Does Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi compatible with WordPress 6.9.4?

According to WordPress.org data, Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi 1.1.45 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi compatible with PHP 7.4+?

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security & Risk Analysis

wordpress.org/plugins/kargo-entegrator

Kolay, hızlı entegre edilebilir Woo kargo eklentisi, Yurtiçi, Aras, DHL ve bir çok firma ile kolayca siparişlerinizi kargolayın, sms ile bilgilendirin

200 active installs v1.1.45 PHP 7.4+ WP 6.4+ Updated Apr 16, 2026

arasdhlhepsijetkargoyurtici

A · Safe

CVEs total1

Unpatched0

Last CVEApr 11, 2025

Plugin page Download

Safety Verdict

Is Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Safe to Use in 2026?

Generally Safe

Score 99/100

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 11, 2025Updated 1mo ago

Risk Assessment

The 'kargo-entegrator' v1.1.44 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like prepared statements for SQL queries (88%) and output escaping (96%), and has no currently unpatched CVEs, there are concerning signals. The presence of the `unserialize` function is a significant risk, as it can lead to remote code execution if improperly handled. Furthermore, taint analysis revealed 3 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited. The plugin's vulnerability history shows one medium-severity CVE related to SQL injection, suggesting past issues with input validation. Although the current version has no unpatched vulnerabilities, the combination of the dangerous function, high-severity taint flows, and past SQL injection issues warrants caution.

Key Concerns

Dangerous function unserialize found
3 high severity taint flows
1 medium severity CVE in history

Vulnerabilities

1 published

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-26908medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Kargo Entegratör <= 1.1.14 - Authenticated (Shop Manager+) SQL Injection

Apr 11, 2025 Patched in 1.1.15 (6d)

Version History

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Release Timeline

v1.1.45Current

v1.1.44

v1.1.43

v1.1.42

v1.1.41

v1.1.40

v1.1.39

v1.1.38

v1.1.37

v1.1.36

v1.1.35

v1.1.34

v1.1.33

v1.1.32

v1.1.31

v1.1.30

v1.1.29

v1.1.28

v1.1.27

Code Analysis

Analyzed Mar 16, 2026

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Code Analysis

Dangerous Functions

Raw SQL Queries

42 prepared

Unescaped Output

183 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$shipments = unserialize( $row['meta_value'] ); // phpcs:ignoreincludes\class-gcargo-installer.php:115

SQL Query Safety

88% prepared48 total queries

Output Escaping

96% escaped191 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths

middleware (hooks\class-gcargo-ajax.php:96)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 31

actioninithooks\class-gcargo-ajax.php:38

actionbefore_woocommerce_inithooks\class-gcargo-woocommerce.php:36

filterwoocommerce_hidden_order_itemmetahooks\class-gcargo-woocommerce.php:37

filterwoocommerce_account_orders_columnshooks\class-gcargo-woocommerce.php:38

actionwoocommerce_my_account_my_orders_column_gcargo-shipmentshooks\class-gcargo-woocommerce.php:39

actionwoocommerce_order_details_after_order_tablehooks\class-gcargo-woocommerce.php:40

filterwc_order_statuseshooks\class-gcargo-woocommerce.php:41

actionwoocommerce_register_shop_order_post_statuseshooks\class-gcargo-woocommerce.php:42

filterwoocommerce_email_classeshooks\class-gcargo-woocommerce.php:44

filterwoocommerce_get_settings_pageshooks\class-gcargo-woocommerce.php:45

filtermanage_woocommerce_page_wc-orders_columnshooks\class-gcargo-woocommerce.php:46

filtermanage_shop_order_posts_columnshooks\class-gcargo-woocommerce.php:47

actionmanage_woocommerce_page_wc-orders_custom_columnhooks\class-gcargo-woocommerce.php:48

