WP-Safety

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Security & Risk Analysis

wordpress.org/plugins/hezarfen-for-woocommerce

🚀 2 bin site! Kargo takip, ücretsiz Hepsijet Entegrasyonu (1-4 desi: 89,24TL+KDV - Hezarfen Pro gerekmez), Mesafeli Sözleşmeler, NetGSM sipariş SMS

2K active installs v2.8.2 PHP 7.0+ WP 5.7+ Updated Feb 28, 2026
faturahepsijetkargomngsozlesmeler
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Safe to Use in 2026?

Generally Safe

Score 100/100

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The hezarfen-for-woocommerce plugin v2.8.2 demonstrates a generally strong security posture. The extensive use of prepared statements for SQL queries and proper output escaping (both around 96-97%) are significant strengths, indicating a good understanding of fundamental web security practices. The presence of numerous nonce and capability checks on its AJAX handlers further bolsters its defense against common attack vectors. The lack of any recorded vulnerabilities or CVEs in its history is also a positive indicator, suggesting diligent security development and maintenance.

However, the static analysis reveals a potential area of concern with 'flows with unsanitized paths' identified in the taint analysis. While no critical or high severity issues were found in these flows, it suggests that user-supplied input might not be consistently sanitized before being used in file operations or other contexts where path manipulation could lead to vulnerabilities. The plugin also utilizes a bundled library, TCPDF v1.0.004, which may be outdated and potentially contain unpatched vulnerabilities, though specific CVEs are not listed.

Overall, hezarfen-for-woocommerce appears to be a well-secured plugin with robust defenses against common WordPress threats. The primary area to monitor and investigate further is the identified unsanitized path flows. Addressing these potential issues, even if currently assessed as low severity, along with ensuring bundled libraries are up-to-date, would further solidify its security.

Key Concerns

  • Unsanitized paths found in taint analysis
  • Bundled library TCPDF v1.0.004 may be outdated
Vulnerabilities
None known

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
25 prepared
Unescaped Output
20
587 escaped
Nonce Checks
27
Capability Checks
24
File Operations
6
External Requests
8
Bundled Libraries
2

Bundled Libraries

Select2TCPDF1.0.004

SQL Query Safety

96% prepared26 total queries

Output Escaping

97% escaped607 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths
<get-mahalle-data> (api\get-mahalle-data.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 15

