WP-Safety

Justin Security & Risk Analysis

wordpress.org/plugins/justin

Плагін: спосіб доставки Justin та генерація накладних Justin.

10 active installs v1.5.5 PHP 7.0+ WP 5.0+ Updated Dec 15, 2021
ecommercejustinwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Justin Safe to Use in 2026?

Generally Safe

Score 85/100

Justin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "justin" plugin v1.5.5 presents a significant security risk primarily due to its extensive and unprotected attack surface. A substantial number of AJAX handlers (18) and REST API routes (11) lack proper authentication and permission checks, leaving them open to unauthorized access and manipulation. The presence of the `unserialize` function is a critical concern, as it can lead to remote code execution vulnerabilities if used with user-controlled input, especially when combined with the lack of proper input sanitization. While no known CVEs or taint vulnerabilities were reported, this does not negate the inherent risks introduced by the codebase's current configuration. The high percentage of unprotected entry points and the use of a dangerous function outweigh the absence of historical vulnerabilities, indicating a plugin that, while potentially functional, has not been developed with security best practices as a priority.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Use of unserialize function
  • SQL queries not using prepared statements
  • Output not properly escaped
  • No nonce checks on entry points
  • Limited capability checks
  • Flows with unsanitized paths
Vulnerabilities
None known

Justin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Justin Code Analysis

Dangerous Functions
2
Raw SQL Queries
33
15 prepared
Unescaped Output
60
29 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
12
Bundled Libraries
1

Dangerous Functions Found

unserialize$ret = @unserialize($_SESSION['order_id']);admin\partials\morkvajustin-plugin-form.php:60
unserialize$order_id = unserialize($_SESSION['order_id']);admin\partials\morkvajustin-plugin-form.php:64

Bundled Libraries

Select2

SQL Query Safety

31% prepared48 total queries

Output Escaping

33% escaped89 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
invoice_meta_box_info (includes\class-morkvajustin-plugin-loader.php:914)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
25 unprotected

Justin Attack Surface

Entry Points29
Unprotected25

AJAX Handlers 18

authwp_ajax_woo_justin_np_load_areasclasses\JustinAjaxHandler.php:20
noprivwp_ajax_woo_justin_np_load_areasclasses\JustinAjaxHandler.php:21
authwp_ajax_woo_justin_np_load_citiesclasses\JustinAjaxHandler.php:23
noprivwp_ajax_woo_justin_np_load_citiesclasses\JustinAjaxHandler.php:24
authwp_ajax_woo_justin_np_load_warehousesclasses\JustinAjaxHandler.php:26
noprivwp_ajax_woo_justin_np_load_warehousesclasses\JustinAjaxHandler.php:27
authwp_ajax_woo_justin_save_settingsHttp\JustinAjax.php:31
authwp_ajax_woo_justin_load_areasHttp\JustinAjax.php:34
authwp_ajax_woo_justin_load_citiesHttp\JustinAjax.php:37
authwp_ajax_woo_justin_load_warehousesHttp\JustinAjax.php:40
authwp_ajax_woo_justin_get_areasHttp\JustinAjax.php:43
noprivwp_ajax_woo_justin_get_areasHttp\JustinAjax.php:44
authwp_ajax_woo_justin_get_citiesHttp\JustinAjax.php:47
noprivwp_ajax_woo_justin_get_citiesHttp\JustinAjax.php:48
authwp_ajax_woo_justin_get_warehousesHttp\JustinAjax.php:51
noprivwp_ajax_woo_justin_get_warehousesHttp\JustinAjax.php:52
authwp_ajax_woo_justin_get_warehousesDBHttp\JustinAjax.php:55
noprivwp_ajax_woo_justin_get_warehousesDBHttp\JustinAjax.php:56

