Does GLS Shipping for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in GLS Shipping for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GLS Shipping for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, GLS Shipping for WooCommerce 1.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GLS Shipping for WooCommerce compatible with PHP 7.1+?

GLS Shipping for WooCommerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GLS Shipping for WooCommerce updated?

GLS Shipping for WooCommerce was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is GLS Shipping for WooCommerce's security score?

GLS Shipping for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GLS Shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/gls-shipping-for-woocommerce

GLS Shipping plugin for WooCommerce

1K active installs v1.4.1 PHP 7.1+ WP 5.9+ Updated Feb 12, 2026

glsshippingwoocommerce-shipping

A · Safe

CVEs total1

Unpatched0

Last CVEDec 29, 2025

Download

Safety Verdict

Is GLS Shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

GLS Shipping for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 29, 2025Updated 1mo ago

Risk Assessment

The gls-shipping-for-woocommerce plugin version 1.4.1 exhibits a generally good security posture with several strong practices in place. The absence of any unpatched CVEs is a significant positive, and the plugin correctly utilizes prepared statements for all SQL queries, a crucial defense against SQL injection. Furthermore, a high percentage of output is properly escaped, and a substantial number of nonce and capability checks are implemented for its AJAX endpoints. This indicates a conscious effort towards secure coding.

However, there are areas for concern. The presence of two taint flows with unsanitized paths, although not classified as critical or high severity, suggests potential for vulnerabilities if input is not handled with extreme care. The plugin also performs external HTTP requests, which can be a vector for attacks if the remote endpoints are compromised or the data sent is not validated. While the number of file operations is low, any insecure handling of these operations could lead to serious issues.

Historically, the plugin has had one medium-severity vulnerability related to Cross-Site Scripting (XSS). The fact that this vulnerability is listed as 'last vulnerability' in 2025 and is currently patched is reassuring, but it highlights that XSS is a potential risk that developers should remain vigilant about. Overall, while the plugin has a solid foundation, the identified unsanitized taint flows and the historical XSS vulnerability warrant careful monitoring and potential further review to ensure complete security.

Key Concerns

Taint flows with unsanitized paths identified
Historical medium severity CVE
External HTTP requests

Vulnerabilities

GLS Shipping for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68011medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting

Dec 29, 2025 Patched in 1.4.1 (57d)

Code Analysis

Analyzed Mar 16, 2026

GLS Shipping for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

359 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

95% escaped379 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

render_history_tab (includes\admin\class-gls-shipping-pickup.php:236)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GLS Shipping for WooCommerce Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_gls_generate_labelincludes\admin\class-gls-shipping-order.php:19

authwp_ajax_gls_get_parcel_statusincludes\admin\class-gls-shipping-order.php:20

authwp_ajax_gls_update_pickup_locationincludes\admin\class-gls-shipping-order.php:21

WordPress Hooks 48

filterwoocommerce_shipping_methodsgls-shipping-for-woocommerce.php:131

actioninitgls-shipping-for-woocommerce.php:132

actionadmin_initgls-shipping-for-woocommerce.php:135

actionbefore_woocommerce_initgls-shipping-for-woocommerce.php:324

filterbulk_actions-edit-shop_orderincludes\admin\class-gls-shipping-bulk.php:24

filterbulk_actions-woocommerce_page_wc-ordersincludes\admin\class-gls-shipping-bulk.php:25

filterhandle_bulk_actions-edit-shop_orderincludes\admin\class-gls-shipping-bulk.php:28

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\admin\class-gls-shipping-bulk.php:29

actionadmin_noticesincludes\admin\class-gls-shipping-bulk.php:32

filterwoocommerce_admin_order_actionsincludes\admin\class-gls-shipping-bulk.php:35

actionadmin_print_stylesincludes\admin\class-gls-shipping-bulk.php:38

filtermanage_edit-shop_order_columnsincludes\admin\class-gls-shipping-bulk.php:41

filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-gls-shipping-bulk.php:42

actionmanage_shop_order_posts_custom_columnincludes\admin\class-gls-shipping-bulk.php:45

