and there are no known historical vulnerabilities. However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a major security flaw as it allows unauthenticated users to trigger plugin functionality, potentially leading to unintended actions or exploitation.

The taint analysis reveals that all three analyzed flows have unsanitized paths, indicating a risk of cross-site scripting (XSS) or other injection vulnerabilities if these paths are exposed to user input. While no critical or high severity taint flows were identified, the presence of unsanitized paths without any corresponding capability or nonce checks on the AJAX endpoints is a serious oversight. The lack of nonce checks is particularly concerning for AJAX operations, as it fails to protect against Cross-Site Request Forgery (CSRF) attacks.

Overall, while the absence of known vulnerabilities and the use of prepared statements are strengths, the unprotected AJAX handlers and the identified unsanitized paths create a significant risk. The plugin needs immediate attention to implement proper authentication and authorization checks on its AJAX endpoints and to sanitize all user-supplied data that influences these paths.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint analysis
Missing nonce checks on AJAX
No capability checks

Vulnerabilities

None known

Glavpunkt Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Glavpunkt Release Timeline

v1.1.3Current

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Glavpunkt Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped6 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

glavpunkt_shipping_method (glavpunkt.php:25)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Glavpunkt Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_savePriceglavpunkt.php:465

noprivwp_ajax_savePriceglavpunkt.php:466

WordPress Hooks 7

actionwoocommerce_after_shipping_rateglavpunkt.php:45

actionwoocommerce_shipping_initglavpunkt.php:359

filterwoocommerce_checkout_fieldsglavpunkt.php:386

filterwoocommerce_shipping_methodsglavpunkt.php:401

actionwoocommerce_review_order_before_cart_contentsglavpunkt.php:462

actionwoocommerce_after_checkout_validationglavpunkt.php:463

actionplugins_loadedglavpunkt.php:489

Maintenance & Trust

Glavpunkt Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 31, 2019

PHP min version5.2.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Glavpunkt Alternatives

Malca-Amit Shipping Services

malca-amit-shipping-services

Malca-Amit Shipping Services plugin for WooCommerce.

10 No CVEs

Cost Calculator Builder

cost-calculator-builder

WP Cost Calculator is a simple and powerful tool that lets you create price estimation forms. Easily give your clients information about your services …

30K 15 CVEs

Easyship WooCommerce Shipping Rates

easyship-woocommerce-shipping-rates

100

Easyship for WooCommerce saves you time and money with live courier rates, seamless checkout, automated taxes & duties, and shipping label creation.

2K 1 CVE

Product page shipping calculator for WooCommerce

product-page-shipping-calculator-for-woocommerce

This plugin allows you to show the shipping methods available on the product page for WooCommerce, so customers can see if shipping is available to th …

1K 2 CVEs

WooReer

wcsdm

100

WooReer calculates shipping rates based on distance via Google Maps, Mapbox, DistanceMatrix.ai, Geoapify, or HERE.

1K No CVEs

Developer Profile

Glavpunkt Developer Profile

mrsergeusz

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Glavpunkt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/glavpunkt/includes/js/glavpunkt.js

Script Paths

https://glavpunkt.ru/js/punkts-widget/glavpunkt.js/wp-content/plugins/glavpunkt/includes/js/glavpunkt.js

HTML / DOM Fingerprints

JS Globals

glavpunkt_initglavpunkt_init_widget

REST Endpoints

/wp-json/glavpunkt/v1/city_list/wp-json/glavpunkt/v1/city_set/wp-json/glavpunkt/v1/order_confirm

FAQ