REST API Routes 11

GET/wp-json/woo_justin/v1novaposhta/areaclasses\JustinRest.php:14
GET/wp-json/woo_justin/v1novaposhta/cities/(?P<ref>[^\/]*)classes\JustinRest.php:18
GET/wp-json/woo_justin/v1novaposhta/warehouses/(?P<ref>[^\/]*)classes\JustinRest.php:22
GET/wp-json/wc-ukr-shipping/v1testHttp\JustinRest.php:29
POST/wp-json/wc-ukr-shipping/v1settingsHttp\JustinRest.php:38
POST/wp-json/wc-ukr-shipping/v1db/areas/loadHttp\JustinRest.php:45
POST/wp-json/wc-ukr-shipping/v1db/cities/loadHttp\JustinRest.php:52
POST/wp-json/wc-ukr-shipping/v1db/warehouses/loadHttp\JustinRest.php:59
GET/wp-json/woo_justin/v1novaposhta/areaHttp\JustinRest.php:66
GET/wp-json/woo_justin/v1novaposhta/cities/(?P<ref>[^\/]*)Http\JustinRest.php:71
GET/wp-json/woo_justin/v1novaposhta/warehouses/(?P<ref>[^\/]*)Http\JustinRest.php:76
WordPress Hooks 28
actionadmin_enqueue_stylesadmin\class-morkvajustin-plugin-public.php:55
actionadmin_enqueue_scriptsclasses\AssetsLoader.php:13
actionadmin_enqueue_scriptsclasses\AssetsLoader.php:14
actionwp_enqueue_scriptsclasses\AssetsLoader.php:15
actionadmin_enqueue_scriptsclasses\AssetsLoader.php:16
actionwoocommerce_checkout_processclasses\CheckoutValidator.php:13
filterwoocommerce_checkout_fieldsclasses\CheckoutValidator.php:14
filterwoocommerce_checkout_posted_dataclasses\CheckoutValidator.php:15
actionadmin_initclasses\Initializer.php:21
actioninitclasses\Initializer.php:25
actionwp_headclasses\JustinFrontendInjector.php:26
actionwp_enqueue_scriptsclasses\JustinFrontendInjector.php:27
actionrest_api_initclasses\JustinRest.php:9
actionwoocommerce_checkout_create_orderclasses\OrderCreator.php:13
actionrest_api_initHttp\JustinRest.php:23
actionadmin_menuincludes\class-morkvajustin-plugin-loader.php:124
actionadd_meta_boxesincludes\class-morkvajustin-plugin-loader.php:128
actionadmin_initincludes\class-morkvajustin-plugin-loader.php:132
filtermanage_edit-shop_order_columnsincludes\class-morkvajustin-plugin-loader.php:136
actionmanage_shop_order_posts_custom_columnincludes\class-morkvajustin-plugin-loader.php:140
filterwp_mail_from_nameincludes\class-morkvajustin-plugin-loader.php:145
actionplugins_loadedincludes\class-morkvajustin-plugin.php:122
actionwp_enqueue_scriptsincludes\class-morkvajustin-plugin.php:144
actionwp_enqueue_scriptsincludes\class-morkvajustin-plugin.php:145
filterwoocommerce_checkout_update_order_reviewjustin.php:62
filterwoocommerce_package_ratesjustin.php:89
filterwoocommerce_shipping_methodsjustin.php:92
actionwoocommerce_admin_order_data_after_shipping_addressjustin.php:106
Maintenance & Trust

Justin Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedDec 15, 2021
PHP min version7.0
Downloads3K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

Justin Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
Mercado Pago payments for WooCommerce

Mercado Pago payments for WooCommerce

woocommerce-mercadopago

A
98

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K 3 CVEs
WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
91

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
Developer Profile

Justin Developer Profile

Ihor Kit

14 plugins · 3K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Justin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/justin/assets/css/admin.min.css/wp-content/plugins/justin/assets/js/mrkvjs-autocomplete.js/wp-content/plugins/justin/assets/js/ajax-router.js
Script Paths
/wp-content/plugins/justin/assets/js/mrkvjs-autocomplete.js/wp-content/plugins/justin/assets/js/ajax-router.js
Version Parameters
justin/assets/css/admin.min.css?ver=justin/assets/js/mrkvjs-autocomplete.js?ver=justin/assets/js/ajax-router.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-select2-id
JS Globals
woo_justin_globalsMrkvjsAutocompleteSearchMrkvjsAutocompleteDpts
FAQ

Frequently Asked Questions about Justin