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-gls-shipping-bulk.php:48

actionadmin_initincludes\admin\class-gls-shipping-label-migration.php:45

actionadmin_initincludes\admin\class-gls-shipping-label-migration.php:48

actionadmin_noticesincludes\admin\class-gls-shipping-label-migration.php:51

actionadd_meta_boxesincludes\admin\class-gls-shipping-order.php:18

actionwoocommerce_process_shop_order_metaincludes\admin\class-gls-shipping-order.php:24

actionsave_post_shop_orderincludes\admin\class-gls-shipping-order.php:25

actionadmin_initincludes\admin\class-gls-shipping-pickup-history.php:23

actionadmin_menuincludes\admin\class-gls-shipping-pickup.php:19

actionadmin_enqueue_scriptsincludes\admin\class-gls-shipping-pickup.php:22

actionwoocommerce_product_options_shippingincludes\admin\class-gls-shipping-product-restrictions.php:18

actionwoocommerce_process_product_metaincludes\admin\class-gls-shipping-product-restrictions.php:19

filterwoocommerce_package_ratesincludes\admin\class-gls-shipping-product-restrictions.php:22

actionwoocommerce_check_cart_itemsincludes\admin\class-gls-shipping-product-restrictions.php:25

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method-parcel-locker-zones.php:186

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method-parcel-locker.php:219

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method-parcel-shop-zones.php:168

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method-parcel-shop.php:205

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method-zones.php:168

actionadmin_noticesincludes\methods\class-gls-shipping-method.php:604

actionwoocommerce_shipping_initincludes\methods\class-gls-shipping-method.php:761

actionwp_enqueue_scriptsincludes\public\class-gls-shipping-assets.php:20

actionwp_footerincludes\public\class-gls-shipping-assets.php:21

filterscript_loader_tagincludes\public\class-gls-shipping-assets.php:22

actionadmin_enqueue_scriptsincludes\public\class-gls-shipping-assets.php:24

filterwoocommerce_cart_shipping_method_full_labelincludes\public\class-gls-shipping-checkout.php:44

actionwoocommerce_checkout_update_order_metaincludes\public\class-gls-shipping-checkout.php:45

actionwoocommerce_review_order_after_shippingincludes\public\class-gls-shipping-checkout.php:46

actionwoocommerce_checkout_processincludes\public\class-gls-shipping-checkout.php:47

filterwoocommerce_cart_shipping_method_full_labelincludes\public\class-gls-shipping-logo-display.php:19

filterwoocommerce_package_ratesincludes\public\class-gls-shipping-logo-display.php:22

actionwp_enqueue_scriptsincludes\public\class-gls-shipping-logo-display.php:25

actionwoocommerce_order_details_after_order_tableincludes\public\class-gls-shipping-my-account.php:18

actionwoocommerce_email_order_detailsincludes\public\class-gls-shipping-my-account.php:19

Maintenance & Trust

GLS Shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version7.1

Downloads17K

Community Trust

Rating76/100

Number of ratings5

Active installs1K

Alternatives

GLS Shipping for WooCommerce Alternatives

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE

Advanced Free Shipping for WooCommerce

woocommerce-advanced-free-shipping

100

Advanced Free Shipping for WooCommerce is an plugin which allows you to set up advanced free shipping conditions.

40K No CVEs

Conditional Shipping for WooCommerce

conditional-shipping-for-woocommerce

Restrict WooCommerce shipping methods based on conditions. Works with your existing shipping methods and zones.

10K 2 CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

Developer Profile

GLS Shipping for WooCommerce Developer Profile

GLS

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

57 days

View full developer profile

Detection Fingerprints

How We Detect GLS Shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gls-shipping-for-woocommerce/assets/css/backend/gls-shipping-admin.css/wp-content/plugins/gls-shipping-for-woocommerce/assets/css/frontend/gls-shipping-frontend.css/wp-content/plugins/gls-shipping-for-woocommerce/assets/js/backend/gls-shipping-admin.js/wp-content/plugins/gls-shipping-for-woocommerce/assets/js/frontend/gls-shipping-frontend.js

Script Paths

/wp-content/plugins/gls-shipping-for-woocommerce/assets/js/backend/gls-shipping-admin.js/wp-content/plugins/gls-shipping-for-woocommerce/assets/js/frontend/gls-shipping-frontend.js

Version Parameters

gls-shipping-for-woocommerce/assets/css/backend/gls-shipping-admin.css?ver=gls-shipping-for-woocommerce/assets/css/frontend/gls-shipping-frontend.css?ver=gls-shipping-for-woocommerce/assets/js/backend/gls-shipping-admin.js?ver=gls-shipping-for-woocommerce/assets/js/frontend/gls-shipping-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

gls_shipping_methods_settings

HTML Comments

Data Attributes

data-gls-shipping-method-id

FAQ