Does Homerunner have any unpatched vulnerabilities?

No. All known vulnerabilities in Homerunner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Homerunner compatible with WordPress 6.7.5?

According to WordPress.org data, Homerunner 1.0.34 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Homerunner compatible with PHP 7.0+?

Homerunner requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Homerunner updated?

Homerunner was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Homerunner's security score?

Homerunner has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Homerunner Security & Risk Analysis

wordpress.org/plugins/homerunner-smartcheckout

Homerunners modul hjælper dig til, at nemt håndtere fragtbestilling på dine ordre.

50 active installs v1.0.34 PHP 7.0+ WP 4.7+ Updated Feb 20, 2026

fragthomerunnerpakkelabelsshipping

A · Safe

CVEs total1

Unpatched0

Last CVEJun 25, 2025

Plugin page Download

Safety Verdict

Is Homerunner Safe to Use in 2026?

Generally Safe

Score 99/100

Homerunner has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 25, 2025Updated 1mo ago

Risk Assessment

The homerunner-smartcheckout plugin v1.0.34 exhibits a generally strong security posture based on the provided static analysis. The absence of direct SQL injection vulnerabilities, a high rate of output escaping, and the presence of nonce and capability checks on entry points are positive indicators. The limited attack surface of two AJAX handlers, with zero found to be unprotected, further bolsters this assessment. Taint analysis revealed no critical or high-severity unsanitized flows, which is excellent. The plugin also has no unpatched CVEs, indicating active maintenance concerning known security issues.

However, the presence of one past medium-severity vulnerability, specifically CSRF, is a point of concern, even though it is patched. While the plugin appears to have addressed this issue historically, it highlights a potential area for future attacks if not carefully managed. The plugin also makes 10 external HTTP requests, which, while not inherently a vulnerability, represents an increased attack surface and potential for supply chain attacks if any of these external services are compromised or respond maliciously. The lack of reported issues in the current static analysis is encouraging, but past vulnerabilities should always be a consideration for ongoing vigilance.

Key Concerns

One past medium vulnerability (CSRF)
10 external HTTP requests

Vulnerabilities

Homerunner Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-5932medium · 4.3Cross-Site Request Forgery (CSRF)

Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update

Jun 25, 2025 Patched in 1.0.31 (58d)

Code Analysis

Analyzed Mar 16, 2026

Homerunner Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped65 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

printer_settings (classes\class-settings.php:552)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Homerunner Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_homerunner_shipment_createclasses\class-settings.php:17

authwp_ajax_homerunner_shipment_printclasses\class-settings.php:21

WordPress Hooks 19

actionwp_enqueue_scriptsclasses\class-checkout.php:11

actionwoocommerce_checkout_update_order_metaclasses\class-checkout.php:12

actionadmin_menuclasses\class-settings.php:13

actionadmin_enqueue_scriptsclasses\class-settings.php:14

actionadd_meta_boxesclasses\class-settings.php:15

actionhomerunner_shipment_createclasses\class-settings.php:16

actionhomerunner_shipment_printclasses\class-settings.php:20

actionwoocommerce_product_options_shippingclasses\class-settings.php:23

actionwoocommerce_process_product_metaclasses\class-settings.php:24

actionwoocommerce_admin_order_data_after_shipping_addressclasses\class-settings.php:25

actionwoocommerce_shop_order_list_table_custom_columnclasses\class-settings.php:26

actionwoocommerce_shop_order_list_table_columnsclasses\class-settings.php:27

actionwoocommerce_order_status_processingclasses\class-settings.php:28

filterbulk_actions-edit-shop_orderclasses\class-settings.php:29

filterhandle_bulk_actions-edit-shop_orderclasses\class-settings.php:30

filterhandle_bulk_actions-edit-shop_orderclasses\class-settings.php:31

filtercomments_clausesclasses\class-settings.php:540

actionplugins_loadedhomerunner.php:33

filterwoocommerce_shipping_methodshomerunner.php:43

Maintenance & Trust

Homerunner Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 20, 2026

PHP min version7.0

Downloads68K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Homerunner Alternatives

Shipmondo for WooCommerce

shipmondo-for-woocommerce

100

Shipmondo for WooCommerce - Provide pick-up points in checkout and manage shipping easily

300 No CVEs

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs

Developer Profile

Homerunner Developer Profile

Homerunner

1 plugin · 50 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

58 days

View full developer profile

Detection Fingerprints

How We Detect Homerunner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/homerunner-smartcheckout/assets/css/checkout.css/wp-content/plugins/homerunner-smartcheckout/assets/js/checkout.js

Script Paths

/wp-content/plugins/homerunner-smartcheckout/assets/js/checkout.js

Version Parameters

homerunner-smartcheckout/assets/css/checkout.css?ver=homerunner-smartcheckout/assets/js/checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes

homerunner-statushomerunner_operationshomerunner_tracking

HTML Comments

Data Attributes

data-order_iddata-package_number

JS Globals

checkout_script

FAQ