Does Melhor Envio have any unpatched vulnerabilities?

No. All known vulnerabilities in Melhor Envio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Melhor Envio compatible with WordPress 6.8.5?

According to WordPress.org data, Melhor Envio 2.15.18 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Melhor Envio compatible with PHP 7.2+?

Melhor Envio requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Melhor Envio updated?

Melhor Envio was last updated on Oct 6, 2025. Frequent updates are generally a positive security signal.

What is Melhor Envio's security score?

Melhor Envio has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Melhor Envio Security & Risk Analysis

wordpress.org/plugins/melhor-envio-cotacao

Requires Wordpress 4.0+ Requires WooCommerce 4.0+ License: GPLv3 License URI: https://www.gnu.org/licenses/gpl-3.0.html Plugin para cotação e compra d …

20K active installs v2.15.18 PHP 7.2+ WP 4.7+ Updated Oct 6, 2025

cotacaoenviofretelogisticamelhor-envio

A · Safe

CVEs total2

Unpatched0

Last CVEApr 7, 2025

Plugin page Download

Safety Verdict

Is Melhor Envio Safe to Use in 2026?

Generally Safe

Score 98/100

Melhor Envio has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 7, 2025Updated 6mo ago

Risk Assessment

The "melhor-envio-cotacao" v2.15.18 plugin exhibits a mixed security posture. While it excels in output escaping and SQL query preparation, significant concerns arise from its large attack surface, particularly the numerous unprotected AJAX handlers. The presence of the `unserialize` function, a known source of vulnerabilities if not handled with extreme care, combined with two taint flows with unsanitized paths, warrants close attention. Although there are no currently unpatched vulnerabilities, the historical CVEs, classified as medium severity and related to exposure of sensitive information and improper authorization, suggest a pattern of past security weaknesses that could re-emerge. The plugin demonstrates strengths in output sanitization and data querying but falters in its access control for AJAX endpoints and handling of potentially dangerous functions.

Key Concerns

42 unprotected AJAX handlers
Use of unserialize function
2 unsanitized path taint flows
2 past medium severity CVEs
Only 2 capability checks for 44 entry points

Vulnerabilities

Melhor Envio Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-13820medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash

Apr 7, 2025 Patched in 2.15.12 (10d)

WF-8a345197-d8ba-47ef-a88c-c9e45ddc0319-melhor-envio-cotacaomedium · 5.4Improper Authorization

Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change

Apr 26, 2022 Patched in 2.11.20 (637d)

Code Analysis

Analyzed Mar 16, 2026

Melhor Envio Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $data->option_value );Helpers\OptionsHelper.php:38

unserialize$data = unserialize( $option->option_value );Services\OptionsMethodShippingService.php:82

SQL Query Safety

80% prepared10 total queries

Output Escaping

100% escaped53 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

remove (Services\SessionNoticeService.php:98)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

42 unprotected

Melhor Envio Attack Surface

Entry Points44

Unprotected42

AJAX Handlers 42

authwp_ajax_escutar_solicitacoes_de_freteControllers\ShowCalculatorProductPage.php:29

noprivwp_ajax_escutar_solicitacoes_de_freteControllers\ShowCalculatorProductPage.php:30