actionmanage_shop_order_posts_custom_columnhooks\class-gcargo-woocommerce.php:49

filtergcargo_orders_table_localize_datahooks\class-gcargo-woocommerce.php:218

actionadmin_menuhooks\class-gcargo-wordpress.php:50

actionadmin_noticeshooks\class-gcargo-wordpress.php:51

actionadd_meta_boxeshooks\class-gcargo-wordpress.php:52

actioninithooks\class-gcargo-wordpress.php:54

filterquery_varshooks\class-gcargo-wordpress.php:55

actionadmin_footerhooks\class-gcargo-wordpress.php:56

actionplugins_loadedhooks\class-gcargo-wordpress.php:57

filtertemplate_includehooks\class-gcargo-wordpress.php:58

filterscript_loader_taghooks\class-gcargo-wordpress.php:59

actionadmin_enqueue_scriptshooks\class-gcargo-wordpress.php:60

filterbulk_actions-edit-shop_orderhooks\class-gcargo-wordpress.php:61

filterbulk_actions-woocommerce_page_wc-ordershooks\class-gcargo-wordpress.php:62

filterhandle_bulk_actions-edit-shop_orderhooks\class-gcargo-wordpress.php:63

filterhandle_bulk_actions-woocommerce_page_wc-ordershooks\class-gcargo-wordpress.php:64

actionupgrader_process_completehooks\class-gcargo-wordpress.php:66

actiongcargo_auto_shipmentincludes\class-gcargo-schedule.php:20

Scheduled Events 2

gcargo_auto_shipment

gcargo_migrate_shipment

Maintenance & Trust

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 16, 2026

PHP min version7.4

Downloads8K

Community Trust

Rating98/100

Number of ratings7

Active installs200

Alternatives

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Alternatives

Kargo Takip

kargo-takip-turkiye

WooCommerce siparişlerinize kargo takip bilgisi ekleyin ve müşterilerinize otomatik e-posta/SMS bildirimleri gönderin.

3K 1 CVE

Kargo Takip, Kargo SMS, İlçe Mahalle Sözleşme by Hezarfen

hezarfen-for-woocommerce

100

🚀 2 bin site! Kargo takip, ücretsiz Hepsijet Entegrasyonu (1-4 desi: 89,24TL+KDV - Hezarfen Pro gerekmez), Mesafeli Sözleşmeler, NetGSM sipariş SMS

2K No CVEs

Kargo Takip

kargo-takip

Müşterilerinizin kargolarını takip etmesine olanak sağlayan bir kargo takip eklentisidir. Kargo takip eklentisi aras kargo, mng kargo , sürat kargo ve …

50 No CVEs

Kargom Nerede – Markalı Kargo Takip Sayfası, Sms, Mail

kargom-nerede-kargo-takip

Kargom Nerede - Markalı Kargo Takip Sayfası - Sms (Netgsm) - Mail WooCommerce > Siparişleriniz içerisinden "Kargom Nerede" bileşenine ka …

10 No CVEs

Shipink

shipink

100

Shipink is a new and innovative way for e-commerce companies to easily integrate and use the shipping companies they want to work with.

100 No CVEs

Developer Profile

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Developer Profile

Gurmehub

4 plugins · 1K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kargo-entegrator/assets/css/settings.css/wp-content/plugins/kargo-entegrator/assets/js/settings.js/wp-content/plugins/kargo-entegrator/assets/js/gcargo-vue.js

HTML / DOM Fingerprints

CSS Classes

gcargo-tabgcargo-tabs-wrappergcargo-vue-appgcargo-shipping-method-options

HTML Comments

Data Attributes

data-gcargo-settings-pagedata-gcargo-vue-appdata-gcargo-shipping-method-id

JS Globals

gcargo_vue_datagcargo_admin_data

REST Endpoints

/wp-json/gcargo/v1/connect/wp-json/gcargo/v1/notification/wp-json/gcargo/v1/webhook

FAQ

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security & Risk Analysis

Is Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Safe to Use in 2026?

Generally Safe

Key Concerns

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Security Vulnerabilities

CVEs by Year

Severity Breakdown

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Release Timeline

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Attack Surface

Scheduled Events 2

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Maintenance & Trust

Maintenance Signals

Community Trust

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Alternatives

Kargo Takip

Kargo Takip, Kargo SMS, İlçe Mahalle Sözleşme by Hezarfen

Kargo Takip

Kargom Nerede – Markalı Kargo Takip Sayfası, Sms, Mail

Shipink

Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi Developer Profile

How We Detect Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Kargo Entegratör – Gurmehub Kargo Entegrasyon Eklentisi