Does Manda Bem have any unpatched vulnerabilities?

No. All known vulnerabilities in Manda Bem have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Manda Bem compatible with WordPress 6.3.8?

According to WordPress.org data, Manda Bem 2.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Manda Bem compatible with PHP 5.6+?

Manda Bem requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Manda Bem updated?

Manda Bem was last updated on Sep 13, 2023. Frequent updates are generally a positive security signal.

What is Manda Bem's security score?

Manda Bem has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Manda Bem Security & Risk Analysis

wordpress.org/plugins/mandabem

Integration between the Manda Bem Platform and WooCommerce

200 active installs v2.0 PHP 5.6+ WP 4.0.1+ Updated Sep 13, 2023

correiosenviospostagem

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Manda Bem Safe to Use in 2026?

Generally Safe

Score 85/100

Manda Bem has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "mandabem" v2.0 plugin exhibits a concerning security posture due to its unprotected entry points. While it demonstrates good practices in avoiding dangerous functions, using prepared statements for SQL queries, and properly escaping most output, the presence of two REST API routes without permission callbacks represents a significant security weakness. This means any unauthenticated user could potentially interact with these API endpoints, leading to unintended consequences or data exposure if these endpoints handle sensitive operations.

The static analysis also reveals a lack of nonce checks and a limited number of capability checks, further contributing to the concern over unprotected entry points. The absence of taint analysis results is neutral, as it might indicate a lack of complex data flows or that the analysis was not performed exhaustively. The plugin's history of no known vulnerabilities is a positive sign, suggesting good past development, but it does not negate the immediate risks identified in the current version's code.

In conclusion, "mandabem" v2.0 has some strengths in its coding practices regarding data handling and SQL. However, the critical flaw of unprotected REST API routes overshadows these strengths. The attack surface is small but entirely exposed, creating a high-risk scenario for these specific entry points. Users should exercise extreme caution or avoid using this plugin until the identified security flaws are addressed.

Key Concerns

REST API routes without permission callbacks
AJAX handlers without auth checks
No nonce checks
Low number of capability checks
Less than 100% output escaping

Vulnerabilities

None known

Manda Bem Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Manda Bem Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped23 total outputs

Attack Surface

2 unprotected

Manda Bem Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

POST/wp-json/mandabem/update_rastreioincludes\wc-mandabem-functions.php:37

POST/wp-json/mandabem/update_entregaincludes\wc-mandabem-functions.php:45

WordPress Hooks 21

actionwoocommerce_after_shipping_rateincludes\class-wc-mandabem-cart.php:10

filterwoocommerce_mandabem_credentials_dataincludes\class-wc-mandabem-integration.php:35

filterwoocommerce_mandabem_status_post_apos_rastreioincludes\class-wc-mandabem-integration.php:37

filterwoocommerce_mandabem_status_post_apos_entregaincludes\class-wc-mandabem-integration.php:38

filterwoocommerce_mandabem_status_post_envio_packageincludes\class-wc-mandabem-integration.php:39

filterwoocommerce_mandabem_get_status_post_envioincludes\class-wc-mandabem-integration.php:40

filterwoocommerce_order_actionsincludes\class-wc-mandabem-orders.php:18

actionwoocommerce_order_action_send_order_mandabemincludes\class-wc-mandabem-orders.php:19

actionwoocommerce_order_status_changedincludes\class-wc-mandabem-orders.php:22

actionwoocommerce_hidden_order_itemmetaincludes\class-wc-mandabem-orders.php:23

actionwoocommerce_thankyouincludes\class-wc-mandabem-orders.php:24

filterwoocommerce_order_shipping_methodincludes\class-wc-mandabem-orders.php:26

filterwoocommerce_order_item_display_meta_keyincludes\class-wc-mandabem-orders.php:27

actioninitincludes\class-wc-mandabem.php:18

filterwoocommerce_integrationsincludes\class-wc-mandabem.php:39

filterwoocommerce_shipping_methodsincludes\class-wc-mandabem.php:40

actionadmin_noticesincludes\class-wc-mandabem.php:43

filterwoocommerce_mandabem_get_origin_postcodeincludes\methods\class-wc-mandabem-shipping-abstract.php:34

actionrest_api_initincludes\wc-mandabem-functions.php:36

actionrest_api_initincludes\wc-mandabem-functions.php:44

actionplugins_loadedwoocomerce-mandabem.php:22

Maintenance & Trust

Manda Bem Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 13, 2023

PHP min version5.6

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

Manda Bem Alternatives

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Autocomplete Address for WooCommerce

autocomplete-address-for-woocommerce

100

Preencha automaticamente o endereço a partir do CEP no WooCommerce

9K No CVEs

Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio

woo-shipping-gateway

100

Frete inteligente, simples e acessível para negócios que querem crescer

5K No CVEs

Correios Automático – Rastreio, Frete, Etiqueta, Declaração e Devolução

infixs-correios-automatico

100

Integração com correios automatizada (Tudo em um), com ou sem contrato, código de rastreio automático, geração de etiquetas, devolução e muito mais.

4K No CVEs

FPG – Endereço automático por Cep no Checkout

fpg-endereco-automatico-por-cep-no-checkout

Preenche o endereço, no checkout, automáticamente através do cep.

900 No CVEs

Developer Profile

Manda Bem Developer Profile

mandabem

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Manda Bem

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mandabem/assets/js/wc-mandabem-cart.js/wp-content/plugins/mandabem/assets/js/wc-mandabem-checkout.js/wp-content/plugins/mandabem/assets/css/wc-mandabem-checkout.css

Script Paths

/wp-content/plugins/mandabem/assets/js/wc-mandabem-cart.js/wp-content/plugins/mandabem/assets/js/wc-mandabem-checkout.js

Version Parameters

mandabem/assets/js/wc-mandabem-cart.js?ver=mandabem/assets/js/wc-mandabem-checkout.js?ver=mandabem/assets/css/wc-mandabem-checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes

mandabem-shipping-delivery-info

Data Attributes

data-mandabem-shipping-methoddata-mandabem-tracking-codedata-mandabem-delivery-estimate

JS Globals

wc_mandabem_cart_paramswc_mandabem_checkout_params

REST Endpoints

/wp-json/mandabem/update_rastreio/wp-json/mandabem/update_entrega

FAQ