authwp_ajax_meServices\RouterService.php:57

authwp_ajax_get_balanceServices\RouterService.php:58

authwp_ajax_get_quotationServices\RouterService.php:69

authwp_ajax_get_ordersServices\RouterService.php:75

authwp_ajax_add_cartServices\RouterService.php:76

authwp_ajax_add_orderServices\RouterService.php:77

authwp_ajax_buy_clickServices\RouterService.php:78

authwp_ajax_remove_orderServices\RouterService.php:79

authwp_ajax_cancel_orderServices\RouterService.php:80

authwp_ajax_pay_ticketServices\RouterService.php:81

authwp_ajax_create_ticketServices\RouterService.php:82

authwp_ajax_print_ticketServices\RouterService.php:83

authwp_ajax_insert_invoice_orderServices\RouterService.php:84

noprivwp_ajax_cotation_product_pageServices\RouterService.php:95

authwp_ajax_cotation_product_pageServices\RouterService.php:96

authwp_ajax_update_orderServices\RouterService.php:97

authwp_ajax_get_configuracoesServices\RouterService.php:107

authwp_ajax_get_metodosServices\RouterService.php:108

authwp_ajax_save_configuracoesServices\RouterService.php:109

authwp_ajax_get_status_woocommerceServices\RouterService.php:120

authwp_ajax_get_tokenServices\RouterService.php:131

authwp_ajax_save_tokenServices\RouterService.php:132

authwp_ajax_verify_tokenServices\RouterService.php:133

authwp_ajax_environmentServices\RouterService.php:144

authwp_ajax_delete_melhor_envio_sessionServices\RouterService.php:160

authwp_ajax_get_melhor_envio_sessionServices\RouterService.php:161

authwp_ajax_check_pathServices\RouterService.php:199

noprivwp_ajax_get_payloadServices\RouterService.php:216

authwp_ajax_get_payloadServices\RouterService.php:232

authwp_ajax_destroy_payloadServices\RouterService.php:248

authwp_ajax_get_payload_cartServices\RouterService.php:264

authwp_ajax_get_noticesServices\RouterService.php:301

authwp_ajax_remove_noticesServices\RouterService.php:308

authwp_ajax_test_user_woocommerce_dataServices\RouterService.php:319

authwp_ajax_user_woocommerce_dataServices\RouterService.php:348

authwp_ajax_show_cartServices\RouterService.php:363

authwp_ajax_open_form_melhor_envioServices\RouterService.php:383

authwp_ajax_show_form_melhor_envioServices\RouterService.php:390

authwp_ajax_hide_form_melhor_envioServices\RouterService.php:397

authwp_ajax_get_agenciesServices\RouterService.php:412

Shortcodes 2

[vue-app] includes\class-frontend.php:10

[calculadora_melhor_envio] melhor-envio-beta.php:357

WordPress Hooks 27

actionwoocommerce_checkout_order_processedControllers\QuotationController.php:20

actionwp_enqueue_scriptsControllers\ShowCalculatorProductPage.php:28

actionadmin_menuincludes\class-admin.php:16

actionadmin_enqueue_scriptsincludes\class-admin.php:56

actionadmin_enqueue_scriptsincludes\class-assets.php:14

actionwp_enqueue_scriptsincludes\class-assets.php:16

actionadmin_noticesmelhor-envio-beta.php:51

actionplugins_loadedmelhor-envio-beta.php:111

actionadmin_noticesmelhor-envio-beta.php:240

actioninitmelhor-envio-beta.php:261

actioninitmelhor-envio-beta.php:262

filtersafe_style_cssmelhor-envio-beta.php:277

filterwoocommerce_shipping_methodsmelhor-envio-beta.php:282

filterwoocommerce_package_ratesmelhor-envio-beta.php:299

actionupgrader_process_completemelhor-envio-beta.php:309

actionadmin_enqueue_scriptsmelhor-envio-beta.php:331

actionwp_enqueue_scriptsmelhor-envio-beta.php:332

actionbefore_woocommerce_initmelhor-envio-beta.php:334

actionadmin_noticesmelhor-envio-beta.php:368

actionwoocommerce_initServices\CheckHealthService.php:21

actionadmin_noticesServices\NoticeFormService.php:21

actionwoocommerce_add_to_cartServices\ProcessAdditionalTaxService.php:19

actionwoocommerce_remove_cart_itemServices\ProcessAdditionalTaxService.php:20

actioninitServices\RolesService.php:13

actionadmin_noticesServices\SessionNoticeService.php:82

filterwoocommerce_account_orders_columnsServices\TrackingService.php:87

actionwoocommerce_my_account_my_orders_column_trackingServices\TrackingService.php:108

Maintenance & Trust

Melhor Envio Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 6, 2025

PHP min version7.2

Downloads519K

Community Trust

Rating46/100

Number of ratings60

Active installs20K

Alternatives

Melhor Envio Alternatives

SuperFrete

superfrete

100

Integração com a plataforma SuperFrete para WooCommerce.

1K No CVEs

Virtuaria Correios – Frete, Etiqueta, Rastreio e Declaração

virtuaria-correios

100

Etiqueta, declaração, rastreio, calculadora, devolução, campos de checkout, descontos, tudo isso na versão grátis, com ou sem contrato. Tem MUITO+

600 No CVEs

Andreani WooCommerce

andreani-shipping

100

Plugin oficial de Andreani para envíos en WooCommerce.

300 No CVEs

DrEnvio for WooCommerce

drenvio-for-woocommerce

Permite que tus clientes coticen por más de 10 paqueterías desde el checkout de tu tienda y con esto aumenta tu conversión.

100 No CVEs

Analix Shipping Calculator for Total Express

analix-shipping-calculator-for-total-express

100

O plugin Analix Shipping Calculator for Total Express integra os cálculos de frete da Total Express como um método de envio nativo do WooCommerce.

20 No CVEs

Developer Profile

Melhor Envio Developer Profile

melhorenvio

1 plugin · 20K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

324 days

View full developer profile

Detection Fingerprints

How We Detect Melhor Envio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/melhor-envio-cotacao/assets/css/admin.css/wp-content/plugins/melhor-envio-cotacao/assets/css/frontend.css/wp-content/plugins/melhor-envio-cotacao/assets/js/admin.js/wp-content/plugins/melhor-envio-cotacao/assets/js/frontend.js/wp-content/plugins/melhor-envio-cotacao/assets/js/scripts.js

Script Paths

/wp-content/plugins/melhor-envio-cotacao/assets/js/admin.js/wp-content/plugins/melhor-envio-cotacao/assets/js/frontend.js/wp-content/plugins/melhor-envio-cotacao/assets/js/scripts.js

Version Parameters

melhor-envio-cotacao/assets/css/admin.css?ver=melhor-envio-cotacao/assets/css/frontend.css?ver=melhor-envio-cotacao/assets/js/admin.js?ver=melhor-envio-cotacao/assets/js/frontend.js?ver=melhor-envio-cotacao/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

melhor-envio-shipping-method-titlemelhor-envio-calculator-containermelhor-envio-shipping-optionsmelhor-envio-shipping-option-itemmelhor-envio-shipping-option-detailsmelhor-envio-shipping-method-detailsmelhor-envio-custom-fieldsmelhor-envio-notice+3 more

HTML Comments

Data Attributes

data-melhor-envio-plugindata-melhor-envio-calculator-optionsdata-melhor-envio-product-iddata-melhor-envio-shipping-method

JS Globals

melhorEnvioDatamelhorEnvioME

REST Endpoints

/wp-json/melhor-envio/v1/calculate/wp-json/melhor-envio/v1/shipping-methods

Shortcode Output

[melhor_envio_calculator][melhor_envio_tracking]

FAQ