Does HFD ePost Integration have any unpatched vulnerabilities?

No. All known vulnerabilities in HFD ePost Integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HFD ePost Integration compatible with WordPress 6.9.4?

According to WordPress.org data, HFD ePost Integration 2.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is HFD ePost Integration compatible with PHP 5.4+?

HFD ePost Integration requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HFD ePost Integration updated?

HFD ePost Integration was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is HFD ePost Integration's security score?

HFD ePost Integration has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HFD ePost Integration Security & Risk Analysis

wordpress.org/plugins/hfd-epost-integration

התוסף מאפשר סנכרון בין אתר וורדפרס למערכת המשלוחים HFD. התממשקות חד צדדית עם HFD הכוללת שליחת הזמנות, ביטול הזמנות ומעקב אחרי ההזמנות בווקומרס.

1K active installs v2.20 PHP 5.4+ WP 4.0+ Updated Dec 9, 2025

eposthfdshippingsyncwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is HFD ePost Integration Safe to Use in 2026?

Generally Safe

Score 100/100

HFD ePost Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The hfd-epost-integration plugin v2.20 presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage of properly escaped outputs. The absence of known CVEs and any recorded vulnerability history is a significant strength, suggesting a history of stable and secure development. However, there are notable concerns regarding its attack surface. With 8 AJAX handlers, 5 of which lack authentication checks, and a single cron event, there are multiple potential entry points that could be exploited if an attacker can bypass access controls.

The static analysis reveals the presence of the 'unserialize' function, which can be a significant security risk if user-supplied data is directly unserialized without proper validation, potentially leading to Remote Code Execution (RCE). Although taint analysis did not flag critical or high severity flows, the 'flows with unsanitized paths' indicate potential avenues for attack that warrant further investigation within the plugin's code. The limited number of nonce checks (3) further exacerbates the risk associated with the unprotected AJAX handlers.

In conclusion, while the plugin benefits from a clean vulnerability history and sound SQL/output handling, the large number of unprotected AJAX endpoints and the use of 'unserialize' introduce considerable risk. The plugin's overall security could be significantly improved by implementing proper authentication and authorization checks for all AJAX handlers and by carefully sanitizing and validating any data passed to the 'unserialize' function.

Key Concerns

Unprotected AJAX handlers
Presence of unserialize function
Flows with unsanitized paths
Limited nonce checks
File operations without context

Vulnerabilities

None known

HFD ePost Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HFD ePost Integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

126 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$pickup_info = unserialize( $pickup_info );class\Admin.php:208

unserialize$data = unserialize($data);class\Admin.php:493

unserialize$spotInfo = unserialize($spotInfo);class\App.php:424

unserialize$spotInfo = unserialize($spotInfo);class\Helper\Hfd\Api.php:288

unserialize$spotInfo = unserialize($spotInfo);class\Order\Pickup.php:24

Output Escaping

89% escaped142 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

getSpots (class\App.php:319)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

HFD ePost Integration Attack Surface

Entry Points8

Unprotected5

AJAX Handlers 8

authwp_ajax_sync_orderclass\Admin.php:37

authwp_ajax_hfd_epost_cancel_shipmentclass\Admin.php:55

authwp_ajax_save_pickupclass\App.php:48

noprivwp_ajax_save_pickupclass\App.php:49

authwp_ajax_get_spotsclass\App.php:50

noprivwp_ajax_get_spotsclass\App.php:51

authwp_ajax_hfd_get_additional_dataclass\App.php:87

noprivwp_ajax_hfd_get_additional_dataclass\App.php:88

WordPress Hooks 37

filtermanage_edit-shop_order_columnsclass\Admin.php:26

actionmanage_shop_order_posts_custom_columnclass\Admin.php:27

filtermanage_woocommerce_page_wc-orders_columnsclass\Admin.php:28

actionmanage_woocommerce_page_wc-orders_custom_columnclass\Admin.php:29

actionadmin_menuclass\Admin.php:31

actionadmin_post_save_epost_settingclass\Admin.php:32

actionadmin_enqueue_scriptsclass\Admin.php:33

filterbulk_actions-edit-shop_orderclass\Admin.php:34

filterhandle_bulk_actions-edit-shop_orderclass\Admin.php:35

actionadmin_noticesclass\Admin.php:36

actionwoocommerce_admin_order_items_after_feesclass\Admin.php:40

actionadmin_footerclass\Admin.php:43

actionwoocommerce_saved_order_itemsclass\Admin.php:46

actionwoocommerce_before_save_order_itemsclass\Admin.php:49

actionadd_meta_boxesclass\Admin.php:52

filterwoocommerce_shipping_methodsclass\App.php:40

filterwoocommerce_hidden_order_itemmetaclass\App.php:41

filterwoocommerce_order_shipping_to_displayclass\App.php:42

actionwoocommerce_after_shipping_rateclass\App.php:44

actionwoocommerce_before_order_itemmetaclass\App.php:45

actionwoocommerce_before_checkout_processclass\App.php:46

actionwp_footerclass\App.php:47

actionwp_enqueue_scriptsclass\App.php:52

actionwp_enqueue_scriptsclass\App.php:53

actionplugins_loadedclass\App.php:54

filtergenerate_rewrite_rulesclass\App.php:57

filterquery_varsclass\App.php:60

actiontemplate_redirectclass\App.php:63

filteradmin_initclass\App.php:66

filtercron_schedulesclass\App.php:69

actionhfd_schedule_auto_syncclass\App.php:71

actionwoocommerce_after_order_object_saveclass\App.php:80

actionwoocommerce_checkout_order_processedclass\App.php:82

actionwoocommerce_new_orderclass\App.php:83

actionplugins_loadedclass\App.php:91

actionupgrader_process_completeclass\App.php:94

filterwoocommerce_package_ratesclass\Shipping\Epost.php:37

Scheduled Events 1

hfd_schedule_auto_sync

Maintenance & Trust

HFD ePost Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version5.4

Downloads13K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

HFD ePost Integration Alternatives

Jeebly Delivery Partner for WooCommerce

jeebly-delivery-partner

100

Connects your Jeebly shipment account with WooCommerce and provides order syncing and shipment analytics using Google Charts.

40 No CVEs

swftbox for WooCommerce

swftbox-for-woocommerce

100

Connect WooCommerce with swftbox for real-time order sync and bidirectional status updates.

0 No CVEs

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

WooCommerce Square

woocommerce-square

Securely accept payments, synchronize sales, and seamlessly manage inventory and product data between WooCommerce and Square POS.

80K 2 CVEs

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Developer Profile

HFD ePost Integration Developer Profile

hfdepost

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HFD ePost Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hfd-epost-integration/assets/css/admin.css/wp-content/plugins/hfd-epost-integration/assets/css/frontend.css/wp-content/plugins/hfd-epost-integration/assets/js/admin.js/wp-content/plugins/hfd-epost-integration/assets/js/frontend.js

Script Paths

/wp-content/plugins/hfd-epost-integration/assets/js/admin.js/wp-content/plugins/hfd-epost-integration/assets/js/frontend.js

Version Parameters

hfd-epost-integration/assets/css/admin.css?ver=hfd-epost-integration/assets/css/frontend.css?ver=hfd-epost-integration/assets/js/admin.js?ver=hfd-epost-integration/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

epost-check-shipment-statusepost-cancel-shipment

Data Attributes

data-iddata-text

JS Globals

hfd_epost_cancel_shipment_ajax_objecthfd_epost_admin_ajax_object

FAQ