authwp_ajax_hezarfen_submit_demandincludes\admin\class-admin-menu.php:40
authwp_ajax_wc_hezarfen_neighborhood_changedincludes\Ajax.php:24
noprivwp_ajax_wc_hezarfen_neighborhood_changedincludes\Ajax.php:31
authwp_ajax_hezarfen_dismiss_roadmap_noticeincludes\class-hezarfen.php:57
authwp_ajax_hezarfen_dismiss_reviewincludes\class-hezarfen.php:58
authwp_ajax_hezarfen_submit_roadmap_votesincludes\class-hezarfen.php:65
authwp_ajax_hezarfen_save_sms_rulesincludes\class-sms-automation.php:23
authwp_ajax_hezarfen_get_sms_rulesincludes\class-sms-automation.php:24
authwp_ajax_hezarfen_save_netgsm_credentialsincludes\class-sms-automation.php:25
authwp_ajax_hezarfen_get_netgsm_credentialsincludes\class-sms-automation.php:26
authwp_ajax_hezarfen_get_netgsm_sendersincludes\class-sms-automation.php:27
authwp_ajax_hezarfen_mst_get_return_datespackages\manual-shipment-tracking\includes\admin\class-admin-ajax.php:69
authwp_ajax_hepsijet_get_warehousespackages\manual-shipment-tracking\includes\admin\class-admin-ajax.php:70
authwp_ajax_hezarfen_clear_warehouses_cachepackages\manual-shipment-tracking\includes\admin\class-settings.php:57
authwp_ajax_hez_pro_move_shipped_to_processingpackages\manual-shipment-tracking\includes\class-deactivation-wizard.php:12
WordPress Hooks 135
actionplugins_loadedhezarfen-for-woocommerce.php:38
actionadmin_noticeshezarfen-for-woocommerce.php:52
actionbefore_woocommerce_inithezarfen-for-woocommerce.php:123
actionadmin_menuincludes\admin\class-admin-menu.php:36
filterparent_fileincludes\admin\class-admin-menu.php:37
filtersubmenu_fileincludes\admin\class-admin-menu.php:38
actionadmin_enqueue_scriptsincludes\admin\class-admin-menu.php:39
actionwoocommerce_settings_hezarfenincludes\admin\class-admin-menu.php:41
filterwoocommerce_admin_billing_fieldsincludes\admin\order\OrderDetails.php:25
actionwoocommerce_admin_order_data_after_billing_addressincludes\admin\order\OrderDetails.php:33
filtermanage_shop_order_posts_columnsincludes\admin\order\OrderListColumns.php:29
actionmanage_shop_order_posts_custom_columnincludes\admin\order\OrderListColumns.php:30
filterwoocommerce_shop_order_list_table_columnsincludes\admin\order\OrderListColumns.php:31
actionwoocommerce_shop_order_list_table_custom_columnincludes\admin\order\OrderListColumns.php:32
actionadmin_enqueue_scriptsincludes\admin\settings\class-hezarfen-settings-hezarfen.php:30
actionwoocommerce_admin_field_sms_rules_buttonincludes\admin\settings\class-hezarfen-settings-hezarfen.php:31
actionwoocommerce_admin_field_roadmap_votingincludes\admin\settings\class-hezarfen-settings-hezarfen.php:32
actionplugins_loadedincludes\Autoload.php:34
actionwp_enqueue_scriptsincludes\Autoload.php:46
filterwoocommerce_checkout_fieldsincludes\Checkout.php:37
actionwpincludes\Checkout.php:42
actionwpincludes\Checkout.php:46
actionwpincludes\Checkout.php:51
filterwoocommerce_checkout_posted_dataincludes\Checkout.php:53
actionwoocommerce_after_checkout_validationincludes\Checkout.php:61
actionwoocommerce_before_checkout_processincludes\Checkout.php:71
filterdefault_checkout_billing_hez_TC_numberincludes\Checkout.php:79
filterwoocommerce_form_field_textincludes\Checkout.php:89
filterwoocommerce_checkout_fieldsincludes\Checkout.php:105
filterwoocommerce_get_country_localeincludes\Checkout.php:115
filterwoocommerce_checkout_fieldsincludes\Checkout.php:117
filterwoocommerce_default_address_fieldsincludes\Checkout.php:127
filterwoocommerce_checkout_fieldsincludes\Checkout.php:336
filterwoocommerce_checkout_fieldsincludes\Checkout.php:346
actionwpincludes\class-compatibility.php:27
filterhezarfen_checkout_fields_class_billing_hez_invoice_typeincludes\class-compatibility.php:36
filterhezarfen_checkout_fields_class_billing_hez_TC_numberincludes\class-compatibility.php:37
filterhezarfen_checkout_fields_class_billing_hez_companyincludes\class-compatibility.php:38
filterhezarfen_checkout_fields_class_billing_hez_tax_numberincludes\class-compatibility.php:39
filterhezarfen_checkout_fields_class_billing_hez_tax_officeincludes\class-compatibility.php:40
filterhezarfen_checkout_fields_input_class_billing_hez_tc_numberincludes\class-compatibility.php:42
filterhezarfen_checkout_fields_input_class_billing_hez_companyincludes\class-compatibility.php:43
filterhezarfen_checkout_fields_input_class_billing_hez_tax_numberincludes\class-compatibility.php:44
filterhezarfen_checkout_fields_input_class_billing_hez_tax_officeincludes\class-compatibility.php:45
filterthwcfd_address_field_override_priorityincludes\class-compatibility.php:55
filterthwcfd_address_field_override_labelincludes\class-compatibility.php:56
filterthwcfd_address_field_override_placeholderincludes\class-compatibility.php:57
filterthwcfd_address_field_override_classincludes\class-compatibility.php:58
filterhezarfen_skip_hide_postcode_fieldincludes\class-compatibility.php:62
filterhezarfen_skip_sort_address_fieldsincludes\class-compatibility.php:63
filterwoocommerce_get_country_localeincludes\class-hezarfen-wc-helper.php:59
filterwoocommerce_billing_fieldsincludes\class-hezarfen-wc-helper.php:60
filterwoocommerce_shipping_fieldsincludes\class-hezarfen-wc-helper.php:62
filterwoocommerce_get_country_localeincludes\class-hezarfen-wc-helper.php:155
actioninitincludes\class-hezarfen.php:52
actionplugins_loadedincludes\class-hezarfen.php:53
actionplugins_loadedincludes\class-hezarfen.php:54
actionadmin_noticesincludes\class-hezarfen.php:55
actionadmin_noticesincludes\class-hezarfen.php:56
actionplugins_loadedincludes\class-hezarfen.php:59
filterwoocommerce_get_settings_pagesincludes\class-hezarfen.php:60
filterwoocommerce_get_country_localeincludes\class-hezarfen.php:61
filterwoocommerce_rest_prepare_shop_order_objectincludes\class-hezarfen.php:62
actionadmin_noticesincludes\class-hezarfen.php:120
actionadmin_noticesincludes\class-hezarfen.php:130
actionadmin_noticesincludes\class-hezarfen.php:146
filterwoocommerce_address_to_editincludes\class-my-account.php:20
actionwoocommerce_after_save_address_validationincludes\class-my-account.php:21
actionwp_enqueue_scriptsincludes\class-my-account.php:22
actionwpincludes\class-my-account.php:26
actionwpincludes\class-my-account.php:30
actionadmin_initincludes\class-privacy-policy.php:19
actionwoocommerce_order_status_changedincludes\class-sms-automation.php:21
actionhezarfen_mst_shipment_data_savedincludes\class-sms-automation.php:22
filterwoocommerce_get_sections_hezarfenincludes\contracts\admin\class-contracts-settings.php:23
filterwoocommerce_get_settings_hezarfenincludes\contracts\admin\class-contracts-settings.php:24
actionwoocommerce_settings_save_hezarfenincludes\contracts\admin\class-contracts-settings.php:25
actionadmin_enqueue_scriptsincludes\contracts\admin\class-contracts-settings.php:26
actionwoocommerce_admin_field_mss_dynamic_contractsincludes\contracts\admin\class-contracts-settings.php:220
actionwoocommerce_admin_field_mss_available_variablesincludes\contracts\admin\class-contracts-settings.php:221
actionadd_meta_boxesincludes\contracts\admin\class-order-agreements.php:21
actionadmin_enqueue_scriptsincludes\contracts\admin\class-order-agreements.php:22
actioninitincludes\contracts\class-contracts-integration.php:77
actionwp_enqueue_scriptsincludes\contracts\class-contracts-integration.php:115
actionwoocommerce_checkout_before_terms_and_conditionsincludes\contracts\core\class-contract-renderer.php:28
actionwoocommerce_checkout_after_terms_and_conditionsincludes\contracts\core\class-contract-renderer.php:29
actionwoocommerce_checkout_processincludes\contracts\core\class-contract-renderer.php:30
actionwp_footerincludes\contracts\core\class-contract-renderer.php:31
filterwoocommerce_update_order_review_fragmentsincludes\contracts\core\class-contract-renderer.php:32
actionwoocommerce_checkout_order_processedincludes\contracts\core\class-post-order-processor.php:34
actionwoocommerce_order_status_processingincludes\contracts\core\class-post-order-processor.php:37
actionwoocommerce_email_customer_detailsincludes\contracts\core\class-post-order-processor.php:41
filterwp_mail_content_typeincludes\contracts\core\class-post-order-processor.php:242
actionwoocommerce_thankyouincludes\contracts\frontend\class-customer-agreements.php:24
actionwoocommerce_order_details_after_customer_detailsincludes\contracts\frontend\class-customer-agreements.php:27
actionwp_enqueue_scriptsincludes\contracts\frontend\class-customer-agreements.php:30
actionadmin_enqueue_scriptspackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:28
filtermanage_shop_order_posts_columnspackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:30
actionmanage_shop_order_posts_custom_columnpackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:31
filterwoocommerce_shop_order_list_table_columnspackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:32
actionwoocommerce_shop_order_list_table_custom_columnpackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:33
actionadd_meta_boxespackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:35
filterwoocommerce_reports_order_statusespackages\manual-shipment-tracking\includes\admin\class-admin-orders.php:37
actionwoocommerce_settings_save_hezarfenpackages\manual-shipment-tracking\includes\admin\class-settings.php:42
actionadmin_enqueue_scriptspackages\manual-shipment-tracking\includes\admin\class-settings.php:45
actionwoocommerce_settings_save_hezarfenpackages\manual-shipment-tracking\includes\admin\class-settings.php:51
filterpre_option_hez_ordermigo_webhook_secretpackages\manual-shipment-tracking\includes\admin\class-settings.php:54
actionwoocommerce_admin_field_hepsijet_cache_buttonpackages\manual-shipment-tracking\includes\admin\class-settings.php:60
actionwoocommerce_admin_field_hezarfen_courier_visibilitypackages\manual-shipment-tracking\includes\admin\class-settings.php:63
actionwoocommerce_admin_field_hezarfen_mst_netgsm_sms_content_textareapackages\manual-shipment-tracking\includes\admin\class-settings.php:104
actionadmin_footerpackages\manual-shipment-tracking\includes\class-deactivation-wizard.php:10
actionadmin_enqueue_scriptspackages\manual-shipment-tracking\includes\class-deactivation-wizard.php:11
filterwoocommerce_register_shop_order_post_statusespackages\manual-shipment-tracking\includes\class-helper.php:250
filterwc_order_statusespackages\manual-shipment-tracking\includes\class-helper.php:258
filterbulk_actions-edit-shop_orderpackages\manual-shipment-tracking\includes\class-hepsijet-bulk-barcode.php:37
filterbulk_actions-woocommerce_page_wc-orderspackages\manual-shipment-tracking\includes\class-hepsijet-bulk-barcode.php:38
filterhandle_bulk_actions-edit-shop_orderpackages\manual-shipment-tracking\includes\class-hepsijet-bulk-barcode.php:41
filterhandle_bulk_actions-woocommerce_page_wc-orderspackages\manual-shipment-tracking\includes\class-hepsijet-bulk-barcode.php:42
actionadmin_menupackages\manual-shipment-tracking\includes\class-hepsijet-bulk-barcode.php:45
actionhezarfen_mst_shipment_data_savedpackages\manual-shipment-tracking\includes\class-manual-shipment-tracking.php:76
actionwoocommerce_api_hez_ordermigo_shipment_statuspackages\manual-shipment-tracking\includes\class-manual-shipment-tracking.php:80
filterpandasms_wc_siparis_bildirim_tetikleyicileripackages\manual-shipment-tracking\includes\class-manual-shipment-tracking.php:112
actioninitpackages\manual-shipment-tracking\includes\class-manual-shipment-tracking.php:150
filterwc_order_statusespackages\manual-shipment-tracking\includes\class-manual-shipment-tracking.php:152
actionwp_enqueue_scriptspackages\manual-shipment-tracking\includes\class-my-account.php:22
filterwoocommerce_account_orders_columnspackages\manual-shipment-tracking\includes\class-my-account.php:25
actionwoocommerce_my_account_my_orders_column_hezarfen-mst-shipment-trackingpackages\manual-shipment-tracking\includes\class-my-account.php:26
actionwoocommerce_view_orderpackages\manual-shipment-tracking\includes\class-my-account.php:29
filterhezarfen_mst_get_shipment_datapackages\manual-shipment-tracking\includes\class-third-party-data-support.php:64
filterhezarfen_mst_get_shipment_datapackages\manual-shipment-tracking\includes\class-third-party-data-support.php:75
filterhezarfen_mst_get_shipment_datapackages\manual-shipment-tracking\includes\class-third-party-data-support.php:89
filterwoocommerce_email_classespackages\manual-shipment-tracking\includes\email\class-email.php:22
filterwoocommerce_template_directorypackages\manual-shipment-tracking\includes\email\class-email.php:23
actionhezarfen_mst_order_shippedpackages\manual-shipment-tracking\includes\email\class-email.php:24
actionwoocommerce_order_status_changedpackages\manual-shipment-tracking\includes\notification-providers\class-netgsm.php:58
Maintenance & Trust

