WP-Safety

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security & Risk Analysis

wordpress.org/plugins/kargo-entegrator

Kolay, hızlı entegre edilebilir Woo kargo eklentisi, Yurtiçi, Aras, DHL ve bir çok firma ile kolayca siparişlerinizi kargolayın, sms ile bilgilendirin

200 active installs v1.1.44 PHP 7.4+ WP 6.4+ Updated Feb 12, 2026
arasdhlhepsijetkargoyurtici
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 11, 2025
Plugin page Download
Safety Verdict

Is Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Safe to Use in 2026?

Generally Safe

Score 99/100

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 11, 2025Updated 1mo ago
Risk Assessment

The 'kargo-entegrator' v1.1.44 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like prepared statements for SQL queries (88%) and output escaping (96%), and has no currently unpatched CVEs, there are concerning signals. The presence of the `unserialize` function is a significant risk, as it can lead to remote code execution if improperly handled. Furthermore, taint analysis revealed 3 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited. The plugin's vulnerability history shows one medium-severity CVE related to SQL injection, suggesting past issues with input validation. Although the current version has no unpatched vulnerabilities, the combination of the dangerous function, high-severity taint flows, and past SQL injection issues warrants caution.

Key Concerns

  • Dangerous function unserialize found
  • 3 high severity taint flows
  • 1 medium severity CVE in history
Vulnerabilities
1

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-26908medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Kargo Entegratör <= 1.1.14 - Authenticated (Shop Manager+) SQL Injection

Apr 11, 2025 Patched in 1.1.15 (6d)
Code Analysis
Analyzed Mar 16, 2026

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
42 prepared
Unescaped Output
8
183 escaped
Nonce Checks
1
Capability Checks
2
File Operations
3
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$shipments = unserialize( $row['meta_value'] ); // phpcs:ignoreincludes\class-gcargo-installer.php:115

SQL Query Safety

88% prepared48 total queries

Output Escaping

96% escaped191 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
middleware (hooks\class-gcargo-ajax.php:96)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 31
actioninithooks\class-gcargo-ajax.php:38
actionbefore_woocommerce_inithooks\class-gcargo-woocommerce.php:36
filterwoocommerce_hidden_order_itemmetahooks\class-gcargo-woocommerce.php:37
filterwoocommerce_account_orders_columnshooks\class-gcargo-woocommerce.php:38
actionwoocommerce_my_account_my_orders_column_gcargo-shipmentshooks\class-gcargo-woocommerce.php:39
actionwoocommerce_order_details_after_order_tablehooks\class-gcargo-woocommerce.php:40
filterwc_order_statuseshooks\class-gcargo-woocommerce.php:41
actionwoocommerce_register_shop_order_post_statuseshooks\class-gcargo-woocommerce.php:42
filterwoocommerce_email_classeshooks\class-gcargo-woocommerce.php:44
filterwoocommerce_get_settings_pageshooks\class-gcargo-woocommerce.php:45
filtermanage_woocommerce_page_wc-orders_columnshooks\class-gcargo-woocommerce.php:46
filtermanage_shop_order_posts_columnshooks\class-gcargo-woocommerce.php:47
actionmanage_woocommerce_page_wc-orders_custom_columnhooks\class-gcargo-woocommerce.php:48
actionmanage_shop_order_posts_custom_columnhooks\class-gcargo-woocommerce.php:49
filtergcargo_orders_table_localize_datahooks\class-gcargo-woocommerce.php:218
actionadmin_menuhooks\class-gcargo-wordpress.php:50
actionadmin_noticeshooks\class-gcargo-wordpress.php:51
actionadd_meta_boxeshooks\class-gcargo-wordpress.php:52
actioninithooks\class-gcargo-wordpress.php:54
filterquery_varshooks\class-gcargo-wordpress.php:55
actionadmin_footerhooks\class-gcargo-wordpress.php:56
actionplugins_loadedhooks\class-gcargo-wordpress.php:57
filtertemplate_includehooks\class-gcargo-wordpress.php:58
filterscript_loader_taghooks\class-gcargo-wordpress.php:59
actionadmin_enqueue_scriptshooks\class-gcargo-wordpress.php:60
filterbulk_actions-edit-shop_orderhooks\class-gcargo-wordpress.php:61
filterbulk_actions-woocommerce_page_wc-ordershooks\class-gcargo-wordpress.php:62
filterhandle_bulk_actions-edit-shop_orderhooks\class-gcargo-wordpress.php:63
filterhandle_bulk_actions-woocommerce_page_wc-ordershooks\class-gcargo-wordpress.php:64
actionupgrader_process_completehooks\class-gcargo-wordpress.php:66
actiongcargo_auto_shipmentincludes\class-gcargo-schedule.php:20

Scheduled Events 2

gcargo_auto_shipment
gcargo_migrate_shipment
Maintenance & Trust

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version7.4
Downloads8K

Community Trust

Rating96/100
Number of ratings6
Active installs200
Alternatives

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Alternatives

Kargo Takip

Kargo Takip

kargo-takip-turkiye

A
99

WooCommerce siparişlerinize kargo takip bilgisi ekleyin ve müşterilerinize otomatik e-posta/SMS bildirimleri gönderin.

3K 1 CVE
Kargo Takip

Kargo Takip

kargo-takip

A
100

Müşterilerinizin kargolarını takip etmesine olanak sağlayan bir kargo takip eklentisidir. Kargo takip eklentisi aras kargo, mng kargo , sürat kargo ve &hellip;

50 No CVEs
Kargom Nerede – Markalı Kargo Takip Sayfası, Sms, Mail

Kargom Nerede – Markalı Kargo Takip Sayfası, Sms, Mail

kargom-nerede-kargo-takip

A
85

Kargom Nerede - Markalı Kargo Takip Sayfası - Sms (Netgsm) - Mail WooCommerce > Siparişleriniz içerisinden "Kargom Nerede" bileşenine ka &hellip;

10 No CVEs
Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS

Hezarfen – WooCommerce için Kargo Entegrasyonu – Sözleşmeler, Mahalle, İlçe, SMS

hezarfen-for-woocommerce

A
100

🚀 2 bin site! Kargo takip, ücretsiz Hepsijet Entegrasyonu (1-4 desi: 89,24TL+KDV - Hezarfen Pro gerekmez), Mesafeli Sözleşmeler, NetGSM sipariş SMS

2K No CVEs
Shipink

Shipink

shipink

A
100

Shipink is a new and innovative way for e-commerce companies to easily integrate and use the shipping companies they want to work with.

100 No CVEs
Developer Profile

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Developer Profile

Gurmehub

4 plugins · 1K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kargo-entegrator/assets/css/settings.css/wp-content/plugins/kargo-entegrator/assets/js/settings.js/wp-content/plugins/kargo-entegrator/assets/js/gcargo-vue.js

HTML / DOM Fingerprints

CSS Classes
gcargo-tabgcargo-tabs-wrappergcargo-vue-appgcargo-shipping-method-options
HTML Comments
<!-- GURMEHUB CARGO INTEGRATOR START --><!-- GURMEHUB CARGO INTEGRATOR END -->
Data Attributes
data-gcargo-settings-pagedata-gcargo-vue-appdata-gcargo-shipping-method-id
JS Globals
gcargo_vue_datagcargo_admin_data
REST Endpoints
/wp-json/gcargo/v1/connect/wp-json/gcargo/v1/notification/wp-json/gcargo/v1/webhook
FAQ

Frequently Asked Questions about Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi