WP-Safety

Homerunner Security & Risk Analysis

wordpress.org/plugins/homerunner-smartcheckout

Homerunners modul hjælper dig til, at nemt håndtere fragtbestilling på dine ordre.

60 active installs v1.0.34 PHP 7.0+ WP 4.7+ Updated Feb 20, 2026
fragthomerunnerpakkelabelsshipping
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 25, 2025
Plugin page Download
Safety Verdict

Is Homerunner Safe to Use in 2026?

Generally Safe

Score 99/100

Homerunner has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 25, 2025Updated 2mo ago
Risk Assessment

The homerunner-smartcheckout plugin v1.0.34 exhibits a generally strong security posture based on the provided static analysis. The absence of direct SQL injection vulnerabilities, a high rate of output escaping, and the presence of nonce and capability checks on entry points are positive indicators. The limited attack surface of two AJAX handlers, with zero found to be unprotected, further bolsters this assessment. Taint analysis revealed no critical or high-severity unsanitized flows, which is excellent. The plugin also has no unpatched CVEs, indicating active maintenance concerning known security issues.

However, the presence of one past medium-severity vulnerability, specifically CSRF, is a point of concern, even though it is patched. While the plugin appears to have addressed this issue historically, it highlights a potential area for future attacks if not carefully managed. The plugin also makes 10 external HTTP requests, which, while not inherently a vulnerability, represents an increased attack surface and potential for supply chain attacks if any of these external services are compromised or respond maliciously. The lack of reported issues in the current static analysis is encouraging, but past vulnerabilities should always be a consideration for ongoing vigilance.

Key Concerns

  • One past medium vulnerability (CSRF)
  • 10 external HTTP requests
Vulnerabilities
1 published

Homerunner Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-5932medium · 4.3Cross-Site Request Forgery (CSRF)

Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update

Jun 25, 2025 Patched in 1.0.31 (58d)
Version History

Homerunner Release Timeline

v1.0.34Current
v1.0.33
v1.0.32
v1.0.31
v1.0.301 CVE
CVE-2025-5932
v1.0.291 CVE
CVE-2025-5932
v1.0.281 CVE
CVE-2025-5932
v1.0.271 CVE
CVE-2025-5932
v1.0.261 CVE
CVE-2025-5932
v1.0.251 CVE
CVE-2025-5932
v1.0.241 CVE
CVE-2025-5932
v1.0.231 CVE
CVE-2025-5932
v1.0.221 CVE
CVE-2025-5932
v1.0.211 CVE
CVE-2025-5932
v1.0.201 CVE
CVE-2025-5932
v1.0.191 CVE
CVE-2025-5932
v1.0.181 CVE
CVE-2025-5932
v1.0.171 CVE
CVE-2025-5932
v1.0.161 CVE
CVE-2025-5932
v1.0.151 CVE
CVE-2025-5932
Code Analysis
Analyzed Mar 16, 2026

Homerunner Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
63 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
10
Bundled Libraries
0

Output Escaping

97% escaped65 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
printer_settings (classes\class-settings.php:552)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Homerunner Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_homerunner_shipment_createclasses\class-settings.php:17
authwp_ajax_homerunner_shipment_printclasses\class-settings.php:21
WordPress Hooks 19
actionwp_enqueue_scriptsclasses\class-checkout.php:11
actionwoocommerce_checkout_update_order_metaclasses\class-checkout.php:12
actionadmin_menuclasses\class-settings.php:13
actionadmin_enqueue_scriptsclasses\class-settings.php:14
actionadd_meta_boxesclasses\class-settings.php:15
actionhomerunner_shipment_createclasses\class-settings.php:16
actionhomerunner_shipment_printclasses\class-settings.php:20
actionwoocommerce_product_options_shippingclasses\class-settings.php:23
actionwoocommerce_process_product_metaclasses\class-settings.php:24
actionwoocommerce_admin_order_data_after_shipping_addressclasses\class-settings.php:25
actionwoocommerce_shop_order_list_table_custom_columnclasses\class-settings.php:26
actionwoocommerce_shop_order_list_table_columnsclasses\class-settings.php:27
actionwoocommerce_order_status_processingclasses\class-settings.php:28
filterbulk_actions-edit-shop_orderclasses\class-settings.php:29
filterhandle_bulk_actions-edit-shop_orderclasses\class-settings.php:30
filterhandle_bulk_actions-edit-shop_orderclasses\class-settings.php:31
filtercomments_clausesclasses\class-settings.php:540
actionplugins_loadedhomerunner.php:33
filterwoocommerce_shipping_methodshomerunner.php:43
Maintenance & Trust

Homerunner Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 20, 2026
PHP min version7.0
Downloads69K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

Homerunner Alternatives

Shipmondo for WooCommerce

Shipmondo for WooCommerce

shipmondo-for-woocommerce

A
100

Shipmondo for WooCommerce - Provide pick-up points in checkout and manage shipping easily

600 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Weight Based Shipping for WooCommerce

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

A
100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
Developer Profile

Homerunner Developer Profile

Homerunner

1 plugin · 60 total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
58 days
View full developer profile
Detection Fingerprints

How We Detect Homerunner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/homerunner-smartcheckout/assets/css/checkout.css/wp-content/plugins/homerunner-smartcheckout/assets/js/checkout.js
Script Paths
/wp-content/plugins/homerunner-smartcheckout/assets/js/checkout.js
Version Parameters
homerunner-smartcheckout/assets/css/checkout.css?ver=homerunner-smartcheckout/assets/js/checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
homerunner-statushomerunner_operationshomerunner_tracking
HTML Comments
<!-- If this file is called directly, abort. --><!-- Deny access directly -->
Data Attributes
data-order_iddata-package_number
JS Globals
checkout_script
FAQ

Frequently Asked Questions about Homerunner