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 28, 2026
PHP min version7.0
Downloads51K

Community Trust

Rating98/100
Number of ratings34
Active installs2K
Alternatives

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Alternatives

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi

kargo-entegrator

A
99

Kolay, hızlı entegre edilebilir Woo kargo eklentisi, Yurtiçi, Aras, DHL ve bir çok firma ile kolayca siparişlerinizi kargolayın, sms ile bilgilendirin

200 1 CVE
shipmendo – Lite

shipmendo – Lite

wc-shipmendo-lite

A
85

shipmendo - Lite kullanarak siparişlerin kargo adımlarını müşterilerinizle paylaşın. Desteklenen kargo firmaları: - Aras Kargo, - MNG Kargo, - PTT Kar &hellip;

20 No CVEs
WTC: Sözleşmeler, Kargo, SMS, İade, Form, OTP (SMS Doğrulama), Puan, Kupon Yönetimi

WTC: Sözleşmeler, Kargo, SMS, İade, Form, OTP (SMS Doğrulama), Puan, Kupon Yönetimi

wtc-checkout

A
100

WC Turkiye: Contracts, Form Fields, District/Neighborhood Select, Auto Postcode, Cargo, SMS, OTP, Points, Coupons, Return and Dashboard Management.

20 No CVEs
Eafatura Kargo & E-Arşiv ve E-Fatura Entegrasyonu

Eafatura Kargo & E-Arşiv ve E-Fatura Entegrasyonu

eafatura-e-arsiv-entegrasyon

A
100

Kısa açıklama: WordPress WooCommerce için Fatura ve Kargo eklentisi.

10 No CVEs
Kargo Takip

Kargo Takip

kargo-takip-turkiye

A
99

WooCommerce siparişlerinize kargo takip bilgisi ekleyin ve müşterilerinize otomatik e-posta/SMS bildirimleri gönderin.

3K 1 CVE
Developer Profile

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS Developer Profile

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hezarfen-for-woocommerce/assets/css/admin.css/wp-content/plugins/hezarfen-for-woocommerce/assets/css/checkout.css/wp-content/plugins/hezarfen-for-woocommerce/assets/js/admin.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/checkout.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/frontend.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/vendor/jquery-autocomplete.min.js
Script Paths
/wp-content/plugins/hezarfen-for-woocommerce/assets/js/admin.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/checkout.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/frontend.js/wp-content/plugins/hezarfen-for-woocommerce/assets/js/vendor/jquery-autocomplete.min.js
Version Parameters
hezarfen-for-woocommerce/assets/css/admin.css?ver=hezarfen-for-woocommerce/assets/css/checkout.css?ver=hezarfen-for-woocommerce/assets/js/admin.js?ver=hezarfen-for-woocommerce/assets/js/checkout.js?ver=hezarfen-for-woocommerce/assets/js/frontend.js?ver=hezarfen-for-woocommerce/assets/js/vendor/jquery-autocomplete.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
hezarfen-settings-tab
Data Attributes
data-hezarfen-ajax-url
JS Globals
hezarfen_params
REST Endpoints
/wp-json/hezarfen/v1/get-neighborhood-data
FAQ

Frequently Asked Questions about Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS