WP-Safety

Wanderlust HOP Envios Security & Risk Analysis

wordpress.org/plugins/integrar-hop-con-woo

Con este plugin vas a poder obtener costos de envio para WooCommerce utilizando la API publica de HOP Envios.

10 active installs v2.0.4 PHP + WP 5.0+ Updated Feb 18, 2026
hopratesshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wanderlust HOP Envios Safe to Use in 2026?

Generally Safe

Score 100/100

Wanderlust HOP Envios has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin 'integrar-hop-con-woo' v2.0.4 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. All 14 identified AJAX handlers lack authentication checks, presenting a wide attack surface where any authenticated user, regardless of role, could potentially trigger malicious actions. While the code signals do not show direct dangerous functions or unsanitized path flows from taint analysis, the absence of capability checks and nonce verification on these AJAX handlers is a major weakness.

The plugin's SQL queries are handled securely with prepared statements, and there's a moderate level of output escaping. However, the 23 file operations and 7 external HTTP requests, without clear context on their handling, could represent indirect vectors if not properly validated. The lack of any recorded vulnerability history suggests a lack of past exploitation or discovery, which could be interpreted positively as a sign of stable code, or negatively as potentially undiscovered issues given the current significant security gaps.

In conclusion, while the plugin demonstrates good practices in database interaction and some output handling, the pervasive lack of authentication and authorization on its AJAX endpoints is a critical flaw. This significantly elevates the risk of unauthorized actions and potential privilege escalation. The absence of nonce checks on AJAX handlers further compounds this risk. The vulnerability history is a neutral factor at this point, but the identified code issues require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without nonce checks
  • AJAX handlers without capability checks
  • Moderate output escaping issues
Vulnerabilities
None known

Wanderlust HOP Envios Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Wanderlust HOP Envios Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
25 escaped
Nonce Checks
0
Capability Checks
0
File Operations
23
External Requests
7
Bundled Libraries
0

Output Escaping

46% escaped54 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
calcular_envio_hopenvios (includes\functions.php:707)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Wanderlust HOP Envios Attack Surface

Entry Points14
Unprotected14

AJAX Handlers 14

authwp_ajax_hopenvios_get_etiquetaincludes\functions.php:15
noprivwp_ajax_hopenvios_get_etiquetaincludes\functions.php:16
authwp_ajax_hopenvios_imponerincludes\functions.php:17
noprivwp_ajax_hopenvios_imponerincludes\functions.php:18
authwp_ajax_hopenvios_get_rateincludes\functions.php:19
noprivwp_ajax_hopenvios_get_rateincludes\functions.php:20
authwp_ajax_hop_check_sucursalesincludes\functions.php:23
noprivwp_ajax_hop_check_sucursalesincludes\functions.php:24
authwp_ajax_save_sucursal_hopincludes\functions.php:28
noprivwp_ajax_save_sucursal_hopincludes\functions.php:29
authwp_ajax_guardar_hop_estandarincludes\functions.php:32
noprivwp_ajax_guardar_hop_estandarincludes\functions.php:33
authwp_ajax_calcular_envio_hopenviosincludes\functions.php:34
noprivwp_ajax_calcular_envio_hopenviosincludes\functions.php:35
WordPress Hooks 31
actionadd_meta_boxesincludes\functions.php:14
actionwoocommerce_api_hopenviosreturnincludes\functions.php:21
actionwoocommerce_after_order_notesincludes\functions.php:22
actionwp_footerincludes\functions.php:25
actionwoocommerce_checkout_update_order_metaincludes\functions.php:26
actionwoocommerce_checkout_processincludes\functions.php:27
actionwoocommerce_product_options_shippingincludes\functions.php:30
actionwoocommerce_process_product_metaincludes\functions.php:31
filtercron_schedulesincludes\functions.php:1126
actionhoppuntos_api_check_eventincludes\functions.php:1139
filterwoocommerce_checkout_fieldsincludes\functions.php:1195
actionwoocommerce_checkout_processincludes\functions.php:1247
actionwoocommerce_checkout_update_order_metaincludes\functions.php:1285
actionwoocommerce_admin_order_data_after_billing_addressincludes\functions.php:1292
actionbulk_actions-edit-shop_orderincludes\functions.php:1303
actionhandle_bulk_actions-edit-shop_orderincludes\functions.php:1309
filtermanage_edit-shop_order_columnsincludes\functions.php:1357
actionmanage_shop_order_posts_custom_columnincludes\functions.php:1374
actionbefore_woocommerce_initwanderlust-hop.php:14
filterwoocommerce_cart_needs_shippingwanderlust-hop.php:21
actionwoocommerce_shipping_initwanderlust-hop.php:35
filterwoocommerce_shipping_methodswanderlust-hop.php:42
actionadmin_enqueue_scriptswanderlust-hop.php:48
actionadmin_print_styleswanderlust-hop.php:64
actionadd_meta_boxeswanderlust-hop.php:65
actionwoocommerce_process_shop_order_metawanderlust-hop.php:66
actionplugins_loadedwanderlust-hop.php:67
actionwoocommerce_view_orderwanderlust-hop.php:70
actionwoocommerce_email_before_order_tablewanderlust-hop.php:71
filterwc_customer_order_csv_export_order_headerswanderlust-hop.php:74
filterwc_customer_order_csv_export_order_rowwanderlust-hop.php:75

Scheduled Events 1

hoppuntos_api_check_event
Maintenance & Trust

Wanderlust HOP Envios Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.0
Last updatedFeb 18, 2026
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Wanderlust HOP Envios Alternatives

Printful Integration for WooCommerce

Printful Integration for WooCommerce

printful-shipping-for-woocommerce

A
98

Grow your store with the top print-on-demand dropshipping plugin

50K 2 CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku …

20K No CVEs
USPS Simple Shipping for Woocommerce

USPS Simple Shipping for Woocommerce

woo-usps-simple-shipping

A
100

USPS Simple provides real-time USPS domestic rates.

8K No CVEs
Shipping Live Rates and Access Points for UPS for WooCommerce

Shipping Live Rates and Access Points for UPS for WooCommerce

flexible-shipping-ups

A
99

Provide auto-calculated UPS rates and Access Point options. Easy 5-minute setup. Show real prices and nearest pickup points at WooCommerce checkout.

7K 2 CVEs
Gelato Integration for WooCommerce

Gelato Integration for WooCommerce

gelato-integration-for-woocommerce

A
92

Sell globally, print locally with 100+ production hubs in 32 countries

5K No CVEs
Developer Profile

Wanderlust HOP Envios Developer Profile

Wanderlust Codes

6 plugins · 2K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
200 days
View full developer profile
Detection Fingerprints

How We Detect Wanderlust HOP Envios

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/integrar-hop-con-woo/assets/css/admin.css

HTML / DOM Fingerprints

CSS Classes
tracking_provider_fieldcustom_tracking_provider_fieldcustom_tracking_link_field
Data Attributes
id="tracking_provider"id="custom_tracking_provider"id="tracking_number"id="custom_tracking_link"id="date_shipped"
JS Globals
wc_enqueue_js
FAQ

Frequently Asked Questions about Wanderlust HOP Envios